Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rogue.VirusMelt keeps returning


  • This topic is locked This topic is locked
10 replies to this topic

#1 jinn0z

jinn0z

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:02:06 PM

Posted 05 January 2017 - 04:30 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-01-2017
Ran by Dang (administrator) on DANG-PC (05-01-2017 16:09:33)
Running from C:\Users\Dang\Desktop
Loaded Profiles: Dang & DefaultAppPool &  (Available Profiles: Dang & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(winevent) C:\Windows\Win Services\winevent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Tiptoeingly Inc.) C:\Program Files (x86)\Miscreationourino\MiscreationP.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Ruiware) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GlassWire.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Piotr Pawlowski) C:\Program Files (x86)\foobar2000\foobar2000.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Tiptoeingly Inc.) C:\Program Files (x86)\Miscreationourino\Miscreationourino_.exe
(Tiptoeingly Inc.) C:\Program Files (x86)\Miscreationourino\Miscreationourino_.exe
(Tiptoeingly Inc.) C:\Program Files (x86)\Miscreationourino\Miscreationourino_.exe
(Tiptoeingly Inc.) C:\Program Files (x86)\Miscreationourino\Miscreationourino_.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Tiptoeingly Inc.) C:\Program Files (x86)\Miscreationourino\Miscreationourino.exe
(Tiptoeingly Inc.) C:\Program Files (x86)\Miscreationourino\Miscreationourino.exe
(Tiptoeingly Inc.) C:\Program Files (x86)\Miscreationourino\Miscreationourino.exe
(Tiptoeingly Inc.) C:\Program Files (x86)\Miscreationourino\Miscreationourino.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Tiptoeingly Inc.) C:\Program Files (x86)\Miscreationourino\Miscreationourino.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-07-26] (Apple Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340848 2011-04-02] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [408432 2011-03-28] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202608 2011-03-28] (Egis Technology Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-08-26] (CyberLink Corp.)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [627304 2011-08-10] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-07-05] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [704512 2015-03-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154158895\...\Run: [Safe Browsere] => C:\\Program Files (x86)\\Safe Browsing\\Safe_Browsing.exe [60416 2015-10-23] ()
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154221247\...\Run: [Safe Browsere] => C:\\Program Files (x86)\\Safe Browsing\\Safe_Browsing.exe [60416 2015-10-23] ()
HKU\S-1-5-21-2649704876-1349671222-1448162478-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe [1216648 2015-08-05] (Ruiware)
HKU\S-1-5-21-2649704876-1349671222-1448162478-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-12-06] (SUPERAntiSpyware)
HKU\S-1-5-21-2649704876-1349671222-1448162478-1000\...\Run: [GlassWire] => C:\Program Files (x86)\GlassWire\glasswire.exe [5761488 2016-11-29] (SecureMix LLC)
HKU\S-1-5-21-2649704876-1349671222-1448162478-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9105112 2016-11-15] (Piriform Ltd)
HKU\S-1-5-21-2649704876-1349671222-1448162478-1000\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\S-1-5-21-2649704876-1349671222-1448162478-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-2649704876-1349671222-1448162478-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [456224 2010-07-29] ()
HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154159574\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe [1216648 2015-08-05] (Ruiware)
HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154159574\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-12-06] (SUPERAntiSpyware)
HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154159574\...\Run: [GlassWire] => C:\Program Files (x86)\GlassWire\glasswire.exe [5761488 2016-11-29] (SecureMix LLC)
HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154159574\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9105112 2016-11-15] (Piriform Ltd)
HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154159574\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154159574\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154159574\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [456224 2010-07-29] ()
HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154226726\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe [1216648 2015-08-05] (Ruiware)
HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154226726\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-12-06] (SUPERAntiSpyware)
HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154226726\...\Run: [GlassWire] => C:\Program Files (x86)\GlassWire\glasswire.exe [5761488 2016-11-29] (SecureMix LLC)
HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154226726\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9105112 2016-11-15] (Piriform Ltd)
HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154226726\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154226726\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154226726\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [456224 2010-07-29] ()
HKU\S-1-5-18\...\Run: [Safe Browsere] => C:\\Program Files (x86)\\Safe Browsing\\Safe_Browsing.exe [60416 2015-10-23] ()
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [0PerformanceMonitor] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} =>  -> No File
Startup: C:\Users\Dang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2017-01-02]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
BootExecute: autocheck autochk * PCloudBroom64.exe \systemroot\system32\BroomData.bitPCloudBroom64.exe \systemroot\system32\BroomData.bitPCloudBroom64.exe \systemroot\system32\BroomData.bitsdnclean64.exe
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{2251978f-694e-413f-be92-0bf74b30636b}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{2251978f-694e-413f-be92-0bf74b30636b}: [DhcpNameServer] 192.168.1.1
ManualProxies:

