Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Happenings make me wonder if infected


  • This topic is locked This topic is locked
76 replies to this topic

#1 poulner

poulner

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Souhtern England
  • Local time:11:55 AM

Posted 20 February 2016 - 12:11 PM

I have been experiencing oddities lately with my Windows 7 64 bit Home Premium.
For instance, settings have been changed without my input. An Uninstaller program, Revo Pro, that has to be run As Administrator for full functionality, fails to make a registry backup, where I both have set my and the administrator’s account to full control, and use right-click to select run as administrator.
Also, Permissions contain “unknown user S-1-5-21-2830489159-1404018476-1906715735-1000”.
As well as the above downloaded programs have failed to install.
I have run Avast and AVG (both not installed at the same time), Malwarebytes and CCleaner. Also I see FF Plug Ins, even though FF is uninstalled
Farbar Log
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-02-2016
Ran by Gordon (administrator) on GORDON-PC (20-02-2016 16:00:22)
Running from C:\Users\Gordon\Desktop
Loaded Profiles: Gordon (Available Profiles: Gordon & Admin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\Cobian.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GlassWire.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [QHSafeTray] => C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe [3106936 2016-02-01] (QIHU 360 SOFTWARE CO. LIMITED)
HKU\S-1-5-21-2830489159-1404018476-1906715735-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8619224 2016-01-15] (Piriform Ltd)
HKU\S-1-5-21-2830489159-1404018476-1906715735-1000\...\Run: [Cobian Backup 11] => C:\Program Files (x86)\Cobian Backup 11\Cobian.exe [720896 2013-03-07] (Luis Cobian, CobianSoft)
HKU\S-1-5-21-2830489159-1404018476-1906715735-1000\...\Run: [GlassWire] => C:\Program Files (x86)\GlassWire\glasswire.exe [10572800 2015-12-25] (SecureMix LLC)
HKU\S-1-5-21-2830489159-1404018476-1906715735-1000\...\MountPoints2: E - E:\unlock.exe autoplay=true
HKU\S-1-5-21-2830489159-1404018476-1906715735-1000\...\MountPoints2: {56d48167-4cae-11e5-8062-00256485166c} - F:\unlock.exe autoplay=true
HKU\S-1-5-21-2830489159-1404018476-1906715735-1000\...\MountPoints2: {fbece6d8-e3e1-11e3-8e49-00256485166c} - E:\unlock.exe autoplay=true
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-01-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [DBRShellOverlayBackupFile] -> {831CEBDD-6BAF-4432-BE76-9E0989C14AEF} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll No File
ShellIconOverlayIdentifiers: [DBRShellOverlayModifiedBackupFile] -> {275E4FD7-21EF-45CF-A836-832E5D2CC1B3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll No File
BootExecute:
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog9 11 %windir%\system32\vsocklib.dll No File
Winsock: Catalog9 12 %windir%\system32\vsocklib.dll No File
Winsock: Catalog9 13 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll No File
Winsock: Catalog9 14 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll No File
Winsock: Catalog9 15 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll No File
Winsock: Catalog9 16 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll No File
Winsock: Catalog9 17 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll No File
Winsock: Catalog9 18 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll No File
Winsock: Catalog9 19 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll No File
Winsock: Catalog9 20 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll No File
Winsock: Catalog9 21 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll No File
Winsock: Catalog9-x64 11 %windir%\system32\vsocklib.dll No File
Winsock: Catalog9-x64 12 %windir%\system32\vsocklib.dll No File
Winsock: Catalog9-x64 13 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll No File
Winsock: Catalog9-x64 14 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll No File
Winsock: Catalog9-x64 15 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll No File
Winsock: Catalog9-x64 16 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll No File
Winsock: Catalog9-x64 17 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll No File
Winsock: Catalog9-x64 18 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll No File
Winsock: Catalog9-x64 19 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll No File
Winsock: Catalog9-x64 20 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll No File
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.8.4
Tcpip\..\Interfaces\{325A735D-7409-4475-AC07-B590824D7DCD}: [DhcpNameServer] 8.8.8.8 8.8.8.4
Tcpip\..\Interfaces\{ADF6F079-D24D-4ED8-A992-6213AF0FDA7F}: [DhcpNameServer] 8.8.8.8 8.8.8.4
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2830489159-1404018476-1906715735-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2830489159-1404018476-1906715735-1000 -> {95B1E983-9480-48AB-AE7E-1EF046EA38FE} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon64.dll [2016-02-01] (Qihu 360 Software Co., Ltd.)
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.22.0.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-29] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-29] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.72.2 -> C:\Program Files (x86)\Java\jre1.8.0_72\bin\dtplugin\npDeployJava1.dll [2016-02-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.72.2 -> C:\Program Files (x86)\Java\jre1.8.0_72\bin\plugin2\npjp2.dll [2016-02-01] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
 
