Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

4 unusual user accounts showing in farbar scan infected laptop


  • This topic is locked This topic is locked
5 replies to this topic

#1 neil0502

neil0502

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 08 February 2017 - 04:37 PM

hi please help sure my laptop infected , 

 

 

 

 

 

 

 result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-02-2017

Ran by kk (administrator) on MM (08-02-2017 21:07:27)
Running from C:\Users\kk\Downloads
Loaded Profiles: kk (Available Profiles: kk)
Platform: Windows 8 Pro with Media Center (X64) Language: English (United Kingdom)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\ns.exe
(IObit) C:\Program Files (x86)\IObit\Classic Start\SMService.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 6\CyberGhost.Service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\ns.exe
(IObit) C:\Program Files (x86)\IObit\Classic Start\ClassicStart.exe
(IObit) C:\Program Files (x86)\IObit\Classic Start\StartMenu_Hook.exe
(IObit) C:\Program Files (x86)\IObit\Classic Start\InstallServices.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
(CyberGhost S.R.L.) C:\Program Files\CyberGhost 6\CyberGhost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16384_none_622908ad510eb05b\TiWorker.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1013708965-3533531930-921066416-1001\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 6\CyberGhost.exe [1223728 2017-02-06] (CyberGhost S.R.L.)
HKU\S-1-5-21-1013708965-3533531930-921066416-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicyScripts: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{67DE778A-F104-4160-A423-52F013CBEEC5}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1013708965-3533531930-921066416-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1013708965-3533531930-921066416-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
 
FireFox:
========
FF DefaultProfile: pz4544hs.default
FF ProfilePath: C:\Users\kk\AppData\Roaming\Mozilla\Firefox\Profiles\pz4544hs.default [2017-02-08]
FF Extension: (Popup Blocker Ultimate) - C:\Users\kk\AppData\Roaming\Mozilla\Firefox\Profiles\pz4544hs.default\Extensions\{60B7679C-BED9-11E5-998D-8526BB8E7F8B}.xpi [2017-02-08]
FF Extension: (Adblock Plus) - C:\Users\kk\AppData\Roaming\Mozilla\Firefox\Profiles\pz4544hs.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-02-08]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.2.15\coFFAddon
FF Extension: (Norton Identity Safe) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.2.15\coFFAddon [2017-02-08]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.2.15\coFFAddon
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-02-07] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-02-07] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-07] (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\kk\AppData\Local\Google\Chrome\User Data\Default [2017-02-08]
CHR Extension: (Google Slides) - C:\Users\kk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-02-07]
CHR Extension: (Google Docs) - C:\Users\kk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-07]
CHR Extension: (Google Drive) - C:\Users\kk\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-07]
CHR Extension: (YouTube) - C:\Users\kk\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-07]
CHR Extension: (Norton Security Toolbar) - C:\Users\kk\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2017-02-07]
CHR Extension: (Google Sheets) - C:\Users\kk\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-02-07]
CHR Extension: (Google Docs Offline) - C:\Users\kk\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\kk\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-07]
CHR Extension: (Gmail) - C:\Users\kk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-07]
CHR Extension: (Chrome Media Router) - C:\Users\kk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\Exts\Chrome.crx [2017-02-08]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\Exts\Chrome.crx [2017-02-08]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
 
