Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Emotet Returns with Thanksgiving Theme and Better Phishing Tricks

Featured Deal: Get 98% off the Ultimate Cisco Certification Bundle: Lifetime Access Deal

Photo

My Laptop Have A "Windows 7 Build 7601 Windows Copy Is Not Genuine" Letter

Started by GamerXGhost , Jan 07 2017 08:19 AM

  • This topic is locked This topic is locked
8 replies to this topic

#1 GamerXGhost

GamerXGhost

  • Members
  • 19 posts
  • OFFLINE
    •  
  • Local time:02:14 PM

Posted 07 January 2017 - 08:19 AM

As I said, that letter shows on right-down corner at my laptop and every time when I start the laptop it said I need to be register the activation ! I don't know how to fix this but i'll try the instruction from someone that I forgot the id. He tell me the instruction at my post before this post and if you can help me fix this maybe you can help another people that have the same issue as I am. Note: Before the issue happens, i've do an sfc scan with cmd prompt.

BC AdBot (Login to Remove)

 

#2 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
    •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:06:14 AM

Posted 07 January 2017 - 09:22 AM

Hi GamerXGhost,
 
Let's get more information about your computer :)
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~

#3 GamerXGhost

GamerXGhost
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
    •  
  • Local time:02:14 PM

Posted 07 January 2017 - 06:32 PM

This is the result of Addition.txt :

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2017
Ran by Hp (08-01-2017 07:24:16)
Running from C:\Users\Hp\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2016-11-03 10:42:43)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1463942549-299140565-3030456123-500 - Administrator - Disabled)
Guest (S-1-5-21-1463942549-299140565-3030456123-501 - Limited - Disabled)
Hp (S-1-5-21-1463942549-299140565-3030456123-1000 - Administrator - Enabled) => C:\Users\Hp
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Photoshop CS4 (HKLM-x32\...\Adobe Photoshop CS4_is1) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Advanced Calendar 2.0.0.1000040 (HKLM\...\{D9BAB2C9-5236-48c3-AF02-67E799F09BBD}) (Version: 2.0.0.1000040 - MEIXIAN XIE) <==== ATTENTION
amuleC (HKLM-x32\...\{19539992-061C-4E8B-9053-07B175303AF4}) (Version: 1.0.1 - amuleC) <==== ATTENTION
amuleC (HKLM-x32\...\{418DDAC3-E16C-47C2-B5FE-4FBCAB0E10D0}) (Version: 1.0.1 - amuleC) <==== ATTENTION
Andromax M2Y (HKLM-x32\...\Andromax M2Y_is1) (Version:  - )
ArcSoft WebCam Companion 3 (HKLM-x32\...\{34985F59-8F6F-46F4-9AD5-53E2714294D2}) (Version: 3.0.189 - ArcSoft)
Dropbox (HKLM-x32\...\Dropbox) (Version: 16.4.30 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.76.5239 - Gretech Corporation)
Google Chrome (HKU\S-1-5-21-1463942549-299140565-3030456123-1000\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Growtopia (remove only) (HKU\S-1-5-21-1463942549-299140565-3030456123-1000\...\Growtopia) (Version:  - )
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 4.0.7.1 - PandoraTV)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 47.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 47.0.2 (x64 en-US)) (Version: 47.0.2 - Mozilla)
MPC-HC 1.7.10 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.10 - MPC-HC Team)
Pivot Animator version 4.2.6 (HKLM-x32\...\Pivot Animator_is1) (Version: 4.2.6 - Motus Software Ltd)
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 3.5.0.1144 - Lenovo)
SHAREit (HKLM-x32\...\www.ushareit.com_is1) (Version: 4.0.4.152 - SHAREit Technologies Co.Ltd)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.23 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.23.105 - Skype Technologies S.A.)
TransTool (HKLM-x32\...\TransTool) (Version:  - )
VLC media player (HKLM\...\VLC media player) (Version: 2.2.3 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinRAR 5.40 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.1 - win.rar GmbH)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
HKU\S-1-5-21-1463942549-299140565-3030456123-1000\...\ChromeHTML: -> C:\Program Files (x86)\Standoor\Application\chrome.exe (Google Inc.) <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-1463942549-299140565-3030456123-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Hp\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1463942549-299140565-3030456123-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Hp\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1463942549-299140565-3030456123-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Hp\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1463942549-299140565-3030456123-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Hp\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {25C3A837-282C-407A-95D6-5380820AFEA3} - System32\Tasks\Driver Booster SkipUAC (Hp) => C:\Program Files (x86)\IObit\Driver Booster\4.1.0\DriverBooster.exe
Task: {36755EF5-3EF2-4B67-AE21-C5A360D2726B} - System32\Tasks\d639866a9491f79c4d8ac0f8356e1d26 => Rundll32.exe "C:\Program Files (x86)\Windows Portable Devices\nmqype.dll",e62dc6c6547f46bda862da2d05af6862 <==== ATTENTION
Task: {4C47D32A-37AF-496B-91A5-9BA021F2027D} - System32\Tasks\Laecultgnergh Helper => C:\Program Files (x86)\Dojeygerfick\anerwut.exe [2016-11-30] (Glarysoft Ltd)
Task: {5D802C52-3BC7-4554-80C2-D216E2AADF4B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1463942549-299140565-3030456123-1000Core => C:\Users\Hp\AppData\Local\Google\Update\GoogleUpdate.exe [2016-11-04] (Google Inc.)
Task: {8266749B-2DCB-4F1F-B539-680C672925A7} - System32\Tasks\Microsoft\Windows\Multimedia\Manager => C:\Users\Hp\AppData\Roaming\Adobe\Manager.exe [2016-11-30] ()
Task: {8EB17FF2-B5D5-4D71-8652-E3734868F950} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1463942549-299140565-3030456123-1000UA => C:\Users\Hp\AppData\Local\Google\Update\GoogleUpdate.exe [2016-11-04] (Google Inc.)
Task: {AC345CF8-E588-40F4-89C8-517727E61086} - System32\Tasks\SecureUpdater => C:\Program Files (x86)\UCBrowser\Application\uclauncher.exe <==== ATTENTION
Task: {C67F17C9-5D29-49C3-BAD7-293DFD4952DC} - System32\Tasks\WinTOOL => C:\ProgramData\wintools\UpdateModule.exe [2016-12-01] ()
Task: {DF46C996-5555-45E6-BB3F-F80FC558A498} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {F35ECB38-561A-43DF-A7CA-5DAFF1D8B2CB} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION
 