Chrome:
=======
CHR HomePage: Default -> hxxp://www.dregol.com/?f=1&a=drg_ir_15_19&cd=2XzuyEtN2Y1L1Qzu0CyEtCyB0F0Ezy0CtB0AtAzztDtC0EyEtN0D0Tzu0StCtBtBtAtN1L2XzutAtFtCtDtFtBtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAtA0CtCyC0A0C0FtGtBzz0ByEtGyD0DyDtDtGyBzyzyyBtGtByC0B0C0FtBtC0DyD0E0FtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzytCtA0C0CtA0CtGtA0FtA0AtGyEtB0DtBtG0AtCtDtAtGtCzy0DyC0C0E0B0CyB0E0FtB2QtN0A0LzutB&cr=17699499&ir=
CHR StartupUrls: Default -> "hxxp://www.google.co.uk/"
CHR Profile: C:\Users\Gordon\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Gordon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-15]
CHR Extension: (Google Docs) - C:\Users\Gordon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-25]
CHR Extension: (Google Drive) - C:\Users\Gordon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-25]
CHR Extension: (YouTube) - C:\Users\Gordon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-25]
CHR Extension: (Adblock Plus) - C:\Users\Gordon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-02-04]
CHR Extension: (Google Search) - C:\Users\Gordon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-25]
CHR Extension: (Google Sheets) - C:\Users\Gordon\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-25]
CHR Extension: (Google Docs Offline) - C:\Users\Gordon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-01-25]
CHR Extension: (360 Internet Protection) - C:\Users\Gordon\AppData\Local\Google\Chrome\User Data\Default\Extensions\glcimepnljoholdmjchkloafkggfoijh [2016-02-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Gordon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-31]
CHR Extension: (Gmail) - C:\Users\Gordon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-25]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
S4 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2552528 2015-01-30] (Dell Inc.)
S4 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201424 2015-01-30] (Dell Inc.)
R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [8924160 2015-12-25] (SecureMix LLC)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 QHActiveDefense; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [907384 2016-02-01] (QIHU 360 SOFTWARE CO. LIMITED)
S4 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-02-19] (Dell Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [137808 2016-02-01] (360.cn)
R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [77904 2016-02-01] (360.cn)
R3 360AvFlt; C:\Windows\SysWOW64\DRIVERS\360AvFlt.sys [77904 2016-02-01] (360.cn)
R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [319568 2016-02-01] (360.cn)
S3 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [40520 2016-02-01] (360.cn)
R1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [368720 2016-02-01] (360.cn)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-29] (AVG Technologies)
R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [181328 2016-02-01] (360.cn)
R0 cumon; C:\Windows\System32\drivers\cumon.sys [205512 2011-09-05] (Windows ® Win 7 DDK provider)
R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [23312 2015-01-30] (Dell Computer Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-02-01] ()
R0 Evdd; C:\Windows\System32\drivers\evdd.sys [19568 2011-09-05] ()
R1 gwdrv; C:\Windows\System32\DRIVERS\gwdrv.sys [33248 2015-05-29] (SecureMix LLC)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [27552 2016-01-12] (REALiX™)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2015-10-05] (Malwarebytes)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-02-20] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 rspMMFS; C:\Windows\System32\DRIVERS\rspmmfs64.sys [19512 2009-11-13] (Resplendence Software Projects Sp.)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [206080 2014-04-11] (DEVGURU Co., LTD.(www.devguru.co.kr))
R1 TRLNDISMON; C:\Windows\System32\DRIVERS\TRLNDISMON.sys [29856 2014-08-18] (Tarlogic)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [File not signed]
S3 MMPSY; \??\C:\Users\Gordon\AppData\Local\Temp\mmpsy64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-20 14:59 - 2016-02-20 14:59 - 00000000 ____D C:\Program Files\IrfanView
2016-02-20 11:49 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2016-02-16 23:05 - 2016-02-16 23:05 - 00000136 _____ C:\Windows\ODBC.INI
2016-02-16 23:05 - 2015-02-27 14:19 - 00000107 ____H C:\DBAR_Ver.txt
2016-02-16 20:57 - 2016-02-16 20:57 - 00000000 ____D C:\FacImgLogs
2016-02-16 20:56 - 2016-02-20 11:12 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2016-02-16 20:56 - 2016-02-17 06:48 - 00000213 _____ C:\installLog.txt
2016-02-15 15:34 - 2016-02-15 15:34 - 00000000 ____D C:\Program Files (x86)\GlassWire
2016-02-15 15:34 - 2015-05-29 04:30 - 00008657 _____ C:\Windows\system32\Drivers\gwdrv.cat
2016-02-15 15:34 - 2015-05-29 04:15 - 00033248 _____ (SecureMix LLC) C:\Windows\system32\Drivers\gwdrv.sys
2016-02-15 13:35 - 2016-02-15 13:35 - 00000000 __SHD C:\$360Section
2016-02-15 10:48 - 2016-02-15 10:48 - 00000000 ____D C:\MSIedbdb.tmp
2016-02-15 10:46 - 2016-02-15 10:46 - 00003232 _____ C:\Windows\System32\Tasks\{E9BCF4D0-2005-4A14-935D-82B2CEF013F4}
2016-02-15 10:30 - 2016-02-15 10:30 - 00000000 ____D C:\MSIeefc8.tmp
2016-02-13 18:48 - 2016-02-13 18:48 - 00000000 ____D C:\Program Files (x86)\Cobian Backup 11
2016-02-13 16:16 - 2016-02-13 16:16 - 00000000 ____D C:\FRST
2016-02-13 09:44 - 2016-02-15 13:37 - 00303744 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-13 08:06 - 2015-01-07 03:15 - 00104896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mup.sys
2016-02-13 08:06 - 2015-01-07 03:10 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-02-13 08:06 - 2015-01-07 02:44 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2016-02-13 08:06 - 2015-01-07 01:49 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2016-02-13 08:06 - 2015-01-07 01:48 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2016-02-13 08:04 - 2016-02-13 08:04 - 00000000 ____D C:\MSIb8252.tmp
2016-02-13 08:03 - 2016-02-13 08:03 - 00000000 ____D C:\3bce099f-5945-47b7-b7cc-f435bad45063
2016-02-13 08:02 - 2016-02-13 08:02 - 00000000 ____D C:\MSIb824a.tmp
2016-02-13 08:02 - 2016-02-13 08:02 - 00000000 ____D C:\_800173_
2016-02-13 07:50 - 2016-02-13 07:50 - 00000000 _RSHD C:\360SANDBOX
2016-02-13 07:50 - 2016-02-01 06:20 - 00368720 _____ (360.cn) C:\Windows\system32\Drivers\360fsflt.sys
2016-02-13 07:50 - 2016-02-01 06:20 - 00319568 _____ (360.cn) C:\Windows\system32\Drivers\360Box64.sys
2016-02-13 07:50 - 2016-02-01 06:20 - 00181328 _____ (360.cn) C:\Windows\system32\Drivers\BAPIDRV64.SYS
2016-02-13 07:50 - 2016-02-01 06:20 - 00137808 _____ (360.cn) C:\Windows\system32\Drivers\360AntiHacker64.sys
2016-02-13 07:50 - 2016-02-01 06:20 - 00077904 _____ (360.cn) C:\Windows\system32\Drivers\360AvFlt.sys
2016-02-13 07:50 - 2016-02-01 06:20 - 00040520 _____ (360.cn) C:\Windows\system32\Drivers\360Camera64.sys
2016-02-13 07:14 - 2016-02-13 09:42 - 00000000 ____D C:\Windows\Tasks\360Disabled
2016-02-13 07:13 - 2016-02-01 06:20 - 00077904 _____ (360.cn) C:\Windows\SysWOW64\Drivers\360AvFlt.sys
2016-02-13 07:12 - 2016-02-13 07:49 - 00000000 ____D C:\Program Files (x86)\360
2016-02-12 13:38 - 2016-02-12 13:38 - 00000207 _____ C:\Windows\tweaking.com-regbackup-GORDON-PC-Windows-7-Home-Premium-(64-bit).dat
2016-02-12 13:38 - 2016-02-12 13:38 - 00000000 ____D C:\RegBackup
2016-02-01 06:53 - 2016-02-01 06:53 - 00000000 ____D C:\Program Files\7-Zip
2016-02-01 06:22 - 2016-02-01 06:22 - 00000000 ____D C:\32788R22FWJFW
2016-02-01 06:13 - 2016-02-01 06:13 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2016-01-31 19:32 - 2016-01-31 19:32 - 00000000 ____D C:\$WINDOWS.~BT
2016-01-29 18:59 - 2016-01-29 18:59 - 00000000 ____D C:\AVG_Remover
2016-01-22 13:43 - 2016-01-22 13:57 - 1067133204 _____ C:\ProgramData.zip
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-20 15:24 - 2014-01-18 12:47 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-20 15:12 - 2015-03-28 20:51 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-02-20 14:21 - 2015-04-28 09:36 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-20 14:04 - 2009-07-14 04:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-20 14:04 - 2009-07-14 04:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-20 11:49 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\inf
2016-02-20 11:36 - 2009-07-14 05:13 - 00782022 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-20 11:31 - 2015-02-01 23:00 - 00000012 _____ C:\Windows\CUAppUsage.Dat
2016-02-20 11:31 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-20 11:06 - 2015-06-30 07:15 - 00000000 ____D C:\Program Files\Common Files\AV
2016-02-17 07:23 - 2015-11-30 17:58 - 00000000 ____D C:\Users\Admin
2016-02-17 07:20 - 2014-07-10 16:55 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-02-16 21:06 - 2009-07-14 02:33 - 00000000 ____D C:\Temp1234
2016-02-16 20:57 - 2013-01-17 12:21 - 00000000 ____D C:\temp
2016-02-15 21:21 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\rescache
2016-02-15 18:32 - 2014-01-18 12:47 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-15 18:32 - 2009-07-14 05:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-02-15 14:36 - 2015-02-11 13:08 - 00004032 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2016-02-15 14:36 - 2015-02-11 13:08 - 00003484 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2016-02-15 14:36 - 2014-01-18 12:47 - 00003904 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-15 14:36 - 2014-01-18 12:47 - 00003654 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-15 10:48 - 2015-02-26 20:05 - 00000000 ____D C:\Program Files (x86)\MSECache
2016-02-13 14:46 - 2014-01-17 09:41 - 00000000 ____D C:\Users\Gordon
2016-02-13 09:42 - 2015-02-12 09:33 - 00003236 _____ C:\Windows\System32\Tasks\Dell SupportAssistAgent AutoUpdate
2016-02-13 08:02 - 2014-02-01 20:41 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2016-02-13 07:54 - 2014-11-26 10:14 - 00002990 _____ C:\Windows\System32\Tasks\{A89442B6-8574-42A6-82EA-76F38025C4F7}
2016-02-13 07:54 - 2014-11-26 10:14 - 00002990 _____ C:\Windows\System32\Tasks\{2D6CA939-62FD-4F82-9015-85E8119CAAA0}
2016-02-13 07:54 - 2009-07-14 05:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2016-02-12 13:55 - 2009-07-14 02:34 - 00000487 _____ C:\Windows\win.ini
2016-02-12 12:53 - 2014-06-03 11:40 - 00000437 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2016-02-05 16:07 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\NDF
2016-02-01 06:54 - 2014-11-26 15:01 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-02-01 06:54 - 2014-01-29 00:20 - 00000000 ____D C:\Program Files (x86)\Java
2016-01-31 19:32 - 2014-08-25 15:09 - 00026448 _____ C:\Windows\diagwrn.xml
2016-01-31 19:32 - 2014-08-25 15:09 - 00001908 _____ C:\Windows\diagerr.xml
2016-01-31 18:50 - 2015-12-03 23:48 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-01-31 18:50 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\Msdtc
2016-01-31 18:50 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\registration
2016-01-31 18:47 - 2013-03-18 16:53 - 00000000 __RHD C:\MSOCache
2016-01-31 11:23 - 2014-02-02 20:45 - 00000000 ____D C:\Program Files\CCleaner
 