Opera: 
=======
StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 CG6Service; C:\Program Files\CyberGhost 6\CyberGhost.Service.exe [76848 2017-02-06] (CyberGhost S.R.L)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 NS; C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\NS.exe [289080 2016-02-26] (Symantec Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.)
R2 SMService; C:\Program Files (x86)\IObit\Classic Start\SMService.exe [1077536 2017-01-16] (IObit)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ampa; C:\Windows\system32\ampa.sys [38320 2016-12-25] ()
S3 ampa; C:\Windows\SysWOW64\ampa.sys [38320 2016-12-25] ()
R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.5.2.15\Definitions\BASHDefs\20170206.001\BHDrvx64.sys [1874136 2017-02-06] (Symantec Corporation)
R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1606000.08E\ccSetx64.sys [173808 2015-07-11] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497312 2017-02-07] (Symantec Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2017-01-20] ()
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-02-07] (REALiX™)
R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.5.2.15\Definitions\IPSDefs\20170207.001\IDSvia64.sys [1038024 2017-02-04] (Symantec Corporation)
R1 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176584 2017-02-08] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [110536 2017-02-08] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-02-08] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251848 2017-02-08] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [91584 2017-02-08] (Malwarebytes)
R3 NAVENG; C:\Program Files (x86)\Norton Security\NortonData\22.5.2.15\Definitions\VirusDefs\20170208.001\ENG64.SYS [138912 2017-02-07] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security\NortonData\22.5.2.15\Definitions\VirusDefs\20170208.001\EX64.SYS [2151072 2017-02-07] (Symantec Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3737304 2017-02-07] (Realtek Semiconductor Corporation                           )
R1 SRTSP; C:\Windows\System32\Drivers\NSx64\1606000.08E\SRTSP64.SYS [928504 2016-02-24] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NSx64\1606000.08E\SRTSPX64.SYS [50936 2015-07-11] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NSx64\1606000.08E\SYMEFASI64.SYS [1621232 2016-02-24] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NSx64\1606000.08E\SymELAM.sys [24192 2015-07-11] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2017-02-07] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NSx64\1606000.08E\Ironx64.SYS [295664 2016-02-24] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NSx64\1606000.08E\SYMNETS.SYS [577768 2016-02-24] (Symantec Corporation)
U3 TrueSight; C:\Windows\System32\Drivers\TrueSight.sys [28272 2017-02-08] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [34216 2012-07-26] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [258288 2012-07-26] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-08 21:07 - 2017-02-08 21:07 - 00013791 _____ C:\Users\kk\Downloads\FRST.txt
2017-02-08 21:07 - 2017-02-08 21:07 - 00000000 ____D C:\FRST
2017-02-08 21:05 - 2017-02-08 21:05 - 02421248 _____ (Farbar) C:\Users\kk\Downloads\FRST64.exe
2017-02-08 20:33 - 2017-02-08 20:34 - 00091584 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-02-08 20:33 - 2017-02-08 20:33 - 00251848 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-02-08 20:33 - 2017-02-08 20:33 - 00176584 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-02-08 20:33 - 2017-02-08 20:33 - 00110536 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-02-08 20:33 - 2017-02-08 20:33 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-02-08 20:33 - 2017-02-08 20:33 - 00001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-08 20:33 - 2017-02-08 20:33 - 00001867 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2017-02-08 20:33 - 2017-02-08 20:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-08 20:33 - 2017-01-20 07:47 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-02-08 20:32 - 2017-02-08 20:32 - 55566792 _____ (Malwarebytes ) C:\Users\kk\Downloads\mb3-setup-consumer-3.0.6.1469.exe
2017-02-08 20:32 - 2017-02-08 20:32 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-08 20:32 - 2017-02-08 20:32 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-08 20:11 - 2017-02-08 20:11 - 00000117 _____ C:\Windows\system32\netcfg-6395713.txt
2017-02-08 20:03 - 2017-02-08 20:03 - 00000117 _____ C:\Windows\system32\netcfg-5895433.txt
2017-02-08 20:02 - 2017-02-08 20:02 - 00000000 ____D C:\Users\kk\Documents\ProcAlyzer Dumps
2017-02-08 19:50 - 2017-02-08 19:50 - 00000909 _____ C:\Users\kk\Downloads\MTB.txt
2017-02-08 19:49 - 2017-02-08 19:49 - 00892416 _____ (Farbar) C:\Users\kk\Downloads\MiniToolBox.exe
2017-02-08 19:41 - 2017-02-08 19:41 - 00000117 _____ C:\Windows\system32\netcfg-4554620.txt
2017-02-08 19:41 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2017-02-08 19:41 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\ProgramData\Desktop\Post Win10 Spybot-install.exe
2017-02-08 19:31 - 2012-07-26 05:26 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.20170208-193159.backup
2017-02-08 19:21 - 2017-02-08 19:21 - 00000117 _____ C:\Windows\system32\netcfg-3367219.txt
2017-02-08 19:15 - 2017-02-08 20:09 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-02-08 19:15 - 2017-02-08 19:41 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-02-08 19:15 - 2017-02-08 19:15 - 00001391 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-02-08 19:15 - 2017-02-08 19:15 - 00001379 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2017-02-08 19:15 - 2017-02-08 19:15 - 00001379 _____ C:\ProgramData\Desktop\Spybot-S&D Start Center.lnk
