Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

youtube problem.


  • This topic is locked This topic is locked
6 replies to this topic

#1 ZiadElhoshy

ZiadElhoshy

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:34 AM

Posted 05 June 2016 - 01:15 AM

According to this : http://www.bleepingcomputer.com/forums/t/615911/youtube-wont-workload-on-any-browser/

 

Malware removal logs :  

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 04/07/2016
Scan Time: 16:24
Logfile: dd.txt
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.06.03.02
Rootkit Database: v2016.05.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: DooM fixed that
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 361807
Time Elapsed: 14 min, 8 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 2
PUP.Optional.Linkury, C:\Users\DooM fixed that\AppData\Roaming\Lot-Top.exe, , [93fb4cac4554ed49fa44a53918e97c84], 
PUP.Optional.Linkury, C:\Users\DooM fixed that\AppData\Roaming\Subwarm.exe, , [c5c97d7bd3c678be46f8ba2479889b65], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
Adware :
 
[-] Deleted ->> File ->> C:\ProgramData\download\MiniThunderPlatform.exe
[-] Deleted ->> File ->> C:\ProgramData\Application Data\download\MiniThunderPlatform.exe
[-] Deleted ->> File ->> C:\Users\DooM fixed that\Appdata\Local\WhatsappTime\Local Storage\http_search.snapdo.com_0.localstorage
[-] Deleted ->> File ->> C:\Users\DooM fixed that\Appdata\Local\WhatsappTime\Local Storage\http_search.snapdo.com_0.localstorage-journal
[-] Deleted ->> Folder ->> C:\Program Files (x86)\Mobogenie3
[-] Deleted ->> Folder ->> C:\windows\system32\config\systemprofile\Documents\Mobogenie
[-] Deleted ->> Folder ->> C:\Windows\SysWOW64\config\systemprofile\Documents\Mobogenie
[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\5fd55c41_0\ <RegValue:>  <RegData:> {2}.\\?\hdaudio#func_01&ven_10ec&dev_0262&subsys_103c1308&rev_1002#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\singlelineouttopo/00010001|\Device\HarddiskVolume2\Program Files (x86)\Mobogenie3\Mobogenie.exe%b{00000000-0000-0000-0000-000000000000} : {2}.\\?\hdaudio#func_01&ven_10ec&dev_0262&subsys_103c1308&rev_1002#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\singlelineouttopo/00010001|\Device\HarddiskVolume2\Program Files (x86)\Mobogenie3\Mobogenie.exe%b{00000000-0000-0000-0000-000000000000}
[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\5fd55c41_0\ <RegValue:>  <RegData:> {2}.\\?\hdaudio#func_01&ven_10ec&dev_0262&subsys_103c1308&rev_1002#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\singlelineouttopo/00010001|\Device\HarddiskVolume2\Program Files (x86)\Mobogenie3\Mobogenie.exe%b{00000000-0000-0000-0000-000000000000} : {2}.\\?\hdaudio#func_01&ven_10ec&dev_0262&subsys_103c1308&rev_1002#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\singlelineouttopo/00010001|\Device\HarddiskVolume2\Program Files (x86)\Mobogenie3\Mobogenie.exe%b{00000000-0000-0000-0000-000000000000}
[-] Repaired ->> File ->> C:\Users\DooM fixed that\AppData\Local\Google\Chrome\User Data\Default\Web Data
[-] Deleted ->> Registry Key ->> HKEY_LOCAL_MACHINE\SOFTWARE\{E6276374-DE18-4AA5-A365-9016A2F98A2D}
[-] Deleted ->> Registry Key ->> HKEY_USERS\.DEFAULT\Software\Mobogenie
[-] Deleted ->> Registry Key ->> HKEY_LOCAL_MACHINE\Software\WOW6432Node\{E6276374-DE18-4AA5-A365-9016A2F98A2D}
[-] Deleted ->> Registry Key ->> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ielnksrch
[-] Deleted ->> Registry Key ->> HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\ielnksrch
[-] Deleted ->> Registry Key ->> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CLOUDPRINTER
[-] Deleted ->> Registry Key ->> HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CLOUDPRINTER
 
JRT :
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 10 Pro x64 
Ran by DooM fixed that (Administrator) on 04/07/2016 at 10:09:31,23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 22 
 
Successfully deleted: C:\ProgramData\tencent (Folder) 
Successfully deleted: C:\ProgramData\thunder network (Folder) 
Successfully deleted: C:\ProgramData\txqmpc (Folder) 
Successfully deleted: C:\Users\DooM fixed that\AppData\Roaming\mobogenie (Folder) 
Successfully deleted: C:\Users\DooM fixed that\AppData\Roaming\tencent (Folder) 
Successfully deleted: C:\users\Public\Documents\guid (Folder) 
Successfully deleted: C:\Users\Public\thunder network (Folder) 
Successfully deleted: C:\WINDOWS\system32\drivers\tfsfltx64.sys (File) 
Successfully deleted: C:\Program Files (x86)\Common Files\tencent (Folder) 
Successfully deleted: C:\Program Files (x86)\tencent (Folder) 
Successfully deleted: C:\Program Files\Common Files\tencent (Folder) 
Successfully deleted: C:\Program Files\reviversoft (Folder) 
Successfully deleted: C:\Users\DooM fixed that\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F38R9RSF (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\DooM fixed that\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J92T80WT (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\DooM fixed that\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OJCE5CFO (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\DooM fixed that\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XCOF4D65 (Temporary Internet Files Folder) 
Successfully deleted: C:\WINDOWS\prefetch\DRIVERCHECKER.EXE-3B64E9EB.pf (File) 
Successfully deleted: C:\WINDOWS\prefetch\DRIVERREVIVER.EXE-4CBBD5FB.pf (File) 
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F38R9RSF (Temporary Internet Files Folder) 
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J92T80WT (Temporary Internet Files Folder) 
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OJCE5CFO (Temporary Internet Files Folder) 
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XCOF4D65 (Temporary Internet Files Folder) 
 
 
 
Registry: 4 
 
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\QMUdisk (Registry Key) 
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0F4B8786-5502-4803-8EBC-F652A1153BB6} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0F4B8786-5502-4803-8EBC-F652A1153BB6} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{4BAAC1B8-0800-42C9-8FA6-08B211F356B8} (Registry Value) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04/07/2016 at 10:11:14,08
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
Startup:  
 