Shortcut: C:\Users\Hp\Desktop\Gоogle Сhromе.lnk -> C:\Users\Hp\AppData\Roaming\Browsers\exe.emorhc.bat ()
Shortcut: C:\Users\Hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gооgle Chrоme.lnk -> C:\Users\Hp\AppData\Roaming\Browsers\exe.emorhc.bat ()
Shortcut: C:\Users\Hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnet Еxplorer.lnk -> C:\Users\Hp\AppData\Roaming\Browsers\exe.erolpxei.bat ()
Shortcut: C:\Users\Hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnet Exрlorer (No Add-ons).lnk -> C:\Users\Hp\AppData\Roaming\Browsers\exe.erolpxei.bat ()
Shortcut: C:\Users\Hp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооglе Chrome.lnk -> C:\Users\Hp\AppData\Roaming\Browsers\exe.emorhc.bat ()
Shortcut: C:\Users\Hp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunch Internеt Eхрlorеr Browser.lnk -> C:\Users\Hp\AppData\Roaming\Browsers\exe.erolpxei.bat ()
Shortcut: C:\Users\Hp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gоoglе Сhrome.lnk -> C:\Users\Hp\AppData\Roaming\Browsers\exe.emorhc.bat ()
Shortcut: C:\Users\Hp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnеt Ехрlоrer.lnk -> C:\Users\Hp\AppData\Roaming\Browsers\exe.erolpxei.bat ()
Shortcut: C:\Users\Hp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Моzilla Firefоx.lnk -> C:\Users\Hp\AppData\Roaming\Browsers\exe.xoferif.bat ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Мozillа Firefox.lnk -> C:\Users\Hp\AppData\Roaming\Browsers\exe.xoferif.bat ()
 
ShortcutWithArgument: C:\Users\Hp\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Standoor\Application\chrome.exe (Google Inc.) ->  --load-extension="C:\Users\Hp\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
ShortcutWithArgument: C:\Users\Hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Standoor\Application\chrome.exe (Google Inc.) ->  --load-extension="C:\Users\Hp\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
ShortcutWithArgument: C:\Users\Hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://qtipr.com/
ShortcutWithArgument: C:\Users\Hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.amisites.com/?type=sc&ts=1480660357&z=&from=che0812&uid=HGSTXHTS545050A7E380_TE85134P11WR2C11WR2CX
ShortcutWithArgument: C:\Users\Hp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Standoor\Application\chrome.exe (Google Inc.) ->  --load-extension="C:\Users\Hp\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
ShortcutWithArgument: C:\Users\Hp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://qtipr.com/
ShortcutWithArgument: C:\Users\Hp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Standoor\Application\chrome.exe (Google Inc.) ->  --load-extension="C:\Users\Hp\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
ShortcutWithArgument: C:\Users\Hp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk -> C:\Program Files (x86)\Standoor\Application\chrome.exe (Google Inc.) ->  --load-extension="C:\Users\Hp\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
ShortcutWithArgument: C:\Users\Hp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\19606830255dae93\Google Chrome.lnk -> C:\Program Files (x86)\Standoor\Application\chrome.exe (Google Inc.) -> hxxp://www.amisites.com/?type=sc&ts=1480660357&z=&from=che0812&uid=HGSTXHTS545050A7E380_TE85134P11WR2C11WR2CX --disable-quic
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://qtipr.com/
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://qtipr.com/
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-11-30 23:27 - 2016-11-30 23:27 - 00143360 ____H () C:\Program Files (x86)\CalendarTool\local64spl.dll
2017-01-08 06:41 - 2016-03-18 16:39 - 00346624 _____ () C:\Program Files (x86)\Andromax M2Y\FI_Eject.exe
2016-11-30 02:24 - 2016-11-30 02:24 - 00157296 _____ () C:\Program Files (x86)\CalendarTool\2.0.0.1000040\CalendarServ.exe
2016-11-30 21:16 - 2016-11-30 21:16 - 00177152 _____ () C:\Windows\svchost.exe
2016-11-30 02:24 - 2016-11-30 02:24 - 03933296 _____ () C:\Program Files (x86)\CalendarTool\2.0.0.1000040\Calendar.exe
2016-11-30 02:24 - 2016-11-30 02:24 - 00152688 _____ () C:\Program Files (x86)\CalendarTool\2.0.0.1000040\CalendarEntry.dll
2016-11-30 07:26 - 2016-11-10 15:19 - 05091840 _____ () C:\Users\Hp\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe
2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2016-12-13 17:58 - 2016-12-01 19:16 - 00239104 _____ () C:\ProgramData\wintools\UpdateModule.exe
2016-12-11 05:05 - 2016-12-09 13:29 - 00568832 _____ () C:\Program Files (x86)\Common Files\Services\iThemes.dll
2016-12-30 15:55 - 2017-01-05 15:56 - 00133632 _____ () c:\program files (x86)\gubed\gubedzl.dll
2016-11-30 02:24 - 2016-11-30 02:24 - 00543344 _____ () C:\Program Files (x86)\CalendarTool\2.0.0.1000040\EVPTask.dll
2016-11-30 02:24 - 2016-11-30 02:24 - 00406640 _____ () C:\Program Files (x86)\CalendarTool\2.0.0.1000040\EVPNet.dll
2016-11-30 02:24 - 2016-11-30 02:24 - 00428656 _____ () C:\Program Files (x86)\CalendarTool\2.0.0.1000040\EVPDR.dll
2016-11-30 21:27 - 2017-01-05 16:10 - 00186368 _____ () c:\programdata\winsapsvc\winsap.dll
2016-11-30 07:26 - 2016-03-06 15:40 - 00083456 _____ () C:\Users\Hp\AppData\Roaming\WMPNetworkAcSvc\Interface.dll
2016-12-05 22:11 - 2016-10-20 16:47 - 01819240 _____ () C:\Program Files (x86)\Standoor\Application\libglesv2.dll
2016-12-05 22:11 - 2016-10-20 16:47 - 00093288 _____ () C:\Program Files (x86)\Standoor\Application\libegl.dll
2016-12-23 20:58 - 2016-12-11 12:37 - 17833560 _____ () C:\Users\Hp\AppData\Local\Standoor\User Data\PepperFlash\24.0.0.186\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows\system32\drivers:ucdrv-x64.sys [80850]
AlternateDataStreams: C:\Windows\system32\drivers:x64 [360536]
AlternateDataStreams: C:\Windows\system32\drivers:x86 [1156450]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 10:34 - 2016-12-10 18:10 - 00500330 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 localhost
0.0.0.0 m.fr.a2dfp.net
0.0.0.0 mfr.a2dfp.net
0.0.0.0 ad.a8.net
0.0.0.0 asy.a8ww.net
0.0.0.0 static.a-ads.com
0.0.0.0 abcstats.com
0.0.0.0 a.abv.bg
0.0.0.0 adserver.abv.bg
0.0.0.0 adv.abv.bg
0.0.0.0 bimg.abv.bg
0.0.0.0 ca.abv.bg
0.0.0.0 track.acclaimnetwork.com
0.0.0.0 accuserveadsystem.com
0.0.0.0 www.accuserveadsystem.com
0.0.0.0 achmedia.com
0.0.0.0 csh.actiondesk.com
0.0.0.0 ads.activepower.net
0.0.0.0 app.activetrail.com
0.0.0.0 stat.active24stats.nl #[Tracking.Cookie]
0.0.0.0 traffic.acwebconnecting.com
0.0.0.0 office.ad1.ru
0.0.0.0 cms.ad2click.nl
0.0.0.0 ad2games.com
0.0.0.0 content.ad20.net
0.0.0.0 core.ad20.net
0.0.0.0 banner.ad.nu
0.0.0.0 adadvisor.net
0.0.0.0 tag1.adaptiveads.com
0.0.0.0 www.adbanner.ro
 