2017-02-08 19:15 - 2017-02-08 19:15 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2017-02-08 19:15 - 2017-02-08 19:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-02-08 19:15 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2017-02-08 19:14 - 2017-02-08 19:14 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\kk\Downloads\spybot-2.4.exe
2017-02-08 19:10 - 2017-02-08 19:10 - 00000000 ____D C:\Program Files (x86)\GUMFE2C.tmp
2017-02-08 19:08 - 2017-02-08 19:08 - 00003806 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1486580881
2017-02-08 19:08 - 2017-02-08 19:08 - 00001093 _____ C:\Users\Public\Desktop\Opera.lnk
2017-02-08 19:08 - 2017-02-08 19:08 - 00001093 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2017-02-08 19:08 - 2017-02-08 19:08 - 00001093 _____ C:\ProgramData\Desktop\Opera.lnk
2017-02-08 19:08 - 2017-02-08 19:08 - 00000000 ____D C:\Users\kk\AppData\Roaming\Opera Software
2017-02-08 19:08 - 2017-02-08 19:08 - 00000000 ____D C:\Users\kk\AppData\Local\Opera Software
2017-02-08 19:07 - 2017-02-08 19:08 - 00000000 ____D C:\Program Files\Opera
2017-02-08 19:07 - 2017-02-08 19:07 - 01159832 _____ (Opera Software) C:\Users\kk\Downloads\OperaSetup.exe
2017-02-08 18:25 - 2017-02-08 18:25 - 00003536 ____N C:\bootsqm.dat
2017-02-08 18:25 - 2017-02-08 18:25 - 00000117 _____ C:\Windows\system32\netcfg-19110.txt
2017-02-08 18:22 - 2017-02-08 18:22 - 00000117 _____ C:\Windows\system32\netcfg-370065.txt
2017-02-08 18:16 - 2017-02-08 18:16 - 00000117 _____ C:\Windows\system32\netcfg-14913.txt
2017-02-08 18:15 - 2017-02-08 18:15 - 00000117 _____ C:\Windows\system32\netcfg-3509507.txt
2017-02-08 17:17 - 2017-02-08 18:13 - 00000000 ____D C:\NPE
2017-02-08 17:17 - 2017-02-08 17:17 - 00000117 _____ C:\Windows\system32\netcfg-15880.txt
2017-02-08 17:15 - 2017-02-08 17:15 - 00000117 _____ C:\Windows\system32\netcfg-554318.txt
2017-02-08 17:12 - 2017-02-08 17:12 - 00000000 ____D C:\Windows\System32\Tasks\Norton Security
2017-02-08 17:09 - 2017-02-08 17:09 - 00000000 ____D C:\ProgramData\ProductData
2017-02-08 17:08 - 2017-02-08 19:41 - 00000000 ____D C:\Program Files\Common Files\AV
2017-02-08 17:08 - 2017-02-08 17:08 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2017-02-08 17:06 - 2017-02-08 17:06 - 00290288 _____ C:\Windows\system32\FNTCACHE.DAT
2017-02-08 17:06 - 2017-02-08 17:06 - 00000117 _____ C:\Windows\system32\netcfg-19890.txt
2017-02-08 17:03 - 2017-02-08 17:03 - 00000117 _____ C:\Windows\system32\netcfg-18266952.txt
2017-02-08 16:41 - 2017-02-08 16:41 - 00380928 _____ C:\Users\kk\Downloads\98fdj2yu.exe
2017-02-08 16:33 - 2017-02-08 16:34 - 00002798 _____ C:\Users\kk\Desktop\unhide.txt
2017-02-08 16:33 - 2017-02-08 16:33 - 00427648 _____ (Bleeping Computer, LLC) C:\Users\kk\Downloads\unhide.exe
2017-02-08 16:31 - 2017-02-08 16:31 - 00003528 _____ C:\Users\kk\Desktop\JRT.txt
2017-02-08 16:28 - 2017-02-08 16:28 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\kk\Downloads\rkill.exe
2017-02-08 16:28 - 2017-02-08 16:28 - 00002230 _____ C:\Users\kk\Desktop\Rkill.txt
2017-02-08 16:27 - 2017-02-08 16:27 - 01663040 _____ (Malwarebytes) C:\Users\kk\Downloads\JRT.exe
2017-02-08 14:37 - 2017-02-08 14:42 - 00262440 _____ C:\TDSSKiller.3.1.0.12_08.02.2017_14.37.34_log.txt
2017-02-08 14:37 - 2017-02-08 14:37 - 04747704 _____ (AO Kaspersky Lab) C:\Users\kk\Downloads\tdsskiller.exe
2017-02-08 14:13 - 2017-02-08 14:13 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-02-08 14:12 - 2017-02-08 14:12 - 00000858 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-02-08 14:12 - 2017-02-08 14:12 - 00000858 _____ C:\ProgramData\Desktop\RogueKiller.lnk
2017-02-08 14:12 - 2017-02-08 14:12 - 00000000 ____D C:\ProgramData\RogueKiller
2017-02-08 14:12 - 2017-02-08 14:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-02-08 14:12 - 2017-02-08 14:12 - 00000000 ____D C:\Program Files\RogueKiller
2017-02-08 14:11 - 2017-02-08 14:11 - 34801784 _____ (Adlice Software ) C:\Users\kk\Downloads\setup.exe
2017-02-08 14:05 - 2017-02-08 14:05 - 00064724 _____ C:\ComboFix.txt
2017-02-08 13:56 - 2011-06-26 06:45 - 00256000 _____ C:\Windows\PEV.exe
2017-02-08 13:56 - 2010-11-07 17:20 - 00208896 _____ C:\Windows\MBR.exe
2017-02-08 13:56 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-02-08 13:56 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-02-08 13:56 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-02-08 13:56 - 2000-08-31 00:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2017-02-08 13:56 - 2000-08-31 00:00 - 00098816 _____ C:\Windows\sed.exe
2017-02-08 13:56 - 2000-08-31 00:00 - 00080412 _____ C:\Windows\grep.exe
2017-02-08 13:56 - 2000-08-31 00:00 - 00068096 _____ C:\Windows\zip.exe
2017-02-08 13:53 - 2017-02-08 14:05 - 00000000 ____D C:\Qoobox
2017-02-08 13:53 - 2017-02-08 14:03 - 00000000 ____D C:\Windows\erdnt
2017-02-08 13:50 - 2017-02-08 16:26 - 00219310 _____ C:\Users\kk\Documents\aswMBR.txt
2017-02-08 13:50 - 2017-02-08 16:26 - 00000512 _____ C:\Users\kk\Documents\MBR.dat
2017-02-08 13:44 - 2017-02-08 16:41 - 00000000 ____D C:\AdwCleaner
2017-02-08 13:43 - 2017-02-08 13:43 - 05659775 ____R (Swearware) C:\Users\kk\Downloads\ComboFix.exe
2017-02-08 13:42 - 2017-02-08 13:42 - 04015056 _____ C:\Users\kk\Downloads\AdwCleaner.exe
2017-02-08 13:34 - 2017-02-08 13:34 - 05198336 _____ (AVAST Software) C:\Users\kk\Downloads\aswMBR.exe
2017-02-08 13:30 - 2017-02-08 13:44 - 00000000 ____D C:\Users\kk\AppData\Local\PrivaZer
2017-02-08 13:30 - 2017-02-08 13:30 - 07527688 _____ (Goversoft LLC) C:\Users\kk\Downloads\privazer_free.exe
2017-02-08 13:30 - 2017-02-08 13:30 - 00003088 _____ C:\Windows\System32\Tasks\PrivaZer_SkipUAC
2017-02-08 13:30 - 2017-02-08 13:30 - 00001897 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrivaZer.lnk