Yes Task {7ED8601B-A9F6-4D6C-8638-9D3EA16B4EEC} Microsoft Corporation C:\WINDOWS\system32\pcalua.exe -a D:\Z8Games\CrossFire\CF_G4box.exe -d D:\Z8Games\CrossFire
Yes Task {6CFEE147-D363-47FF-A4C7-FC4A22ED8FBA} Microsoft Corporation C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\UninstallTips.exe" -d "C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219"
Yes Task {0761878A-1DAC-486A-8FA9-16A862AF92DF} Microsoft Corporation C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Common Files\Strong-Lab\uninstall.exe" -c shuz -f "C:\Program Files (x86)\Common Files\Strong-Lab\uninstall.dat" -a uninstallme 7AB2B235-C3F6-49F9-9C47-F11C8D757264 DeviceId=0e709c21-61b9-7668-144f-57659064c648 BarcodeId=51198003 ChannelId=3 DistributerName=APSFWakeNet
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task Gnirygnuied Monitor "C:\Program Files (x86)\Gnirygnuied\gnirygnuiedmonitortask.exe" {690E0E88-3E5D-4204-AFB7-C0E84F29F89D} {8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83}
Yes Task Cegitdzege Mapper "C:\Program Files (x86)\Cegitdzege\CegitdzegeMppTsk.exe" {690E0E88-3E5D-4204-AFB7-C0E84F29F89D} {8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83}
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task Adobe Flash Player Updater Adobe Systems Incorporated C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes Task Adobe Flash Player PPAPI Notifier Adobe Systems Incorporated C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_242_pepper.exe -check pepperplugin
 

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:34 AM

Posted 05 June 2016 - 10:26 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===

Please post the logs and wait for further instructions.

#3 ZiadElhoshy

ZiadElhoshy
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:34 AM

Posted 06 June 2016 - 06:02 AM

FRSt :

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-06-2016 02
Ran by DooM fixed that (administrator) on HOSHY (07-07-2016 13:51:20)
Running from C:\Users\DooM fixed that\Downloads
Loaded Profiles: DooM fixed that (Available Profiles: DooM fixed that & tamei & Administrator & Guest)
Platform: Windows 10 Pro (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Crystal Rich Ltd) C:\Program Files\LockHunter\LHService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel® Corporation) C:\Program Files\Intel\BCA\pabeSvc64.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Windows\RAVCpl64.exe
(© 2015 Microsoft Corporation) C:\Users\DooM fixed that\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ActionUriServer.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
() C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
(Valve Corporation) C:\Program Files (x86)\Steam\GameOverlayUI.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Farbar) C:\Users\DooM fixed that\Downloads\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-06-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RtHDVCpl] => C:\WINDOWS\RAVCpl64.exe [5424128 2015-08-30] (Realtek Semiconductor)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-1230017990-3135776461-716552714-1000\...\Run: [BingSvc] => C:\Users\DooM fixed that\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-22] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-1230017990-3135776461-716552714-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3077712 2016-04-30] (Valve Corporation)
HKU\S-1-5-21-1230017990-3135776461-716552714-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [51656320 2016-04-09] (Skype Technologies S.A.)
HKU\S-1-5-21-1230017990-3135776461-716552714-1000\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 5\CyberGhost.exe [426600 2016-01-11] (CyberGhost S.R.L.)
HKU\S-1-5-21-1230017990-3135776461-716552714-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8721624 2016-05-13] (Piriform Ltd)
HKU\S-1-5-21-1230017990-3135776461-716552714-1000\...\RunOnce: [Uninstall C:\Users\DooM fixed that\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\DooM fixed that\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-1230017990-3135776461-716552714-1000\...\RunOnce: [Uninstall C:\Users\DooM fixed that\AppData\Local\Microsoft\OneDrive\17.3.5892.0626] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\DooM fixed that\AppData\Local\Microsoft\OneDrive\17.3.5892.0626"
HKU\S-1-5-21-1230017990-3135776461-716552714-1000\...\RunOnce: [Uninstall C:\Users\DooM fixed that\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\DooM fixed that\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64"
HKU\S-1-5-21-1230017990-3135776461-716552714-1000\...\RunOnce: [Uninstall C:\Users\DooM fixed that\AppData\Local\Microsoft\OneDrive\17.3.5930.0814] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\DooM fixed that\AppData\Local\Microsoft\OneDrive\17.3.5930.0814"
HKU\S-1-5-21-1230017990-3135776461-716552714-1000\...\RunOnce: [Uninstall C:\Users\DooM fixed that\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\DooM fixed that\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64"
HKU\S-1-5-21-1230017990-3135776461-716552714-1000\...\RunOnce: [Uninstall C:\Users\DooM fixed that\AppData\Local\Microsoft\OneDrive\17.3.5951.0827] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\DooM fixed that\AppData\Local\Microsoft\OneDrive\17.3.5951.0827"
HKU\S-1-5-21-1230017990-3135776461-716552714-1000\...\RunOnce: [Uninstall C:\Users\DooM fixed that\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\DooM fixed that\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64"
HKU\S-1-5-21-1230017990-3135776461-716552714-1000\...\RunOnce: [Uninstall C:\Users\DooM fixed that\AppData\Local\Microsoft\OneDrive\17.3.6201.1019] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\DooM fixed that\AppData\Local\Microsoft\OneDrive\17.3.6201.1019"
HKU\S-1-5-21-1230017990-3135776461-716552714-1000\...\RunOnce: [Uninstall C:\Users\DooM fixed that\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\DooM fixed that\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
HKU\S-1-5-21-1230017990-3135776461-716552714-1000\...\RunOnce: [Uninstall C:\Users\DooM fixed that\AppData\Local\Microsoft\OneDrive\17.3.6281.1202] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\DooM fixed that\AppData\Local\Microsoft\OneDrive\17.3.6281.1202"
HKU\S-1-5-21-1230017990-3135776461-716552714-1000\...\RunOnce: [Uninstall C:\Users\DooM fixed that\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\DooM fixed that\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-1230017990-3135776461-716552714-1000\...\RunOnce: [Uninstall C:\Users\DooM fixed that\AppData\Local\Microsoft\OneDrive\17.3.6301.0127] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\DooM fixed that\AppData\Local\Microsoft\OneDrive\17.3.6301.0127"
HKU\S-1-5-21-1230017990-3135776461-716552714-1000\...\RunOnce: [Uninstall C:\Users\DooM fixed that\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\DooM fixed that\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
HKU\S-1-5-21-1230017990-3135776461-716552714-1000\...\RunOnce: [Uninstall C:\Users\DooM fixed that\AppData\Local\Microsoft\OneDrive\17.3.6302.0225] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\DooM fixed that\AppData\Local\Microsoft\OneDrive\17.3.6302.0225"
HKU\S-1-5-21-1230017990-3135776461-716552714-1000\...\RunOnce: [Uninstall C:\Users\DooM fixed that\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\DooM fixed that\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"
HKU\S-1-5-21-1230017990-3135776461-716552714-1000\...\RunOnce: [Uninstall C:\Users\DooM fixed that\AppData\Local\Microsoft\OneDrive\17.3.6386.0412] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\DooM fixed that\AppData\Local\Microsoft\OneDrive\17.3.6386.0412"
HKU\S-1-5-21-1230017990-3135776461-716552714-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1230017990-3135776461-716552714-1000\...\MountPoints2: {281dcf55-4fc1-11e5-9bcb-00215a5ff26a} - "H:\HTC_Sync_Manager_PC.exe" 
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
AutoConfigURL: [S-1-5-21-1230017990-3135776461-716552714-1000] => snow white
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{097da2ed-27b0-43a8-9983-f0d18e5e0fb0}: [DhcpNameServer] 192.168.1.1
ManualProxies: 0snow white
 