There are 11802 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1463942549-299140565-3030456123-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: Device Detector => DevDetect.exe -autorun
MSCONFIG\startupreg: Dropbox => "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
MSCONFIG\startupreg: Google Update => C:\Users\Hp\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: msiql => C:\Users\Hp\AppData\Local\Temp\is-BFAG9.tmp\popwnd.exe /RUNNING
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SMΔRT-Protection => C:\Program Files (x86)\Smadav\SMΔRTP.exe rts
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{7E18280A-D8D4-4235-A38F-31FCE5689FDB}] => C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{9B3CA472-1B96-492A-B714-CF51F821140B}] => C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{242E1559-969B-4E1E-A38F-6F67A7862246}] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{490A849E-4F89-49BE-84B3-5DBA268EE4C3}] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{EAF8A111-4FAC-4F76-B714-B40E637D3AC0}] => C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{10A7C3FB-C9D1-4990-B74D-EDA7D7BA5C92}] => C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{CFB9F0D5-7AFB-482A-B92D-59975C8BC562}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{A4107351-06E5-44C4-8787-06251AD220EB}] => C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe
FirewallRules: [{5B48BB4D-6948-486E-95F8-D2E66BDB119A}] => C:\Program Files (x86)\Standoor\Application\chrome.exe
FirewallRules: [{8A0C5E91-26CC-4F08-9293-427DE3841D6E}] => C:\Users\Hp\AppData\Local\Google\Chrome\Application\chrome.exe
FirewallRules: [{A2B9CAC5-BB33-49B7-9953-B7A174B7A156}] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{3DA4F850-CE5D-42F0-988F-50040E1AD22E}] => C:\Program Files (x86)\SHAREit\SHAREit\SHAREit.exe
FirewallRules: [{7B56A411-D226-4FD9-9CB0-E15EE3E278E6}] => C:\Program Files (x86)\SHAREit\SHAREit\SHAREit.exe
FirewallRules: [{F54B7B61-A0BF-48D5-B89F-14BCB3F7D646}] => C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.exe
FirewallRules: [{F2C35769-1DF9-4206-84A9-2BF985BA6B6B}] => C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.exe
 
==================== Restore Points =========================
 
11-11-2016 13:29:11 Scheduled Checkpoint
18-11-2016 15:40:36 Scheduled Checkpoint
28-11-2016 18:48:44 Scheduled Checkpoint
13-12-2016 15:59:14 Scheduled Checkpoint
29-12-2016 11:38:45 Driver Booster : High Definition Audio Device
05-01-2017 15:10:56 Removed ACDSee Pro 3.
05-01-2017 15:30:49 Removed amuleC
06-01-2017 20:28:53 Windows Modules Installer
08-01-2017 07:03:00 Windows Backup
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/08/2017 06:51:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (01/08/2017 06:48:26 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x00000000.
 
Error: (01/08/2017 06:48:25 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
0x8007043C
 
Error: (01/08/2017 06:45:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (01/08/2017 06:31:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (01/07/2017 09:05:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (01/07/2017 08:41:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (01/07/2017 07:11:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (01/06/2017 08:52:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (01/06/2017 08:25:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
 
System errors:
=============
Error: (01/08/2017 06:48:35 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (01/08/2017 06:48:35 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (01/08/2017 06:48:35 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (01/08/2017 06:48:34 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (01/08/2017 06:48:34 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (01/08/2017 06:48:34 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (01/08/2017 06:48:33 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (01/08/2017 06:48:33 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (01/08/2017 06:48:33 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (01/08/2017 06:48:33 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
 
CodeIntegrity:
===================================
  Date: 2017-01-04 22:22:38.130
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-04 20:50:46.787
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-04 20:42:05.177
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-04 20:37:48.117
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-04 20:28:22.819
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-04 19:51:31.513
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-04 19:43:35.879
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-04 10:08:38.489
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-04 09:10:15.094
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-04 08:46:01.378
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: AMD A4-3330MX APU with Radeon™ HD Graphics
Percentage of memory in use: 53%
Total physical RAM: 3561.41 MB
Available physical RAM: 1644.36 MB
Total Virtual: 7121 MB
Available Virtual: 4596.54 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:150.05 GB) (Free:111.9 GB) NTFS
Drive d: (Data) (Fixed) (Total:315.37 GB) (Free:236.18 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 3A51175D)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=150 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=315.4 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

#4 GamerXGhost

GamerXGhost
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
    •  
  • Local time:02:14 PM

Posted 07 January 2017 - 06:33 PM

The result of FRST.txt :

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-01-2017
Ran by Hp (administrator) on HP-PC (08-01-2017 07:20:32)
Running from C:\Users\Hp\Desktop
Loaded Profiles: Hp (Available Profiles: Hp)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Program Files (x86)\Andromax M2Y\FI_Eject.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Program Files (x86)\CalendarTool\2.0.0.1000040\CalendarServ.exe
() C:\Windows\svchost.exe
(Microsoft Corporation) C:\ProgramData\Windows Security\winsecurity.exe
() C:\Program Files (x86)\CalendarTool\2.0.0.1000040\calendar.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Users\Hp\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe
(Microsoft Corporation) C:\Windows\csrss.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe
(Google Inc.) C:\Program Files (x86)\Standoor\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Standoor\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Standoor\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Standoor\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Standoor\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Standoor\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Standoor\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Standoor\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Standoor\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Standoor\Application\chrome.exe
() C:\ProgramData\wintools\UpdateModule.exe
(win tech) C:\ProgramData\wintools\wintool.exe
(Google Inc.) C:\Program Files (x86)\Standoor\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\sdclt.exe
(Google Inc.) C:\Program Files (x86)\Standoor\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-21-1463942549-299140565-3030456123-1000\...\MountPoints2: {3dff35f6-a945-11e6-ab15-48d224c769c0} - F:\Setup.exe
HKU\S-1-5-21-1463942549-299140565-3030456123-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKLM\...\Providers\hnmqypeb: C:\Program Files (x86)\CalendarTool\\local64spl.dll [143360 2016-11-30] ()
ShellExecuteHooks: No Name - {F4DD6538-A73A-11E6-92ED-64006A5CFC23} - C:\Users\Hp\AppData\Roaming\Ckichmebcult\Vvushvonich.dll -> No File
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-22] (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [S-1-5-21-1463942549-299140565-3030456123-1000] => Proxy is enabled.
ProxyServer: [S-1-5-21-1463942549-299140565-3030456123-1000] => http=127.0.0.1:8080;https=127.0.0.1:8080
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{2736959F-E4E4-49C3-9DD2-9C010BAEB7E6}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{5200CAA2-6F41-4D00-8CAD-62D966DC75B9}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{B0787000-1D35-4BB2-AD2B-631061BF3613}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{F301A4A5-665F-4292-8604-E76958A70455}: [DhcpNameServer] 192.168.42.129
ManualProxies: 1http=127.0.0.1:8080;https=127.0.0.1:8080
 