2017-02-08 13:30 - 2017-02-08 13:30 - 00001885 _____ C:\Users\Public\Desktop\PrivaZer.lnk
2017-02-08 13:30 - 2017-02-08 13:30 - 00001885 _____ C:\ProgramData\Desktop\PrivaZer.lnk
2017-02-08 13:30 - 2017-02-08 13:30 - 00000000 ____D C:\Users\kk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PrivaZer
2017-02-08 13:30 - 2017-02-08 13:30 - 00000000 ____D C:\ProgramData\privazer
2017-02-08 13:30 - 2017-02-08 13:30 - 00000000 ____D C:\Program Files (x86)\PrivaZer
2017-02-08 12:11 - 2017-02-08 12:11 - 00000117 _____ C:\Windows\system32\netcfg-761565.txt
2017-02-08 12:10 - 2017-02-08 12:10 - 00000117 _____ C:\Windows\system32\netcfg-687075.txt
2017-02-08 12:09 - 2017-02-08 17:09 - 00000000 ____D C:\Users\kk\AppData\Local\CyberGhost
2017-02-08 12:09 - 2017-02-08 12:09 - 00002002 _____ C:\Users\kk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberGhost 6.lnk
2017-02-08 12:08 - 2017-02-08 12:08 - 00001728 _____ C:\Users\kk\Desktop\CyberGhost 6.lnk
2017-02-08 12:08 - 2017-02-08 12:08 - 00001168 _____ C:\Windows\system32\netcfg-590962.txt
2017-02-08 12:08 - 2017-02-08 12:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 6
2017-02-08 12:08 - 2017-02-08 12:08 - 00000000 ____D C:\Program Files\TAP-Windows
2017-02-08 12:08 - 2017-02-08 12:08 - 00000000 ____D C:\Program Files\CyberGhost 6
2017-02-08 12:07 - 2017-02-08 12:07 - 16292960 _____ (CyberGhost S.R.L. ) C:\Users\kk\Downloads\CyberGhost_6.0.5.2405.exe
2017-02-08 11:59 - 2017-02-08 11:59 - 00000117 _____ C:\Windows\system32\netcfg-15147.txt
2017-02-08 00:51 - 2017-02-08 00:51 - 00000117 _____ C:\Windows\system32\netcfg-10740294.txt
2017-02-07 23:48 - 2017-02-08 13:36 - 00000000 ____D C:\Users\kk\AppData\Local\ElevatedDiagnostics
2017-02-07 23:41 - 2017-02-07 23:42 - 22660464 _____ (Microsoft Corporation) C:\Users\kk\Downloads\LifeCam3.60.exe
2017-02-07 23:41 - 2017-02-07 23:41 - 03274608 _____ (Microsoft Corporation) C:\Users\kk\Downloads\HD6000FW1033.exe
2017-02-07 22:26 - 2017-02-08 18:18 - 00000000 ____D C:\Users\kk\AppData\Local\NPE
2017-02-07 22:22 - 2017-02-07 22:22 - 00611400 _____ () C:\Users\kk\Downloads\LSBsetup.exe
2017-02-07 22:19 - 2017-02-07 22:19 - 00000000 ____D C:\Users\kk\AppData\Roaming\Macromedia
2017-02-07 22:19 - 2017-02-07 22:19 - 00000000 ____D C:\Users\kk\AppData\Local\Macromedia
2017-02-07 22:09 - 2017-02-08 20:33 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-02-07 22:09 - 2017-02-08 17:06 - 00003218 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2017-02-07 22:09 - 2017-02-08 17:06 - 00002315 _____ C:\Users\Public\Desktop\Norton Security.LNK
2017-02-07 22:09 - 2017-02-08 17:06 - 00002315 _____ C:\ProgramData\Desktop\Norton Security.LNK
2017-02-07 22:09 - 2017-02-07 22:09 - 00111344 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2017-02-07 22:09 - 2017-02-07 22:09 - 00008214 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2017-02-07 22:09 - 2017-02-07 22:09 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-02-07 22:09 - 2017-02-07 22:09 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2017-02-07 22:08 - 2017-02-07 22:09 - 00000000 ____D C:\Users\kk\AppData\Local\Adobe
2017-02-07 22:07 - 2017-02-08 17:06 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2017-02-07 22:07 - 2017-02-08 17:06 - 00000000 ____D C:\Windows\system32\Drivers\NSx64
2017-02-07 22:07 - 2017-02-07 22:27 - 00000000 ____D C:\ProgramData\Norton
2017-02-07 22:07 - 2017-02-07 22:07 - 00000000 ____D C:\ProgramData\NortonInstaller
2017-02-07 22:07 - 2017-02-07 22:07 - 00000000 ____D C:\Program Files (x86)\NortonInstaller
2017-02-07 22:07 - 2017-02-07 22:07 - 00000000 ____D C:\Program Files (x86)\Norton Security
2017-02-07 22:05 - 2017-02-07 22:07 - 144845312 _____ (Symantec Corporation) C:\Users\kk\Downloads\NS_22.5.2.15_SYMTB_PROMO_15_MRFTT_CC027_13147.exe
2017-02-07 22:04 - 2017-02-07 22:04 - 00002267 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-07 22:04 - 2017-02-07 22:04 - 00002255 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-07 22:04 - 2017-02-07 22:04 - 00002255 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2017-02-07 22:03 - 2017-02-08 19:10 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-02-07 22:03 - 2017-02-08 19:10 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-02-07 22:03 - 2017-02-08 19:09 - 00000000 ____D C:\Users\kk\AppData\Local\Google
2017-02-07 22:03 - 2017-02-07 22:04 - 00000000 ____D C:\Program Files (x86)\Google
2017-02-07 21:58 - 2017-02-07 21:58 - 01129376 _____ (Google Inc.) C:\Users\kk\Downloads\ChromeSetup.exe
2017-02-07 21:56 - 2017-02-07 22:39 - 00000000 ____D C:\ESD
2017-02-07 21:55 - 2017-02-07 21:55 - 18309328 _____ (Microsoft Corporation) C:\Users\kk\Downloads\MediaCreationTool.exe
2017-02-07 21:55 - 2017-02-07 21:55 - 00000000 ____D C:\$Windows.~WS
2017-02-07 21:55 - 2017-02-07 21:55 - 00000000 ____D C:\$WINDOWS.~BT
2017-02-07 21:54 - 2017-02-07 21:54 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-02-07 21:53 - 2017-02-07 21:53 - 00000117 _____ C:\Windows\system32\netcfg-14586.txt
2017-02-07 21:53 - 2017-02-07 21:53 - 00000117 _____ C:\Windows\system32\netcfg-11263.txt
2017-02-07 21:44 - 2017-02-07 21:44 - 00000117 _____ C:\Windows\system32\netcfg-14679.txt
2017-02-07 21:44 - 2017-02-07 21:44 - 00000117 _____ C:\Windows\system32\netcfg-12043.txt
2017-02-07 21:42 - 2017-02-07 21:42 - 00080384 _____ C:\Users\kk\Downloads\MBRCheck.exe
2017-02-07 21:42 - 2017-02-07 21:42 - 00010736 _____ C:\Users\kk\Desktop\MBRCheck_02.07.17_21.42.35.txt
2017-02-07 21:40 - 2017-02-07 22:47 - 00000000 ____D C:\7e8581dcb3313e1f6350a9990ce8d2
2017-02-07 21:40 - 2017-02-07 21:40 - 00000000 ____T C:\Windows\wusa.lock