==================== Files in the root of some directories =======
 
2015-12-10 20:46 - 2015-12-10 20:59 - 6420480 _____ () C:\Program Files (x86)\GUTF11D.tmp
2014-05-28 06:38 - 2014-05-28 06:55 - 0000375 _____ () C:\Users\Gordon\AppData\Roaming\DNGProfileManager
2016-02-15 15:49 - 2016-02-15 15:53 - 0000115 _____ () C:\Users\Gordon\AppData\Roaming\LogFile.txt
2014-03-19 11:34 - 2014-03-19 11:37 - 0563310 _____ () C:\Users\Gordon\AppData\Roaming\Scorch_Install.log
2015-01-22 18:42 - 2015-01-22 18:42 - 0000038 ___SH () C:\Users\Gordon\AppData\Local\69ff07055291669bb2b218.72821112
2014-12-31 02:55 - 2015-06-28 17:13 - 0000136 ____N () C:\Users\Gordon\AppData\Local\Created by WindowsXLive.net.URL
2014-12-31 02:55 - 2015-06-28 17:13 - 0000130 ____N () C:\Users\Gordon\AppData\Local\Find More at ThemeMyPC.com.URL
2015-06-22 15:43 - 2015-06-22 15:43 - 0000736 _____ () C:\Users\Gordon\AppData\Local\recently-used.xbel
2014-10-12 12:34 - 2015-02-08 19:09 - 0007602 _____ () C:\Users\Gordon\AppData\Local\resmon.resmoncfg
2014-11-22 18:22 - 2014-11-22 18:22 - 0000045 _____ () C:\ProgramData\.SimImages
2014-01-17 19:24 - 2014-01-17 19:24 - 0212115 _____ () C:\ProgramData\1389986293.bdinstall.bin
2014-01-27 20:48 - 2014-01-27 20:48 - 0037823 _____ () C:\ProgramData\1390855688.bdinstall.bin
2014-01-27 20:49 - 2014-01-27 20:49 - 0096956 _____ () C:\ProgramData\1390855689.bdinstall.bin
2016-02-12 21:23 - 2016-02-12 21:23 - 0045486 _____ () C:\ProgramData\1455312171.bdinstall.bin
2016-02-12 21:28 - 2016-02-12 21:28 - 0002055 _____ () C:\ProgramData\1455312491.3004.bin
2016-02-12 21:28 - 2016-02-12 21:28 - 0040410 _____ () C:\ProgramData\1455312491.4196.bin
2016-02-12 21:35 - 2016-02-12 21:35 - 0208132 _____ () C:\ProgramData\1455312741.bdinstall.bin
2016-02-13 07:39 - 2016-02-13 07:39 - 0038733 _____ () C:\ProgramData\1455349137.bdinstall.bin
2016-02-13 07:42 - 2016-02-13 07:42 - 0096713 _____ () C:\ProgramData\1455349142.bdinstall.bin
2014-02-20 22:35 - 2015-10-09 16:38 - 2895504 _____ (AVG Technologies) C:\ProgramData\MFAData.partial
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-02-18 07:51
 
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-02-2016
Ran by Gordon (2016-02-20 16:01:06)
Running from C:\Users\Gordon\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2014-01-17 09:41:31)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Admin (S-1-5-21-2830489159-1404018476-1906715735-1009 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-2830489159-1404018476-1906715735-500 - Administrator - Disabled)
Gordon (S-1-5-21-2830489159-1404018476-1906715735-1000 - Administrator - Enabled) => C:\Users\Gordon
Guest (S-1-5-21-2830489159-1404018476-1906715735-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2830489159-1404018476-1906715735-1007 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: 360 Total Security (Enabled - Up to date) {2B66EE1E-E5C8-C2F7-648F-4E55AC68D37D}
AS: 360 Total Security (Enabled - Up to date) {90070FFA-C3F2-CD79-5E3F-7527D7EF99C0}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

