Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Keep getting redirected to unwanted sites


  • This topic is locked This topic is locked
13 replies to this topic

#1 Daniel10

Daniel10

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 11 January 2017 - 10:36 AM

When surfing the net I keep getting redirected to other sites when clicking on any place on the webpage. In addition, when making a search on Google I get redirected to another search engine.

I used SuperAntiSpyware free ed. but no luck. 

Any help is appreciated!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-01-2017
Ran by EK (administrator) on EK (11-01-2017 17:13:05)
Running from \\Ek\d\Software
Loaded Profiles: EK (Available Profiles: EK)
Platform: Windows 10 Enterprise Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
() C:\Program Files\Belkin\USB Control Center\Bkapcs.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Connect2\Connect2.Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files\Core Temp\Core Temp.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1605.1582.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1607.1991.0_x64__8wekyb3d8bbwe\Time.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) \\Ek\d\Software\FRST64.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-07] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16407296 2015-10-20] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499920 2014-09-12] (Adobe Systems Inc.)
HKU\S-1-5-21-2653736653-904340254-1993633111-1001\...\Run: [Lync] => C:\Program Files (x86)\Microsoft Office\Root\Office16\lync.exe [22981824 2016-12-04] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2014-05-01] ()
Startup: C:\Users\EK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-06-15]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
AutoConfigURL: [S-1-5-21-2653736653-904340254-1993633111-1001] => hxxp://no-block.info/wpad.dat?2fcf6ff55d9f778e7b976f4ce8175bde23396540
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{e0c8ba4a-6723-4694-ac10-4c9a2db795a6}: [DhcpNameServer] 192.168.2.1
ManualProxies: 0hxxp://no-block.info/wpad.dat?2fcf6ff55d9f778e7b976f4ce8175bde23396540
 
Internet Explorer:
==================
HKU\S-1-5-21-2653736653-904340254-1993633111-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131207823628446835&GUID=846F1EC5-F9D2-4AF8-B58F-7B2B2EE387A5
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-04] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-04] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-12-04] (Microsoft Corporation)
BHO-x32: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll [2013-11-29] (BitComet)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-12-04] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2653736653-904340254-1993633111-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-04] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-04] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-04] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-04] (Microsoft Corporation)
 
Edge: 
======
Edge HomeButtonPage: HKU\S-1-5-21-2653736653-904340254-1993633111-1001 -> hxxps://www.google.com/
 