2017-02-07 21:40 - 2012-11-22 19:32 - 00000486 _____ C:\Users\kk\Desktop\Windows6.0-KB2763674-x86-pkgProperties.txt
2017-02-07 21:29 - 2017-02-07 21:29 - 00000117 _____ C:\Windows\system32\netcfg-14851.txt
2017-02-07 21:14 - 2017-02-07 21:14 - 00000117 _____ C:\Windows\system32\netcfg-325683.txt
2017-02-07 21:09 - 2017-02-07 21:09 - 00000117 _____ C:\Windows\system32\netcfg-18564.txt
2017-02-07 21:08 - 2017-02-08 13:40 - 00000000 ____D C:\Windows\amlog
2017-02-07 21:06 - 2017-02-07 21:06 - 00000117 _____ C:\Windows\system32\netcfg-902325.txt
2017-02-07 21:05 - 2017-02-08 17:05 - 00000366 _____ C:\Windows\ampa.ini
2017-02-07 21:04 - 2014-05-19 23:45 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-02-07 21:04 - 2014-05-19 23:24 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2017-02-07 21:04 - 2014-05-19 23:24 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-02-07 21:04 - 2013-08-16 05:21 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-02-07 21:04 - 2013-08-16 05:21 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-02-07 21:04 - 2013-08-15 22:43 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2017-02-07 21:04 - 2012-11-06 04:20 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2017-02-07 21:04 - 2012-11-06 04:00 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wushareduxresources.dll
2017-02-07 21:03 - 2017-02-08 18:21 - 00001024 ____H C:\AMTAG.BIN
2017-02-07 21:03 - 2017-02-08 18:21 - 00000000 ____D C:\Program Files (x86)\AOMEI Partition Assistant Standard Edition 6.1
2017-02-07 21:03 - 2017-02-07 21:03 - 00001285 _____ C:\Users\Public\Desktop\AOMEI Partition Assistant Standard Edition 6.1.lnk
2017-02-07 21:03 - 2017-02-07 21:03 - 00001285 _____ C:\ProgramData\Desktop\AOMEI Partition Assistant Standard Edition 6.1.lnk
2017-02-07 21:03 - 2017-02-07 21:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOMEI Partition Assistant Standard Edition 6.1
2017-02-07 21:03 - 2016-12-28 16:25 - 01931112 _____ C:\Windows\ampa.exe
2017-02-07 21:03 - 2016-12-25 23:26 - 00038320 _____ C:\Windows\SysWOW64\ampa.sys
2017-02-07 21:03 - 2016-12-25 23:26 - 00038320 _____ C:\Windows\system32\ampa.sys
2017-02-07 21:03 - 2014-05-20 02:33 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-02-07 21:03 - 2014-05-19 23:45 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-02-07 21:03 - 2014-05-19 23:24 - 03286528 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-02-07 21:03 - 2014-05-19 23:24 - 01623040 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-02-07 21:03 - 2014-05-19 23:24 - 00773632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-02-07 21:03 - 2014-05-19 23:24 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2017-02-07 21:03 - 2014-05-14 22:43 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-02-07 21:03 - 2014-05-14 22:43 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-02-07 21:03 - 2014-05-14 22:42 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-02-07 21:03 - 2014-05-14 22:42 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-02-07 21:02 - 2017-02-07 21:02 - 10003704 _____ (AOMEI Technology Co., Ltd. ) C:\Users\kk\Downloads\PAssist_Std.exe
2017-02-07 20:58 - 2017-02-08 13:24 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1013708965-3533531930-921066416-1001
2017-02-07 20:51 - 2017-02-07 20:51 - 00000117 _____ C:\Windows\system32\netcfg-23602.txt
2017-02-07 20:50 - 2017-02-07 20:50 - 00000117 _____ C:\Windows\system32\netcfg-54974.txt
2017-02-07 20:50 - 2017-02-07 20:50 - 00000117 _____ C:\Windows\system32\netcfg-15490.txt
2017-02-07 20:49 - 2017-02-07 20:49 - 00000117 _____ C:\Windows\system32\netcfg-2427172.txt
2017-02-07 20:49 - 2017-02-07 20:49 - 00000000 ___RD C:\Users\Public\Recorded TV
2017-02-07 20:49 - 2017-02-07 20:49 - 00000000 ____D C:\Users\Default\AppData\Roaming\Media Center Programs
2017-02-07 20:49 - 2017-02-07 20:49 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Media Center Programs
2017-02-07 20:41 - 2012-07-25 20:15 - 00031841 _____ C:\Windows\ProfessionalWMC.xml
2017-02-07 20:09 - 2017-02-07 20:09 - 00000117 _____ C:\Windows\system32\netcfg-7605516.txt
2017-02-07 20:09 - 2017-02-07 20:09 - 00000117 _____ C:\Windows\system32\netcfg-13728.txt
2017-02-07 19:02 - 2017-02-07 19:02 - 00001190 _____ C:\Users\Public\Desktop\Start Menu 8.lnk
2017-02-07 19:02 - 2017-02-07 19:02 - 00001190 _____ C:\ProgramData\Desktop\Start Menu 8.lnk
2017-02-07 19:02 - 2017-02-07 19:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Start Menu 8
2017-02-07 19:02 - 2017-02-07 19:02 - 00000000 ____D C:\ProgramData\{EAAB5A83-3809-4B0E-83A6-E4B0DBF2157E}
2017-02-07 19:01 - 2017-02-07 19:01 - 11960608 _____ (IObit ) C:\Users\kk\Downloads\sm8-setup.exe
2017-02-07 18:56 - 2017-02-07 18:56 - 00000117 _____ C:\Windows\system32\netcfg-3230577.txt
2017-02-07 18:55 - 2017-02-07 18:55 - 00000117 _____ C:\Windows\system32\netcfg-3184822.txt
2017-02-07 18:55 - 2017-02-07 18:55 - 00000117 _____ C:\Windows\system32\netcfg-3184713.txt
2017-02-07 18:55 - 2017-02-07 18:55 - 00000117 _____ C:\Windows\system32\netcfg-3181515.txt
2017-02-07 18:54 - 2017-02-07 18:54 - 03737304 _____ (Realtek Semiconductor Corporation ) C:\Windows\system32\Drivers\rtwlane.sys
2017-02-07 18:54 - 2017-02-07 18:54 - 00001260 _____ C:\Windows\system32\netcfg-3112625.txt
2017-02-07 18:54 - 2017-02-07 18:54 - 00001139 _____ C:\Windows\system32\netcfg-3120300.txt
2017-02-07 18:54 - 2017-02-07 18:54 - 00000321 _____ C:\Windows\system32\netcfg-3115745.txt
2017-02-07 18:52 - 2017-02-07 19:02 - 00000000 ____D C:\Users\kk\AppData\LocalLow\IObit
2017-02-07 18:52 - 2017-02-07 19:02 - 00000000 ____D C:\ProgramData\IObit
2017-02-07 18:52 - 2017-02-07 19:02 - 00000000 ____D C:\Program Files (x86)\IObit
2017-02-07 18:52 - 2017-02-07 18:55 - 00002274 _____ C:\Users\Public\Desktop\Driver Booster 4.lnk