360 Total Security (HKLM-x32\...\360TotalSecurity) (Version: 8.2.0.1098 - 360 Security Center)
7-Zip 15.14 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1514-000001000000}) (Version: 15.14.00.0 - Igor Pavlov)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.270 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{37FCE154-7F59-74F0-3A35-BF503CEB230B}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Awesome Duplicate Photo Finder v. 1.1 (HKLM-x32\...\Awesome Duplicate Photo Finder_is1) (Version: - Duplicate-Finder.com)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bulk Rename Utility 2.7.1.3 (HKLM\...\Bulk Rename Utility_is1) (Version: - TGRMN Software)
Canon MP Navigator EX 2.0 (HKLM-x32\...\MP Navigator EX 2.0) (Version: - )
Canon MP540 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP540_series) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform)
Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version: - )
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - Acro Software Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Data Vault (Version: 4.1.9.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{693A23FB-F28B-4F7A-A720-4C1263F97F43}) (Version: 3.1.1002.0 - Dell Products, LP)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.0.1.56462 - Dell)
Dell System Detect - 1 (HKU\S-1-5-21-2830489159-1404018476-1906715735-1000\...\73f463568823ebbe) (Version: 5.14.0.9 - Dell)
Eraser 6.2.0.2962 (HKLM\...\{C6E287F1-2E47-45F0-BB51-94F815CFFB48}) (Version: 6.2.2962 - The Eraser Project)
Exif Pilot 4.7 (HKLM-x32\...\Exif Pilot_is1) (Version: 4.7 - Two Pilots)
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version: - FileHippo.com)
FMW 1 (Version: 1.52.1 - AVG Technologies) Hidden
Folder Colorizer version 1.3.3 (HKLM\...\{A133E9CD-2879-4F30-87D4-1604AFD5C5CC}_is1) (Version: 1.3.3 - Softorino)
FossaMail 25.1.9 (x64 en-US) (HKLM\...\FossaMail 25.1.9 (x64 en-US)) (Version: 25.1.9 - Mozilla)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 3.7.143.923 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.3.0.118 - Foxit Software Inc.)
GlassWire 1.0 (remove only) (HKLM-x32\...\GlassWire 1.0) (Version: 1.0.68 - SecureMix LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
HostsMan 4.5.102 (HKLM-x32\...\{1A3DD1A9-7B7B-4ECA-AD2F-98466F49F62C}_is1) (Version: 4.5.102.0 - abelhadigital.com)
iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)
Image Resizer for Windows (64 bit) (Version: 3.0.4802.35565 - Brice Lambson) Hidden
Image Resizer for Windows (HKLM-x32\...\{69d72156-6582-4556-8637-06f40aa7f85b}) (Version: 3.0.4802.35565 - Brice Lambson)
IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.41 - Irfan Skiljan)
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.17 - Oracle Corporation)
Java 8 Update 72 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218072F0}) (Version: 8.0.720.15 - Oracle Corporation)
Karen's Directory Printer (HKLM-x32\...\Karen's Directory Printer) (Version: 5.3.0.2 - Karen Kenworthy)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.5.166.0 - Microsoft Corporation)
Microsoft Network Monitor 3.4 (HKLM\...\{8C5B5A11-CBF8-451B-B201-77FAB0D0B77D}) (Version: 3.4.2350.0 - Microsoft Corporation)
Microsoft Network Monitor: NetworkMonitor Parsers 3.4 (HKLM\...\{963E5FEB-1367-46B9-851D-A957F1A3747F}) (Version: 3.4.2350.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
PDFBinder (HKLM-x32\...\{8BA03AC2-579F-41CD-A250-740137D86F7A}) (Version: 1.0.0 - Malamute.dk)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5963 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Revo Uninstaller Pro 3.1.5 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.5 - VS Revo Group, Ltd.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.)
Serif PhotoPlus X7 (HKLM\...\{7B7344AA-B8E3-4A86-B499-517B7E2F6CB3}) (Version: 17.0.2.022 - Serif (Europe) Ltd)
SES Driver (HKLM\...\{D8CC254C-C671-4664-9A38-FA368D1E2C97}) (Version: 1.0.0 - Western Digital)
SimilarImages (HKLM-x32\...\SimilarImages) (Version: 2013.11 - Nils Maier)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VisiPics V1.31 (HKLM-x32\...\VisiPics_is1) (Version: - Ozone)
WhoCrashed 5.03 (HKLM\...\WhoCrashed_is1) (Version: - Resplendence Software Projects Sp.)
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (01/19/2011 1.0.0009.0) (HKLM\...\4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20) (Version: 01/19/2011 1.0.0009.0 - Western Digital Technologies)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {072E37C9-786F-4462-91D6-F0E0B0E5BBE6} - System32\Tasks\{74966C35-D32A-4E67-AD37-64235BD45AB5} => C:\Program Files\Folder Colorizer\FolderColorPicker.exe [2014-06-10] (Softorino)
Task: {08C801B4-34B3-4B1A-8A17-A50BF1033EE1} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {0A7AEEF6-0D9E-4A1D-92C9-FDF61BD8D1CD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {0B967659-B3B3-4D36-B251-83EA2D50EC31} - System32\Tasks\{E9BCF4D0-2005-4A14-935D-82B2CEF013F4} => pcalua.exe -a "C:\Program Files (x86)\Windows Installer Clean Up\MsiZap.exe" -d "C:\Program Files (x86)\Windows Installer Clean Up"
Task: {171E4AF6-9016-40C4-AC46-66DD9BA64BB2} - System32\Tasks\{A92D1191-BE19-4BB2-87B6-7A520E4B4A5C} => pcalua.exe -a C:\Users\Gordon\Downloads\irfanview_plugins_438_setup.exe -d C:\Users\Gordon\Downloads
Task: {1A8DB0A2-1D06-41EC-91E9-F99027CFA1CE} - System32\Tasks\{875415E4-7F27-4C04-8BC3-FA4495A1A40D} => pcalua.exe -a C:\Users\Gordon\Downloads\iview438_setup.exe -d C:\Users\Gordon\Downloads
Task: {24145461-A7EB-4D09-9508-3646B56AA078} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {26C0778A-295E-4A8D-8E49-527740693BE1} - \TweakBit\PCCleaner\Start PCCleaner оn logon -> No File <==== ATTENTION
Task: {3F3CC1AF-E691-4E3E-9573-8137A1A0BDC3} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe
Task: {50659321-BE5F-4C94-A53B-B49A7EDEA0AF} - \TweakBit\FixMyPC\Start FixMyPC оn logon -> No File <==== ATTENTION
Task: {5EC357FB-704C-4FEC-ACF6-3215367D02BE} - System32\Tasks\{E53F9812-365C-4EB5-A14C-5B6E63AD376E} => pcalua.exe -a "C:\Users\Gordon\Desktop\irfanview_plugins_437_setup (1).exe" -d C:\Users\Gordon\Desktop
Task: {60C4AC6B-B15C-428B-B4EB-BF64CD60E270} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {64453DF2-39A3-4D0D-BD7F-29D4FE354457} - System32\Tasks\{DC25A521-071F-4903-8718-98527FBE929D} => pcalua.exe -a C:\dell\drivers\R291793\Setup.exe -d C:\dell\drivers\R291793
Task: {6B0DE9C6-EEBE-4794-8F45-AC52D5932363} - System32\Tasks\{F79B8A10-7910-4FC2-8938-071C3BF602BF} => pcalua.exe -a C:\Users\Gordon\Desktop\irfanview_plugins_437_setup.exe
Task: {7309CA5C-0448-4B0C-93B6-52CBE700878F} - System32\Tasks\{2D6CA939-62FD-4F82-9015-85E8119CAAA0} => Chrome.exe
Task: {843AA3C3-282C-4D89-84A0-517589B7AD60} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe
Task: {850E7F1E-BF2A-46F1-9B08-D9D739A62225} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-07-08] (Microsoft Corporation)
Task: {886E00F5-305F-4023-89E4-97533849434C} - System32\Tasks\{F99BD073-AE94-4873-B822-AEF183CB2092} => pcalua.exe -a C:\Users\Gordon\Downloads\Nokia_PC_Suite_ALL.exe -d C:\Users\Gordon\Downloads
Task: {89A91A17-E6C4-432D-8E2B-10BF27AD3A1C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-01-15] (Piriform Ltd)
Task: {8F1DAB45-2D59-4ACD-AB59-4B680BA87FA2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-02] (Adobe Systems Incorporated)
Task: {A87A2044-C9FA-4B34-AD7C-4021A4560078} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {A98DB32A-611C-4325-B325-C555D25C5D09} - System32\Tasks\{A89442B6-8574-42A6-82EA-76F38025C4F7} => Chrome.exe
Task: {ADB15AC3-FF81-4F45-9648-ADDC9BD2F6D4} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-07-08] (Microsoft Corporation)
Task: {B6A09045-5F82-47F6-ACD9-2D2287C76E71} - System32\Tasks\{1CF04D86-885D-4A37-A461-2D43B5A75D5A} => pcalua.exe -a C:\Users\Gordon\Downloads\irfanview_plugins_438_setup.exe -d C:\Users\Gordon\Downloads
Task: {E111467E-4637-4D6A-971C-4C4A2083D3DF} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-07-08] (Microsoft Corporation)
Task: {E46BC9F6-7453-4658-B3B1-C602F7A1299A} - System32\Tasks\{CC752DD2-18CC-42DE-B593-50B25323AD9E} => pcalua.exe -a "C:\Users\Gordon\AppData\Local\Temp\Temp4_WDSmartWare_Windows_Disk_Image_PP4R2_1_4_1_2.zip\WD SmartWare\dotnetfx35.exe"
Task: {E5815017-F14A-4383-A957-8EB91D53A393} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2015-07-08] (Microsoft)
Task: {E7ED31D6-4202-4AD9-9BA9-F350434558F5} - \SafeZone scheduled Autoupdate 1450044294 -> No File <==== ATTENTION
Task: {ECE0F101-88B6-4F64-BBDC-129EBE1ABAB3} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-07-08] (Microsoft Corporation)
Task: {F82D4529-B76F-4F9D-A27F-D8E0A5B745F8} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-02-19] (Microsoft)
Task: {F97C43C8-8819-4B55-9986-052B21A932C0} - System32\Tasks\{CBE20539-A6F8-4845-9941-D40CF7C509C7} => C:\Program Files\Folder Colorizer\FolderColorPicker.exe [2014-06-10] (Softorino)
Task: {FC1231A3-F011-44D8-8AFB-F88647E16AF4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {FE7F7599-9B5B-4508-B4F4-E0D10EAE9088} - System32\Tasks\{2915C647-E3C6-4D28-B318-D5F6DF30059B} => pcalua.exe -a "C:\Users\Gordon\Desktop\network based\mp540sosmwin100en.exe" -d "C:\Users\Gordon\Desktop\network based"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Gordon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Degree Days.net\Degree Days.net Desktop.lnk -> C:\Program Files (x86)\Java\jre1.8.0_72\bin\javaws.exe (Oracle Corporation) -> -localfile -J-Djnlp.application.href=hxxp://desktop.degreedays.net/app.jnlp "C:\Users\Gordon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\6a6898bc-47d3e3e8"