Internet Explorer:
==================
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-05-03] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-03] (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-03] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-01-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-01-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> E:\VLC\npvlc.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: ChromeDefaultData -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-gb
CHR StartupUrls: ChromeDefaultData -> "hxxps://www.google.com/"
CHR DefaultSearchURL: ChromeDefaultData -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: ChromeDefaultData -> bing.com
CHR Profile: C:\Users\DooM fixed that\AppData\Local\Google\Chrome\User Data\ChromeDefaultData
CHR Extension: (Google Slides) - C:\Users\DooM fixed that\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-07-02]
CHR Extension: (Google Docs) - C:\Users\DooM fixed that\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2016-07-02]
CHR Extension: (Google Drive) - C:\Users\DooM fixed that\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-02]
CHR Extension: (YouTube) - C:\Users\DooM fixed that\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-02]
CHR Extension: (Bing) - C:\Users\DooM fixed that\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2016-07-02]
CHR Extension: (Google Sheets) - C:\Users\DooM fixed that\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-07-02]
CHR Extension: (Google Docs Offline) - C:\Users\DooM fixed that\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-02]
CHR Extension: (Skype) - C:\Users\DooM fixed that\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-07-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\DooM fixed that\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-02]
CHR Extension: (Bazz Search) - C:\Users\DooM fixed that\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pinhfkamckbogjgmbmdkdebbbpnmlaef [2016-07-02]
CHR Extension: (Gmail) - C:\Users\DooM fixed that\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-02]
CHR Profile: C:\Users\DooM fixed that\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\DooM fixed that\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-07-01]
CHR Extension: (Google Docs) - C:\Users\DooM fixed that\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-07-01]
CHR Extension: (Google Drive) - C:\Users\DooM fixed that\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-01]
CHR Extension: (YouTube) - C:\Users\DooM fixed that\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-01]
CHR Extension: (Google Sheets) - C:\Users\DooM fixed that\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-07-01]
CHR Extension: (Google Docs Offline) - C:\Users\DooM fixed that\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\DooM fixed that\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-05]
CHR Extension: (Gmail) - C:\Users\DooM fixed that\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-01]
CHR HKU\S-1-5-21-1230017990-3135776461-716552714-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [65128 2016-01-11] (CyberGhost S.R.L)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-06-30] (NVIDIA Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [28552 2016-04-26] (Hewlett-Packard Company)
R2 IntelBCAsvc; C:\Program Files\Intel\BCA\pabeSvc64.exe [3020440 2015-11-25] (Intel® Corporation)
R2 LHDeleteOnRestartSvc; C:\Program Files\LockHunter\LHService.exe [1198392 2013-11-21] (Crystal Rich Ltd)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-06-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-06-30] (NVIDIA Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH)
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [878904 2016-05-16] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [15736 2016-05-16] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2016-05-16] (McAfee, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
S2 CegitdzegeMppSrv; "C:\Program Files (x86)\Cegitdzege\CegitdzegeMppSrv.exe32" {79740E79-A383-47A7-B513-3DF6563D007F} {8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83} [X]
S2 gnirygnuiedmonitorservice; "C:\Program Files (x86)\Gnirygnuied\gnirygnuiedmonitorservice.exe32" {79740E79-A383-47A7-B513-3DF6563D007F} {8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83} [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 FairplayKD; C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [70928 2016-06-30] (Multi Theft Auto)
R3 GKUPRO2D; C:\Windows\system32\DRIVERS\GKUPRO2D.sys [129008 2015-08-29] (Gemalto)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (EZB Systems, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [221824 2016-05-21] (Samsung Electronics Co., Ltd.)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
R2 WiseFs; C:\WINDOWS\WiseFs64.sys [12208 2016-05-23] (WiseCleaner.com)
S3 X6va031; \??\C:\WINDOWS\SysWOW64\Drivers\X6va031 [25816 2015-08-29] ()
S3 MFE_RR; \??\C:\Users\DOOMFI~1\AppData\Local\Temp\mfe_rr.sys [X]
S1 softaal; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\softaal64.sys [X]
S1 SRepairDrv; \??\C:\Program Files (x86)\Tencent\QQPCMGR\SRepairDrv [X]
S2 tsnethlpx64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TsNetHlpX64.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
S3 X6va060; \??\C:\WINDOWS\SysWOW64\Drivers\X6va060 [X]
S3 X6va062; \??\C:\WINDOWS\SysWOW64\Drivers\X6va062 [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-07-07 13:50 - 2016-07-07 13:51 - 02384896 _____ (Farbar) C:\Users\DooM fixed that\Downloads\FRST64 (1).exe
2016-07-07 13:46 - 2016-07-07 13:46 - 00016148 _____ C:\WINDOWS\system32\HOSHY_DooM fixed that_HistoryPrediction.bin
2016-07-06 21:03 - 2016-07-07 13:52 - 00022731 _____ C:\Users\DooM fixed that\Downloads\FRST.txt
2016-07-06 21:02 - 2016-07-07 13:51 - 00000000 ____D C:\FRST
2016-07-06 21:01 - 2016-07-06 21:02 - 02384896 _____ (Farbar) C:\Users\DooM fixed that\Downloads\FRST64.exe
2016-07-05 14:20 - 2016-07-05 14:20 - 00576304 _____ C:\WINDOWS\Minidump\070516-15171-01.dmp
2016-07-04 14:00 - 2016-07-04 14:00 - 00556056 _____ C:\WINDOWS\Minidump\070416-15468-01.dmp
2016-07-04 10:24 - 2016-07-04 10:25 - 02106295 _____ C:\Users\DooM fixed that\Downloads\matchmaking_server_picker_44b (4).zip
2016-07-04 10:18 - 2016-07-04 10:19 - 01610816 _____ (Malwarebytes) C:\Users\DooM fixed that\Downloads\JRT (3).exe
2016-07-04 10:09 - 2016-07-04 10:12 - 00290304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\subinacl.exe
2016-07-04 10:09 - 2016-07-04 10:09 - 00000000 ____D C:\Program Files (x86)\Adware Removal Tool by TSA
2016-07-04 10:08 - 2016-07-04 10:08 - 00752296 _____ C:\Users\DooM fixed that\Downloads\Adware Removal Tool by TSA.exe
2016-07-04 10:07 - 2016-07-04 10:08 - 01610816 _____ (Malwarebytes) C:\Users\DooM fixed that\Downloads\JRT (2).exe
2016-07-04 10:04 - 2016-07-04 10:08 - 01610816 _____ (Malwarebytes) C:\Users\DooM fixed that\Downloads\JRT (1).exe
2016-07-04 05:13 - 2016-07-04 05:15 - 00000000 ___HD C:\$WINDOWS.~BT
2016-07-04 02:16 - 2016-07-04 02:16 - 00000914 _____ C:\Users\Public\Desktop\CPUID CPU-Z.lnk