2017-02-07 18:52 - 2017-02-07 18:55 - 00002274 _____ C:\ProgramData\Desktop\Driver Booster 4.lnk
2017-02-07 18:52 - 2017-02-07 18:52 - 00027552 _____ (REALiX™) C:\Windows\SysWOW64\Drivers\HWiNFO64A.SYS
2017-02-07 18:52 - 2017-02-07 18:52 - 00000000 ____D C:\Windows\IObit
2017-02-07 18:52 - 2017-02-07 18:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 4
2017-02-07 18:51 - 2017-02-08 20:22 - 00000000 ____D C:\Users\kk\AppData\LocalLow\Mozilla
2017-02-07 18:50 - 2017-02-07 18:51 - 00000000 ____D C:\Users\kk\AppData\Roaming\Mozilla
2017-02-07 18:50 - 2017-02-07 18:50 - 00001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-02-07 18:50 - 2017-02-07 18:50 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-02-07 18:50 - 2017-02-07 18:50 - 00001147 _____ C:\ProgramData\Desktop\Mozilla Firefox.lnk
2017-02-07 18:50 - 2017-02-07 18:50 - 00000000 ____D C:\Users\kk\AppData\Roaming\IObit
2017-02-07 18:50 - 2017-02-07 18:50 - 00000000 ____D C:\Users\kk\AppData\Local\Mozilla
2017-02-07 18:50 - 2017-02-07 18:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-07 18:50 - 2017-02-07 18:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-07 18:39 - 2017-02-07 18:40 - 00000117 _____ C:\Windows\system32\netcfg-2251344.txt
2017-02-07 18:39 - 2017-02-07 18:39 - 00000117 _____ C:\Windows\system32\netcfg-2251234.txt
2017-02-07 18:39 - 2017-02-07 18:39 - 00000117 _____ C:\Windows\system32\netcfg-2233856.txt
2017-02-07 18:39 - 2017-02-07 18:39 - 00000117 _____ C:\Windows\system32\netcfg-2233450.txt
2017-02-07 18:38 - 2017-02-07 18:38 - 00000117 _____ C:\Windows\system32\netcfg-2170270.txt
2017-02-07 18:37 - 2017-02-07 18:37 - 00000117 _____ C:\Windows\system32\netcfg-2116340.txt
2017-02-07 18:35 - 2017-02-07 18:35 - 00000117 _____ C:\Windows\system32\netcfg-2001336.txt
2017-02-07 18:35 - 2017-02-07 18:35 - 00000117 _____ C:\Windows\system32\netcfg-1998232.txt
2017-02-07 18:35 - 2017-02-07 18:35 - 00000117 _____ C:\Windows\system32\netcfg-1991758.txt
2017-02-07 18:31 - 2017-02-07 18:31 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2017-02-07 18:14 - 2017-02-08 12:09 - 00000000 ____D C:\Users\kk\AppData\Local\VirtualStore
2017-02-07 18:14 - 2017-02-07 18:14 - 00001430 _____ C:\Users\kk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-02-07 18:14 - 2017-02-07 18:14 - 00000020 ___SH C:\Users\kk\ntuser.ini
2017-02-07 18:14 - 2017-02-07 18:14 - 00000000 ____D C:\Windows\CSC
2017-02-07 18:14 - 2017-02-07 18:14 - 00000000 ____D C:\Users\kk\AppData\Roaming\Adobe
2017-02-07 18:14 - 2017-02-07 18:14 - 00000000 ____D C:\Users\kk\AppData\Local\Packages
2017-02-07 18:14 - 2017-02-07 18:14 - 00000000 ____D C:\Users\kk
2017-02-07 18:14 - 2017-02-07 18:14 - 00000000 ____D C:\ProgramData\PRICache
2017-02-07 18:01 - 2017-02-08 13:40 - 00000000 ____D C:\Windows\Panther
2017-02-07 18:01 - 2017-02-07 18:01 - 00001137 _____ C:\Windows\system32\netcfg-31122.txt
2017-02-07 18:01 - 2017-02-07 18:01 - 00001101 _____ C:\Windows\system32\netcfg-38859.txt
2017-02-07 18:01 - 2017-02-07 18:01 - 00000185 _____ C:\Windows\system32\netcfg-29016.txt
2017-02-07 18:01 - 2017-02-07 18:01 - 00000164 _____ C:\Windows\system32\netcfg-27534.txt
2017-02-07 18:01 - 2017-02-07 18:01 - 00000162 _____ C:\Windows\system32\netcfg-35927.txt
2017-02-07 18:01 - 2017-02-07 18:01 - 00000161 _____ C:\Windows\system32\netcfg-28797.txt
2017-02-07 18:01 - 2017-02-07 18:01 - 00000160 _____ C:\Windows\system32\netcfg-28345.txt
2017-02-07 18:01 - 2017-02-07 18:01 - 00000160 _____ C:\Windows\system32\netcfg-28111.txt
2017-02-07 18:01 - 2017-02-07 18:01 - 00000160 _____ C:\Windows\system32\netcfg-27331.txt
2017-02-07 18:01 - 2017-02-07 18:01 - 00000159 _____ C:\Windows\system32\netcfg-27892.txt
2017-02-07 18:01 - 2017-02-07 18:01 - 00000157 _____ C:\Windows\system32\netcfg-28579.txt
2017-02-07 18:01 - 2017-02-07 18:01 - 00000157 _____ C:\Windows\system32\netcfg-24897.txt
2017-02-07 18:01 - 2017-02-07 18:01 - 00000150 _____ C:\Windows\system32\netcfg-27690.txt
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-08 21:07 - 2012-07-26 07:59 - 00000000 ____D C:\Windows\CbsTemp
2017-02-08 18:31 - 2012-07-26 07:28 - 00803370 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-08 18:31 - 2012-07-26 05:37 - 00000000 ____D C:\Windows\Inf
2017-02-08 18:25 - 2012-07-26 07:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-08 17:16 - 2012-07-26 08:12 - 00000000 ____D C:\Windows\ELAMBKUP
2017-02-08 16:23 - 2012-07-26 08:12 - 00000000 ____D C:\Windows\rescache
2017-02-08 14:03 - 2012-07-26 05:26 - 00000215 _____ C:\Windows\system.ini
2017-02-07 22:23 - 2012-07-26 05:26 - 00262144 ___SH C:\Windows\system32\config\ELAM
2017-02-07 22:09 - 2012-07-26 08:12 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-07 22:08 - 2012-07-26 08:12 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-02-07 21:09 - 2012-07-26 08:12 - 00000000 ____D C:\Windows\SysWOW64\en-GB
2017-02-07 21:09 - 2012-07-26 08:12 - 00000000 ____D C:\Windows\system32\en-GB
2017-02-07 21:04 - 2012-07-26 08:12 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-02-07 20:49 - 2012-07-26 08:12 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-02-07 20:49 - 2012-07-26 05:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-02-07 20:12 - 2012-07-26 08:12 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-02-07 18:38 - 2012-07-26 08:12 - 00000000 ____D C:\Windows\system32\NDF
2017-02-07 18:14 - 2012-07-26 08:12 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2017-02-07 18:14 - 2012-07-26 08:12 - 00000000 ____D C:\Windows\WinStore
2017-02-07 18:00 - 2012-07-26 08:13 - 00262144 _____ C:\Windows\system32\config\BCD-Template
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== BCD ================================
 