==================== Loaded Modules (Whitelisted) ==============

2015-08-29 17:48 - 2013-10-23 14:24 - 00087600 _____ () C:\Windows\System32\cpwmon64.dll
2014-03-25 12:55 - 2014-06-10 11:53 - 00137528 _____ () C:\Program Files\Folder Colorizer\FolderColorShlExt.dll
2016-02-13 07:50 - 2016-02-01 06:20 - 00614480 _____ () C:\Program Files (x86)\360\Total Security\MenuEx64.dll
2016-02-13 07:50 - 2016-02-01 06:20 - 00088184 _____ () C:\Program Files (x86)\360\Total Security\deepscan\qutmload.dll
2015-12-25 12:38 - 2015-12-25 12:38 - 00246272 _____ () C:\Program Files (x86)\GlassWire\GeoIP.dll
2016-02-13 07:50 - 2016-02-01 06:20 - 00578168 _____ () C:\Program Files (x86)\360\Total Security\safemon\wdui2.dll
2015-03-16 10:28 - 2015-03-16 10:28 - 00155528 _____ () C:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2015-11-11 03:41 - 2015-11-11 03:41 - 00756376 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2016-02-20 00:27 - 2016-02-18 04:14 - 01630360 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libglesv2.dll
2016-02-20 00:27 - 2016-02-18 04:14 - 00085656 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2830489159-1404018476-1906715735-1000\...\dell.com -> dell.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 02:34 - 2016-02-12 13:55 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2830489159-1404018476-1906715735-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Gordon\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.8.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: Avira.OE.ServiceHost => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: DellDataVault => 2
MSCONFIG\Services: DellDataVaultWiz => 2
MSCONFIG\Services: DellDigitalDelivery => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: SandraAgentSrv => 3
MSCONFIG\Services: SupportAssistAgent => 2
MSCONFIG\startupfolder: C:^Users^Gordon^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: AMD AVT => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Eraser => "C:\Program Files\Eraser\Eraser.exe" /atRestart
MSCONFIG\startupreg: GoogleChromeAutoLaunch_B6782EB37A5684EAF5E9259CC05D11A8 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{D4EF1C9B-EBA5-4E4D-AB49-5FD6F8BF019E}C:\program files (x86)\java\jre1.8.0_31\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\jp2launcher.exe
FirewallRules: [UDP Query User{3E7A3981-A0CF-4341-B447-EBFC54086D28}C:\program files (x86)\java\jre1.8.0_31\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\jp2launcher.exe
FirewallRules: [TCP Query User{BDF83640-8501-452E-8DDD-5C94F6104981}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [UDP Query User{3CE055D0-56EE-43D0-AA61-1646F02C3C78}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [{3AAC8A3E-4212-441F-9F11-6138115AA127}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{664C0C30-AB2A-4BE5-A1CE-EDD62F5D14F5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{51A6EA61-6F49-4B81-9627-5D346839A286}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AC502EA9-853A-43E0-B6D7-94A7C3EFA54B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{870B9754-B65C-4CFC-8023-57D8F903B595}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{BBB311BE-BFB0-4FE0-9E01-1D052E472BC8}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe
FirewallRules: [{90DAFBB2-4C5E-4B89-9FAA-803102D6F8AD}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe
FirewallRules: [{ED85642A-44FC-42B2-893D-9F400F057F88}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{A1456207-4644-4826-95C3-BCD9FBE6E87F}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{9E5B23CF-439C-4F8E-A243-3778D0D515B4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{466A1BBB-94E4-4695-8456-117D4844A3C3}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{19317799-46E4-42E6-9081-9BD1C38D843E}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe

==================== Restore Points =========================

15-02-2016 10:38:15 Revo Uninstaller Pro's restore point - husdawg
15-02-2016 10:39:17 Revo Uninstaller Pro's restore point - System Requirements Lab for Intel
15-02-2016 10:40:59 Revo Uninstaller Pro's restore point - Unlocker 1.9.2
15-02-2016 10:47:41 Revo Uninstaller Pro's restore point - Windows Installer Clean Up
15-02-2016 10:47:59 Removed Windows Installer Clean Up
15-02-2016 10:53:49 Revo Uninstaller Pro's restore point - avg
15-02-2016 10:55:40 Revo Uninstaller Pro's restore point - AVG 2015
15-02-2016 10:56:08 Revo Uninstaller Pro's restore point - AVG 2015(1)
15-02-2016 10:57:48 Revo Uninstaller Pro's restore point - Avira Free Antivirus(1)
15-02-2016 10:59:20 Revo Uninstaller Pro's restore point - Avira NTFS4DOS
15-02-2016 14:54:27 Windows Modules Installer
15-02-2016 15:47:40 Windows Update
15-02-2016 19:02:41 Revo Uninstaller Pro's restore point - SpeedyPC Pro
15-02-2016 19:05:13 Revo Uninstaller Pro's restore point - speedy
15-02-2016 19:32:18 Revo Uninstaller Pro's restore point - belarc
16-02-2016 20:27:16 Revo Uninstaller Pro's restore point - WhoCrashed 5.03
16-02-2016 20:56:29 Installed Dell Backup and Recovery
17-02-2016 06:48:16 Installed Dell Backup and Recovery
17-02-2016 06:57:50 Revo Uninstaller Pro's restore point - SpeedyPC Pro
17-02-2016 06:58:55 Revo Uninstaller Pro's restore point - speedy
20-02-2016 11:19:03 Revo Uninstaller Pro's restore point - Revo Uninstaller Pro 3.1.5
20-02-2016 12:16:31 Revo Uninstaller Pro's restore point - Revo Uninstaller Pro 3.1.5
20-02-2016 12:58:45 Revo Uninstaller Pro's restore point - IrfanView (remove only)
20-02-2016 12:59:21 Revo Uninstaller Pro's restore point - IrfanView (remove only)
20-02-2016 13:00:43 Revo Uninstaller Pro's restore point - IrfanView (remove only)
20-02-2016 13:02:10 Revo Uninstaller Pro's restore point - IrfanView 64 (remove only)
20-02-2016 14:41:21 Revo Uninstaller Pro's restore point - Revo Uninstaller Pro 3.1.5
20-02-2016 14:42:19 Revo Uninstaller Pro's restore point - IrfanView (remove only)
20-02-2016 14:46:42 Revo Uninstaller Pro's restore point - IrfanView 64 (remove only)