2016-07-04 02:16 - 2016-07-04 02:16 - 00000914 _____ C:\ProgramData\Desktop\CPUID CPU-Z.lnk
2016-07-04 02:16 - 2016-07-04 02:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2016-07-04 02:16 - 2016-07-04 02:16 - 00000000 ____D C:\Program Files\CPUID
2016-07-04 02:14 - 2016-07-04 02:16 - 01664456 _____ ( ) C:\Users\DooM fixed that\Downloads\cpu-z_1.76-en.exe
2016-07-04 01:53 - 2016-07-04 01:54 - 00296328 _____ C:\WINDOWS\Minidump\070416-25500-01.dmp
2016-07-04 00:10 - 2016-07-04 00:17 - 01350893 _____ (Malwarebytes) C:\Users\DooM fixed that\Downloads\JRT.exe
2016-07-04 00:06 - 2016-07-04 00:06 - 00491362 _____ C:\Users\Public\Documents\cc_20160704_000559.reg
2016-07-04 00:06 - 2016-07-04 00:06 - 00491362 _____ C:\ProgramData\Documents\cc_20160704_000559.reg
2016-07-02 06:42 - 2016-07-04 03:50 - 00000000 ____D C:\Users\DooM fixed that\AppData\Roaming\TS3Client
2016-07-02 06:41 - 2016-07-02 10:53 - 00001046 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2016-07-02 06:41 - 2016-07-02 10:53 - 00001046 _____ C:\ProgramData\Desktop\TeamSpeak 3 Client.lnk
2016-07-02 06:41 - 2016-07-02 10:53 - 00001002 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk
2016-07-02 06:41 - 2016-07-02 06:41 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2016-07-02 06:33 - 2016-07-02 06:41 - 31581784 _____ (TeamSpeak Systems GmbH) C:\Users\DooM fixed that\Downloads\TeamSpeak3-Client-win64-3.0.19.1.exe
2016-07-02 05:46 - 2016-07-02 05:46 - 02106295 _____ C:\Users\DooM fixed that\Downloads\matchmaking_server_picker_44b (3).zip
2016-07-02 05:45 - 2016-07-02 05:45 - 02106295 _____ C:\Users\DooM fixed that\Downloads\Matchmaking Server Picker 44b.zip
2016-07-02 05:42 - 2016-07-02 05:42 - 00447488 _____ C:\Users\DooM fixed that\Downloads\MatchmakingServerPicker42.rar
2016-07-02 05:41 - 2016-07-02 10:53 - 00001160 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2016-07-02 05:41 - 2016-07-02 10:53 - 00001160 _____ C:\ProgramData\Desktop\Revo Uninstaller Pro.lnk
2016-07-02 05:41 - 2016-07-02 05:41 - 02106295 _____ C:\Users\DooM fixed that\Downloads\matchmaking_server_picker_44b (2).zip
2016-07-02 05:41 - 2016-07-02 05:41 - 00000000 ____D C:\Users\DooM fixed that\AppData\Local\VS Revo Group
2016-07-02 05:41 - 2016-07-02 05:41 - 00000000 ____D C:\ProgramData\VS Revo Group
2016-07-02 05:41 - 2016-07-02 05:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2016-07-02 05:41 - 2016-07-02 05:41 - 00000000 ____D C:\Program Files\VS Revo Group
2016-07-02 05:41 - 2009-12-30 11:21 - 00031800 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys
2016-07-02 05:40 - 2016-07-02 05:40 - 02106295 _____ C:\Users\DooM fixed that\Downloads\matchmaking_server_picker_44b (1).zip
2016-07-02 05:38 - 2016-07-02 05:41 - 11374528 _____ (VS Revo Group ) C:\Users\DooM fixed that\Downloads\RevoUninProSetup.exe
2016-07-02 05:35 - 2016-07-02 05:36 - 02106295 _____ C:\Users\DooM fixed that\Downloads\matchmaking_server_picker_44b.zip
2016-07-02 03:54 - 2016-07-02 03:54 - 00000000 ____D C:\WINDOWS\LastGood
2016-07-02 03:48 - 2016-07-02 03:52 - 05132776 _____ (ReviverSoft) C:\Users\DooM fixed that\Downloads\DriverReviverSetup.exe
2016-07-02 03:47 - 2016-07-02 03:47 - 00046682 _____ C:\Users\DooM fixed that\Downloads\wushowhide.diagcab
2016-07-02 01:18 - 2016-07-02 01:18 - 00003504 _____ C:\Users\DooM fixed that\Desktop\startup.txt
2016-07-01 21:46 - 2016-07-02 10:53 - 00000901 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-07-01 21:46 - 2016-07-02 10:53 - 00000901 _____ C:\ProgramData\Desktop\CCleaner.lnk
2016-07-01 21:46 - 2016-07-01 21:46 - 00002870 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-07-01 21:46 - 2016-07-01 21:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-07-01 21:46 - 2016-07-01 21:46 - 00000000 ____D C:\Program Files\CCleaner
2016-07-01 21:38 - 2016-07-01 21:45 - 06893688 _____ (Piriform Ltd) C:\Users\DooM fixed that\Downloads\ccsetup518.exe
2016-07-01 10:40 - 2016-07-01 10:40 - 00009006 _____ C:\WINDOWS\System32\Tasks\Cegitdzege Mapper
2016-07-01 10:39 - 2016-07-01 10:39 - 00000000 ____D C:\extensions
2016-07-01 10:38 - 2016-07-01 10:38 - 00804864 _____ C:\Users\DooM fixed that\Downloads\KMSpico v10.1.8.iso
2016-07-01 07:07 - 2016-07-01 07:07 - 00026019 _____ C:\Users\DooM fixed that\Downloads\MTB.txt
2016-07-01 07:03 - 2016-07-01 07:05 - 00891392 _____ (Farbar) C:\Users\DooM fixed that\Downloads\MiniToolBox.exe
2016-07-01 06:44 - 2016-07-07 13:31 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-07-01 06:44 - 2016-07-03 03:43 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-07-01 06:44 - 2016-07-01 06:44 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-07-01 06:44 - 2016-07-01 06:44 - 00003806 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-07-01 06:22 - 2016-07-01 06:22 - 00035824 _____ (Curio Laboratories) C:\Users\DooM fixed that\Downloads\RemoveOnRebootSetup.exe
2016-07-01 05:45 - 2016-07-02 03:42 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-07-01 05:39 - 2016-07-01 05:45 - 16563352 _____ (Malwarebytes Corp.) C:\Users\DooM fixed that\Downloads\mbar-1.09.3.1001.exe
2016-07-01 05:37 - 2016-07-01 05:38 - 00784152 _____ (McAfee, Inc.) C:\Users\DooM fixed that\Downloads\rootkitremover.exe
2016-07-01 05:26 - 2016-07-01 05:26 - 00038520 _____ (Tencent) C:\WINDOWS\SysWOW64\Drivers\TS888x64.sys
2016-07-01 05:24 - 2016-07-01 05:24 - 00000000 ____D C:\ProgramData\LHService
2016-07-01 05:22 - 2016-07-01 05:22 - 00000000 ____D C:\ProgramData\LockHunter
2016-07-01 05:21 - 2016-07-01 05:21 - 00000000 ____D C:\Users\DooM fixed that\AppData\Roaming\LockHunter
2016-07-01 05:21 - 2016-07-01 05:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LockHunter
2016-07-01 05:21 - 2016-07-01 05:21 - 00000000 ____D C:\Program Files\LockHunter
2016-07-01 05:19 - 2016-07-01 05:21 - 03029032 _____ (Crystal Rich Ltd ) C:\Users\DooM fixed that\Downloads\lockhuntersetup_3-1-1.exe
2016-07-01 05:06 - 2016-07-01 05:06 - 00003424 _____ C:\WINDOWS\System32\Tasks\{6CFEE147-D363-47FF-A4C7-FC4A22ED8FBA}
2016-07-01 04:54 - 2016-07-01 04:54 - 00003746 _____ C:\WINDOWS\System32\Tasks\{0761878A-1DAC-486A-8FA9-16A862AF92DF}
2016-07-01 04:51 - 2016-05-17 09:14 - 02496403 _____ ( ) C:\Users\DooM fixed that\AppData\Roaming\yeaplayer_51490.exe
2016-07-01 04:50 - 2016-07-01 04:50 - 00008972 _____ C:\WINDOWS\System32\Tasks\Gnirygnuied Monitor
2016-07-01 04:49 - 2016-07-01 04:48 - 00143992 _____ (Tencent Technology(Shenzhen) Company Limited) C:\WINDOWS\system32\Drivers\TAOKernelEx64.sys
2016-07-01 04:48 - 2016-07-01 06:35 - 00000000 ____D C:\Users\DooM fixed that\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
2016-07-01 04:48 - 2016-07-01 04:48 - 00000000 ____D C:\Users\Public\Documents\Tools
2016-07-01 04:48 - 2016-07-01 04:48 - 00000000 ____D C:\ProgramData\Documents\Tools
2016-07-01 04:47 - 2016-05-28 17:42 - 05671936 _____ (Andrei Gourianov) C:\ProgramData\tasklist.exe
2016-07-01 04:42 - 2016-07-01 04:39 - 00001035 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2016-07-01 04:39 - 2016-07-04 10:17 - 00000000 ____D C:\ProgramData\download
2016-07-01 04:39 - 2016-07-01 04:39 - 00293320 _____ (深圳市迅雷网络技术有限公司) C:\ProgramData\xldl.dll
2016-07-01 04:37 - 2016-07-01 04:37 - 06859776 _____ C:\Users\DooM fixed that\AppData\Roaming\agent.dat