Internet Explorer:
==================
HKU\S-1-5-21-1463942549-299140565-3030456123-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.amisites.com/?type=hp&ts=1483622447&z=47f8e5f52d3fff6d062f8eagfzab6c6q3ocofzdwae&from=che0812&uid=HGSTXHTS545050A7E380_TE85134P11WR2C11WR2CX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.amisites.com/?type=hp&ts=1483622447&z=47f8e5f52d3fff6d062f8eagfzab6c6q3ocofzdwae&from=che0812&uid=HGSTXHTS545050A7E380_TE85134P11WR2C11WR2CX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.amisites.com/search/?type=ds&ts=1480660357&z=&from=che0812&uid=HGSTXHTS545050A7E380_TE85134P11WR2C11WR2CX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.amisites.com/search/?type=ds&ts=1480660357&z=&from=che0812&uid=HGSTXHTS545050A7E380_TE85134P11WR2C11WR2CX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.amisites.com/?type=hp&ts=1483622447&z=47f8e5f52d3fff6d062f8eagfzab6c6q3ocofzdwae&from=che0812&uid=HGSTXHTS545050A7E380_TE85134P11WR2C11WR2CX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.amisites.com/?type=hp&ts=1483622447&z=47f8e5f52d3fff6d062f8eagfzab6c6q3ocofzdwae&from=che0812&uid=HGSTXHTS545050A7E380_TE85134P11WR2C11WR2CX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.amisites.com/search/?type=ds&ts=1480660357&z=&from=che0812&uid=HGSTXHTS545050A7E380_TE85134P11WR2C11WR2CX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.amisites.com/search/?type=ds&ts=1480660357&z=&from=che0812&uid=HGSTXHTS545050A7E380_TE85134P11WR2C11WR2CX&q={searchTerms}
HKU\S-1-5-21-1463942549-299140565-3030456123-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.amisites.com/search/?type=ds&ts=1480929300&z=&from=che0812&uid=HGSTXHTS545050A7E380_TE85134P11WR2C11WR2CX&q={searchTerms}
HKU\S-1-5-21-1463942549-299140565-3030456123-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.amisites.com/?type=hp&ts=1483622447&z=47f8e5f52d3fff6d062f8eagfzab6c6q3ocofzdwae&from=che0812&uid=HGSTXHTS545050A7E380_TE85134P11WR2C11WR2CX
HKU\S-1-5-21-1463942549-299140565-3030456123-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.amisites.com/?type=hp&ts=1483622447&z=47f8e5f52d3fff6d062f8eagfzab6c6q3ocofzdwae&from=che0812&uid=HGSTXHTS545050A7E380_TE85134P11WR2C11WR2CX
HKU\S-1-5-21-1463942549-299140565-3030456123-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.amisites.com/search/?type=ds&ts=1480929300&z=&from=che0812&uid=HGSTXHTS545050A7E380_TE85134P11WR2C11WR2CX&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.amisites.com/search/?type=ds&ts=1480660357&z=&from=che0812&uid=HGSTXHTS545050A7E380_TE85134P11WR2C11WR2CX&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.amisites.com/search/?type=ds&ts=1480660357&z=&from=che0812&uid=HGSTXHTS545050A7E380_TE85134P11WR2C11WR2CX&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.amisites.com/search/?type=ds&ts=1480660357&z=&from=che0812&uid=HGSTXHTS545050A7E380_TE85134P11WR2C11WR2CX&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.amisites.com/search/?type=ds&ts=1480660357&z=&from=che0812&uid=HGSTXHTS545050A7E380_TE85134P11WR2C11WR2CX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1463942549-299140565-3030456123-1000 -> {18940D58-68D5-487E-9555-82E7058814BA} URL = hxxps://id.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Java\bin\ssv.dll [2016-11-13] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Java\bin\jp2ssv.dll [2016-11-13] (Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.amisites.com/?type=sc&ts=1480660357&z=&from=che0812&uid=HGSTXHTS545050A7E380_TE85134P11WR2C11WR2CX
 
FireFox:
========
FF DefaultProfile: ltkfw9oj.default
FF ProfilePath: C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\ltkfw9oj.default\Profiles\ltkfw9oj.default [not found]
FF ProfilePath: C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\ltkfw9oj.default [2017-01-08]
FF NewTab: Mozilla\Firefox\Profiles\ltkfw9oj.default -> hxxp://www.trotux.com/?z=efaa451c2174b4eb465641eg3zcbdeezbqfg8tatfg&from=isr&uid=HGSTXHTS545050A7E380_TE85134P11WR2C11WR2CX&type=hp
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\ltkfw9oj.default -> trotux
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\ltkfw9oj.default -> trotux
FF Homepage: Mozilla\Firefox\Profiles\ltkfw9oj.default -> hxxp://www.amisites.com/?type=hp&ts=1482225069&z=edb8002a85984f4c53167bcg1zbb2o3o9ocw1e0mdg&from=archer1028&uid=HGSTXHTS545050A7E380_TE85134P11WR2C11WR2CX
FF Homepage: Mozilla\Firefox\Profiles\ltkfw9oj.default -> hxxp://id.hao123.com/?tn=sdkc_inner_hp_23_hao123_id&guid=1aca176ce9a007af3f10c9c6d1df84f4
FF Extension: (Firefox Hotfix) - C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\ltkfw9oj.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-11-05]
FF Extension: (Search and New Tab by Yahoo) - C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\ltkfw9oj.default\Extensions\jid1-16aeif9OQIRKxA@jetpack.xpi [2016-11-13]
FF Extension: (Youtube Unblocker Remediation) - C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\ltkfw9oj.default\features\{6e2b5a80-7333-41e5-ae7b-0d0cf5dfcb53}\malware-remediation@mozilla.org.xpi [2016-11-05]
FF SearchPlugin: C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\ltkfw9oj.default\searchplugins\amisites.xml [2016-12-02]
FF SearchPlugin: C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\ltkfw9oj.default\searchplugins\k7fap1un.xml [2016-11-30]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-11-03] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-11-03] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Java\bin\dtplugin\npDeployJava1.dll [2016-11-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Java\bin\plugin2\npjp2.dll [2016-11-13] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1463942549-299140565-3030456123-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Hp\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-1463942549-299140565-3030456123-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Hp\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe hxxp://www.amisites.com/?type=sc&ts=1483622447&z=47f8e5f52d3fff6d062f8eagfzab6c6q3ocofzdwae&from=che0812&uid=HGSTXHTS545050A7E380_TE85134P11WR2C11WR2CX
 