FireFox:
========
FF DefaultProfile: vaqn3cun.default
FF ProfilePath: C:\Users\EK\AppData\Roaming\Mozilla\Firefox\Profiles\vaqn3cun.default [2017-01-11]
FF user.js: detected! => C:\Users\EK\AppData\Roaming\Mozilla\Firefox\Profiles\vaqn3cun.default\user.js [2015-12-28]
FF Extension: (MEGA) - C:\Users\EK\AppData\Roaming\Mozilla\Firefox\Profiles\vaqn3cun.default\Extensions\firefox@mega.co.nz.xpi [2017-01-04]
FF Extension: (SaveFrom.net - helper) - C:\Users\EK\AppData\Roaming\Mozilla\Firefox\Profiles\vaqn3cun.default\Extensions\helper-sig@savefrom.net.xpi [2016-12-24]
FF Extension: (No Name) - C:\Users\EK\AppData\Roaming\Mozilla\Firefox\Profiles\vaqn3cun.default\Extensions\staged-xpis [2016-06-26] [not signed]
FF Extension: (EPUBReader) - C:\Users\EK\AppData\Roaming\Mozilla\Firefox\Profiles\vaqn3cun.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2016-08-16]
FF Extension: (LG_LexFox_v2) - C:\Program Files (x86)\Mozilla Firefox\extensions\LG_LexFox_v2@lingea.com [2016-11-18] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-12-28] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_185.dll [2016-10-24] ()
FF Plugin: @cuminas.jp/DjVuPlugin -> C:\Program Files\Cuminas\Document Express DjVu Plug-in\npdjvu.dll [2015-05-08] (Cuminas Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_23_0_0_185.dll [2016-10-24] ()
FF Plugin-x32: @cuminas.jp/DjVuPlugin -> C:\Program Files (x86)\Cuminas\Document Express DjVu Plug-in\npdjvu.dll [2015-05-08] (Cuminas Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-12-04] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-04] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-21] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2653736653-904340254-1993633111-1001: SkypePlugin -> C:\Users\EK\AppData\Local\SkypePlugin\7.27.0.105\npGatewayNpapi.dll [2016-10-20] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-2653736653-904340254-1993633111-1001: SkypePlugin64 -> C:\Users\EK\AppData\Local\SkypePlugin\7.27.0.105\npGatewayNpapi-x64.dll [2016-10-20] (Skype Technologies S.A.)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\469426046.js [2017-01-08] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\469426046.cfg [2017-01-08] <==== ATTENTION
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\EK\AppData\Local\Google\Chrome\User Data\Default [2017-01-11]
CHR Extension: (Google Slides) - C:\Users\EK\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-28]
CHR Extension: (Google Docs) - C:\Users\EK\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-29]
CHR Extension: (Google Drive) - C:\Users\EK\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-29]
CHR Extension: (YouTube) - C:\Users\EK\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-29]
CHR Extension: (Google Search) - C:\Users\EK\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-29]
CHR Extension: (Search by Image (by Google)) - C:\Users\EK\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2016-10-20]
CHR Extension: (Tampermonkey) - C:\Users\EK\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-01-02]
CHR Extension: (BitComet Download Extension for Chrome) - C:\Users\EK\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhigneefebkcagnpnpbibganpmfgebnk [2015-12-29]
CHR Extension: (Adobe Acrobat) - C:\Users\EK\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-11]
CHR Extension: (Google Sheets) - C:\Users\EK\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-28]
CHR Extension: (Readium) - C:\Users\EK\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl [2016-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\EK\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (Bookmarks) - C:\Users\EK\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhophkifmlkobgkeahlhcdnjadcpmlbp [2016-12-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\EK\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Gmail) - C:\Users\EK\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-29]
CHR Extension: (Chrome Media Router) - C:\Users\EK\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-14]
CHR HKU\S-1-5-21-2653736653-904340254-1993633111-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dhigneefebkcagnpnpbibganpmfgebnk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-09-12]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 Belkin USB Center Helper; C:\Program Files\Belkin\USB Control Center\Bkapcs.exe [55296 2016-03-29] () [File not signed]
S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2013-11-29] (www.BitComet.com)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3698888 2016-12-04] (Microsoft Corporation)
R2 connect2hotspot; C:\Program Files (x86)\Lenovo\Connect2\Connect2.Service.exe [101032 2016-10-20] (Lenovo)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [966336 2014-12-04] (@ByELDI) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ALSysIO; C:\Users\EK\AppData\Local\Temp\ALSysIO64.sys [35320 2017-01-10] (Arthur Liberman)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 sptd2; C:\WINDOWS\System32\Drivers\sptd2.sys [162960 2015-12-28] (Duplex Secure Ltd)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R2 sxuptp; C:\WINDOWS\System32\drivers\sxuptp.sys [317880 2016-03-29] (silex technology, Inc.)
S3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2016-10-17] (The OpenVPN Project)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-11 17:12 - 2017-01-11 17:13 - 00000000 ____D C:\FRST
2017-01-10 18:01 - 2017-01-10 18:01 - 00000000 ___HD C:\$SysReset
2016-12-28 07:32 - 2016-12-28 07:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinCDEmu
2016-12-28 07:32 - 2016-12-28 07:32 - 00000000 ____D C:\Program Files (x86)\WinCDEmu
2016-12-19 14:02 - 2016-12-19 14:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tecnomatix
2016-12-19 14:02 - 2016-12-19 14:02 - 00000000 ____D C:\Program Files\Common Files\Siemens
2016-12-19 14:01 - 2016-12-19 14:01 - 00000000 ____D C:\Program Files\Siemens
2016-12-17 22:06 - 2016-12-18 20:58 - 00000000 ____D C:\Users\EK\AppData\Roaming\TunnelBear
2016-12-17 22:06 - 2016-12-17 22:06 - 00000000 ____D C:\Users\EK\AppData\Local\IsolatedStorage