2016-07-01 04:37 - 2016-07-01 04:37 - 00018432 _____ C:\Users\DooM fixed that\AppData\Roaming\Main.dat
2016-07-01 04:36 - 2016-07-01 04:35 - 00782848 _____ C:\Users\DooM fixed that\AppData\Roaming\Subwarm.exe
2016-07-01 04:36 - 2016-07-01 04:35 - 00782848 _____ C:\Users\DooM fixed that\AppData\Roaming\Lot-Top.exe
2016-07-01 04:35 - 2016-07-01 04:35 - 00128512 _____ C:\Users\DooM fixed that\AppData\Roaming\Installer.dat
2016-07-01 03:16 - 2016-07-01 03:16 - 00016148 _____ C:\WINDOWS\system32\DOOMFIXEDTHAT_DooM fixed that_HistoryPrediction.bin
2016-06-30 08:30 - 2016-06-30 08:30 - 00000000 ____D C:\Users\DooM fixed that\Documents\GTA San Andreas User Files
2016-06-30 07:57 - 2016-06-30 07:57 - 00000000 ____D C:\Users\DooM fixed that\AppData\Roaming\Rovio
2016-06-30 05:16 - 2016-06-30 05:16 - 00016148 _____ C:\WINDOWS\system32\DOOMFIXEDTHAT_tamei_HistoryPrediction.bin
2016-06-29 09:49 - 2016-07-02 10:53 - 00000875 _____ C:\Users\Public\Desktop\Speccy.lnk
2016-06-29 09:49 - 2016-07-02 10:53 - 00000875 _____ C:\ProgramData\Desktop\Speccy.lnk
2016-06-29 09:49 - 2016-06-29 09:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2016-06-29 09:49 - 2016-06-29 09:49 - 00000000 ____D C:\Program Files\Speccy
2016-06-26 03:43 - 2016-06-26 03:43 - 00000000 ____D C:\Users\DooM fixed that\AppData\Roaming\Andy
2016-06-26 03:43 - 2016-06-26 03:43 - 00000000 ____D C:\Program Files\Andy
2016-06-26 02:46 - 2016-06-26 02:46 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2016-06-25 01:42 - 2016-06-25 01:42 - 00000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2016-06-25 01:42 - 2016-06-25 01:42 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2016-06-25 01:03 - 2016-07-04 16:24 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-06-25 01:03 - 2016-07-02 10:53 - 00001165 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-06-25 01:03 - 2016-07-02 10:53 - 00001165 _____ C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2016-06-25 01:03 - 2016-07-01 05:45 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-06-25 01:03 - 2016-06-25 01:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-06-25 01:03 - 2016-06-25 01:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-06-25 01:03 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-06-25 01:03 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-07-07 13:30 - 2015-08-29 00:44 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-07 06:47 - 2015-09-14 14:57 - 00000000 ____D C:\Program Files (x86)\Steam
2016-07-07 06:41 - 2015-08-28 23:55 - 00875126 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-07-07 06:41 - 2015-07-10 14:02 - 00000000 ____D C:\WINDOWS\INF
2016-07-07 06:35 - 2015-08-29 09:00 - 00000000 ____D C:\ProgramData\NVIDIA
2016-07-07 06:35 - 2015-08-28 23:51 - 00000000 ____D C:\Users\DooM fixed that
2016-07-07 06:35 - 2015-07-10 15:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-07-07 06:35 - 2015-07-10 12:05 - 01048576 ___SH C:\WINDOWS\system32\config\BBI
2016-07-05 14:20 - 2015-09-05 11:33 - 00000000 ____D C:\WINDOWS\Minidump
2016-07-04 05:18 - 2016-04-12 18:20 - 00000000 ____D C:\WINDOWS\Panther
2016-07-04 01:53 - 2016-04-24 08:42 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-07-04 01:53 - 2016-04-24 08:25 - 00000000 ____D C:\Program Files\TrueKey
2016-07-03 10:27 - 2016-04-24 08:43 - 00001239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk
2016-07-03 05:06 - 2015-09-02 16:48 - 00000000 ____D C:\Users\DooM fixed that\AppData\Roaming\Skype
2016-07-02 10:53 - 2016-05-23 03:31 - 00000940 _____ C:\Users\DooM fixed that\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2016-07-02 10:53 - 2016-05-22 17:51 - 00002183 _____ C:\Users\Public\Desktop\MTA San Andreas 1.5.lnk
2016-07-02 10:53 - 2016-05-22 17:51 - 00002183 _____ C:\ProgramData\Desktop\MTA San Andreas 1.5.lnk
2016-07-02 10:53 - 2016-05-22 17:39 - 00001813 _____ C:\Users\DooM fixed that\Desktop\CyberGhost 5.lnk
2016-07-02 10:53 - 2016-04-24 08:24 - 00002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-07-02 10:53 - 2016-04-23 14:36 - 00001100 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-07-02 10:53 - 2016-04-23 14:36 - 00001094 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk
2016-07-02 10:53 - 2016-04-23 14:36 - 00001094 _____ C:\ProgramData\Desktop\TeamViewer 11.lnk
2016-07-02 10:53 - 2016-01-23 22:01 - 00000546 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinRAR.lnk
2016-07-02 10:53 - 2016-01-10 16:33 - 00001858 _____ C:\Users\DooM fixed that\Desktop\MTA San Andreas.lnk
2016-07-02 10:53 - 2015-10-16 11:05 - 00001898 _____ C:\Users\DooM fixed that\Desktop\Steam.lnk
2016-07-02 10:53 - 2015-08-29 01:03 - 00002260 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-07-02 10:53 - 2015-08-29 01:03 - 00002254 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-07-02 10:53 - 2015-08-29 01:03 - 00002254 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2016-07-02 10:53 - 2015-08-29 00:07 - 00001047 _____ C:\Users\DooM fixed that\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optional Features.lnk
2016-07-02 10:53 - 2015-08-29 00:06 - 00002393 _____ C:\Users\DooM fixed that\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-07-02 05:00 - 2015-07-10 19:29 - 00000000 __SHD C:\WINDOWS\BitLockerDiscoveryVolumeContents
2016-07-02 03:55 - 2015-08-29 00:43 - 00000000 ____D C:\Program Files (x86)\Driver Checker
2016-07-02 03:48 - 2015-08-29 07:17 - 00000000 ____D C:\Users\DooM fixed that\AppData\Local\ElevatedDiagnostics
2016-07-01 22:45 - 2015-12-13 20:52 - 00000000 ____D C:\Users\DooM fixed that\AppData\Roaming\uTorrent
2016-07-01 07:11 - 2015-09-02 16:48 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-07-01 06:50 - 2015-08-29 00:44 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-01 06:44 - 2015-08-29 02:35 - 00000000 ____D C:\Users\DooM fixed that\AppData\Local\Adobe
2016-07-01 06:34 - 2015-08-29 00:44 - 00003446 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-01 06:34 - 2015-08-29 00:44 - 00003222 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-01 05:24 - 2015-07-10 14:04 - 00000000 ____D C:\WINDOWS\SystemApps
2016-07-01 05:12 - 2015-07-10 15:20 - 00215496 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-07-01 04:49 - 2015-08-29 00:03 - 00000000 ____D C:\Users\DooM fixed that\AppData\Local\VirtualStore
2016-07-01 04:38 - 2016-04-18 00:30 - 00000000 ____D C:\Users\DooM fixed that\AppData\Roaming\Mozilla
2016-06-30 04:53 - 2016-01-10 15:57 - 00004162 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{128E6A73-ABDC-4234-8801-E200C0F2D993}
2016-06-30 00:47 - 2015-08-29 01:23 - 00000000 ____D C:\Program Files (x86)\Java
2016-06-29 12:02 - 2015-07-10 19:51 - 00000000 ___HD C:\x64
2016-06-28 05:49 - 2015-09-19 18:47 - 00000219 _____ C:\Users\DooM fixed that\Desktop\Counter-Strike Global Offensive.url
2016-06-27 20:50 - 2016-01-08 18:22 - 00000000 ____D C:\Users\DooM fixed that\AppData\Roaming\vlc
2016-06-27 20:27 - 2015-07-10 14:04 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-27 20:27 - 2015-07-10 14:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-06-25 06:03 - 2016-02-26 04:59 - 00000000 ____D C:\Users\DooM fixed that\AppData\Roaming\.minecraft
 