Chrome: 
=======
CHR DefaultProfile: ChromeDefaultData
CHR HomePage: ChromeDefaultData -> hxxp://www.amisites.com/?type=hp&ts=1483622447&z=47f8e5f52d3fff6d062f8eagfzab6c6q3ocofzdwae&from=che0812&uid=HGSTXHTS545050A7E380_TE85134P11WR2C11WR2CX
CHR StartupUrls: ChromeDefaultData -> "hxxp://www.amisites.com/?type=hp&ts=1483622447&z=47f8e5f52d3fff6d062f8eagfzab6c6q3ocofzdwae&from=che0812&uid=HGSTXHTS545050A7E380_TE85134P11WR2C11WR2CX"
CHR DefaultSearchURL: ChromeDefaultData -> hxxp://www.amisites.com/search/?type=ds&ts=1483622447&z=47f8e5f52d3fff6d062f8eagfzab6c6q3ocofzdwae&from=che0812&uid=HGSTXHTS545050A7E380_TE85134P11WR2C11WR2CX&q={searchTerms}
CHR DefaultSearchKeyword: ChromeDefaultData -> amisites
CHR Profile: C:\Users\Hp\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-01-08] <==== ATTENTION
CHR Extension: (Google Docs) - C:\Users\Hp\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-30]
CHR Extension: (Google Drive) - C:\Users\Hp\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-30]
CHR Extension: (YouTube) - C:\Users\Hp\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-01]
CHR Extension: (Yahoo Partner) - C:\Users\Hp\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\fabhkdeopjkcpkmofliimbjckmocfiom [2016-11-30]
CHR Extension: (Google Docs Offline) - C:\Users\Hp\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-30]
CHR Extension: (Skype) - C:\Users\Hp\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-11-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Hp\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-30]
CHR Extension: (Fast search) - C:\Users\Hp\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pbdpajcdgknpendpmecafmopknefafha [2016-11-30]
CHR Extension: (Gmail) - C:\Users\Hp\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-30]
CHR Extension: (Chrome Media Router) - C:\Users\Hp\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-30]
CHR Extension: (easychrome) - C:\Users\Hp\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk [2016-11-30]
CHR Profile: C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default [2016-11-30]
CHR Extension: (Google Docs) - C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-04]
CHR Extension: (Google Drive) - C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-04]
CHR Extension: (YouTube) - C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-04]
CHR Extension: (Yahoo Partner) - C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\fabhkdeopjkcpkmofliimbjckmocfiom [2016-11-13]
CHR Extension: (Google Docs Offline) - C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-04]
CHR Extension: (Skype) - C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-11-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-04]
CHR Extension: (Fast search) - C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha [2016-11-30]
CHR Extension: (Gmail) - C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-04]
CHR Extension: (Chrome Media Router) - C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-05]
CHR HKLM-x32\...\Chrome\Extension: [fabhkdeopjkcpkmofliimbjckmocfiom] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome.VCI4MJNHV6IMIW2DQYIRA47YYU - c:\users\hp\appdata\local\google\chrome\APPLIC~1\chrome.exe hxxp://www.amisites.com/?type=sc&ts=1483622447&z=47f8e5f52d3fff6d062f8eagfzab6c6q3ocofzdwae&from=che0812&uid=HGSTXHTS545050A7E380_TE85134P11WR2C11WR2CX
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-02-06] (ArcSoft Inc.)
R2 CDROM_Eject_Smart_907; C:\Program Files (x86)\Andromax M2Y\FI_Eject.exe [346624 2016-03-18] () [File not signed]
S4 Convxxxx; C:\Users\Hp\AppData\Roaming\hbehb\UvConverter.exe [393728 2016-12-01] () [File not signed]
S3 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
S3 DbxSvc; C:\Windows\system32\DbxSvc.exe [42096 2016-12-22] (Dropbox, Inc.)
S4 ed2kidle; C:\Program Files (x86)\amuleC1\ed2k.exe [237568 2016-12-19] (hxxp://www.amule.org/) [File not signed]
S3 GoogleChromeUpService; C:\ProgramData\service.exe [1620992 2016-11-30] () [File not signed] <==== ATTENTION
R2 GubedZL; C:\Program Files (x86)\Gubed\GubedZL.dll [133632 2017-01-05] () [File not signed]
S3 Gubed_WMI; C:\Program Files (x86)\Gubed_WMI\Gubed_WMI.exe [109056 2016-12-23] () [File not signed]
R3 iThemes5; C:\Program Files (x86)\Common Files\Services\iThemes.dll [568832 2016-12-09] () [File not signed] <==== ATTENTION
S3 ose64; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [538112 2017-01-03] () [File not signed]
S3 ShareItSvc; C:\Program Files (x86)\SHAREit\SHAREit\Shareit.Service.exe [33224 2016-04-15] (SHAREit Technologies Co.Ltd)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [332800 2013-02-05] (IDT, Inc.) [File not signed]
R2 TheCalendarService; C:\Program Files (x86)\CalendarTool\2.0.0.1000040\CalendarServ.exe [157296 2016-11-30] ()
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2009-07-14] (Microsoft Corporation) [DependOnService: iThemes5]<==== ATTENTION
S3 uSHAREitSvc; C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.Service.exe [33224 2016-09-23] (SHAREit Technologies Co.Ltd)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2016-05-16] (Microsoft Corporation)
R2 Windows; C:\Windows\svchost.exe [177152 2016-11-30] () [File not signed] <==== ATTENTION
R2 WindowsSecurity; C:\ProgramData\Windows Security\winsecurity.exe [1265664 2016-10-26] (Microsoft Corporation) [File not signed] <==== ATTENTION
R2 WinSAPSvc; C:\ProgramData\WinSAPSvc\WinSAP.dll [186368 2017-01-05] () [File not signed]
R2 WMPNetworkAcSvc; C:\Users\Hp\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe [5091840 2016-11-10] () [File not signed] <==== ATTENTION