2016-12-14 15:07 - 2016-12-09 12:01 - 01503544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-12-14 15:07 - 2016-12-09 11:57 - 06668040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-12-14 15:07 - 2016-12-09 11:40 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-12-14 15:07 - 2016-12-09 11:18 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-12-14 15:07 - 2016-12-09 11:16 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-12-14 15:06 - 2016-12-09 12:11 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-12-14 15:06 - 2016-12-09 12:01 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-12-14 15:06 - 2016-12-09 12:01 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-12-14 15:06 - 2016-12-09 12:00 - 00106896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2016-12-14 15:06 - 2016-12-09 11:59 - 02166752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-12-14 15:06 - 2016-12-09 11:59 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-12-14 15:06 - 2016-12-09 11:57 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-12-14 15:06 - 2016-12-09 11:56 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-12-14 15:06 - 2016-12-09 11:52 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-12-14 15:06 - 2016-12-09 11:52 - 01415752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2016-12-14 15:06 - 2016-12-09 11:51 - 00117240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2016-12-14 15:06 - 2016-12-09 11:41 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2016-12-14 15:06 - 2016-12-09 11:36 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2016-12-14 15:06 - 2016-12-09 11:34 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-12-14 15:06 - 2016-12-09 11:34 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2016-12-14 15:06 - 2016-12-09 11:32 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-12-14 15:06 - 2016-12-09 11:31 - 03689984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-12-14 15:06 - 2016-12-09 11:31 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-12-14 15:06 - 2016-12-09 11:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-12-14 15:06 - 2016-12-09 11:30 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-12-14 15:06 - 2016-12-09 11:30 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-12-14 15:06 - 2016-12-09 11:28 - 03306496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-12-14 15:06 - 2016-12-09 11:27 - 19417088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-12-14 15:06 - 2016-12-09 11:23 - 12177920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-12-14 15:06 - 2016-12-09 11:20 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-12-14 15:06 - 2016-12-09 11:20 - 03198464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-12-14 15:06 - 2016-12-09 11:18 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-12-14 15:06 - 2016-12-09 11:18 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-12-14 15:06 - 2016-12-09 11:17 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2016-12-14 15:06 - 2016-12-09 11:17 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2016-12-14 15:06 - 2016-12-09 11:16 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-12-14 15:06 - 2016-12-09 11:16 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-12-14 15:06 - 2016-12-09 11:15 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-12-14 15:06 - 2016-12-09 11:15 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-12-14 15:06 - 2016-12-09 11:15 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2016-12-14 15:06 - 2016-12-09 10:54 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-12-14 15:06 - 2016-11-02 12:28 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2016-12-14 14:55 - 2016-12-09 12:20 - 01738560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-12-14 14:55 - 2016-12-09 12:15 - 08168000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-12-14 14:55 - 2016-12-09 11:45 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-12-14 14:55 - 2016-12-09 11:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-12-14 14:55 - 2016-12-09 11:21 - 01512960 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-12-14 14:54 - 2016-12-09 12:32 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-12-14 14:54 - 2016-12-09 12:19 - 01293152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-12-14 14:54 - 2016-12-09 12:15 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-12-14 14:54 - 2016-12-09 12:10 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-12-14 14:54 - 2016-12-09 11:37 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-12-14 14:54 - 2016-12-09 11:36 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-12-14 14:54 - 2016-12-09 11:36 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2016-12-14 14:54 - 2016-12-09 11:33 - 03777536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-12-14 14:54 - 2016-12-09 11:29 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-12-14 14:54 - 2016-12-09 11:27 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-12-14 14:54 - 2016-12-09 11:26 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-12-14 14:54 - 2016-12-09 11:22 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-12-14 14:54 - 2016-12-09 11:21 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-12-14 14:54 - 2016-12-09 11:20 - 00730624 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-12-14 14:54 - 2016-12-09 11:20 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-12-14 14:54 - 2016-12-09 11:19 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2016-12-14 14:54 - 2016-09-15 18:36 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-12-14 14:53 - 2016-12-09 12:27 - 00172528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2016-12-14 14:53 - 2016-12-09 12:20 - 02189664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-12-14 14:53 - 2016-12-09 12:20 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-12-14 14:53 - 2016-12-09 12:20 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-12-14 14:53 - 2016-12-09 12:18 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-12-14 14:53 - 2016-12-09 12:10 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-12-14 14:53 - 2016-12-09 11:47 - 22563328 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-12-14 14:53 - 2016-12-09 11:45 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2016-12-14 14:53 - 2016-12-09 11:42 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-12-14 14:53 - 2016-12-09 11:37 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-12-14 14:53 - 2016-12-09 11:36 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-12-14 14:53 - 2016-12-09 11:30 - 23677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-12-14 14:53 - 2016-12-09 11:27 - 13084160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-12-14 14:53 - 2016-12-09 11:22 - 02820096 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-12-14 14:53 - 2016-12-09 11:22 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-12-14 14:53 - 2016-12-09 11:19 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-12-14 14:53 - 2016-12-09 11:19 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-12-14 14:53 - 2016-12-09 11:19 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-12-14 14:53 - 2016-12-09 11:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2016-12-14 14:52 - 2016-12-09 12:42 - 01637728 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-12-14 14:52 - 2016-12-09 12:42 - 00137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-12-14 14:52 - 2016-12-09 12:34 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-12-14 14:52 - 2016-12-09 12:34 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-12-14 14:52 - 2016-12-09 12:33 