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
SearchScopes: HKLM -> DefaultScope {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-f4dd9cd4&q={searchTerms}
SearchScopes: HKLM -> {26080cad-4adc-49ac-8c63-eda16e595cbd} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKLM -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-f4dd9cd4&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-f4dd9cd4&q={searchTerms}
SearchScopes: HKLM-x32 -> {26080cad-4adc-49ac-8c63-eda16e595cbd} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-f4dd9cd4&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {85A60A59-D3D8-468F-B598-FB4393789EF4} URL =
SearchScopes: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000 -> DefaultScope {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-f4dd9cd4&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000 -> {26080cad-4adc-49ac-8c63-eda16e595cbd} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-f4dd9cd4&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154159574 -> DefaultScope {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-f4dd9cd4&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154159574 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154159574 -> {26080cad-4adc-49ac-8c63-eda16e595cbd} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154159574 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-f4dd9cd4&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154226726 -> DefaultScope {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-f4dd9cd4&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154226726 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154226726 -> {26080cad-4adc-49ac-8c63-eda16e595cbd} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154226726 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-f4dd9cd4&q={searchTerms}
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\program files (x86)\real\realplayer\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2016-09-03] (RealDownloader)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-09-16] (Intel Security)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\program files (x86)\real\realplayer\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2016-09-03] (RealDownloader)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-09-16] (Intel Security)
Toolbar: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000 -> No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} -  No File
Toolbar: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154159574 -> No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} -  No File
Toolbar: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154226726 -> No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} -  No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: x8nqvglm.default
FF ProfilePath: C:\Users\Dang\AppData\Roaming\Mozilla\Firefox\Profiles\9un3msgs.default-1478093281848 [2017-01-05]
FF Homepage: Mozilla\Firefox\Profiles\9un3msgs.default-1478093281848 -> hxxp://www.yahoo.com/
FF Keyword.URL: Mozilla\Firefox\Profiles\9un3msgs.default-1478093281848 -> user_pref("keyword.URL", true);
FF Extension: (All Aboard) - C:\Users\Dang\AppData\Roaming\Mozilla\Firefox\Profiles\9un3msgs.default-1478093281848\Extensions\@all-aboard-v1-5 [2016-11-29]
FF Extension: (Ghostery) - C:\Users\Dang\AppData\Roaming\Mozilla\Firefox\Profiles\9un3msgs.default-1478093281848\Extensions\firefox@ghostery.com.xpi [2016-11-29]
FF Extension: (NoScript) - C:\Users\Dang\AppData\Roaming\Mozilla\Firefox\Profiles\9un3msgs.default-1478093281848\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-11-29]
FF ProfilePath: C:\Users\Dang\AppData\Roaming\Fast Web Browser\Fast Web Browser\Profiles\x8nqvglm.default [2016-11-29]
FF Homepage: Fast Web Browser\Fast Web Browser\Profiles\x8nqvglm.default -> hxxp://www.safesear.ch/?type=fto
FF Extension: (New Tab) - C:\Users\Dang\AppData\Roaming\Fast Web Browser\Fast Web Browser\Profiles\x8nqvglm.default\Extensions\newtab@browser.com [2016-11-29] [not signed]
FF Extension: (No Name) - C:\Users\Dang\AppData\Roaming\Fast Web Browser\Fast Web Browser\Profiles\x8nqvglm.default\Extensions\packagene@browser.com [2016-11-29] [not signed]
FF Extension: (Skype) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
FF HKLM-x32\...\Firefox\Extensions: [{jid1-vS7biDmom8YxhA@jetpack}] - C:\Users\Dang\AppData\Roaming\Mozilla\Firefox\Profiles\9un3msgs.default-1478093281848\extensions\{jid1-vS7biDmom8YxhA@jetpack} => not found
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-23] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-23] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @real.com/nppl3260;version=18.1.5.699 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2016-10-03] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=18.1.5.699 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2016-10-03] (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-05] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Dang\AppData\Local\Google\Chrome\User Data\Default [2017-01-05]
CHR Extension: (Google Docs) - C:\Users\Dang\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-04]
CHR Extension: (Google Drive) - C:\Users\Dang\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-04]
CHR Extension: (YouTube) - C:\Users\Dang\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-04]
CHR Extension: (Avira Browser Safety) - C:\Users\Dang\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2017-01-04]
CHR Extension: (Google Docs Offline) - C:\Users\Dang\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-04]
CHR Extension: (360 Internet Protection) - C:\Users\Dang\AppData\Local\Google\Chrome\User Data\Default\Extensions\glcimepnljoholdmjchkloafkggfoijh [2017-01-04]
CHR Extension: (Norton Identity Safe) - C:\Users\Dang\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2017-01-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dang\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-04]
CHR Extension: (Gmail) - C:\Users\Dang\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-04]
CHR Extension: (Chrome Media Router) - C:\Users\Dang\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-04]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S3 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-21] (Advanced Micro Devices, Inc.) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-03-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-19] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S3 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
S3 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [4432848 2016-11-29] (SecureMix LLC)
S3 gramblrclient; C:\Program Files\Gramblr\gramblr.exe [10186832 2016-11-28] () [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
R2 MiscreationP; C:\Program Files (x86)\Miscreationourino\MiscreationP.exe [132608 2016-12-28] (Tiptoeingly Inc.) [File not signed]
S3 RealPlayer Cloud Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [987408 2016-10-03] (RealNetworks, Inc.)
S3 RealPlayerUpdateSvc; C:\program files (x86)\real\realplayer\UpdateService\RealPlayerUpdateSvc.exe [35104 2016-09-03] ()
R2 RealTimes Desktop Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [987408 2016-10-03] (RealNetworks, Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.)
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [987048 2016-09-15] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16248 2016-09-15] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2016-09-15] (McAfee, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2016-10-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-10-25] (Microsoft Corporation)
R2 Windows Event Log Viewer; C:\Windows\Win Services\winevent.exe [16896 2015-10-15] (winevent) [File not signed]
S3 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [X]
S3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [128536 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [132120 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [28600 2014-07-23] (Avira Operations GmbH & Co. KG)
S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497392 2016-10-02] (Symantec Corporation)
S3 EraserUtilDrv11521; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11521.sys [156912 2016-10-02] (Symantec Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2016-12-14] ()
R1 gwdrv; C:\WINDOWS\system32\DRIVERS\gwdrv.sys [33152 2015-05-28] (SecureMix LLC)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176064 2017-01-05] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [102856 2017-01-05] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-01-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [250816 2017-01-05] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-01-05] (Malwarebytes)
S3 PSKMAD; C:\WINDOWS\System32\DRIVERS\PSKMAD.sys [50320 2015-01-29] (Panda Security, S.L.)
S3 pwftap; C:\WINDOWS\System32\drivers\pwftap.sys [36736 2016-09-26] (The OpenVPN Project)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 aswHdsKe; \??\C:\WINDOWS\system32\drivers\aswHdsKe.sys [X]
U0 aswVmm; no ImagePath
U3 idsvc; no ImagePath
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\SDSDefs\20161002.001\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\SDSDefs\20161002.001\EX64.SYS [X]
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-05 16:09 - 2017-01-05 16:11 - 00038216 _____ C:\Users\Dang\Desktop\FRST.txt
2017-01-05 16:03 - 2017-01-05 16:08 - 02418176 _____ (Farbar) C:\Users\Dang\Desktop\FRST64.exe
2017-01-05 16:00 - 2017-01-05 16:00 - 00003272 _____ C:\Users\Dang\Desktop\meltdown.txt
2017-01-05 15:05 - 2017-01-05 15:06 - 03977168 _____ C:\Users\Dang\Downloads\AdwCleaner.exe
2017-01-04 17:34 - 2017-01-04 17:34 - 00000000 ____D C:\Program Files (x86)\ESET
2017-01-04 17:02 - 2017-01-04 17:03 - 00892416 _____ (Farbar) C:\Users\Dang\Desktop\MiniToolBox.exe
2017-01-04 14:55 - 2017-01-04 14:55 - 00002352 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-04 14:55 - 2017-01-04 14:55 - 00002340 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-01-04 14:54 - 2017-01-05 09:18 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-01-04 14:54 - 2017-01-05 09:18 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-01-04 14:54 - 2017-01-04 14:54 - 01065376 _____ (Google Inc.) C:\Users\Dang\Downloads\ChromeSetup.exe
2017-01-03 17:36 - 2017-01-05 15:39 - 00176064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-01-03 17:36 - 2017-01-05 15:39 - 00102856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-01-03 17:36 - 2017-01-05 15:39 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-01-03 17:36 - 2017-01-05 15:39 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-01-03 17:36 - 2017-01-05 15:38 - 00250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-01-03 17:35 - 2017-01-03 17:35 - 00001916 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-01-03 17:35 - 2017-01-03 17:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-03 17:35 - 2017-01-03 17:35 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-03 17:35 - 2016-12-14 12:55 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-01-03 17:34 - 2017-01-03 17:35 - 54199488 _____ (Malwarebytes ) C:\Users\Dang\Downloads\mb3-setup-consumer-3.0.5.1299.exe
2017-01-03 17:27 - 2017-01-03 17:27 - 02124496 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-03 14:00 - 2017-01-03 14:00 - 00100550 _____ C:\Users\Dang\Desktop\bookmarks-2017-01-03.json
2017-01-03 13:51 - 2017-01-03 13:51 - 06463312 _____ (Safer-Networking Ltd. ) C:\Users\Dang\Downloads\spybotsd2-install-iefreezefix.exe
2017-01-03 13:43 - 2017-01-03 13:44 - 06463312 _____ (Safer-Networking Ltd. ) C:\Users\Dang\Downloads\spybotsd2-install-iefreezefix(2).exe
2017-01-03 11:40 - 2016-11-28 09:25 - 00451918 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170103-114034.backup
2017-01-03 11:39 - 2016-11-28 09:25 - 00451918 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170103-113931.backup
2017-01-03 09:44 - 2015-10-09 15:02 - 00003229 _____ C:\Users\Dang\Downloads\Order.htm
2017-01-03 09:44 - 2014-09-10 19:49 - 00000948 _____ C:\Users\Dang\Downloads\Descript.ion
2017-01-03 09:44 - 2014-05-22 21:31 - 00006880 _____ C:\Users\Dang\Downloads\License.txt
2017-01-02 10:56 - 2017-01-02 14:21 - 00006362 _____ C:\Users\Dang\Documents\ISO1.nri
2017-01-01 22:21 - 2017-01-01 22:21 - 00000000 ____D C:\Program Files (x86)\Akick
2017-01-01 19:38 - 2017-01-01 19:50 - 00000080 _____ C:\Users\Dang\AppData\Roaming\Microsoft\Windows\Start Menu\WeatherBugr.lnk
2017-01-01 17:56 - 2017-01-01 17:56 - 00000000 ____D C:\Users\Dang\AppData\Local\IsolatedStorage
2017-01-01 17:32 - 2017-01-02 17:24 - 00000000 ____D C:\Users\Dang\AppData\LocalLow\uTorrent
2017-01-01 17:05 - 2017-01-01 17:05 - 00003334 _____ C:\WINDOWS\System32\Tasks\{6C5ABABA-9C91-433A-B108-5511458B3996}
2017-01-01 13:54 - 2017-01-01 19:51 - 00001236 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-01-01 13:54 - 2017-01-01 19:51 - 00001218 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-01-01 13:46 - 2017-01-01 13:48 - 00000000 ____D C:\Program Files (x86)\Miscreationourino
2017-01-01 13:30 - 2017-01-01 14:56 - 00000000 ____D C:\ProgramData\FLEXnet
2017-01-01 13:22 - 2017-01-01 13:22 - 00000000 ____D C:\WINDOWS\SysWOW64\spool
2017-01-01 12:55 - 2017-01-04 19:59 - 00000000 ____D C:\WINDOWS\TaskClean
2017-01-01 12:55 - 2017-01-02 16:56 - 00000000 ____D C:\WINDOWS\Software
2017-01-01 12:55 - 2017-01-02 16:56 - 00000000 ____D C:\WINDOWS\SoftModify
2017-01-01 12:55 - 2017-01-01 12:55 - 00003258 _____ C:\WINDOWS\System32\Tasks\TaskClean
2016-12-26 18:32 - 2017-01-01 19:51 - 00001972 _____ C:\Users\Public\Desktop\GlassWire.lnk
2016-12-26 18:32 - 2016-12-26 18:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GlassWire
2016-12-26 18:32 - 2016-12-26 18:32 - 00000000 ____D C:\Program Files (x86)\GlassWire
2016-12-26 18:32 - 2015-05-28 23:30 - 00008392 _____ C:\WINDOWS\system32\Drivers\gwdrv.cat
2016-12-26 18:32 - 2015-05-28 23:15 - 00033152 _____ (SecureMix LLC) C:\WINDOWS\system32\Drivers\gwdrv.sys
2016-12-26 18:32 - 2015-05-28 23:15 - 00003102 _____ C:\WINDOWS\system32\Drivers\gwdrv.inf
2016-12-26 18:29 - 2016-12-26 18:31 - 30680064 _____ (SecureMix LLC) C:\Users\Dang\Downloads\GlassWireSetup.exe
2016-12-25 15:57 - 2017-01-01 19:51 - 00001891 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2016-12-25 15:57 - 2016-12-25 15:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2016-12-25 15:56 - 2016-12-25 15:57 - 28758000 _____ (SUPERAntiSpyware) C:\Users\Dang\Downloads\SUPERAntiSpyware(1).exe
2016-12-20 08:04 - 2017-01-01 13:45 - 00002228 ____R C:\Users\Dang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Сhrоmium.lnk
2016-12-20 08:03 - 2016-12-20 08:04 - 00000000 ____D C:\Users\Dang\AppData\Local\chromium
2016-12-18 10:53 - 2016-12-18 10:53 - 00000379 _____ C:\WINDOWS\DirectX.log
2016-12-18 10:53 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll
2016-12-18 10:53 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll
2016-12-18 10:53 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll
2016-12-18 10:53 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll
2016-12-18 10:53 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll
2016-12-18 10:53 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll
2016-12-18 10:53 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll
2016-12-18 10:53 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll
2016-12-17 12:09 - 2017-01-01 19:50 - 00001408 _____ C:\Users\Dang\Desktop\ShowMyPC.lnk
2016-12-17 12:09 - 2016-12-17 12:09 - 02076064 _____ C:\Users\Dang\Downloads\ShowMyPC3161.exe
2016-12-17 12:06 - 2016-12-17 12:06 - 05278280 _____ (Nanosystems S.r.l.) C:\Users\Dang\Downloads\Supremo.exe
2016-12-14 12:59 - 2016-11-22 06:42 - 00384864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-12-14 12:59 - 2016-11-22 05:43 - 03692040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-12-14 12:59 - 2016-11-22 05:38 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-12-14 12:59 - 2016-11-22 05:38 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-12-14 12:59 - 2016-11-22 05:36 - 00159640 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2016-12-14 12:59 - 2016-11-22 05:35 - 00609056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-12-14 12:59 - 2016-11-22 05:35 - 00075448 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2016-12-14 12:59 - 2016-11-22 05:04 - 02549456 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-12-14 12:59 - 2016-11-22 05:03 - 01777280 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-12-14 12:59 - 2016-11-22 05:02 - 01594416 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-12-14 12:59 - 2016-11-22 05:02 - 01399216 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-12-14 12:59 - 2016-11-22 04:32 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2016-12-14 12:59 - 2016-11-22 04:24 - 02938408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-12-14 12:59 - 2016-11-22 04:21 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidcertstorecheck.exe
2016-12-14 12:59 - 2016-11-22 04:17 - 00106896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2016-12-14 12:59 - 2016-11-22 04:16 - 00064072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2016-12-14 12:59 - 2016-11-22 04:13 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll
2016-12-14 12:59 - 2016-11-22 04:00 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidpolicyconverter.exe
2016-12-14 12:59 - 2016-11-22 03:59 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-12-14 12:59 - 2016-11-22 03:55 - 00431104 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-12-14 12:59 - 2016-11-22 03:54 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-12-14 12:59 - 2016-11-22 03:50 - 00715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2016-12-14 12:59 - 2016-11-22 03:49 - 02195640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-12-14 12:59 - 2016-11-22 03:48 - 01522672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-12-14 12:59 - 2016-11-22 03:47 - 01372312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-12-14 12:59 - 2016-11-22 03:47 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-12-14 12:59 - 2016-11-22 03:35 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-12-14 12:59 - 2016-11-22 03:32 - 01386496 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-12-14 12:59 - 2016-11-22 03:27 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-12-14 12:59 - 2016-11-22 03:20 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-12-14 12:59 - 2016-11-22 03:12 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2016-12-14 12:59 - 2016-11-22 03:04 - 03587584 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-12-14 12:59 - 2016-11-22 02:57 - 03351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-12-14 12:59 - 2016-11-22 02:54 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2016-12-14 12:59 - 2016-11-22 02:53 - 01728000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-12-14 12:59 - 2016-11-22 02:41 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-12-14 12:59 - 2016-11-22 02:38 - 00541184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2016-12-14 12:59 - 2016-11-22 02:36 - 00766464 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-12-14 12:59 - 2016-11-22 02:26 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-12-14 12:59 - 2016-11-22 02:26 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-12-14 12:59 - 2016-11-22 02:21 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-12-14 12:59 - 2016-11-22 02:15 - 22373376 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-12-14 12:59 - 2016-11-22 02:14 - 04895744 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-12-14 12:59 - 2016-11-22 02:02 - 24610304 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-12-14 12:59 - 2016-11-22 02:01 - 13392384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-12-14 12:59 - 2016-11-22 01:59 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-12-14 12:59 - 2016-11-22 01:55 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-12-14 12:59 - 2016-11-22 01:49 - 07839232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-12-14 12:59 - 2016-11-22 01:35 - 19350016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-12-14 12:59 - 2016-11-22 01:34 - 18670080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-12-14 12:59 - 2016-11-22 01:34 - 12134400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-12-14 12:59 - 2016-11-22 01:32 - 03663872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-12-14 12:59 - 2016-11-22 01:17 - 05658624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-12-14 12:02 - 2017-01-05 15:42 - 00000000 ____D C:\Users\Dang\AppData\Roaming\foobar2000
2016-12-14 12:02 - 2017-01-01 19:51 - 00001190 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk
2016-12-14 12:02 - 2017-01-01 19:51 - 00001102 _____ C:\Users\Public\Desktop\foobar2000.lnk
2016-12-14 12:02 - 2016-12-14 12:02 - 00000000 ____D C:\Program Files (x86)\foobar2000
2016-12-14 12:01 - 2016-12-14 12:02 - 03938879 _____ (foobar2000.org) C:\Users\Dang\Downloads\foobar2000_v1.3.13.exe
2016-12-13 11:04 - 2016-12-13 11:04 - 00000000 ____D C:\Users\Dang\AppData\Local\yahoomessenger
2016-12-13 11:03 - 2016-12-13 11:04 - 00000000 ____D C:\Users\Dang\AppData\Local\SquirrelTemp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-05 16:09 - 2016-06-01 14:23 - 00000000 ____D C:\FRST
2017-01-05 15:42 - 2016-11-19 07:34 - 00000000 ____D C:\Users\Dang\AppData\LocalLow\Mozilla
2017-01-05 15:38 - 2015-11-29 23:31 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-05 15:37 - 2015-10-30 01:28 - 01310720 ___SH C:\WINDOWS\system32\config\BBI
2017-01-05 15:34 - 2016-09-14 13:13 - 00004150 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D344DCC7-F8CA-4C23-A242-875714AB9A62}
2017-01-05 15:14 - 2015-05-09 20:20 - 00000000 ____D C:\AdwCleaner
2017-01-05 14:28 - 2013-04-25 22:39 - 00000000 ____D C:\Users\Dang\AppData\Roaming\Skype
2017-01-05 14:07 - 2012-12-04 23:23 - 00000000 ____D C:\Users\Dang\AppData\Roaming\vlc
2017-01-05 09:13 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-05 09:11 - 2016-10-03 13:57 - 00000000 ____D C:\Program Files (x86)\360
2017-01-05 09:10 - 2015-11-30 19:00 - 00000000 ____D C:\Users\DefaultAppPool
2017-01-05 03:09 - 2016-10-21 07:11 - 00000000 ____D C:\Users\Dang\AppData\Local\CrashDumps
2017-01-04 14:55 - 2012-12-06 23:17 - 00000000 ____D C:\Program Files (x86)\Google
2017-01-04 07:23 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-03 20:12 - 2016-10-03 13:57 - 00000000 _RSHD C:\360SANDBOX
2017-01-03 20:12 - 2015-11-29 23:11 - 00000000 ____D C:\Users\Dang
2017-01-03 17:35 - 2013-06-30 17:35 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-03 17:27 - 2016-11-28 14:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-01-03 15:29 - 2016-11-30 11:01 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2017-01-03 15:29 - 2015-11-30 02:01 - 00000000 ___DC C:\WINDOWS\Panther
2017-01-03 15:29 - 2012-12-08 22:48 - 00000000 ____D C:\Users\Dang\AppData\Roaming\uTorrent
2017-01-03 15:23 - 2016-08-25 09:10 - 00002822 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task
2017-01-03 13:18 - 2015-11-29 23:38 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-01-02 16:57 - 2016-10-03 13:58 - 00000000 ____D C:\ProgramData\360Quarant
2017-01-02 16:56 - 2016-11-29 07:36 - 00001213 _____ C:\Users\Dang\Desktop\Intеrnеt Ехplоrеr.lnk
2017-01-02 16:56 - 2016-10-03 15:54 - 00000000 __SHD C:\$360Section
2017-01-02 14:07 - 2015-10-14 18:54 - 00000258 __RSH C:\ProgramData\ntuser.pol
2017-01-02 13:17 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\PrintDialog
2017-01-02 10:56 - 2015-05-19 19:44 - 00000000 ____D C:\Users\Dang\AppData\Roaming\Nero
2017-01-02 09:36 - 2011-07-22 06:26 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-01-01 21:35 - 2012-11-30 20:38 - 00000000 ____D C:\Users\Dang\AppData\Roaming\Adobe
2017-01-01 21:35 - 2011-07-22 06:26 - 00000000 ____D C:\ProgramData\Adobe
2017-01-01 19:54 - 2014-09-17 22:18 - 00000000 ____D C:\Users\Dang\AppData\Local\Adobe
2017-01-01 19:51 - 2016-11-30 11:01 - 00001150 _____ C:\Users\Public\Desktop\SpywareBlaster.lnk
2017-01-01 19:51 - 2016-11-30 09:40 - 00001468 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-01-01 19:51 - 2016-11-30 09:40 - 00001450 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2017-01-01 19:51 - 2016-11-28 08:40 - 00001028 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gramblr.lnk
2017-01-01 19:51 - 2016-11-17 10:36 - 00000735 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Upgrade Assistant.lnk
2017-01-01 19:51 - 2016-10-03 08:46 - 00000996 _____ C:\Users\Public\Desktop\RealPlayer (RealTimes).lnk
2017-01-01 19:51 - 2016-09-26 06:58 - 00001287 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk
2017-01-01 19:51 - 2016-09-26 06:58 - 00001267 _____ C:\Users\Public\Desktop\True Key.lnk
2017-01-01 19:51 - 2016-09-05 11:24 - 00001820 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-01-01 19:51 - 2015-12-21 17:39 - 00002634 _____ C:\Users\Public\Desktop\Skype.lnk
2017-01-01 19:51 - 2015-11-29 23:45 - 00002366 _____ C:\Users\Dang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-01 19:51 - 2015-11-29 23:21 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-01-01 19:51 - 2015-11-03 08:45 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-01 19:51 - 2015-10-30 02:19 - 00002437 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk
2017-01-01 19:51 - 2015-10-30 02:19 - 00002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk
2017-01-01 19:51 - 2015-10-30 02:19 - 00002299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Devices Flow.lnk
2017-01-01 19:51 - 2015-10-30 02:18 - 00000853 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop.lnk
2017-01-01 19:51 - 2015-10-30 02:17 - 00002325 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk
2017-01-01 19:51 - 2015-09-10 19:01 - 00000948 _____ C:\Users\Public\Desktop\RealTimes (RealPlayer).lnk
2017-01-01 19:51 - 2015-08-24 15:59 - 00001843 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2017-01-01 19:51 - 2013-09-01 17:04 - 00001141 _____ C:\Users\Public\Desktop\VLC media player.lnk
2017-01-01 19:51 - 2012-12-06 23:18 - 00000905 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-01-01 19:51 - 2012-12-06 22:03 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-01-01 19:51 - 2012-11-30 21:17 - 00002093 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk
2017-01-01 19:51 - 2012-11-08 17:36 - 00000927 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Times Reader.lnk
2017-01-01 19:51 - 2012-11-08 17:10 - 00002435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk
2017-01-01 19:50 - 2016-10-02 09:01 - 00001380 _____ C:\Users\Dang\Desktop\Norton Installation Files.lnk
2017-01-01 19:50 - 2015-11-03 08:45 - 00002051 _____ C:\Users\Dang\Desktop\Acrobat Reader DC.lnk
2017-01-01 19:50 - 2013-09-27 21:57 - 00000816 _____ C:\Users\Dang\Desktop\µTorrent.lnk
2017-01-01 19:50 - 2013-09-27 21:57 - 00000796 _____ C:\Users\Dang\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2017-01-01 19:50 - 2012-11-08 17:17 - 00001212 _____ C:\Users\Dang\Desktop\NOOK for PC.lnk
2017-01-01 19:49 - 2016-11-26 13:15 - 00000000 ____D C:\Users\Dang\Desktop\11-25-2016
2017-01-01 17:56 - 2015-10-04 18:57 - 00011198 _____ C:\Users\Dang\Desktop\Mixed.fpl
2017-01-01 17:07 - 2012-11-30 21:51 - 00000000 ____D C:\Users\Dang\AppData\Local\ElevatedDiagnostics
2017-01-01 14:26 - 2013-06-11 18:24 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-01-01 14:25 - 2016-11-29 07:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-01 14:23 - 2016-10-03 13:58 - 00000000 ____D C:\WINDOWS\Tasks\360Disabled
2017-01-01 14:18 - 2015-11-29 23:34 - 00000000 ____D C:\Users\Dang\AppData\Local\Packages
2017-01-01 13:54 - 2016-11-18 12:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-01 13:45 - 2016-12-04 09:47 - 00002024 ____R C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk
2017-01-01 13:45 - 2016-12-03 18:20 - 00002299 ____R C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk
2017-01-01 12:23 - 2015-11-29 23:11 - 01009756 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-01 12:23 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF
2016-12-31 06:30 - 2016-11-29 06:46 - 00000185 _____ C:\Users\Dang\AppData\Roaming\WB.CFG
2016-12-30 10:01 - 2012-11-08 17:11 - 00000000 ____D C:\ProgramData\Temp
2016-12-28 10:55 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2016-12-28 10:48 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\config\RegBack
2016-12-25 15:57 - 2013-06-11 18:24 - 00000000 ____D C:\Users\Dang\AppData\Roaming\SUPERAntiSpyware.com
2016-12-25 15:57 - 2013-06-11 18:24 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-12-23 13:15 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-12-23 13:15 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-12-21 19:42 - 2015-10-30 01:28 - 00000000 ____D C:\WINDOWS\system32\CatRoot
2016-12-21 14:13 - 2016-10-03 13:11 - 00000248 _____ C:\Users\Dang\Desktop\CLARK TECH.txt
2016-12-19 16:50 - 2015-11-29 23:10 - 00524288 ___SH C:\WINDOWS\system32\config\COMPONENTS{485596d2-7ed5-11e5-80df-e41d2d718e10}.TMContainer00000000000000000001.regtrans-ms
2016-12-19 16:41 - 2015-10-30 01:28 - 00000000 ____D C:\WINDOWS\system32\DriverStore
2016-12-18 10:53 - 2015-10-30 01:31 - 00000000 ____D C:\WINDOWS\Logs
2016-12-17 13:21 - 2016-08-29 11:48 - 00000000 ____D C:\ProgramData\SupremoRemoteDesktop
2016-12-17 08:25 - 2015-10-30 01:28 - 00262144 ___SH C:\Users\Default\NTUSER.DAT
2016-12-17 08:22 - 2016-12-04 09:47 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-12-16 18:59 - 2016-09-23 08:48 - 00524288 ___SH C:\WINDOWS\system32\config\drivers{042637d6-8194-11e6-ae4e-f80f412c6fd3}.TMContainer00000000000000000001.regtrans-ms
2016-12-16 18:59 - 2016-09-23 08:48 - 00065536 ___SH C:\WINDOWS\system32\config\drivers{042637d6-8194-11e6-ae4e-f80f412c6fd3}.TM.blf
2016-12-16 18:58 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\SysWOW64\en-US
2016-12-16 18:58 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-12-16 18:58 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\en-US
2016-12-16 18:58 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files\Internet Explorer
2016-12-16 13:31 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-12-15 10:13 - 2013-08-13 23:20 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-12-15 10:02 - 2012-11-30 21:29 - 135632432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-12-14 18:41 - 2012-11-29 21:52 - 00000000 ___RD C:\Users\Dang\Music
2016-12-12 14:17 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\debug
2016-12-11 18:03 - 2015-10-30 02:26 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-12-11 18:03 - 2015-10-30 02:26 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-09 08:08 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\NDF