==================== Files in the root of some directories =======
 
2016-07-01 04:37 - 2016-07-01 04:37 - 6859776 _____ () C:\Users\DooM fixed that\AppData\Roaming\agent.dat
2016-07-01 04:35 - 2016-07-01 04:35 - 0128512 _____ () C:\Users\DooM fixed that\AppData\Roaming\Installer.dat
2016-07-01 04:36 - 2016-07-01 04:35 - 0782848 _____ () C:\Users\DooM fixed that\AppData\Roaming\Lot-Top.exe
2016-07-01 04:37 - 2016-07-01 04:37 - 0018432 _____ () C:\Users\DooM fixed that\AppData\Roaming\Main.dat
2016-07-01 04:36 - 2016-07-01 04:35 - 0782848 _____ () C:\Users\DooM fixed that\AppData\Roaming\Subwarm.exe
2016-07-01 04:51 - 2016-05-17 09:14 - 2496403 _____ (                                                            ) C:\Users\DooM fixed that\AppData\Roaming\yeaplayer_51490.exe
2016-07-01 04:47 - 2016-05-28 17:42 - 5671936 _____ (Andrei Gourianov) C:\ProgramData\tasklist.exe
2016-07-01 04:39 - 2016-07-01 04:39 - 0293320 _____ (深圳市迅雷网络技术有限公司) C:\ProgramData\xldl.dll
 
Files to move or delete:
====================
C:\ProgramData\tasklist.exe
C:\ProgramData\xldl.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-07-01 02:44
 
==================== End of FRST.txt ============================
 
 
 
addition :
 