==================== Faulty Device Manager Devices =============

Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (02/20/2016 12:31:42 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {3C5E2B20-B911-44E2-A2DD-9F05E7B5E775}


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU E7500 @ 2.93GHz
Percentage of memory in use: 57%
Total physical RAM: 4094.98 MB
Available physical RAM: 1758.55 MB
Total Virtual: 8188.18 MB
Available Virtual: 5444.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:585.41 GB) (Free:499.38 GB) NTFS
Drive i: (RECOVERY) (Fixed) (Total:10.69 GB) (Free:3.71 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 18000000)
Partition 1: (Not Active) - (Size=78 MB) - (Type=DE)
Partition 2: (Active) - (Size=10.7 GB) - (Type=27)
Partition 3: (Not Active) - (Size=585.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 20 February 2016 - 04:33 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:55 AM

Posted 20 February 2016 - 05:29 PM

Greetings poulner and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Click Format and check Word Wrap
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-2830489159-1404018476-1906715735-1000\...\MountPoints2: E - E:\unlock.exe autoplay=true
HKU\S-1-5-21-2830489159-1404018476-1906715735-1000\...\MountPoints2: {56d48167-4cae-11e5-8062-00256485166c} - F:\unlock.exe autoplay=true
HKU\S-1-5-21-2830489159-1404018476-1906715735-1000\...\MountPoints2: {fbece6d8-e3e1-11e3-8e49-00256485166c} - E:\unlock.exe autoplay=true
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [DBRShellOverlayBackupFile] -> {831CEBDD-6BAF-4432-BE76-9E0989C14AEF} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll No File
ShellIconOverlayIdentifiers: [DBRShellOverlayModifiedBackupFile] -> {275E4FD7-21EF-45CF-A836-832E5D2CC1B3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll No File
BootExecute:
Winsock: Catalog9 11 %windir%\system32\vsocklib.dll No File
Winsock: Catalog9 12 %windir%\system32\vsocklib.dll No File
Winsock: Catalog9 13 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll No File
Winsock: Catalog9 14 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll No File
Winsock: Catalog9 15 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll No File
Winsock: Catalog9 16 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll No File
Winsock: Catalog9 17 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll No File
Winsock: Catalog9 18 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll No File
Winsock: Catalog9 19 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll No File
Winsock: Catalog9 20 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll No File
Winsock: Catalog9 21 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll No File
Winsock: Catalog9-x64 11 %windir%\system32\vsocklib.dll No File
Winsock: Catalog9-x64 12 %windir%\system32\vsocklib.dll No File
Winsock: Catalog9-x64 13 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll No File
Winsock: Catalog9-x64 14 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll No File
Winsock: Catalog9-x64 15 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll No File
Winsock: Catalog9-x64 16 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll No File
Winsock: Catalog9-x64 17 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll No File
Winsock: Catalog9-x64 18 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll No File
Winsock: Catalog9-x64 19 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll No File
Winsock: Catalog9-x64 20 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2830489159-1404018476-1906715735-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTI
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR HomePage: Default -> hxxp://www.dregol.com/?f=1&a=drg_ir_15_19&cd=2XzuyEtN2Y1L1Qzu0CyEtCyB0F0Ezy0CtB0AtAzztDtC0EyEtN0D0Tzu0StCtBtBtAtN1L2XzutAtFtCtDtFtBtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAtA0CtCyC0A0C0FtGtBzz0ByEtGyD0DyDtDtGyBzyzyyBtGtByC0B0C0FtBtC0DyD0E0FtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzytCtA0C0CtA0CtGtA0FtA0AtGyEtB0DtBtG0AtCtDtAtGtCzy0DyC0C0E0B0CyB0E0FtB2QtN0A0LzutB&cr=17699499&ir=
S3 MMPSY; \??\C:\Users\Gordon\AppData\Local\Temp\mmpsy64.sys [X]
2016-02-15 10:48 - 2016-02-15 10:48 - 00000000 ____D C:\MSIedbdb.tmp
2016-02-15 10:46 - 2016-02-15 10:46 - 00003232 _____ C:\Windows\System32\Tasks\{E9BCF4D0-2005-4A14-935D-82B2CEF013F4}
2016-02-15 10:30 - 2016-02-15 10:30 - 00000000 ____D C:\MSIeefc8.tmp
2016-02-13 08:04 - 2016-02-13 08:04 - 00000000 ____D C:\MSIb8252.tmp
2016-02-13 08:03 - 2016-02-13 08:03 - 00000000 ____D C:\3bce099f-5945-47b7-b7cc-f435bad45063
2016-02-13 08:02 - 2016-02-13 08:02 - 00000000 ____D C:\MSIb824a.tmp
2016-02-13 08:02 - 2016-02-13 08:02 - 00000000 ____D C:\_800173_
2016-02-16 21:06 - 2009-07-14 02:33 - 00000000 ____D C:\Temp1234
2016-02-16 20:57 - 2013-01-17 12:21 - 00000000 ____D C:\temp
2015-12-10 20:46 - 2015-12-10 20:59 - 6420480 _____ () C:\Program Files (x86)\GUTF11D.tmp
Task: {26C0778A-295E-4A8D-8E49-527740693BE1} - \TweakBit\PCCleaner\Start PCCleaner оn logon -> No File <==== ATTENTION
Task: {50659321-BE5F-4C94-A53B-B49A7EDEA0AF} - \TweakBit\FixMyPC\Start FixMyPC оn logon -> No File <==== ATTENTION
Task: {E7ED31D6-4202-4AD9-9BA9-F350434558F5} - \SafeZone scheduled Autoupdate 1450044294 -> No File <==== ATTENTION
cmd: netsh winsock reset
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • System Summary Information
  • Update on computer behavior

Edited by Oh My!, 20 February 2016 - 11:51 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 poulner

poulner
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Souhtern England
  • Local time:11:55 AM

Posted 21 February 2016 - 06:27 AM

Hi Gary! :) Bear with me: I'm a slow oldie! ;D and sometimes have senior moments.

 

Nothing in particular about behaviour except seems slow. A scheduled scan with 360 Total Security warned of a trojan "

NATIVEIMAGES_V2.0.50727. I took no action.