==================== Files in the root of some directories =======

2016-11-29 06:46 - 2016-12-31 06:30 - 0000185 _____ () C:\Users\Dang\AppData\Roaming\WB.CFG
2015-05-05 22:50 - 2015-05-05 22:50 - 0045720 _____ () C:\Users\Dang\AppData\Roaming\Microsoft\HELP_DECRYPT.PNG
2016-11-28 08:52 - 2016-11-23 07:19 - 0000570 _____ () C:\Users\Dang\AppData\Local\TroubleshooterConfig.json
2015-10-23 20:55 - 2015-10-23 20:55 - 0002560 _____ () C:\Users\Dang\AppData\Local\uninstall.exe
2012-11-08 17:11 - 2014-04-17 22:59 - 0012727 _____ () C:\ProgramData\ArcadeDeluxe5.log

Files to move or delete:
====================
C:\Windows\Tasks\{22771E02-3FCA-A30A-69A8-5B23E1A0BA24}.job


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-28 10:48

==================== End of FRST.txt ============================


Edited by jinn0z, 05 January 2017 - 04:38 PM.


BC AdBot (Login to Remove)

 


#2 jinn0z

jinn0z
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:02:06 PM

Posted 05 January 2017 - 04:40 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-01-2017
Ran by Dang (05-01-2017 16:12:19)
Running from C:\Users\Dang\Desktop
Windows 10 Home Version 1511 (X64) (2015-11-30 04:34:02)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2649704876-1349671222-1448162478-500 - Administrator - Disabled)
Dang (S-1-5-21-2649704876-1349671222-1448162478-1000 - Administrator - Enabled) => C:\Users\Dang
DefaultAccount (S-1-5-21-2649704876-1349671222-1448162478-503 - Limited - Disabled)
Guest (S-1-5-21-2649704876-1349671222-1448162478-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Spybot - Search and Destroy (Enabled - Up to date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2649704876-1349671222-1448162478-1000\...\uTorrent) (Version: 3.4.9.43085 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154159574\...\uTorrent) (Version: 3.4.9.43085 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154226726\...\uTorrent) (Version: 3.4.9.43085 - BitTorrent Inc.)
7-Zip 15.12 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1512-000001000000}) (Version: 15.12.00.0 - Igor Pavlov)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3502 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0609.2011 - Acer Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 23.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Apple Application Support (32-bit) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{D9B8D7C4-BE13-5877-6999-B076956AA3F9}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.97 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.24 - Piriform)
Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.2024.15 - CyberLink Corp.)
clear.fi (x32 Version: 1.0.1517_36458 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 1.0.2024.15 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 9.0.8026 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3500 - Acer Incorporated)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Driver Support (HKLM-x32\...\DriverSupport) (Version: 10.1.4.10 - PC Drivers HeadQuarters LP) <==== ATTENTION
eBay Worldwide (HKLM-x32\...\{D3E5A972-9A15-427D-AE78-8181A5FD943C}) (Version: 2.2.0409 - OEM)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
foobar2000 v1.3.13 (HKLM-x32\...\foobar2000) (Version: 1.3.13 - Peter Pawlowski)
GlassWire 1.2 (remove only) (HKLM-x32\...\GlassWire 1.2) (Version: 1.2.1079 - SecureMix LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Gramblr (HKLM\...\Gramblr) (Version: 2.8.0 - Gramblr Team)
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3505 - Acer Incorporated)
iCloud (HKLM\...\{724A887F-2B55-4306-B6F9-8F0E7A04B1B5}) (Version: 5.2.2.87 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.7.122.1 - Intel Security)
iTunes (HKLM\...\{955524E7-79EB-4CA9-BA4D-FD2DF587651B}) (Version: 12.4.3.1 - Apple Inc.)
Jewel Match 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Malwarebytes version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Miscreation Palicourea Scroinogh (HKLM-x32\...\Miscreation Palicourea Scroinogh) (Version: 2.00 - Tiptoeingly Inc.)
Mozilla Firefox 50.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 50.0.2 (x64 en-US)) (Version: 50.0.2 - Mozilla)
Mozilla Firefox 50.1.0 (x64 en-US) (HKLM\...\Mozilla Firefox 50.1.0 (x64 en-US)) (Version: 50.1.0 - Mozilla)
Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
MyWinLocker (Version: 4.0.14.25 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.25 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.15 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.15 - Egis Technology Inc.) Hidden
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.12000.21.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.5.10300 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.4.7070 - Barnesandnoble.com)
NpackdCL (HKLM-x32\...\{C32CA36A-DA63-4D55-9B17-87C61033137D}) (Version: 1.18.7 - Npackd)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
RealDownloader (x32 Version: 18.1.5.699 - RealNetworks) Hidden
RealDownloader (x32 Version: 18.1.5.699 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (RealTimes) (HKLM-x32\...\RealPlayer 18.1) (Version: 18.1.5 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6392 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1230 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Times Reader (HKLM-x32\...\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1) (Version: 2.055 - The New York Times Company)
Times Reader (x32 Version: 2.055 - The New York Times Company) Hidden
Torchlight (x32 Version: 2.2.0.97 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
vc2012_redist (x32 Version: 1.0.0.0 - Realnetworks) Hidden
Video Downloader (x32 Version: 1.2.0 - RealNetworks) Hidden
Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
vs2015_redist x64 (Version: 1.0.0.0 - Realnetworks) Hidden
vs2015_redist x86 (x32 Version: 1.0.0.0 - Realnetworks) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3503 - Acer Incorporated)
WildTangent Games App (x32 Version: 4.0.10.16 - WildTangent) Hidden
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17364 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.6.2015.18 - Ruiware)
Zuma's Revenge (x32 Version: 2.2.0.97 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Dang\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0500A7A6-8633-4A05-A4DD-2E9C1CB82EDB} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {09208E48-79BE-45E0-ABCD-4DAAFF816F8E} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {0DAEBA4A-9F9D-4425-8358-365CB740EF2D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {0ED29931-4EAA-4A30-B968-30C59C8A69D7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {12055106-D2EB-423E-A973-84EB97D085AE} - System32\Tasks\{22771E02-3FCA-A30A-69A8-5B23E1A0BA24} => C:\PROGRA~2\COMMON~1\22771E~1\updane.exe
Task: {17502C4F-F01C-4C6E-ADCE-C8EBE7C27195} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {1D3B79B7-58FB-4FCD-BEFF-42D55057B97F} - \TaskModify -> No File <==== ATTENTION
Task: {206F5866-E0F6-4361-9860-D721970300D9} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {27A7F735-3AF2-4088-8412-8664B25BAFF6} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {318DE265-6D9F-46B4-942B-F086CF7D7FD0} - \TaskALL -> No File <==== ATTENTION
Task: {3633B850-BF1F-40B2-A2A5-E655460A474D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-12-15] (Microsoft Corporation)
Task: {391E3518-AB0E-48B1-9A35-8F2C4310D050} - System32\Tasks\{54F9FC58-2B13-4CC1-8236-A4F413727BB3} => Firefox.exe hxxp://ui.skype.com/ui/0/6.16.0.105/en/abandoninstall?source=lightinstaller&amp;page=tsBing
Task: {39AC8FF0-551A-46DD-88D0-1AF276555E8A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {3B7DB25D-A424-4D4F-B864-E344213F167E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {3DE20017-5645-4067-B23C-5C813E93B618} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {4DD6C8D2-2A30-4861-9C4F-3A1E6F279679} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2649704876-1349671222-1448162478-1000 => C:\program files (x86)\real\realplayer\RealDownloader\RealUpgrade.exe [2016-09-03] (RealNetworks, Inc.)
Task: {503420EB-5247-435C-B76D-BE9360044783} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-05-20] (CyberLink Corp.)
Task: {51C6BF69-24DF-4241-9369-0673F9965388} - \IntegrationManager -> No File <==== ATTENTION
Task: {530A4A0B-627B-48E1-A707-DB8A06B397A8} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5D8D979F-54B2-4522-9668-91B785DE2D6E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {60678FEC-7EF5-41F3-AB33-2A24AB169F77} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {62EFA428-3673-44B3-BDEA-5E5730EAEAAA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-04] (Google Inc.)
Task: {6B3255BA-2DDE-4DC0-B9F7-81A8F2841186} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6D511641-7E5B-45AD-9245-32C804884A81} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)
Task: {6DF0C0AA-D3FA-49F4-B22A-B56D139E1BCF} - System32\Tasks\Adobe ARM => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)
Task: {7A03C38A-0C00-4090-8FD0-2D29F5A7B20B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-11-15] (Piriform Ltd)
Task: {909726B2-C95F-4D61-AE47-4A28BBD1AC4A} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-08-24] (Acer Incorporated)
Task: {96B94A0A-20DC-49CB-AD01-6DED060D171B} - \TaskName -> No File <==== ATTENTION
Task: {97098503-3471-4750-9DDE-D75FDEA9C87D} - System32\Tasks\{2AA35854-5E3B-4C6D-9CF3-317A8A35DF0E} => pcalua.exe -a "C:\Program Files (x86)\Avira\AntiVir Desktop\setup.exe" -c /REMOVE
Task: {992E3941-B0D9-48FB-9C6A-214237C0F5D0} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9DE20394-8C4E-46F9-8B12-50C245F13D5F} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {9F4F1F1C-E328-419F-832D-6B243E7084FF} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {A16E21FC-53A6-498A-BE04-C8D6E4A8847C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-23] (Adobe Systems Incorporated)
Task: {A5DD4025-1423-49BA-A5C1-C3D517ECF2F8} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {A5FC0335-4744-41D0-AF3B-014C19F4F6A5} - System32\Tasks\TaskClean => C:\Windows\TaskClean\TaskClean.exe
Task: {AFDEFB87-570A-45E1-A80C-6323413F229F} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {B0C95242-FBDE-407F-A021-A827FCD06C57} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {B986601C-F17C-4E3C-BDAC-FD87F230F967} - \RealDownloader Update Check -> No File <==== ATTENTION
Task: {C1B537AA-6190-459A-9D96-A61AA064F62C} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2649704876-1349671222-1448162478-1000 => C:\program files (x86)\real\realplayer\RealDownloader\RealUpgrade.exe [2016-09-03] (RealNetworks, Inc.)
Task: {D5A9EC21-B8A3-4974-86E6-257717BAE381} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D89E036F-D5C0-44C1-9F59-1D3E4C5B5790} - System32\Tasks\{6C5ABABA-9C91-433A-B108-5511458B3996} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe"
Task: {DAE75E68-22BD-4024-BFCA-9DB4D1B084CE} - \Sercurity -> No File <==== ATTENTION
Task: {E4EAA017-40E9-49A6-AC7D-9095C5551834} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-05-20] (CyberLink)
Task: {EA596490-C712-4632-9672-E12F38C84DBC} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {EA780E84-D11B-4E6C-8420-B1425D253F19} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-04] (Google Inc.)
Task: {F3C79EB0-09B6-4948-9042-EF6D78091FD4} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {F9B31903-1F85-42BF-B373-15DDFE52398B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FFA6C7AD-264C-42F0-BFD8-E3EAF6B334F5} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\{22771E02-3FCA-A30A-69A8-5B23E1A0BA24}.job => C:\PROGRA~2\COMMON~1\22771E~1\updane.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Dang\Desktop\Intеrnеt Ехplоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iехplоrе.bаt.exe (Microsoft Corporation) <===== Cyrillic
Shortcut: C:\Users\Dang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Сhrоmium.lnk -> C:\Users\Dang\AppData\Local\chromium\Application\chrome.bat (No File)
Shortcut: C:\Users\Dang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Ехplоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File)
Shortcut: C:\Users\Dang\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnеt Ехplоrеr Вrоwsеr.lnk -> C:\Program Files (x86)\Internet Explorer\iехplоrе.bаt.exe (Microsoft Corporation) <===== Cyrillic
Shortcut: C:\Users\Dang\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Сhrоmium.lnk -> C:\Users\Dang\AppData\Local\chromium\Application\chrome.bat (No File)
Shortcut: C:\Users\Dang\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnеt Ехplоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iехplоrе.bаt.exe (Microsoft Corporation) <===== Cyrillic
Shortcut: C:\Users\Dang\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat ()