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-12-14 14:52 - 2016-12-09 12:33 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-12-14 14:52 - 2016-12-09 12:30 - 00377184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-12-14 14:52 - 2016-12-09 12:29 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-14 14:52 - 2016-12-09 12:28 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-12-14 14:52 - 2016-12-09 12:20 - 02677544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-12-14 14:52 - 2016-12-09 12:19 - 00168424 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2016-12-14 14:52 - 2016-12-09 12:18 - 02913144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-12-14 14:52 - 2016-12-09 12:18 - 01267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-12-14 14:52 - 2016-12-09 12:18 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2016-12-14 14:52 - 2016-12-09 12:18 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2016-12-14 14:52 - 2016-12-09 12:18 - 00947552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2016-12-14 14:52 - 2016-12-09 12:18 - 00811872 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2016-12-14 14:52 - 2016-12-09 12:14 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-12-14 14:52 - 2016-12-09 12:14 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2016-12-14 14:52 - 2016-12-09 12:09 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2016-12-14 14:52 - 2016-12-09 11:41 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2016-12-14 14:52 - 2016-12-09 11:38 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-12-14 14:52 - 2016-12-09 11:37 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-12-14 14:52 - 2016-12-09 11:36 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-12-14 14:52 - 2016-12-09 11:33 - 01589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2016-12-14 14:52 - 2016-12-09 11:28 - 01004544 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-12-14 14:52 - 2016-12-09 11:27 - 05114368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-12-14 14:52 - 2016-12-09 11:26 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-12-14 14:52 - 2016-12-09 11:25 - 00376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
2016-12-14 14:52 - 2016-12-09 11:24 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-12-14 14:52 - 2016-12-09 11:21 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2016-12-14 14:52 - 2016-12-09 11:20 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-12-14 14:52 - 2016-11-02 12:25 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-11 16:41 - 2016-08-25 09:42 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-01-11 16:13 - 2015-12-31 15:23 - 00000000 ____D C:\ProgramData\MEGAsync
2017-01-11 16:01 - 2015-12-29 02:33 - 00000000 ____D C:\Users\EK\AppData\Local\Packages
2017-01-11 15:14 - 2015-12-28 17:34 - 00000000 ____D C:\Users\EK\AppData\Roaming\BitComet
2017-01-11 13:59 - 2016-11-19 11:59 - 00000000 ____D C:\Users\EK\AppData\LocalLow\Mozilla
2017-01-11 12:44 - 2016-01-08 14:01 - 00000000 ____D C:\Users\EK\AppData\Roaming\vlc
2017-01-11 12:07 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-01-11 11:33 - 2016-01-22 17:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-01-11 11:33 - 2015-12-28 23:45 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-11 11:24 - 2016-07-16 13:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-11 11:24 - 2015-12-28 23:45 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-11 10:29 - 2016-07-16 13:45 - 00000000 ____D C:\WINDOWS\INF
2017-01-10 20:23 - 2015-12-29 02:35 - 02380690 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-10 20:22 - 2016-01-01 17:24 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-01-10 20:18 - 2016-08-25 10:12 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-10 20:17 - 2016-07-16 08:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-01-10 12:08 - 2016-08-25 09:49 - 00000000 ____D C:\Users\EK
2017-01-08 20:42 - 2016-11-18 11:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-02 10:47 - 2015-12-28 21:46 - 00000000 ____D C:\ProgramData\KMSAutoS
2017-01-01 13:38 - 2016-07-16 13:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-01-01 13:33 - 2015-12-28 21:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-12-29 07:29 - 2016-07-16 13:47 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs
2016-12-29 07:29 - 2015-12-28 19:37 - 00000000 ____D C:\ProgramData\Alcohol Soft
2016-12-29 07:29 - 2015-12-28 19:36 - 00000000 ____D C:\Program Files (x86)\Alcohol Soft
2016-12-28 07:32 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\drivers
2016-12-28 07:32 - 2016-07-16 08:04 - 00000000 ____D C:\WINDOWS\system32\DriverStore
2016-12-28 07:32 - 2016-07-16 08:04 - 00000000 ____D C:\Program Files (x86)
2016-12-28 03:01 - 2016-07-16 08:04 - 00000000 ____D C:\WINDOWS\system32\CatRoot
2016-12-23 01:13 - 2016-07-16 13:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-12-23 01:13 - 2016-07-16 13:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-21 22:58 - 2016-08-25 10:12 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-21 22:58 - 2016-08-25 10:12 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-21 22:58 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\Tasks
2016-12-20 09:52 - 2015-12-28 17:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-19 15:48 - 2015-07-10 13:04 - 00000000 __RHD C:\Users\Public\Desktop
2016-12-19 14:02 - 2016-07-16 08:04 - 00000000 ____D C:\Program Files\Common Files
2016-12-19 14:01 - 2016-07-16 08:04 - 00000000 ___RD C:\Program Files
2016-12-18 21:00 - 2016-08-25 09:49 - 00000000 ____D C:\Users\EK\AppData\Roaming
2016-12-18 20:58 - 2016-06-21 22:27 - 00000000 ____D C:\ProgramData\Package Cache
2016-12-18 11:36 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\rescache
2016-12-15 18:15 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-12-15 18:13 - 2009-09-05 11:15 - 00000000 __SHD C:\Boot
2016-12-15 18:11 - 2016-08-25 09:42 - 00396896 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-12-15 18:10 - 2016-08-25 09:42 - 00524288 ___SH C:\WINDOWS\system32\config\DRIVERS{bbb5d0ef-4b5d-11e6-80cb-e41d2d0744a0}.TMContainer00000000000000000001.regtrans-ms
2016-12-15 18:10 - 2016-08-25 09:42 - 00065536 ___SH C:\WINDOWS\system32\config\DRIVERS{bbb5d0ef-4b5d-11e6-80cb-e41d2d0744a0}.TM.blf
2016-12-15 18:10 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\SysWOW64\en-US
2016-12-15 18:10 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\en-US
2016-12-15 18:10 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\Boot
2016-12-15 18:10 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-12-15 18:10 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\AppPatch
2016-12-15 18:09 - 2016-07-16 13:47 - 00000796 ___SH C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
2016-12-14 23:02 - 2016-01-03 17:44 - 00002236 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
 