 
 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:07-02-2016
Ran by Gordon (2016-02-21 10:59:43) Run:1
Running from C:\Users\Gordon\Desktop
Loaded Profiles: Gordon (Available Profiles: Gordon & Admin)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-2830489159-1404018476-1906715735-1000\...\MountPoints2: E - E:\unlock.exe autoplay=true
HKU\S-1-5-21-2830489159-1404018476-1906715735-1000\...\MountPoints2: {56d48167-4cae-11e5-8062-00256485166c} - F:\unlock.exe autoplay=true
HKU\S-1-5-21-2830489159-1404018476-1906715735-1000\...\MountPoints2: {fbece6d8-e3e1-11e3-8e49-00256485166c} - E:\unlock.exe autoplay=true
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [DBRShellOverlayBackupFile] -> {831CEBDD-6BAF-4432-BE76-9E0989C14AEF} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll No File
ShellIconOverlayIdentifiers: [DBRShellOverlayModifiedBackupFile] -> {275E4FD7-21EF-45CF-A836-832E5D2CC1B3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll No File
BootExecute:
Winsock: Catalog9 11 %windir%\system32\vsocklib.dll No File
Winsock: Catalog9 12 %windir%\system32\vsocklib.dll No File
Winsock: Catalog9 13 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll No File
Winsock: Catalog9 14 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll No File
Winsock: Catalog9 15 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll No File
Winsock: Catalog9 16 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll No File
Winsock: Catalog9 17 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll No File
Winsock: Catalog9 18 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll No File
Winsock: Catalog9 19 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll No File
Winsock: Catalog9 20 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll No File
Winsock: Catalog9 21 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll No File
Winsock: Catalog9-x64 11 %windir%\system32\vsocklib.dll No File
Winsock: Catalog9-x64 12 %windir%\system32\vsocklib.dll No File
Winsock: Catalog9-x64 13 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll No File
Winsock: Catalog9-x64 14 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll No File
Winsock: Catalog9-x64 15 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll No File
Winsock: Catalog9-x64 16 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll No File
Winsock: Catalog9-x64 17 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll No File
Winsock: Catalog9-x64 18 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll No File
Winsock: Catalog9-x64 19 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll No File
Winsock: Catalog9-x64 20 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2830489159-1404018476-1906715735-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTI
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR HomePage: Default -> hxxp://www.dregol.com/?f=1&a=drg_ir_15_19&cd=2XzuyEtN2Y1L1Qzu0CyEtCyB0F0Ezy0CtB0AtAzztDtC0EyEtN0D0Tzu0StCtBtBtAtN1L2XzutAtFtCtDtFtBtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAtA0CtCyC0A0C0FtGtBzz0ByEtGyD0DyDtDtGyBzyzyyBtGtByC0B0C0FtBtC0DyD0E0FtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzytCtA0C0CtA0CtGtA0FtA0AtGyEtB0DtBtG0AtCtDtAtGtCzy0DyC0C0E0B0CyB0E0FtB2QtN0A0LzutB&cr=17699499&ir=
S3 MMPSY; \??\C:\Users\Gordon\AppData\Local\Temp\mmpsy64.sys [X]
2016-02-15 10:48 - 2016-02-15 10:48 - 00000000 ____D C:\MSIedbdb.tmp
2016-02-15 10:46 - 2016-02-15 10:46 - 00003232 _____ C:\Windows\System32\Tasks\{E9BCF4D0-2005-4A14-935D-82B2CEF013F4}
2016-02-15 10:30 - 2016-02-15 10:30 - 00000000 ____D C:\MSIeefc8.tmp
2016-02-13 08:04 - 2016-02-13 08:04 - 00000000 ____D C:\MSIb8252.tmp
2016-02-13 08:03 - 2016-02-13 08:03 - 00000000 ____D C:\3bce099f-5945-47b7-b7cc-f435bad45063
2016-02-13 08:02 - 2016-02-13 08:02 - 00000000 ____D C:\MSIb824a.tmp
2016-02-13 08:02 - 2016-02-13 08:02 - 00000000 ____D C:\_800173_
2016-02-16 21:06 - 2009-07-14 02:33 - 00000000 ____D C:\Temp1234
2016-02-16 20:57 - 2013-01-17 12:21 - 00000000 ____D C:\temp
2015-12-10 20:46 - 2015-12-10 20:59 - 6420480 _____ () C:\Program Files (x86)\GUTF11D.tmp
Task: {26C0778A-295E-4A8D-8E49-527740693BE1} - \TweakBit\PCCleaner\Start PCCleaner оn logon -> No File <==== ATTENTION
Task: {50659321-BE5F-4C94-A53B-B49A7EDEA0AF} - \TweakBit\FixMyPC\Start FixMyPC оn logon -> No File <==== ATTENTION
Task: {E7ED31D6-4202-4AD9-9BA9-F350434558F5} - \SafeZone scheduled Autoupdate 1450044294 -> No File <==== ATTENTION
cmd: netsh winsock reset
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-2830489159-1404018476-1906715735-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E => key not found. 
HKU\S-1-5-21-2830489159-1404018476-1906715735-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{56d48167-4cae-11e5-8062-00256485166c} => key not found. 
HKCR\CLSID\{56d48167-4cae-11e5-8062-00256485166c} => key not found. 
HKU\S-1-5-21-2830489159-1404018476-1906715735-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fbece6d8-e3e1-11e3-8e49-00256485166c} => key not found. 
HKCR\CLSID\{fbece6d8-e3e1-11e3-8e49-00256485166c} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key not found. 
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DBRShellOverlayBackupFile => key not found. 
HKCR\CLSID\{831CEBDD-6BAF-4432-BE76-9E0989C14AEF} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DBRShellOverlayModifiedBackupFile => key not found. 
HKCR\CLSID\{275E4FD7-21EF-45CF-A836-832E5D2CC1B3} => key not found. 
hklm\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011 => key not found. 
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012 => key not found. 
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013 => key not found. 
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014 => key not found. 
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015 => key not found. 
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016 => key not found. 
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017 => key not found. 
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000018 => key not found. 
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000019 => key not found. 
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000020 => key not found. 
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000021 => key not found. 
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011 => key not found. 
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012 => key not found. 
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013 => key not found. 
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000014 => key not found. 
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000015 => key not found. 
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000016 => key not found. 
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000017 => key not found. 
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000018 => key not found. 
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000019 => key not found. 
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000020 => key not found. 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. 
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. 
HKU\S-1-5-21-2830489159-1404018476-1906715735-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. 
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
Chrome HomePage => not found.
MMPSY => service not found.
 
"C:\MSIedbdb.tmp" folder move:
 
Could not move "C:\MSIedbdb.tmp" => Scheduled to move on reboot.
 
"C:\Windows\System32\Tasks\{E9BCF4D0-2005-4A14-935D-82B2CEF013F4}" => not found.
 
"C:\MSIeefc8.tmp" folder move:
 
Could not move "C:\MSIeefc8.tmp" => Scheduled to move on reboot.
 
 
"C:\MSIb8252.tmp" folder move:
 
Could not move "C:\MSIb8252.tmp" => Scheduled to move on reboot.
 
 
"C:\3bce099f-5945-47b7-b7cc-f435bad45063" folder move:
 
Could not move "C:\3bce099f-5945-47b7-b7cc-f435bad45063" => Scheduled to move on reboot.
 
 
"C:\MSIb824a.tmp" folder move:
 
Could not move "C:\MSIb824a.tmp" => Scheduled to move on reboot.
 
 
"C:\_800173_" folder move:
 
Could not move "C:\_800173_" => Scheduled to move on reboot.
 
 
"C:\Temp1234" folder move:
 
Could not move "C:\Temp1234" => Scheduled to move on reboot.
 
 
"C:\temp" folder move:
 
Could not move "C:\temp" => Scheduled to move on reboot.
 