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-03-18 21:56 - 2016-03-18 21:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-07-05 14:23 - 2016-07-05 14:23 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-01-03 17:35 - 2016-12-14 12:55 - 02259232 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-01-03 17:35 - 2016-12-14 12:55 - 02813904 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2017-01-03 17:35 - 2016-12-14 12:55 - 02247632 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-11-08 16:19 - 2016-10-25 04:42 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-11-08 16:19 - 2016-10-25 04:42 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-08-25 09:09 - 2016-08-25 09:09 - 01864384 _____ () C:\Users\Dang\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2015-12-17 16:39 - 2015-12-06 23:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-12 15:56 - 2016-06-30 22:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-11-08 16:20 - 2016-10-24 23:49 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-08 16:20 - 2016-10-24 23:44 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-08 16:20 - 2016-10-24 23:45 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-08 16:20 - 2016-10-24 23:48 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2011-08-10 22:58 - 2011-08-10 22:58 - 00627304 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
2016-11-30 09:39 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-11-30 09:39 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-11-30 09:39 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-11-30 09:39 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-11-30 09:39 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2011-05-20 14:13 - 2011-05-20 14:13 - 00206216 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
2011-08-10 22:57 - 2011-08-10 22:57 - 00151656 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
2016-04-04 02:42 - 2016-04-04 02:42 - 00095696 _____ () C:\Program Files (x86)\foobar2000\zlib1.dll
2016-10-22 10:19 - 2016-10-22 10:19 - 00156160 _____ () C:\Program Files (x86)\foobar2000\shared.dll
2016-10-22 10:22 - 2016-10-22 10:22 - 00205312 _____ () C:\Program Files (x86)\foobar2000\components\foo_dsp_eq.dll
2016-10-22 10:21 - 2016-10-22 10:21 - 01083392 _____ () C:\Program Files (x86)\foobar2000\components\foo_ui_std.dll
2016-10-22 10:21 - 2016-10-22 10:21 - 00309760 _____ () C:\Program Files (x86)\foobar2000\components\foo_cdda.dll
2016-03-30 06:45 - 2016-03-30 06:45 - 00307200 _____ () C:\Program Files (x86)\foobar2000\components\foo_freedb2.dll
2016-10-22 10:20 - 2016-10-22 10:20 - 00296448 _____ () C:\Program Files (x86)\foobar2000\components\foo_fileops.dll
2016-10-22 10:21 - 2016-10-22 10:21 - 00275968 _____ () C:\Program Files (x86)\foobar2000\components\foo_unpack.dll
2016-03-30 06:44 - 2016-03-30 06:44 - 00375296 _____ () C:\Program Files (x86)\foobar2000\components\foo_rgscan.dll
2016-10-22 10:21 - 2016-10-22 10:21 - 01430016 _____ () C:\Program Files (x86)\foobar2000\components\foo_input_std.dll
2016-03-30 06:46 - 2016-03-30 06:46 - 00356352 _____ () C:\Program Files (x86)\foobar2000\components\foo_albumlist.dll
2016-10-22 10:21 - 2016-10-22 10:21 - 00536576 _____ () C:\Program Files (x86)\foobar2000\components\foo_converter.dll
2016-10-22 10:21 - 2016-10-22 10:21 - 00250880 _____ () C:\Program Files (x86)\foobar2000\components\foo_dsp_std.dll
2016-12-14 14:20 - 2016-12-14 14:20 - 66155008 _____ () C:\Program Files (x86)\Miscreationourino\libcef.dll
2016-12-14 14:20 - 2016-12-14 14:20 - 01886208 _____ () C:\Program Files (x86)\Miscreationourino\libglesv2.dll
2016-12-14 14:20 - 2016-12-14 14:20 - 00078848 _____ () C:\Program Files (x86)\Miscreationourino\libegl.dll
2016-12-11 05:37 - 2016-12-11 05:37 - 17833560 _____ () C:\Program Files (x86)\Miscreationourino\plugins\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [125]
AlternateDataStreams: C:\ProgramData\Temp:EF7F67C4 [144]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7924 more sites.

IE trusted site: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000\...\localhost -> localhost
IE restricted site: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000\...\1-2005-search.com -> www.1-2005-search.com

There are 12742 more sites.

IE trusted site: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154159574\...\localhost -> localhost
IE restricted site: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154159574\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154159574\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154159574\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154159574\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154159574\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154159574\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154159574\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154159574\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154159574\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154159574\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154159574\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154159574\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154159574\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154159574\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154159574\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154159574\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154159574\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154159574\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154159574\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154159574\...\1-2005-search.com -> www.1-2005-search.com

There are 12742 more sites.

IE trusted site: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154226726\...\localhost -> localhost
IE restricted site: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154226726\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154226726\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154226726\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154226726\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154226726\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154226726\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154226726\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154226726\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154226726\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154226726\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154226726\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154226726\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154226726\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154226726\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154226726\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154226726\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154226726\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154226726\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154226726\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154226726\...\1-2005-search.com -> www.1-2005-search.com

There are 12742 more sites.

IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\123simsen.com -> www.123simsen.com

There are 7924 more sites.

IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154201206\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154201206\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154201206\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154201206\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154201206\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154201206\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154201206\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154201206\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154201206\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154201206\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154201206\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154201206\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154201206\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154201206\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154201206\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154201206\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154201206\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154201206\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154201206\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154201206\...\123simsen.com -> www.123simsen.com

There are 7924 more sites.

IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154236863\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154236863\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154236863\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154236863\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154236863\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154236863\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154236863\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154236863\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154236863\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154236863\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154236863\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154236863\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154236863\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154236863\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154236863\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154236863\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154236863\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154236863\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154236863\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154236863\...\123simsen.com -> www.123simsen.com

There are 7924 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2016-11-28 09:25 - 00451918 ____N C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    www.10sek.com
127.0.0.1    10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    www.123fporn.info
127.0.0.1    123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com
127.0.0.1    www.123moviedownload.com