==================== Files in the root of some directories =======
 
2015-12-29 19:23 - 2016-10-25 18:38 - 0038459 _____ () C:\Users\EK\AppData\Roaming\Comma Separated Values.ADR
2016-08-31 00:38 - 2016-08-31 00:38 - 0004170 _____ () C:\Users\EK\AppData\Local\HWVendorDetection.log
2016-06-26 00:16 - 2016-06-26 00:16 - 0007606 _____ () C:\Users\EK\AppData\Local\Resmon.ResmonCfg
2016-08-30 19:48 - 2016-08-30 19:48 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-01-04 12:43
 
==================== End of FRST.txt ============================
 
Attached File  Addition.txt   36.23KB   6 downloads

 

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,741 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:24 PM

Posted 12 January 2017 - 11:37 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove this programs in bold via the Control Panel > Programs > Programs and Features.
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - )
---

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
HKLM-x32\...\Run: [] => [X]
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
FF user.js: detected! => C:\Users\EK\AppData\Roaming\Mozilla\Firefox\Profiles\vaqn3cun.default\user.js [2015-12-28]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\469426046.js [2017-01-08] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\469426046.cfg [2017-01-08] <==== ATTENTION
CHR Extension: (Chrome Web Store Payments) - C:\Users\EK\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Chrome Media Router) - C:\Users\EK\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-14]
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [966336 2014-12-04] (@ByELDI) [File not signed]
Task: {37ABA0F7-01FE-4F09-A063-8901BB80AA95} - System32\Tasks\KMSAutoNet => C:\ProgramData\KMSAutoS\KMSAuto Net.exe [2015-08-10] (MSFree Inc.)
Task: {C701D71D-457F-47E0-AA32-EBBEFB1384EF} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2014-12-04] (@ByELDI)
Task: {F1CE2B0A-9884-49A1-9312-A0E928F7ACE1} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe <==== ATTENTION
FirewallRules: [{C0AD55E1-4F67-4741-92F9-57BFC1BEE876}] => C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{3165A73C-8339-4F1D-9C4F-0229B4E23A2E}] => C:\Program Files\KMSpico\Service_KMS.exe
C:\Program Files\KMSpico
C:\Program Files (x86)\mozilla firefox\defaults\pref\469426046.js
C:\Program Files (x86)\mozilla firefox\469426046.cfg