S4 XBox; C:\Program Files\XBox\XBLive.exe [6342584 2016-06-13] (Microsoft Corporation) <==== ATTENTION
S4 Zerdgeghevse; C:\Program Files (x86)\Dojeygerfick\pighzabodomCln.dll [276480 2016-11-30] () [File not signed]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-11-30] (REALiX™)
S3 ucdrv; C:\Windows\System32\drivers:ucdrv-x64.sys [80850 ] (UC Web Inc.) <==== ATTENTION
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-08 07:20 - 2017-01-08 07:23 - 00024916 _____ C:\Users\Hp\Desktop\FRST.txt
2017-01-08 07:20 - 2017-01-08 07:20 - 00000000 ____D C:\FRST
2017-01-08 06:57 - 2017-01-08 06:58 - 02418688 _____ (Farbar) C:\Users\Hp\Desktop\FRST64.exe
2017-01-08 06:55 - 2017-01-08 06:55 - 00132597 _____ C:\Users\Hp\Desktop\hosts.zip
2017-01-08 06:48 - 2017-01-08 06:48 - 00077328 _____ C:\Windows\ntbtlog.txt
2017-01-08 06:44 - 2017-01-08 06:44 - 01106888 _____ (Bleeping Computer, LLC) C:\Users\Hp\AppData\Roaming\rkill64.exe
2017-01-08 06:41 - 2017-01-08 06:41 - 00001055 _____ C:\Users\Public\Desktop\Andromax M2Y.lnk
2017-01-08 06:41 - 2017-01-08 06:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Andromax M2Y
2017-01-08 06:41 - 2017-01-08 06:41 - 00000000 ____D C:\Program Files (x86)\Andromax M2Y
2017-01-08 06:34 - 2017-01-08 06:34 - 01106888 _____ (Bleeping Computer, LLC) C:\Users\Hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\rkill64.exe
2017-01-07 08:57 - 2017-01-08 06:33 - 00001093 _____ C:\Users\Hp\Desktop\rkill - Shortcut.lnk
2017-01-07 08:57 - 2017-01-07 07:14 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Hp\AppData\Roaming\rkill.exe
2017-01-07 07:15 - 2017-01-08 06:45 - 00002998 _____ C:\Users\Hp\Desktop\Rkill.txt
2017-01-07 07:15 - 2017-01-08 06:45 - 00000000 ____D C:\Users\Hp\Desktop\rkill
2017-01-07 07:15 - 2017-01-07 07:15 - 03977168 _____ C:\Users\Hp\Downloads\AdwCleaner.exe
2017-01-07 07:13 - 2017-01-07 07:14 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\rkill.exe
2017-01-06 16:41 - 2017-01-06 16:41 - 00000000 ____D C:\Users\Hp\AppData\Roaming\Umeng
2017-01-06 16:40 - 2017-01-06 16:40 - 00000000 ____D C:\Users\Hp\AppData\Local\SHAREit Technologies
2017-01-06 16:40 - 2017-01-06 16:40 - 00000000 ____D C:\Program Files (x86)\SHAREit Technologies
2017-01-06 16:34 - 2017-01-06 16:34 - 06586160 _____ (SHAREit Technologies Co.Ltd ) C:\Users\Hp\Downloads\SHAREit-KCWEB.exe
2017-01-06 16:24 - 2017-01-06 16:42 - 00000000 ____D C:\Users\Hp\Downloads\SHAREit
2017-01-06 16:24 - 2017-01-06 16:40 - 00001206 _____ C:\Users\Public\Desktop\SHAREit.lnk
2017-01-06 16:24 - 2017-01-06 16:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SHAREit
2017-01-06 16:24 - 2017-01-06 16:24 - 00000000 ____D C:\Users\Hp\AppData\Local\SHAREit
2017-01-06 16:24 - 2017-01-06 16:24 - 00000000 ____D C:\Users\Hp\AppData\Local\Lenovo
2017-01-06 16:24 - 2017-01-06 16:24 - 00000000 ____D C:\ProgramData\Lenovo
2017-01-06 16:24 - 2017-01-06 16:24 - 00000000 ____D C:\Program Files (x86)\SHAREit
2017-01-06 16:23 - 2017-01-06 16:24 - 05181720 _____ (Lenovo ) C:\Users\Hp\Downloads\SHAREitSoftonic.exe
2017-01-06 11:16 - 2017-01-06 11:16 - 00000000 ____D C:\Users\Hp\Documents\aMule Downloads
2017-01-05 21:20 - 2017-01-06 11:16 - 00000000 ____D C:\Users\Hp\AppData\Roaming\aMule
2017-01-05 21:20 - 2017-01-05 21:20 - 00000000 ____D C:\Users\Hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\amuleC
2017-01-05 21:20 - 2017-01-05 21:20 - 00000000 ____D C:\Program Files (x86)\amuleC1
2017-01-05 15:12 - 2017-01-05 15:31 - 00000000 ____D C:\Windows\system32\appmgmt
2017-01-05 15:10 - 2017-01-05 15:10 - 00000000 ____D C:\Users\Hp\AppData\Local\Pivot Animator
2017-01-05 07:49 - 2017-01-05 07:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-01-04 21:01 - 2017-01-04 21:01 - 00000020 _____ C:\Users\Hp\Desktop\wwww.rar
2017-01-03 18:25 - 2017-01-03 18:25 - 00000000 ____D C:\ProgramData\Pivot Animator
2017-01-03 18:05 - 2017-01-05 15:09 - 00001030 _____ C:\Users\Public\Desktop\Pivot Animator.lnk
2017-01-03 18:05 - 2017-01-05 15:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pivot Animator
2017-01-03 18:05 - 2017-01-05 15:09 - 00000000 ____D C:\Program Files (x86)\Pivot Animator
2017-01-03 18:04 - 2017-01-03 18:04 - 00538112 _____ C:\Users\Hp\AppData\Roaming\Ground.exe
2017-01-02 12:48 - 2017-01-02 12:48 - 00007605 _____ C:\Users\Hp\AppData\Local\Resmon.ResmonCfg
2016-12-31 21:40 - 2016-12-31 21:56 - 45609064 _____ C:\Users\Hp\Downloads\GrowtopiaInstaller.exe
2016-12-30 16:30 - 2016-12-31 21:57 - 00000864 _____ C:\Users\Hp\Desktop\Growtopia.lnk
2016-12-30 15:55 - 2016-12-30 15:55 - 00000000 ____D C:\Program Files (x86)\Gubed
2016-12-29 11:41 - 2016-12-29 11:41 - 00103424 _____ (Advanced Micro Devices) C:\Windows\system32\DelayAPO.dll
2016-12-29 11:41 - 2016-12-29 11:41 - 00096256 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\AtihdW76.sys
2016-12-28 12:13 - 2016-12-28 12:13 - 00059452 _____ C:\Users\Public\Documents\SIGVERIF.TXT
2016-12-24 13:13 - 2016-12-24 13:15 - 00013030 _____ C:\PDOXUSRS.NET
2016-12-22 19:51 - 2016-12-23 20:41 - 00000000 ____D C:\Program Files (x86)\Gubed_WMI
2016-12-22 02:15 - 2016-12-22 02:15 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2016-12-22 02:15 - 2016-12-22 02:15 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2016-12-22 02:15 - 2016-12-22 02:15 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2016-12-22 02:15 - 2016-12-22 02:15 - 00042096 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2016-12-13 21:01 - 2016-12-17 22:07 - 00000688 _____ C:\Windows\SysWOW64\cookies.log
2016-12-13 17:58 - 2016-12-13 18:58 - 00000000 ____D C:\ProgramData\wintools
2016-12-13 17:58 - 2016-12-13 17:58 - 00014452 _____ C:\Windows\System32\Tasks\WinTOOL