There are 15492 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2649704876-1349671222-1448162478-1000\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154159574\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154226726\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "avgnt"
HKLM\...\StartupApproved\Run32: => "OOTag"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "RealDownloader"
HKLM\...\StartupApproved\Run32: => "TkBellExe"
HKU\S-1-5-21-2649704876-1349671222-1448162478-1000\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-2649704876-1349671222-1448162478-1000\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2649704876-1349671222-1448162478-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154159574\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154159574\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154159574\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154226726\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154226726\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154226726\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [MSMQ-In-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => LPort=808
FirewallRules: [{2304D0E0-AE6A-419D-92BA-16812AEAF45D}] => C:\Windows\system32\rundll32.exe
FirewallRules: [{4F1332AD-7D86-4912-9EC0-614B54855978}] => C:\Windows\explorer.exe
FirewallRules: [{41EAE825-B1E3-4497-BFED-220024B34960}] => C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{66F52BB1-02F4-4AA9-A92D-5A82D7423E33}] => C:\Users\Dang\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{BB4C567C-A7DC-4AC0-B67E-82B3B2FCA838}] => C:\Users\Dang\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [UDP Query User{8D740C4C-BBF4-4F20-9D99-2C5D67CEFB4C}C:\program files (x86)\videolan\vlc\vlc.exe] => C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{B5B163B8-4368-4A63-8F2E-80EE6DAED589}C:\program files (x86)\videolan\vlc\vlc.exe] => C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [{358303EB-39DB-4B80-AA70-922AA0178E6E}] => C:\Users\Dang\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1319C5FB-77EE-4FA1-97D9-28FE3E3CA000}] => C:\Users\Dang\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{43820D21-F219-407A-9857-DC304A3F9286}] => LPort=1900
FirewallRules: [{AE98E15B-9CCD-47EC-A0AC-E8E6E5DE37A3}] => LPort=2869
FirewallRules: [{66B865B3-A69A-42D7-BA81-1ED68133301B}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{A150CF95-B3E8-4BD2-908C-7EB3E5B22842}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C72709F0-890A-468F-BB79-7A6E9292DDFD}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{34B18848-CD7E-49C6-B0A9-87C9454BA6AF}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{69B4BCE2-B3F1-4D27-BDD5-47DB774B725E}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4D1FDDD3-619F-4484-85FE-A368CB6715AB}] => C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{ED68218C-F49E-4E01-AD7D-24B0967C9BFC}] => C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{07D81D0C-2E40-453A-9C85-F819D6BE301F}] => C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{5E411569-8B90-430B-A298-D72F3A29FE28}] => C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{FF85564A-B28F-4943-993C-0779FACB3805}] => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{BAC5A69F-B457-4DEF-A5E2-2223A39520B5}] => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe
FirewallRules: [{F0FA9A5C-017D-4C7F-9375-A48BFA58F817}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{AA1CA0C1-9030-403F-BAE3-95A4C319A04B}] => C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{09AE4C81-5C99-40A7-802A-8D174624F356}] => c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [TCP Query User{816B563A-6C40-4ED8-A30C-0BA83BD428EC}C:\users\dang\downloads\anydesk.exe] => C:\users\dang\downloads\anydesk.exe
FirewallRules: [UDP Query User{659BD43B-F01F-4590-8F3A-4A74DBA3CBE1}C:\users\dang\downloads\anydesk.exe] => C:\users\dang\downloads\anydesk.exe
FirewallRules: [{563FF291-321F-4EA6-AF2A-175A665CABAF}] => C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{3AC753CC-668D-4248-BA84-73CB39BDB128}] => C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{7D20DC9A-A749-471A-9FE1-0AE246F5AB2A}] => c:\program files (x86)\avira\antivir desktop\avguard.exe
FirewallRules: [{B68A5134-13D5-4823-8636-3D43B3CA0B52}] => c:\program files (x86)\avira\antivir desktop\avguard.exe
FirewallRules: [{8485B436-9C2B-47CA-9DFC-AAA1C60936A8}] => c:\program files\common files\mcafee\updmgr\3.0.8053.4\mcupdatemgr.exe
FirewallRules: [{ADCE6841-CA32-47A8-88B7-B9AD5C3F889A}] => c:\program files\common files\mcafee\updmgr\3.0.8053.4\mcupdatemgr.exe
FirewallRules: [{CFE41543-8EB6-4945-A2FB-4B3EB0AC463A}] => c:\windows\system32\browser_broker.exe
FirewallRules: [{AC87FC66-3942-4947-B4F4-3F13108900BD}] => c:\windows\system32\browser_broker.exe
FirewallRules: [{C2B2BE56-352E-4A3E-A04E-184C02CF29B7}] => c:\program files\intel security\true key\application\truekey.exe
FirewallRules: [{AEA8F0CD-B08C-4F27-B89F-7779A8CE77B3}] => c:\program files\intel security\true key\application\truekey.exe
FirewallRules: [{D91E0D7B-820D-4E05-BD74-D4D05892FC80}] => c:\program files\truekey\installerevents.exe
FirewallRules: [{6896A839-C4FA-41BD-92D8-73A4AD8CF7B3}] => c:\program files\truekey\installerevents.exe
FirewallRules: [{8CFF43F9-F2FF-4AE8-BBEC-642C2CBC93D1}] => c:\program files (x86)\real\realplayer\rpds\bin\rpdsvc.exe
FirewallRules: [{822CC370-D3B0-45A6-811A-005B29CC87E8}] => c:\program files (x86)\real\realplayer\rpds\bin\rpdsvc.exe
FirewallRules: [{013DF7B1-A40D-465F-BE36-D3EC89F7F2FB}] => c:\program files\truekey\mcafee.truekey.service.exe
FirewallRules: [{6F2CBEC1-DD73-4C6E-9345-F313E486FE35}] => c:\program files\truekey\mcafee.truekey.service.exe
FirewallRules: [{4160C529-1EEF-4FA4-B5FE-9B0BEFDC3F59}] => c:\program files\windows defender\mpcmdrun.exe
FirewallRules: [{931DF671-2856-4F55-9E0B-A86300409B28}] => c:\program files\windows defender\mpcmdrun.exe
FirewallRules: [{F51B7845-FB23-4CB7-BFBF-018CD8DBF5A6}] => c:\program files (x86)\driver support\driversupport.exe
FirewallRules: [{1C80C167-DFEC-47E0-97D3-742FBB7F15C0}] => c:\program files (x86)\driver support\driversupport.exe
FirewallRules: [{6FA5CE31-BC64-40D8-BFC4-9765A6C72973}] => c:\users\dang\downloads\driversupport (1).exe
FirewallRules: [{44438238-6041-4E93-9036-FAF64AFF695D}] => c:\users\dang\downloads\driversupport (1).exe
FirewallRules: [{BC0EF372-E776-4A95-B550-770C252466E2}] => c:\program files (x86)\real\realplayer\rpds\bin\rpsystray.exe
FirewallRules: [{2C4B1CFA-0832-4B18-ABCE-51B0D45C1C46}] => c:\program files (x86)\real\realplayer\rpds\bin\rpsystray.exe
FirewallRules: [{BA9D7F73-731E-4EA7-BC1F-2DA9B45B6D7C}] => c:\program files\bonjour\mdnsresponder.exe
FirewallRules: [{888AD69F-06BD-43DD-8AFC-4E26F38CB525}] => c:\program files\bonjour\mdnsresponder.exe
FirewallRules: [{7ACD6DEA-8702-4DF4-BF6C-E6F0CC889C55}] => C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{9AE82252-C262-4BF8-9342-65174DC19228}] => C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{12931A12-BB40-47DC-A595-DFEC13C2DEA1}] => C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{60DF74B5-9F06-433A-B5AA-83980472992E}] => C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{643EA57B-59E3-4964-B7F4-388262ED9636}] => C:\Users\Dang\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{419164B1-AD05-4C3F-8A86-9D81641D82E0}] => 㩃停潲牧浡䘠汩獥⠠㡸⤶䵜獩牣慥楴湯畯楲潮䵜獩牣慥楴湯畯楲潮攮數
FirewallRules: [{4CD5A94A-8F71-4D07-87E9-B141B63C26E9}] => 㩃停潲牧浡䘠汩獥⠠㡸⤶䵜獩牣慥楴湯畯楲潮䵜獩牣慥楴湯畯楲潮⹟硥e
FirewallRules: [{04432008-9DE1-46E3-BE35-FFD314C5A298}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CCD1C9A6-B3EC-4084-881F-AA5A48FCB17C}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4B0340C7-3624-4D4F-BB08-9F97AB3CEAFD}] => C:\Users\Dang\AppData\Local\Temp\ShowMyPC\-ShowMyPC3161\SMPCSetup.exe
FirewallRules: [{5F1E8628-D576-44C9-BF93-F8F995B94A76}] => C:\Program Files (x86)\ShowMyPCService\tvnserver.exe
FirewallRules: [{FFA19FF8-7B9D-4C07-B0B0-37A769CAA82F}] => C:\Users\Dang\AppData\Local\Temp\ShowMyPC\-ShowMyPC3161\tvnserver.exe
FirewallRules: [{DF20E2B0-1804-4B8B-8D11-4226AB85ED55}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Windows\SysWOW64\rundll32.exe] => *:Enabled:rundll32
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

01-01-2017 21:06:56 Installed Adobe Photoshop CS2
04-01-2017 17:22:47 JRT Pre-Junkware Removal
05-01-2017 09:27:52 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/05/2017 01:20:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_MapsBroker, version: 10.0.10586.0, time stamp: 0x5632d7ba
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x84000013
Fault offset: 0x0000000000000000
Faulting process id: 0x15dc
Faulting application start time: 0x01d267804ea87366
Faulting application path: C:\WINDOWS\System32\svchost.exe
Faulting module path: unknown
Report Id: 0b8a8e06-b8fd-4f6d-96ed-6cfd8ad1130c
Faulting package full name:
Faulting package-relative application ID:

Error: (01/05/2017 12:23:20 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\Dang\Desktop\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_a2d6b3cea53ff843.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_ea83eaa5b9bc2149.manifest.

Error: (01/05/2017 12:17:50 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\Dang\Desktop\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_a2d6b3cea53ff843.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_ea83eaa5b9bc2149.manifest.

Error: (01/05/2017 12:11:06 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\Dang\Desktop\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_a2d6b3cea53ff843.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_ea83eaa5b9bc2149.manifest.

Error: (01/05/2017 09:38:31 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_a2d6b3cea53ff843.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_ea83eaa5b9bc2149.manifest.

Error: (01/05/2017 09:34:34 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_a2d6b3cea53ff843.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_ea83eaa5b9bc2149.manifest.

Error: (01/05/2017 09:33:50 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\Dang\Desktop\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_a2d6b3cea53ff843.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_ea83eaa5b9bc2149.manifest.

Error: (01/05/2017 09:28:04 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (01/05/2017 03:09:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: onenoteim.exe, version: 16.0.7668.5768, time stamp: 0x585a22b5
Faulting module name: Office.UI.Xaml.Core.dll, version: 0.0.0.0, time stamp: 0x58591e02
Exception code: 0xc0000005
Fault offset: 0x00000000003e9931
Faulting process id: 0x83c
Faulting application start time: 0x01d2672afdf1b471
Faulting application path: C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.7668.57681.0_x64__8wekyb3d8bbwe\onenoteim.exe
Faulting module path: C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.7668.57681.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Core.dll
Report Id: e036fe87-8305-4154-8c77-7a0efde4f257
Faulting package full name: Microsoft.Office.OneNote_17.7668.57681.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: microsoft.onenoteim

Error: (01/05/2017 02:55:13 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\Dang\Desktop\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_a2d6b3cea53ff843.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_ea83eaa5b9bc2149.manifest.


System errors:
=============
Error: (01/05/2017 03:38:12 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (01/05/2017 03:37:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_493be service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (01/05/2017 03:37:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_493be service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (01/05/2017 03:37:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_493be service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (01/05/2017 03:37:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_493be service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (01/05/2017 03:16:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (01/05/2017 03:15:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_4f699 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (01/05/2017 03:15:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_4f699 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (01/05/2017 03:15:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_4f699 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (01/05/2017 03:15:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_4f699 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.


CodeIntegrity:
===================================
  Date: 2017-01-01 22:03:33.795
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-01-01 14:03:49.685
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-20 08:09:32.054
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-17 08:24:50.505
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-15 14:44:04.405
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-03 07:23:43.379
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-12-02 07:36:54.838
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-11-30 06:20:38.745
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-17 15:45:06.424
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-11-17 15:45:06.382
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: AMD A4-3400 APU with Radeon™ HD Graphics
Percentage of memory in use: 76%
Total physical RAM: 3796.87 MB
Available physical RAM: 896.6 MB
Total Virtual: 7636.87 MB
Available Virtual: 3443.94 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:446.13 GB) (Free:222.21 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F370B812)
Partition 1: (Not Active) - (Size=19.5 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=446.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

 

Mod Edit

Moved from AII due to FRST log.

NickAu


Edited by NickAu, 05 January 2017 - 04:58 PM.
Mod edit


#3 jinn0z

jinn0z
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:02:06 PM

Posted 05 January 2017 - 05:03 PM

Also, should I clicked on "Fix" from Farbar Recovery Scan tool?

 

Mod Edit:  Your topic has been moved.  Please read and follow the instructions from HelpBot when an automatic reply is made to this topic. - Hamluis.


Edited by hamluis, 05 January 2017 - 06:21 PM.


#4 jinn0z

jinn0z
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:02:06 PM

Posted 06 January 2017 - 06:26 AM

The topic has been moved... Where can I find this topic? Thanks


Edited by jinn0z, 06 January 2017 - 06:38 AM.