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Default Browsing settings in Firefox if compromised.
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F

Clean the Firefox Cache.
https://kb.iu.edu/d/ahic#firefox
<<<>>>

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
===

Please let me know what problem persists with this computer.

#3 Daniel10

Daniel10
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 12 January 2017 - 01:10 PM

Thank you nasdaq  for your reply..

​I did what you requested... the problem persists with Chrome.. but not with Firefox. I noticed also a new search bar below the one of google in chrome with the words "Secure Search" in it!

Here is the log:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 08-01-2017

Ran by EK (12-01-2017 19:07:43) Run:1
Running from D:\Software
Loaded Profiles: EK (Available Profiles: EK)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
(@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
HKLM-x32\...\Run: [] => [X]
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
FF user.js: detected! => C:\Users\EK\AppData\Roaming\Mozilla\Firefox\Profiles\vaqn3cun.default\user.js [2015-12-28]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\469426046.js [2017-01-08] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\469426046.cfg [2017-01-08] <==== ATTENTION
CHR Extension: (Chrome Web Store Payments) - C:\Users\EK\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Chrome Media Router) - C:\Users\EK\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-14]
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [966336 2014-12-04] (@ByELDI) [File not signed]
Task: {37ABA0F7-01FE-4F09-A063-8901BB80AA95} - System32\Tasks\KMSAutoNet => C:\ProgramData\KMSAutoS\KMSAuto Net.exe [2015-08-10] (MSFree Inc.)
Task: {C701D71D-457F-47E0-AA32-EBBEFB1384EF} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2014-12-04] (@ByELDI)
Task: {F1CE2B0A-9884-49A1-9312-A0E928F7ACE1} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe <==== ATTENTION
FirewallRules: [{C0AD55E1-4F67-4741-92F9-57BFC1BEE876}] => C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{3165A73C-8339-4F1D-9C4F-0229B4E23A2E}] => C:\Program Files\KMSpico\Service_KMS.exe
C:\Program Files\KMSpico
C:\Program Files (x86)\mozilla firefox\defaults\pref\469426046.js
C:\Program Files (x86)\mozilla firefox\469426046.cfg
 
Reboot:
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Program Files\KMSpico\Service_KMS.exe => No running process found
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
"C:\WINDOWS\system32\GroupPolicy\Machine" => not found.
C:\Users\EK\AppData\Roaming\Mozilla\Firefox\Profiles\vaqn3cun.default\user.js => moved successfully
C:\Users\EK\AppData\Roaming\Mozilla\Firefox\Profiles\vaqn3cun.default\user.js => not found.
C:\Program Files (x86)\mozilla firefox\defaults\pref\469426046.js => moved successfully
C:\Program Files (x86)\mozilla firefox\469426046.cfg => moved successfully
C:\Users\EK\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\EK\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
Service KMSELDI => service not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{37ABA0F7-01FE-4F09-A063-8901BB80AA95} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{37ABA0F7-01FE-4F09-A063-8901BB80AA95} => key removed successfully
C:\WINDOWS\System32\Tasks\KMSAutoNet => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\KMSAutoNet => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C701D71D-457F-47E0-AA32-EBBEFB1384EF} => key not found. 
C:\WINDOWS\System32\Tasks\AutoPico Daily Restart => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F1CE2B0A-9884-49A1-9312-A0E928F7ACE1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F1CE2B0A-9884-49A1-9312-A0E928F7ACE1} => key removed successfully
C:\WINDOWS\System32\Tasks\LaunchPreSignup => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchPreSignup => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C0AD55E1-4F67-4741-92F9-57BFC1BEE876} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3165A73C-8339-4F1D-9C4F-0229B4E23A2E} => value not found.
C:\Program Files\KMSpico => moved successfully
"C:\Program Files (x86)\mozilla firefox\defaults\pref\469426046.js" => not found.
"C:\Program Files (x86)\mozilla firefox\469426046.cfg" => not found.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 14633352 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 14899461 B
Edge => 4037 B
Chrome => 187870387 B
Firefox => 168397897 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 737626 B
EK => 65369213 B
 
RecycleBin => 0 B
EmptyTemp: => 431 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 19:10:54 ====


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,741 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:24 PM

Posted 13 January 2017 - 10:40 AM


I thinks I found it.