2016-12-13 17:21 - 2016-12-30 15:54 - 00000000 ____D C:\Program Files (x86)\yaceu78a
2016-12-11 08:11 - 2016-12-11 08:11 - 00000000 ____D C:\Users\Hp\AppData\Local\Standoor
2016-12-11 05:05 - 2016-12-23 20:40 - 00000000 _____ C:\Users\Public\Documents\report.dat
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-08 07:21 - 2016-11-03 18:57 - 00002503 ____H C:\Users\Hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-08 07:21 - 2016-11-03 18:57 - 00002381 ____H C:\Users\Hp\Desktop\Google Chrome.lnk
2017-01-08 07:21 - 2016-11-03 18:57 - 00001153 ____H C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-01-08 07:21 - 2016-11-03 18:57 - 00001141 ____H C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-01-08 07:21 - 2016-11-03 18:43 - 00001449 ____H C:\Users\Hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-01-08 07:14 - 2016-11-05 07:57 - 00001046 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-01-08 06:58 - 2009-07-14 13:13 - 00713888 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-08 06:58 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\inf
2017-01-08 06:55 - 2016-11-30 07:26 - 00000000 ____D C:\Users\Hp\AppData\Roaming\WMPNetworkAcSvc
2017-01-08 06:50 - 2016-12-06 10:14 - 00000040 _____ C:\Program Files (x86)\settings.dat
2017-01-08 06:50 - 2016-11-30 07:26 - 00000034 _____ C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
2017-01-08 06:49 - 2016-11-05 07:57 - 00001042 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-01-08 06:49 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-08 06:46 - 2009-07-14 12:45 - 00016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-08 06:46 - 2009-07-14 12:45 - 00016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-07 09:13 - 2016-11-30 07:25 - 00000000 ____D C:\Users\Hp\AppData\Roaming\CalendarTool
2017-01-07 08:53 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\registration
2017-01-07 07:10 - 2016-11-22 19:42 - 00000000 ____D C:\Users\Hp\AppData\Local\Growtopia
2017-01-06 20:06 - 2016-12-06 10:14 - 00000114 _____ C:\Program Files (x86)\metadata
2017-01-06 20:06 - 2016-12-06 10:14 - 00000000 ____D C:\Program Files (x86)\reports
2017-01-06 20:05 - 2016-11-03 18:55 - 00000000 ____D C:\KMPlayer
2017-01-06 19:51 - 2009-07-14 11:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-01-06 09:12 - 2016-11-30 21:27 - 00000000 ____D C:\ProgramData\WinSAPSvc
2017-01-05 15:29 - 2016-11-30 07:27 - 00000000 ____D C:\Windows\system32\SSL
2017-01-05 15:27 - 2016-11-03 18:50 - 00000000 ____D C:\Program Files (x86)\Google
2017-01-05 15:23 - 2016-11-03 18:51 - 00000000 ____D C:\Users\Hp\AppData\Local\Google
2017-01-05 15:23 - 2016-11-03 18:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2017-01-05 15:15 - 2016-11-03 19:24 - 00000000 ____D C:\Program Files (x86)\SMADAV
2017-01-05 15:15 - 2016-11-03 18:52 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2017-01-05 15:13 - 2016-11-30 21:17 - 00000000 ____D C:\ProgramData\ProductData
2017-01-05 14:08 - 2016-11-30 21:17 - 00002874 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (Hp)
2017-01-05 07:50 - 2016-11-05 07:57 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-01-05 06:52 - 2016-11-30 07:26 - 00000000 ____D C:\Program Files (x86)\Dojeygerfick
2017-01-04 21:27 - 2016-11-30 21:27 - 00000000 ____D C:\Program Files (x86)\k7fap1un
2017-01-03 18:05 - 2016-11-30 23:46 - 00000000 ____D C:\Users\Public\Documents\iSkysoft
2017-01-03 18:05 - 2016-11-13 14:33 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-01-03 18:05 - 2016-11-13 10:07 - 00538112 _____ C:\Users\Hp\Desktop\chromeinstall-8u111.exe
2017-01-03 18:05 - 2016-11-05 07:57 - 00538112 _____ C:\Users\Hp\Downloads\DropboxInstaller.exe
2017-01-03 18:05 - 2016-11-03 18:53 - 00000000 ____D C:\Program Files\MPC-HC
2017-01-03 18:05 - 2016-11-03 18:53 - 00000000 ____D C:\Program Files\IDT
2017-01-03 18:05 - 2016-11-03 18:50 - 00000000 ____D C:\Transtool
2017-01-03 18:05 - 2016-11-03 18:44 - 00000000 ____D C:\Program Files\WinRAR
2016-12-30 15:55 - 2016-11-30 21:28 - 00000000 ____D C:\Program Files (x86)\WinArcher
2016-12-30 11:30 - 2016-11-29 23:51 - 01847990 _____ C:\Windows\cb1887ec4bff0b9fcb063659f324c1e8.exe
2016-12-30 11:27 - 2009-07-14 13:08 - 00032572 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-12-29 11:43 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\catroot
2016-12-29 11:41 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\DriverStore
2016-12-28 12:13 - 2009-07-14 11:20 - 00000000 ___RD C:\Users\Public\Documents
2016-12-23 20:40 - 2016-12-05 21:59 - 00000000 _____ C:\Users\Public\Documents\temp.dat
2016-12-23 20:37 - 2016-11-30 08:09 - 00000000 ____D C:\Users\Hp\Documents\WebCam Media
2016-12-20 18:39 - 2016-11-13 10:13 - 00000000 ____D C:\Users\Hp\AppData\Roaming\.minecraft
2016-12-20 15:38 - 2016-11-30 21:17 - 00000000 ____D C:\ProgramData\IObit
2016-12-17 20:16 - 2016-11-04 18:09 - 00003614 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1463942549-299140565-3030456123-1000UA
2016-12-17 20:16 - 2016-11-04 18:09 - 00003342 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1463942549-299140565-3030456123-1000Core
2016-12-17 20:16 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\Tasks
2016-12-13 09:00 - 2016-11-30 21:27 - 00000000 ____D C:\ProgramData\ChelfNotify
2016-12-10 21:45 - 2016-12-04 14:59 - 00000000 ____D C:\Users\Hp\AppData\Local\Microsoft Games
2016-12-10 18:10 - 2009-07-14 10:34 - 00500330 _____ C:\Windows\system32\Drivers\etc\HOSTS
2016-12-09 16:47 - 2009-07-14 12:54 - 00524288 ___SH C:\Windows\system32\config\COMPONENTS{016888b9-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
 