C:\Program Files (x86)\GUTF11D.tmp => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{26C0778A-295E-4A8D-8E49-527740693BE1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{26C0778A-295E-4A8D-8E49-527740693BE1}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TweakBit\PCCleaner\Start PCCleaner оn logon => key could not remove. ErrorCode: 0xC0000033
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{50659321-BE5F-4C94-A53B-B49A7EDEA0AF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{50659321-BE5F-4C94-A53B-B49A7EDEA0AF}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TweakBit\FixMyPC\Start FixMyPC оn logon => key could not remove. ErrorCode: 0xC0000033
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E7ED31D6-4202-4AD9-9BA9-F350434558F5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E7ED31D6-4202-4AD9-9BA9-F350434558F5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SafeZone scheduled Autoupdate 1450044294" => key removed successfully
 
=========  netsh winsock reset =========
 
Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 10107
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
==== End of Fixlog 11:02:09 ====

 

Attached Files


Edited by poulner, 21 February 2016 - 07:04 AM.


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:55 AM

Posted 21 February 2016 - 09:50 AM

Greetings and thank you for the information.

We will keep an eye out for the 360 warning but that folder is known for false positives.

Take your time and if you need me to clarify anything or something doesn't seem to be working right just stop and let me know.

You mentioned some symptoms in your opening post. Are you still noticing those or is it just that your computer is slow?

Please do this.

===================================================

Zoek by Smeenk - Running Commands and Performing a Scan

--------------------
  • Download Zoek and save it to your Desktop
  • Right click the icon, select Run as Admistrator, and wait for the Program to appear on your Desktop (may take 15 seconds or so)
  • Verify Scan All Users is selected
  • Click More Options and place a check mark in the following boxes:

Do a Deep Scan
Auto Clean

  • Click Run Script and wait patiently for the program to run
  • Do not use your computer while the scan is running
  • When completed a zoek-results.txt report will appear on your desktop. Copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Zoek report
  • Anything other than just slow?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 poulner

poulner
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Souhtern England
  • Local time:11:55 AM

Posted 21 February 2016 - 01:20 PM

Hi Gary

VS Revo is still misbehaving. I have not tried to see again if the AV progs will install. In all I think it best to assume all is at time of my OP.

360 Total Security quarantined Zoek, so I had to rescue it!

 

How long should it take to complete Zoek's task? My HD is 6GB, 85GB used. I ask because the scan started @ 15:38 and started to create backups @16:19. An hour later nothing seemed to have happened; cursor was still pulsating. Could the process be hanging for some reason?

 

I do recognise you said, "wait patiently", but time taken does seem on the high side.

 

Gordon



#6 poulner

poulner
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Souhtern England
  • Local time:11:55 AM

Posted 21 February 2016 - 01:29 PM

Just as a last thought did a search, Looks like results were not filed in Desktop but in C:\.

The file is below.

 

 
Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Gordon on 21/02/2016 at 15:36:28.81.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Gordon\Desktop\zoek.exe [Scan all users]  [Checkboxes used]
 
==== System Restore Info ======================
 
21/02/2016 15:38:32 Zoek.exe System Restore Point Created Successfully.
 
==== Empty Folders Check ======================
 
C:\PROGRA~2\Dell Backup and Recovery deleted successfully
C:\PROGRA~2\NirSoft deleted successfully
C:\PROGRA~2\COMMON~1\Roxio Shared deleted successfully
C:\PROGRA~2\COMMON~1\Western Digital deleted successfully
C:\Program Files\Nitro deleted successfully
C:\Program Files\Common Files\AV deleted successfully
C:\Program Files\Common Files\Western Digital deleted successfully
C:\PROGRA~3\Karen's Power Tools deleted successfully
C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deleted successfully
C:\PROGRA~3\Nokia deleted successfully
C:\Users\Gordon\AppData\Roaming\Eusing deleted successfully
C:\Users\Gordon\AppData\Roaming\NetMeter deleted successfully
C:\Users\Gordon\AppData\Local\Adobe deleted successfully
C:\Users\Gordon\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\Gordon\AppData\Local\EmieSiteList deleted successfully
C:\Users\Gordon\AppData\Local\EmieUserList deleted successfully
C:\Users\Gordon\AppData\Local\MindGems deleted successfully
C:\Users\Gordon\AppData\Local\ms-drivers deleted successfully
C:\Users\Gordon\AppData\Local\Samsung deleted successfully
C:\Users\Gordon\AppData\Local\softthinks deleted successfully
C:\Users\Gordon\AppData\Local\VirtualStore deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{73204B8A-87A8-49C8-A91A-FFCDE788A9ED} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{903C3322-6CEF-4CA5-BD37-4F056155FC08} deleted successfully
 
==== Deleting CLSID Registry Values ======================
 
 
==== Running Processes ======================
 
C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe
C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Gordon\Desktop\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
 
==== Deleting Services ======================


#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:55 AM

Posted 21 February 2016 - 03:32 PM

Greetings,

Thank you for hunting down the log. We didn't get the full report. Is there more to it?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 poulner

poulner
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Souhtern England
  • Local time:11:55 AM

Posted 21 February 2016 - 04:11 PM

Gary! The log did seem a bit on the short side, but it is about the same length as what I saw after the scan was @ 16:19 as in post #5.

 

That's why I asked how long the scan should last for a system like mine. Is something preventing the Zoek working as it should?

If I've mucked up the process, I apologise. Otherwise should I run again in Safe Mode, maybe with AV disabled?



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:55 AM

Posted 21 February 2016 - 04:23 PM

Greetings,

You didn't do anything wrong, the program can be a bit temperamental. Yes, try Safe Mode and disable AV. We may end up uninstalling your AV temporarily at some point. If this doesn't work I have other programs we can use.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 poulner

poulner
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Souhtern England
  • Local time:11:55 AM

Posted 22 February 2016 - 04:40 AM

Hi Gary

Ran Zoek this morning. Worked much faster in Safe Mode, but after 1/2 hour creating backups...zilch!

Would an alternative be preferable now?

 

Regards

Gordon



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:55 AM

Posted 22 February 2016 - 10:17 AM

Greetings Gordon,

Thanks for the extra effort. Please run this.

===================================================

Running Combofix in Vista/7

--------------------
  • Please download ComboFix and save it to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Note: If after disabling Combofix warns you an Antivirus program is still running ignore the warning and run Combofix.
  • Double click on Combofix.exe and follow the prompts. It is important you do not mouse click while the program is running or it may stall.
  • Patiently allow the program to run. At times it may appear nothing is happening
  • Copy and paste the report in your reply
  • If Combofix fails to run completely stop and let me know
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Combofix log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 poulner

poulner
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Souhtern England
  • Local time:11:55 AM

Posted 22 February 2016 - 03:05 PM

I tried once more to run Zoek at my lunchtime. It produced a 15 kb file as against 1 to 3 before, again in C:\ not Desktop, ([program still hanging. If you want I'll attach it.

 

I downloaded Combofix, which in passing on my system goes to a Downloads folder, so I have to move it to the Desktop. I disabled AVs etc and ran it. Very quickly it went through the active green screen and a save routine, then vanished with just the icon on the desktop for over an hour. That seems wrong from my previous experience, and Google says it doesn't takeas long.Next I removed or exited AV etc. This time immediately I got the errors as per screenshots.

 

Seems to me something very strange is going on. Have you further suggestions, or do you think I'd better bite the bullet and re-install Windows?

 

Gary! Thank you indeed for all your assistance and patience so far.

Attached Files



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:55 AM

Posted 22 February 2016 - 03:57 PM

Greetings Sir.

No, we are a long way from throwing in the towel.

Yes, please attach the Zoek report. There are other ways we can try to run Combofix but let's look at the Zoek log before going through all of that.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 poulner

poulner
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Souhtern England
  • Local time:11:55 AM

Posted 22 February 2016 - 05:23 PM

Report as requested attached.

 

Goodnight from England.

Attached Files



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:55 AM

Posted 22 February 2016 - 05:46 PM

G'nite Gordon. I will have a little something for you in the morning. :)


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users