Firmware Boot Manager
---------------------
identifier              {fwbootmgr}
displayorder            {4ec62fe2-ed5e-11e6-8e71-981113f61e49}
                        {bootmgr}
                        {4ec62fea-ed5e-11e6-8e71-981113f61e49}
                        {4ec62fe3-ed5e-11e6-8e71-981113f61e49}
                        {4ec62fe4-ed5e-11e6-8e71-981113f61e49}
                        {4ec62fdd-ed5e-11e6-8e71-981113f61e49}
                        {4ec62fde-ed5e-11e6-8e71-981113f61e49}
                        {4ec62fe5-ed5e-11e6-8e71-981113f61e49}
timeout                 0
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume2
path                    \EFI\Microsoft\Boot\bootmgfw.efi
description             Windows Boot Manager
locale                  en-GB
inherit                 {globalsettings}
default                 {current}
resumeobject            {4ec62feb-ed5e-11e6-8e71-981113f61e49}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
 
Firmware Application (101fffff)
-------------------------------
identifier              {4ec62fdd-ed5e-11e6-8e71-981113f61e49}
description             USB FDD:
 
Firmware Application (101fffff)
-------------------------------
identifier              {4ec62fde-ed5e-11e6-8e71-981113f61e49}
description             USB CD:
 