#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:06 PM

Posted 06 January 2017 - 02:19 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove this programs in bold via the Control Panel > Programs > Programs and Features.
Driver Support (HKLM-x32\...\DriverSupport) (Version: 10.1.4.10 - PC Drivers HeadQuarters LP) <==== ATTENTION
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(Tiptoeingly Inc.) C:\Program Files (x86)\Miscreationourino\MiscreationP.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Tiptoeingly Inc.) C:\Program Files (x86)\Miscreationourino\Miscreationourino_.exe
(Tiptoeingly Inc.) C:\Program Files (x86)\Miscreationourino\Miscreationourino_.exe
(Tiptoeingly Inc.) C:\Program Files (x86)\Miscreationourino\Miscreationourino_.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Tiptoeingly Inc.) C:\Program Files (x86)\Miscreationourino\Miscreationourino.exe
(Tiptoeingly Inc.) C:\Program Files (x86)\Miscreationourino\Miscreationourino.exe
(Tiptoeingly Inc.) C:\Program Files (x86)\Miscreationourino\Miscreationourino.exe
(Tiptoeingly Inc.) C:\Program Files (x86)\Miscreationourino\Miscreationourino.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Tiptoeingly Inc.) C:\Program Files (x86)\Miscreationourino\Miscreationourino.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154158895\...\Run: [Safe Browsere] => C:\\Program Files (x86)\\Safe Browsing\\Safe_Browsing.exe [60416 2015-10-23] ()
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154221247\...\Run: [Safe Browsere] => C:\\Program Files (x86)\\Safe Browsing\\Safe_Browsing.exe [60416 2015-10-23] ()
HKU\S-1-5-18\...\Run: [Safe Browsere] => C:\\Program Files (x86)\\Safe Browsing\\Safe_Browsing.exe [60416 2015-10-23] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [0PerformanceMonitor] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} =>  -> No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000 -> No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} -  No File
Toolbar: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154159574 -> No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} -  No File
Toolbar: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154226726 -> No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} -  No File
FF Homepage: Fast Web Browser\Fast Web Browser\Profiles\x8nqvglm.default -> hxxp://www.safesear.ch/?type=fto
FF Extension: (New Tab) - C:\Users\Dang\AppData\Roaming\Fast Web Browser\Fast Web Browser\Profiles\x8nqvglm.default\Extensions\newtab@browser.com [2016-11-29] [not signed]
FF Extension: (No Name) - C:\Users\Dang\AppData\Roaming\Fast Web Browser\Fast Web Browser\Profiles\x8nqvglm.default\Extensions\packagene@browser.com [2016-11-29] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
FF HKLM-x32\...\Firefox\Extensions: [{jid1-vS7biDmom8YxhA@jetpack}] - C:\Users\Dang\AppData\Roaming\Mozilla\Firefox\Profiles\9un3msgs.default-1478093281848\extensions\{jid1-vS7biDmom8YxhA@jetpack} => not found
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [No File]
CHR Extension: (Avira Browser Safety) - C:\Users\Dang\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2017-01-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dang\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-04]
CHR Extension: (Chrome Media Router) - C:\Users\Dang\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-04]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
R2 MiscreationP; C:\Program Files (x86)\Miscreationourino\MiscreationP.exe [132608 2016-12-28] (Tiptoeingly Inc.) [File not signed]
S3 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [X]
S3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [X]
S3 aswHdsKe; \??\C:\WINDOWS\system32\drivers\aswHdsKe.sys [X]
U0 aswVmm; no ImagePath
U3 idsvc; no ImagePath
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\SDSDefs\20161002.001\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\SDSDefs\20161002.001\EX64.SYS [X]
U3 wpcsvc; no ImagePath
CustomCLSID: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Dang\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
Task: {0500A7A6-8633-4A05-A4DD-2E9C1CB82EDB} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {0ED29931-4EAA-4A30-B968-30C59C8A69D7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {12055106-D2EB-423E-A973-84EB97D085AE} - System32\Tasks\{22771E02-3FCA-A30A-69A8-5B23E1A0BA24} => C:\PROGRA~2\COMMON~1\22771E~1\updane.exe
Task: {17502C4F-F01C-4C6E-ADCE-C8EBE7C27195} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {1D3B79B7-58FB-4FCD-BEFF-42D55057B97F} - \TaskModify -> No File <==== ATTENTION
Task: {318DE265-6D9F-46B4-942B-F086CF7D7FD0} - \TaskALL -> No File <==== ATTENTION
Task: {39AC8FF0-551A-46DD-88D0-1AF276555E8A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {3B7DB25D-A424-4D4F-B864-E344213F167E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {3DE20017-5645-4067-B23C-5C813E93B618} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {51C6BF69-24DF-4241-9369-0673F9965388} - \IntegrationManager -> No File <==== ATTENTION
Task: {5D8D979F-54B2-4522-9668-91B785DE2D6E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {60678FEC-7EF5-41F3-AB33-2A24AB169F77} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {96B94A0A-20DC-49CB-AD01-6DED060D171B} - \TaskName -> No File <==== ATTENTION
Task: {9F4F1F1C-E328-419F-832D-6B243E7084FF} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {B986601C-F17C-4E3C-BDAC-FD87F230F967} - \RealDownloader Update Check -> No File <==== ATTENTION
Task: {DAE75E68-22BD-4024-BFCA-9DB4D1B084CE} - \Sercurity -> No File <==== ATTENTION
Task: {EA596490-C712-4632-9672-E12F38C84DBC} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {F3C79EB0-09B6-4948-9042-EF6D78091FD4} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\{22771E02-3FCA-A30A-69A8-5B23E1A0BA24}.job => C:\PROGRA~2\COMMON~1\22771E~1\updane.exe
Shortcut: C:\Users\Dang\Desktop\Int?rn?t ??pl?r?r.lnk -> C:\Program Files (x86)\Internet Explorer\i??pl?r?.b?t.exe (Microsoft Corporation) <===== Cyrillic
Shortcut: C:\Users\Dang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\?hr?mium.lnk -> C:\Users\Dang\AppData\Local\chromium\Application\chrome.bat (No File)
Shortcut: C:\Users\Dang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Int?rn?t ??pl?r?r.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File)
Shortcut: C:\Users\Dang\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\L?un?h Int?rn?t ??pl?r?r ?r?ws?r.lnk -> C:\Program Files (x86)\Internet Explorer\i??pl?r?.b?t.exe (Microsoft Corporation) <===== Cyrillic
Shortcut: C:\Users\Dang\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\?hr?mium.lnk -> C:\Users\Dang\AppData\Local\chromium\Application\chrome.bat (No File)
Shortcut: C:\Users\Dang\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Int?rn?t ??pl?r?r.lnk -> C:\Program Files (x86)\Internet Explorer\i??pl?r?.b?t.exe (Microsoft Corporation) <===== Cyrillic
Shortcut: C:\Users\Dang\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\??zill? Fir?f??.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G??gl? ?hr?m?.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\??zill? Fir?f??.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat ()
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [125]
AlternateDataStreams: C:\ProgramData\Temp:EF7F67C4 [144]
FirewallRules: [{F51B7845-FB23-4CB7-BFBF-018CD8DBF5A6}] => c:\program files (x86)\driver support\driversupport.exe
FirewallRules: [{1C80C167-DFEC-47E0-97D3-742FBB7F15C0}] => c:\program files (x86)\driver support\driversupport.exe
FirewallRules: [{6FA5CE31-BC64-40D8-BFC4-9765A6C72973}] => c:\users\dang\downloads\driversupport (1).exe
C:\Windows\Tasks\{22771E02-3FCA-A30A-69A8-5B23E1A0BA24}.job
C:\Program Files (x86)\Miscreationourino\MiscreationP.exe
C:\Program Files (x86)\Miscreationourino\Miscreationourino_.exe
C:\\Program Files (x86)\\Safe Browsing

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please post the log and let me know what problem persists.

#6 jinn0z

jinn0z
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:02:06 PM

Posted 06 January 2017 - 03:23 PM

Hi, "The location is listed in the 3rd line of the Farbar log you have submitted". Where can I find it? Thanks

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 01-01-2017
Ran by Dang (06-01-2017 21:24:36) Run:2
Running from C:\Users\Dang\Desktop
Loaded Profiles: Dang (Available Profiles: Dang & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(Tiptoeingly Inc.) C:\Program Files (x86)\Miscreationourino\MiscreationP.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Tiptoeingly Inc.) C:\Program Files (x86)\Miscreationourino\Miscreationourino_.exe
(Tiptoeingly Inc.) C:\Program Files (x86)\Miscreationourino\Miscreationourino_.exe
(Tiptoeingly Inc.) C:\Program Files (x86)\Miscreationourino\Miscreationourino_.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Tiptoeingly Inc.) C:\Program Files (x86)\Miscreationourino\Miscreationourino.exe
(Tiptoeingly Inc.) C:\Program Files (x86)\Miscreationourino\Miscreationourino.exe
(Tiptoeingly Inc.) C:\Program Files (x86)\Miscreationourino\Miscreationourino.exe
(Tiptoeingly Inc.) C:\Program Files (x86)\Miscreationourino\Miscreationourino.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Tiptoeingly Inc.) C:\Program Files (x86)\Miscreationourino\Miscreationourino.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154158895\...\Run: [Safe Browsere] => C:\\Program Files (x86)\\Safe Browsing\\Safe_Browsing.exe [60416 2015-10-23] ()
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154221247\...\Run: [Safe Browsere] => C:\\Program Files (x86)\\Safe Browsing\\Safe_Browsing.exe [60416 2015-10-23] ()
HKU\S-1-5-18\...\Run: [Safe Browsere] => C:\\Program Files (x86)\\Safe Browsing\\Safe_Browsing.exe [60416 2015-10-23] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [0PerformanceMonitor] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} =>  -> No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000 -> No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} -  No File
Toolbar: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154159574 -> No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} -  No File
Toolbar: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01052017154226726 -> No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} -  No File
FF Homepage: Fast Web Browser\Fast Web Browser\Profiles\x8nqvglm.default -> hxxp://www.safesear.ch/?type=fto
FF Extension: (New Tab) - C:\Users\Dang\AppData\Roaming\Fast Web Browser\Fast Web Browser\Profiles\x8nqvglm.default\Extensions\newtab@browser.com [2016-11-29] [not signed]
FF Extension: (No Name) - C:\Users\Dang\AppData\Roaming\Fast Web Browser\Fast Web Browser\Profiles\x8nqvglm.default\Extensions\packagene@browser.com [2016-11-29] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
FF HKLM-x32\...\Firefox\Extensions: [{jid1-vS7biDmom8YxhA@jetpack}] - C:\Users\Dang\AppData\Roaming\Mozilla\Firefox\Profiles\9un3msgs.default-1478093281848\extensions\{jid1-vS7biDmom8YxhA@jetpack} => not found
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [No File]
CHR Extension: (Avira Browser Safety) - C:\Users\Dang\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2017-01-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dang\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-04]
CHR Extension: (Chrome Media Router) - C:\Users\Dang\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-04]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
R2 MiscreationP; C:\Program Files (x86)\Miscreationourino\MiscreationP.exe [132608 2016-12-28] (Tiptoeingly Inc.) [File not signed]
S3 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [X]
S3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [X]
S3 aswHdsKe; \??\C:\WINDOWS\system32\drivers\aswHdsKe.sys [X]
U0 aswVmm; no ImagePath
U3 idsvc; no ImagePath
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\SDSDefs\20161002.001\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\SDSDefs\20161002.001\EX64.SYS [X]
U3 wpcsvc; no ImagePath
CustomCLSID: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Dang\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
Task: {0500A7A6-8633-4A05-A4DD-2E9C1CB82EDB} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {0ED29931-4EAA-4A30-B968-30C59C8A69D7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {12055106-D2EB-423E-A973-84EB97D085AE} - System32\Tasks\{22771E02-3FCA-A30A-69A8-5B23E1A0BA24} => C:\PROGRA~2\COMMON~1\22771E~1\updane.exe
Task: {17502C4F-F01C-4C6E-ADCE-C8EBE7C27195} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {1D3B79B7-58FB-4FCD-BEFF-42D55057B97F} - \TaskModify -> No File <==== ATTENTION
Task: {318DE265-6D9F-46B4-942B-F086CF7D7FD0} - \TaskALL -> No File <==== ATTENTION
Task: {39AC8FF0-551A-46DD-88D0-1AF276555E8A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {3B7DB25D-A424-4D4F-B864-E344213F167E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {3DE20017-5645-4067-B23C-5C813E93B618} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {51C6BF69-24DF-4241-9369-0673F9965388} - \IntegrationManager -> No File <==== ATTENTION
Task: {5D8D979F-54B2-4522-9668-91B785DE2D6E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {60678FEC-7EF5-41F3-AB33-2A24AB169F77} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {96B94A0A-20DC-49CB-AD01-6DED060D171B} - \TaskName -> No File <==== ATTENTION
Task: {9F4F1F1C-E328-419F-832D-6B243E7084FF} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {B986601C-F17C-4E3C-BDAC-FD87F230F967} - \RealDownloader Update Check -> No File <==== ATTENTION
Task: {DAE75E68-22BD-4024-BFCA-9DB4D1B084CE} - \Sercurity -> No File <==== ATTENTION
Task: {EA596490-C712-4632-9672-E12F38C84DBC} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {F3C79EB0-09B6-4948-9042-EF6D78091FD4} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\{22771E02-3FCA-A30A-69A8-5B23E1A0BA24}.job => C:\PROGRA~2\COMMON~1\22771E~1\updane.exe
Shortcut: C:\Users\Dang\Desktop\Int?rn?t ??pl?r?r.lnk -> C:\Program Files (x86)\Internet Explorer\i??pl?r?.b?t.exe (Microsoft Corporation) <===== Cyrillic
Shortcut: C:\Users\Dang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\?hr?mium.lnk -> C:\Users\Dang\AppData\Local\chromium\Application\chrome.bat (No File)
Shortcut: C:\Users\Dang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Int?rn?t ??pl?r?r.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File)
Shortcut: C:\Users\Dang\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\L?un?h Int?rn?t ??pl?r?r ?r?ws?r.lnk -> C:\Program Files (x86)\Internet Explorer\i??pl?r?.b?t.exe (Microsoft Corporation) <===== Cyrillic
Shortcut: C:\Users\Dang\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\?hr?mium.lnk -> C:\Users\Dang\AppData\Local\chromium\Application\chrome.bat (No File)
Shortcut: C:\Users\Dang\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Int?rn?t ??pl?r?r.lnk -> C:\Program Files (x86)\Internet Explorer\i??pl?r?.b?t.exe (Microsoft Corporation) <===== Cyrillic
Shortcut: C:\Users\Dang\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\??zill? Fir?f??.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G??gl? ?hr?m?.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\??zill? Fir?f??.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat ()
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [125]
AlternateDataStreams: C:\ProgramData\Temp:EF7F67C4 [144]
FirewallRules: [{F51B7845-FB23-4CB7-BFBF-018CD8DBF5A6}] => c:\program files (x86)\driver support\driversupport.exe
FirewallRules: [{1C80C167-DFEC-47E0-97D3-742FBB7F15C0}] => c:\program files (x86)\driver support\driversupport.exe
FirewallRules: [{6FA5CE31-BC64-40D8-BFC4-9765A6C72973}] => c:\users\dang\downloads\driversupport (1).exe
C:\Windows\Tasks\{22771E02-3FCA-A30A-69A8-5B23E1A0BA24}.job
C:\Program Files (x86)\Miscreationourino\MiscreationP.exe
C:\Program Files (x86)\Miscreationourino\Miscreationourino_.exe
C:\\Program Files (x86)\\Safe Browsing