 
2016-05-19 11:44 - 2016-05-19 11:44 - 00959168 _____ () C:\Users\DooM fixed that\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2015-10-17 01:12 - 2015-09-17 08:43 - 02028544 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesService.dll
2015-12-11 21:12 - 2015-11-25 07:17 - 00471040 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-11 21:12 - 2015-11-25 07:17 - 00619008 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SignalsManager.dll
2015-12-11 21:12 - 2015-11-25 07:18 - 00928768 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesBackgroundTasks.dll
2015-10-17 01:11 - 2015-09-17 08:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-10 13:59 - 2015-07-10 13:59 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
2015-12-11 21:12 - 2015-11-25 07:20 - 06569472 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-11 21:12 - 2015-11-25 07:17 - 01808384 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-17 01:12 - 2015-09-17 08:43 - 02274816 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 14:00 - 2015-07-10 19:29 - 00210432 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2015-09-19 19:00 - 2016-07-03 16:59 - 00103424 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
2016-05-19 11:44 - 2016-05-19 11:44 - 00679624 _____ () C:\Users\DooM fixed that\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
2015-09-17 03:23 - 2016-04-29 23:10 - 00785920 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-09-17 03:23 - 2015-07-03 19:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-09-17 03:23 - 2016-04-30 03:10 - 02549840 _____ () C:\Program Files (x86)\Steam\video.dll
2015-09-17 03:23 - 2015-07-03 19:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-09-17 03:23 - 2015-07-03 19:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-09-17 03:23 - 2016-02-09 02:14 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-09-17 03:23 - 2016-02-09 02:14 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-09-17 03:23 - 2016-02-09 02:14 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-09-17 03:23 - 2016-02-09 02:14 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-09-17 03:23 - 2016-02-09 02:14 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-09-17 03:24 - 2016-04-30 03:10 - 00829008 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-13 22:44 - 2016-02-18 01:25 - 00281088 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-07-07 06:47 - 2016-07-07 06:47 - 00155232 ___HT () C:\Users\DooM fixed that\AppData\Local\Temp\~979B.tmp
2015-09-17 03:24 - 2016-04-28 04:00 - 49825056 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-09-17 03:23 - 2015-09-25 02:56 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2015-09-19 18:52 - 2016-07-03 16:58 - 00198144 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\launcher.dll
2015-09-19 18:51 - 2016-07-03 16:57 - 00317952 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\tier0.dll
2015-09-19 18:57 - 2016-07-03 16:58 - 00203776 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\vstdlib.dll
2015-09-19 18:51 - 2016-07-03 16:57 - 00390656 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\filesystem_stdio.dll
2015-09-19 18:51 - 2016-07-03 16:58 - 06598144 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\engine.dll
2015-09-19 18:52 - 2016-07-03 16:57 - 00166912 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\inputsystem.dll
2015-09-19 18:51 - 2016-07-03 16:58 - 01174528 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\vphysics.dll
2015-09-19 18:51 - 2016-07-03 16:58 - 00863744 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\materialsystem.dll
2015-09-19 18:51 - 2016-07-03 16:57 - 00356352 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\datacache.dll
2015-09-19 18:51 - 2016-07-03 16:59 - 00610816 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\studiorender.dll
2015-09-19 18:58 - 2016-07-03 16:58 - 00164864 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\soundemittersystem.dll
2015-09-19 18:51 - 2016-07-03 16:59 - 00708096 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\vscript.dll
2015-09-19 19:00 - 2016-07-03 16:58 - 00134656 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\valve_avi.dll
2015-09-19 18:51 - 2016-07-03 16:59 - 00957952 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\vguimatsurface.dll
2015-09-19 18:51 - 2016-07-03 16:58 - 00395264 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\vgui2.dll
2015-09-19 18:51 - 2016-07-03 16:59 - 03075584 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\scaleformui.dll
2015-09-19 18:51 - 2016-07-03 16:58 - 00574976 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\shaderapidx9.dll
2015-09-19 18:56 - 2016-07-03 16:57 - 00143360 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\localize.dll
2015-09-19 18:58 - 2016-07-03 16:58 - 00230912 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\stdshader_dbg.dll
2015-09-19 18:51 - 2016-07-03 16:59 - 01016320 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\stdshader_dx9.dll
2015-09-19 18:51 - 2016-07-03 16:59 - 00584704 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo\bin\matchmaking.dll
2015-09-19 18:51 - 2016-07-03 17:00 - 12360192 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo\bin\client.dll
2015-09-19 18:51 - 2016-07-03 16:59 - 10267136 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo\bin\server.dll
2015-09-19 18:53 - 2016-07-03 16:58 - 00094208 _____ () C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\scenefilecache.dll
2015-09-19 19:01 - 2016-07-03 16:58 - 00084992 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\vaudio_miles.dll
2015-09-19 18:55 - 2016-07-02 05:51 - 00071680 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\mssmp3.asi
2015-09-19 18:53 - 2016-07-02 05:51 - 00013312 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\mssds3d.flt
2015-09-19 18:57 - 2016-07-02 05:52 - 00055808 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\msseax.flt
2015-09-19 18:51 - 2016-07-03 16:58 - 00974848 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\serverbrowser.dll
2015-09-19 18:54 - 2016-07-03 16:57 - 00184832 _____ () c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\vaudio_celt.dll
2016-05-13 15:31 - 2016-05-11 14:48 - 01738904 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libglesv2.dll
2016-05-13 15:31 - 2016-05-11 14:48 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData:NT [40]
AlternateDataStreams: C:\ProgramData:NT2 [346]
AlternateDataStreams: C:\Users\All Users:NT [40]
AlternateDataStreams: C:\Users\All Users:NT2 [346]
AlternateDataStreams: C:\ProgramData\Application Data:NT [40]
AlternateDataStreams: C:\ProgramData\Application Data:NT2 [346]
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT [40]
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2 [346]
AlternateDataStreams: C:\Users\DooM fixed that\AppData\Roaming:NT [40]
AlternateDataStreams: C:\Users\DooM fixed that\AppData\Roaming:NT2 [346]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1230017990-3135776461-716552714-1000\...\amazon.com -> hxxps://amazon.com
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-07-10 14:04 - 2016-07-06 09:10 - 00001190 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       union.baidu2019.com
127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       union.baidu2019.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1230017990-3135776461-716552714-1000\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\theme1\img13.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "DriverChecker.exe"
HKU\S-1-5-21-1230017990-3135776461-716552714-1000\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1230017990-3135776461-716552714-1000\...\StartupApproved\Run: => "CyberGhost"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{331C5D3A-A6A9-4845-A763-070CBF24DF25}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{2D777665-5816-486A-8264-321C84F54157}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{9871BFF9-2A27-422E-B8AF-079A6F2C0231}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{E5DCCA9C-A809-4644-A43B-F843210FE54B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{F0F1D610-AE0E-4869-AD93-E6A73804EF19}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{3D594C53-8C27-408D-A3B3-A57EFC50F195}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{38261414-AF89-409E-833A-F3749A695DCF}C:\program files (x86)\mta san andreas 1.5\server\mta server.exe] => (Allow) C:\program files (x86)\mta san andreas 1.5\server\mta server.exe
FirewallRules: [UDP Query User{A28B1B41-BE83-4257-89CA-4CA3A402411B}C:\program files (x86)\mta san andreas 1.5\server\mta server.exe] => (Allow) C:\program files (x86)\mta san andreas 1.5\server\mta server.exe
FirewallRules: [{1E941FDE-9A42-483B-9FD4-F9DD57850268}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{49E426A1-6F61-4DF1-8B4D-EA0B31D693F0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{015C2403-9522-48FB-BEDF-E562AF0A6B08}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D1A093C4-792E-4306-9607-4701C3470E7A}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{DA5D3A49-275B-45EC-BF06-46DBEDF11D62}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{73122DF1-8F6C-4921-B6E4-A6A2A163F6AB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{F1D91A9F-69CC-4886-AC97-7C6A587F2AE1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{EC4863E8-2456-44F7-B1CE-07D2793D20BD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{72DAC38B-FED4-4DA8-BAEC-BD6B0B24C479}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7A0F2779-D279-45F6-B5F7-8A4F2564B605}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{9277B318-77AE-4A99-85DA-D7A33EDFC700}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{156E0593-8523-4241-8892-FCF8FDAD507B}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [UDP Query User{BEFCE2A7-E67C-4A1C-ABF5-02B6A0CB2A47}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [{22F1549D-3A2F-4C81-A258-D18148B79C54}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{506B0F5D-A629-4E69-9A57-BD4C712F96FF}C:\program files (x86)\java\jre1.8.0_91\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\java.exe
FirewallRules: [UDP Query User{E202E87F-306D-4884-AB8C-C6B7CF337CB2}C:\program files (x86)\java\jre1.8.0_91\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\java.exe
FirewallRules: [{41A57C48-41F2-4ED1-8DBF-4504B842CCD6}] => (Block) C:\program files (x86)\java\jre1.8.0_91\bin\java.exe
FirewallRules: [{03A4E7F8-EA9B-4FAC-AE88-99CB203435CB}] => (Block) C:\program files (x86)\java\jre1.8.0_91\bin\java.exe
FirewallRules: [TCP Query User{100254FA-882F-4993-A09E-B7AA3017ADB6}E:\games\crack cs go\csgo.exe] => (Allow) E:\games\crack cs go\csgo.exe
FirewallRules: [UDP Query User{0E91CB68-A312-45BF-BF28-E7B2510E2F52}E:\games\crack cs go\csgo.exe] => (Allow) E:\games\crack cs go\csgo.exe
FirewallRules: [{6292059B-7E25-4AEF-B967-3BF399F3292D}] => (Allow) C:\ProgramData\download\MiniThunderPlatform.exe
FirewallRules: [{6A782986-04B3-45A4-BBA9-D7624A6DA821}] => (Allow) C:\ProgramData\download\MiniThunderPlatform.exe
FirewallRules: [{1A476D3D-2D73-448E-AEB9-5E72259C89B7}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe
FirewallRules: [{E86F50AF-1774-43F2-B07B-152803012A99}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Faulty Device Manager Devices =============
 
Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/05/2016 07:04:25 AM) (Source: ESENT) (EventID: 490) (User: )
Description: SettingSyncHost (2792) {EDEB2E8D-4C22-409C-8009-03226D98563B}: An attempt to open the file "C:\Users\DooM fixed that\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (07/05/2016 02:25:57 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HOSHY)
Description: Activation of application Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (07/05/2016 02:25:57 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Microsoft.Photos.exe version 16.325.12390.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 1874
 
Start Time: 01d1d64a952ee686
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
 
Report Id: 981f746b-423e-11e6-9c56-00215a5ff26a
 
Faulting package full name: Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: App
 
Error: (07/05/2016 02:25:49 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: HOSHY)
Description: Package Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.
 
Error: (07/04/2016 03:59:45 PM) (Source: ESENT) (EventID: 454) (User: )
Description: SettingSyncHost (2792) Database recovery/restore failed with unexpected error -1032.
 
Error: (07/04/2016 03:59:45 PM) (Source: ESENT) (EventID: 490) (User: )
Description: SettingSyncHost (2792) An attempt to open the file "C:\WINDOWS\system32\edb.log" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (07/04/2016 03:59:35 PM) (Source: ESENT) (EventID: 439) (User: )
Description: SettingSyncHost (2792) Unable to write a shadowed header for file C:\WINDOWS\system32\edb.chk. Error -1032.
 
Error: (07/04/2016 03:59:35 PM) (Source: ESENT) (EventID: 490) (User: )
Description: SettingSyncHost (2792) An attempt to open the file "C:\WINDOWS\system32\edb.chk" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (07/04/2016 03:59:25 PM) (Source: ESENT) (EventID: 490) (User: )
Description: SettingSyncHost (2792) An attempt to open the file "C:\WINDOWS\system32\edb.chk" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (07/04/2016 03:59:15 PM) (Source: ESENT) (EventID: 490) (User: )
Description: SettingSyncHost (2792) An attempt to open the file "C:\WINDOWS\system32\edb.chk" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
 
System errors:
=============
Error: (07/07/2016 06:38:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Gnirygnuied Monitor service failed to start due to the following error: 
%%2
 
Error: (07/07/2016 06:38:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Cegitdzege Mapper service failed to start due to the following error: 
%%2
 
Error: (07/07/2016 06:35:48 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Task Scheduler service failed to load tasks at service start-up. Additional Data: Error Value: 2147942402.
 
Error: (07/07/2016 06:35:48 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Microsoft Passport Container service terminated with the following error: 
%%2147942405
 
Error: (07/07/2016 06:35:00 AM) (Source: DCOM) (EventID: 10010) (User: HOSHY)
Description: Windows.Media.Capture.Internal.AppCaptureShell
 
Error: (07/07/2016 06:35:00 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (07/07/2016 06:35:00 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (07/07/2016 06:35:00 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (07/07/2016 06:35:00 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (07/07/2016 06:34:59 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 67%
Total physical RAM: 4079.34 MB
Available physical RAM: 1339.26 MB
Total Virtual: 7605.34 MB
Available Virtual: 3327.64 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:73.5 GB) (Free:23.95 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:54.79 GB) (Free:33.19 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:92.44 GB) (Free:51.88 GB) NTFS
Drive g: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.02 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 81990F87)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=73.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=54.8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=92.4 GB) - (Type=OF Extended)
 
==================== End of Addition.txt ============================


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:34 AM

Posted 06 June 2016 - 07:52 AM

Please post the Addition.txt file again.

Your current copy is missing the first half or the report.

Wait for further instructions.

#5 ZiadElhoshy

ZiadElhoshy
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:34 AM

Posted 08 June 2016 - 01:18 AM

nothing missing i copied all.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:34 AM

Posted 08 June 2016 - 07:47 AM

Then run the Farbar tool again.

Make sure the box to create a Addition.txt file is marked.

Please post or attach both logs for my review.

#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:34 AM

Posted 14 June 2016 - 09:05 AM

Are you still with me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users