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
CloseProcesses:

AutoConfigURL: [S-1-5-21-2653736653-904340254-1993633111-1001] => hxxp://no-block.info/wpad.dat?2fcf6ff55d9f778e7b976f4ce8175bde23396540
ManualProxies: 0hxxp://no-block.info/wpad.dat?2fcf6ff55d9f778e7b976f4ce8175bde23396540

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
===

Please let me know what problem persists with this computer.

#5 Daniel10

Daniel10
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 14 January 2017 - 07:37 AM

Hi,
No luck this time I am afraid. FRST never finished fixing... I waited for more than half an hour but no luck. I had to use task manager to stop it. 
 
Here is the log:
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 14-01-2017
Ran by EK (14-01-2017 14:21:40) Run:4
Running from D:\Software
Loaded Profiles: EK (Available Profiles: EK)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
CloseProcesses:
 
AutoConfigURL: [S-1-5-21-2653736653-904340254-1993633111-1001] => hxxp://no-block.info/wpad.dat?2fcf6ff55d9f778e7b976f4ce8175bde23396540
ManualProxies: 0hxxp://no-block.info/wpad.dat?2fcf6ff55d9f778e7b976f4ce8175bde23396540
 
Reboot:
 
End
 
*****************
 
Restore point was successfully created.
Processes closed successfully.

Edited by nasdaq, 14 January 2017 - 10:15 AM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,741 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:24 PM

Posted 14 January 2017 - 10:18 AM

I made a format change to the AutoConfigURL line.

Please create a new Fixlist.txt and run the fix as before.

===

#7 Daniel10

Daniel10
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 14 January 2017 - 01:19 PM

Hi,

Everything seems fine..

Thank you for your help..

 

Here is the log:

Fix result of Farbar Recovery Scan Tool (x64) Version: 14-01-2017
Ran by EK (14-01-2017 19:42:08) Run:5
Running from D:\Software
Loaded Profiles: EK (Available Profiles: EK)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
CloseProcesses:
 
AutoConfigURL: [S-1-5-21-2653736653-904340254-1993633111-1001] => hxxp://no-block.info/wpad.dat?2fcf6ff55d9f778e7b976f4ce8175bde23396540
ManualProxies: 0hxxp://no-block.info/wpad.dat?2fcf6ff55d9f778e7b976f4ce8175bde23396540
 
Reboot:
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-2653736653-904340254-1993633111-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => value removed successfully
 
 
The system needed a reboot.
 
==== End of Fixlog 19:42:50 ====


#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,741 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:24 PM

Posted 14 January 2017 - 02:06 PM

Glad we could help.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#9 Daniel10

Daniel10
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 14 January 2017 - 02:14 PM

I have another problem that is not malware related.. can I post it here? 

(my pc doesn't wake up after sleep or hibernation!) 



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,741 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:24 PM

Posted 14 January 2017 - 02:19 PM

Can this help?

https://answers.microsoft.com/en-us/windows/forum/windows_10-power/computer-wont-wake-from-sleep-mode-windows-10/91bda12c-9fbb-4e98-9113-7f7b83e2a095

#11 Daniel10

Daniel10
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 14 January 2017 - 02:50 PM

I am afraid not. tried many solutions before but no luck. I thing it's something to do with the graphic driver.. 

thank you anyway..



#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,741 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:24 PM

Posted 15 January 2017 - 08:43 AM

Check the integrity of the operating system files.
How to run sfc /Scannow
http://support.microsoft.com/kb/929833

Hope it helps.

#13 Daniel10

Daniel10
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 15 January 2017 - 12:28 PM

Thanx... did that too.. no problems found

I updated the driver of the graphic card and my laptop can now wake up from hibernation. However, Sleep option has disappeared therefore I cannot put it to sleep. This is better than before.. and it's OK for me. 



#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,741 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:24 PM

Posted 15 January 2017 - 02:22 PM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users