Reboot:

End
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Program Files (x86)\Miscreationourino\MiscreationP.exe => No running process found
C:\Windows\System32\reg.exe => No running process found
C:\Windows\System32\reg.exe => No running process found
C:\Windows\System32\reg.exe => No running process found
C:\Windows\System32\reg.exe => No running process found
C:\Windows\System32\reg.exe => No running process found
C:\Windows\System32\reg.exe => No running process found
C:\Windows\System32\reg.exe => No running process found
C:\Windows\System32\reg.exe => No running process found
C:\Windows\System32\reg.exe => No running process found
C:\Windows\System32\reg.exe => No running process found
C:\Windows\System32\reg.exe => No running process found
C:\Windows\System32\reg.exe => No running process found
C:\Windows\System32\reg.exe => No running process found
C:\Windows\System32\reg.exe => No running process found
C:\Windows\System32\reg.exe => No running process found
C:\Windows\System32\reg.exe => No running process found
C:\Windows\System32\reg.exe => No running process found
C:\Windows\System32\reg.exe => No running process found
C:\Windows\System32\reg.exe => No running process found
C:\Windows\System32\reg.exe => No running process found
C:\Windows\System32\reg.exe => No running process found
C:\Windows\System32\reg.exe => No running process found
C:\Windows\System32\reg.exe => No running process found
C:\Windows\System32\reg.exe => No running process found
C:\Windows\System32\reg.exe => No running process found
C:\Windows\System32\reg.exe => No running process found
C:\Windows\System32\reg.exe => No running process found
C:\Windows\System32\reg.exe => No running process found
C:\Windows\System32\reg.exe => No running process found
C:\Windows\System32\reg.exe => No running process found
C:\Windows\System32\reg.exe => No running process found
C:\Windows\System32\reg.exe => No running process found
C:\Windows\System32\reg.exe => No running process found
C:\Windows\System32\reg.exe => No running process found
C:\Windows\System32\reg.exe => No running process found
C:\Windows\System32\reg.exe => No running process found
C:\Windows\System32\reg.exe => No running process found
C:\Windows\System32\reg.exe => No running process found
C:\Windows\System32\reg.exe => No running process found
C:\Windows\System32\reg.exe => No running process found
C:\Windows\System32\reg.exe => No running process found
C:\Windows\System32\reg.exe => No running process found
C:\Windows\System32\reg.exe => No running process found
C:\Windows\System32\reg.exe => No running process found
C:\Windows\System32\reg.exe => No running process found
C:\Program Files (x86)\Miscreationourino\Miscreationourino_.exe => No running process found

 

 

 

 

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 1/6/17
Scan Time: 9:45 PM
Logfile:
Administrator: Yes

-Software Information-
Version: 3.0.5.1299
Components Version: 1.0.43
Update Package Version: 1.0.946
License: Trial

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: DANG-PC\Dang

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 432966
Time Elapsed: 15 min, 34 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 1
Rogue.VirusMelt, C:\PROGRAMDATA\System Data, No Action By User, [13004], [170396],1.0.946

File: 20
Rogue.VirusMelt, C:\ProgramData\System Data\AKickPCDoctor.exe, No Action By User, [13004], [170396],1.0.946
Rogue.VirusMelt, C:\ProgramData\System Data\AKickPCDoctor.exe.config, No Action By User, [13004], [170396],1.0.946
Rogue.VirusMelt, C:\ProgramData\System Data\AKickPCDoctor.pdb, No Action By User, [13004], [170396],1.0.946
Rogue.VirusMelt, C:\ProgramData\System Data\AKickPCDoctor.vshost.exe, No Action By User, [13004], [170396],1.0.946
Rogue.VirusMelt, C:\ProgramData\System Data\AKickPCDoctor.vshost.exe.config, No Action By User, [13004], [170396],1.0.946
Rogue.VirusMelt, C:\ProgramData\System Data\AKickPCDoctor.vshost.exe.manifest, No Action By User, [13004], [170396],1.0.946
Rogue.VirusMelt, C:\ProgramData\System Data\DynamicDataDisplay.dll, No Action By User, [13004], [170396],1.0.946
Rogue.VirusMelt, C:\ProgramData\System Data\errordetails.xml, No Action By User, [13004], [170396],1.0.946
Rogue.VirusMelt, C:\ProgramData\System Data\errordetailsOpt.xml, No Action By User, [13004], [170396],1.0.946
Rogue.VirusMelt, C:\ProgramData\System Data\Erroroptimize.xml, No Action By User, [13004], [170396],1.0.946
Rogue.VirusMelt, C:\ProgramData\System Data\icon.ico, No Action By User, [13004], [170396],1.0.946
Rogue.VirusMelt, C:\ProgramData\System Data\logoptimizer.xml, No Action By User, [13004], [170396],1.0.946
Rogue.VirusMelt, C:\ProgramData\System Data\Microsoft.Win32.TaskScheduler.dll, No Action By User, [13004], [170396],1.0.946
Rogue.VirusMelt, C:\ProgramData\System Data\OptErr.xml, No Action By User, [13004], [170396],1.0.946
Rogue.VirusMelt, C:\ProgramData\System Data\RegErr.xml, No Action By User, [13004], [170396],1.0.946
Rogue.VirusMelt, C:\ProgramData\System Data\Sys_authoptimize.xml, No Action By User, [13004], [170396],1.0.946
Rogue.VirusMelt, C:\ProgramData\System Data\trialerror.xml, No Action By User, [13004], [170396],1.0.946
Rogue.VirusMelt, C:\ProgramData\System Data\unins000.dat, No Action By User, [13004], [170396],1.0.946
Rogue.VirusMelt, C:\ProgramData\System Data\unins000.exe, No Action By User, [13004], [170396],1.0.946
Rogue.VirusMelt, C:\ProgramData\System Data\WpfAnimatedGif.dll, No Action By User, [13004], [170396],1.0.946

Physical Sector: 0
(No malicious items detected)


(end)
 


Edited by jinn0z, 06 January 2017 - 10:02 PM.


#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:06 PM

Posted 07 January 2017 - 09:40 AM


You did it correctly.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-01-2017
Ran by Dang (administrator) on DANG-PC (05-01-2017 16:09:33)
Running from C:\Users\Dang\Desktop <- 3rd line....
Loaded Profiles: Dang & DefaultAppPool & (Available Profiles: Dang & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/


Some people do not remember what folder the program was run from.
===

Malwarebytes has flagged this Rogue Program
Rogue.VirusMelt, C:\ProgramData\System Data\AKickPCDoctor.exe
Some are also identified as malware.
https://www.reasoncoresecurity.com/akickpcdoctor.exe-b371a79a1fce6715da2e670b56d22cac08c1d160.aspx

Your call if you want to keep it.

===

How is the computer running?

#8 jinn0z

jinn0z
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:02:06 PM

Posted 07 January 2017 - 11:17 AM

Hi,

nasdaq

 

I also have another virus from using the scanner. My computer runs well.

 

Can you tell me how to remove the virus? It always comes back when I select "Remove Checked". I also uploaded the file so you can see. Thanks!

Attached Files


Edited by jinn0z, 07 January 2017 - 12:01 PM.


#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:06 PM

Posted 07 January 2017 - 01:26 PM



Spybot and Destroy has modified your HOSTS file and I suspect that one of the entries is causing this false positive.

Read about it.
https://forums.malwarebytes.com/topic/177645-hijackhost-false-positive/

Update your Malwarebytes program.

Run the application.

If the problem persists contact Malwarebytes and inform them.
You may be requested to submit your Hosts file for review.

Start a new topic in their forum.
File Detections
https://forums.malwarebytes.com/forum/42-file-detections/

#10 jinn0z

jinn0z
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:02:06 PM

Posted 07 January 2017 - 01:36 PM

Thank so much for the help nasdaq! Finally gotten rid of the Rogue.VirusMelt, etc!

 

I found the folder and deleted manually:D
 



#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:06 PM

Posted 07 January 2017 - 01:43 PM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users