==================== Files in the root of some directories =======
 
2016-12-06 10:14 - 2017-01-06 20:06 - 0000114 _____ () C:\Program Files (x86)\metadata
2016-12-06 10:14 - 2017-01-08 06:50 - 0000040 _____ () C:\Program Files (x86)\settings.dat
2017-01-03 18:04 - 2017-01-03 18:04 - 0538112 _____ () C:\Users\Hp\AppData\Roaming\Ground.exe
2017-01-07 08:57 - 2017-01-07 07:14 - 2030536 _____ (Bleeping Computer, LLC) C:\Users\Hp\AppData\Roaming\rkill.exe
2017-01-08 06:44 - 2017-01-08 06:44 - 1106888 _____ (Bleeping Computer, LLC) C:\Users\Hp\AppData\Roaming\rkill64.exe
2017-01-02 12:48 - 2017-01-02 12:48 - 0007605 _____ () C:\Users\Hp\AppData\Local\Resmon.ResmonCfg
2016-11-30 07:26 - 2016-11-30 07:26 - 1620992 _____ () C:\ProgramData\service.exe
C:\Windows\svchost.exe
ATTENTION ====> Check for partition/boot infection.
 
Files to move or delete:
====================
C:\ProgramData\service.exe
 
 
Some files in TEMP:
====================
C:\Users\Hp\AppData\Local\Temp\5F25.tmp.exe
C:\Users\Hp\AppData\Local\Temp\Browser_V5.7.15319.5_r_4634_(Build1608291541).exe
C:\Users\Hp\AppData\Local\Temp\DriverBoosterSetup.exe
C:\Users\Hp\AppData\Local\Temp\jg3.6.0.exe
C:\Users\Hp\AppData\Local\Temp\KuaiZip_Setup_lz2_01.exe
C:\Users\Hp\AppData\Local\Temp\libeay32.dll
C:\Users\Hp\AppData\Local\Temp\marketator_id.exe
C:\Users\Hp\AppData\Local\Temp\setup.exe
C:\Users\Hp\AppData\Local\Temp\sqlite3.dll
C:\Users\Hp\AppData\Local\Temp\wajam_install.exe
C:\Users\Hp\AppData\Local\Temp\_BAGAS31_ Setup.exe
C:\Users\Hp\AppData\Local\Temp\~ct9BC2.tmp.dll
C:\Users\Hp\AppData\Local\Temp\~ctB470.tmp.dll
C:\Users\Hp\AppData\Local\Temp\~ctCB3B.tmp.dll
 
 
Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\Drivers\ecf5946c16df65fefa5085217810da4c.sys
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-01-05 14:42
 
==================== End of FRST.txt ============================

#5 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
    •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:06:14 AM

Posted 08 January 2017 - 09:23 AM

Hi GamerXGhost,
 
Your computer is quite infected, so we will clean it up and then any other symptoms can be fixed afterwards :)
 
Where did you get this computer from? Has it been reinstalled at any point? Do you have your product key?
 
We need to remove programs using "Programs and Features"

Click the "Start" orb on the taskbar, and then click the "Control Panel" button.

  • If you use Category mode, click on Uninstall a Program.
  • If you use Icons mode, click on Program and Features.

A list of programs installed will be "populated" (this may take a bit of time).
If they exist, uninstall the following by clicking on the below entries and selecting "Remove":

  • Advanced Calendar 2.0.0.1000040
  • amuleC

Additional instructions can be found here if needed.
 
 
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • To open a Cleaning log, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~

#6 GamerXGhost

GamerXGhost
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
    •  
  • Local time:02:14 PM

Posted 08 January 2017 - 09:53 AM

I don't have the product key, when i bought the laptop i don't need to register it but when i do sfc scan on command prompt it makes my laptop becomes like this, and i've tried AdwCleaner and nothing happens please help


Edited by GamerXGhost, 08 January 2017 - 09:59 AM.

#7 GamerXGhost

GamerXGhost
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
    •  
  • Local time:02:14 PM

Posted 09 January 2017 - 08:44 PM

Okay you guys can't help me, i've solved it with myself I use malwarebytes to remove command prompt always opens and closes by itself and i've fixed the windows 7 build 7601 windows is not genuine using removewat. Why are you guys wants me to use BleepingComputer's antivirus ?? Did you make money by doing this ?? If you tell me that removewat was useful from I start the topic, I don't need to take too long for repair my computer ! I think you guys want to solve our problems plus make money by tell us to use your antivirus and then you'll make money ! WTF ???

#8 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
    •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:06:14 AM

Posted 10 January 2017 - 06:06 AM

GamerXGhost,
 
First of all, you happened to edit your post instead of making a new post. I, unfortunately, don't get notifications for edits, so could not know that you had run AdwCleaner yet and were having issues with it. I would have checked today since we have a policy of 48 hours between replies. Please note that I am a volunteer and am paid nothing for this, as well as having other commitments, so it is not something I spend all day on.
 
Second of all, I have not tried to sell you anything and all the tools I linked to are free. A BleepingComputer antivirus does not exist, and neither of the tools I linked to was an antivirus either. Farbar Recovery Scan Tool is written by a member of this forum; it's a tool to give us an overview of the computer so we can assess what could be causing the issues. AdwCleaner is owned by Malwarebytes; I believe you used another tool of theirs instead to fix the issue.
 
I'm glad you managed to fix the issue. If you have no other problems, I will close the topic.
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~

#9 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
    •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:06:14 AM

Posted 23 January 2017 - 04:37 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~

Back to Virus, Trojan, Spyware, and Malware Removal Help


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·