Firmware Application (101fffff)
-------------------------------
identifier              {4ec62fdf-ed5e-11e6-8e71-981113f61e49}
description             Setup
 
Firmware Application (101fffff)
-------------------------------
identifier              {4ec62fe0-ed5e-11e6-8e71-981113f61e49}
description             Boot Menu
 
Firmware Application (101fffff)
-------------------------------
identifier              {4ec62fe1-ed5e-11e6-8e71-981113f61e49}
description             Diagnostic Splash
 
Firmware Application (101fffff)
-------------------------------
identifier              {4ec62fe2-ed5e-11e6-8e71-981113f61e49}
description             ATAPI CD: HL-DT-ST DVDRAM GUE0N                   
 
Firmware Application (101fffff)
-------------------------------
identifier              {4ec62fe3-ed5e-11e6-8e71-981113f61e49}
description             ATA HDD: SanDisk Ultra II 240GB                  
 
Firmware Application (101fffff)
-------------------------------
identifier              {4ec62fe4-ed5e-11e6-8e71-981113f61e49}
description             PCI LAN: EFI Network (IPv4)
 
Firmware Application (101fffff)
-------------------------------
identifier              {4ec62fe5-ed5e-11e6-8e71-981113f61e49}
description             PCI LAN: EFI Network (IPv6)
 
Firmware Application (101fffff)
-------------------------------
identifier              {4ec62fea-ed5e-11e6-8e71-981113f61e49}
description             USB HDD:
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.efi
description             Windows 8
locale                  en-GB
inherit                 {bootloadersettings}
recoverysequence        {4ec62fed-ed5e-11e6-8e71-981113f61e49}
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
osdevice                partition=C:
systemroot              \Windows
resumeobject            {4ec62feb-ed5e-11e6-8e71-981113f61e49}
nx                      OptIn
bootmenupolicy          Standard
bootlog                 No
 
Windows Boot Loader
-------------------
identifier              {4ec62fed-ed5e-11e6-8e71-981113f61e49}
device                  ramdisk=[\Device\HarddiskVolume1]\Recovery\4ec62fed-ed5e-11e6-8e71-981113f61e49\Winre.wim,{4ec62fee-ed5e-11e6-8e71-981113f61e49}
path                    \windows\system32\winload.efi
description             Windows Recovery Environment
locale                  en-GB
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[\Device\HarddiskVolume1]\Recovery\4ec62fed-ed5e-11e6-8e71-981113f61e49\Winre.wim,{4ec62fee-ed5e-11e6-8e71-981113f61e49}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes
 
Resume from Hibernate
---------------------
identifier              {4ec62feb-ed5e-11e6-8e71-981113f61e49}
device                  partition=C:
path                    \Windows\system32\winresume.efi
description             Windows Resume Application
locale                  en-GB
inherit                 {resumeloadersettings}
recoverysequence        {4ec62fed-ed5e-11e6-8e71-981113f61e49}
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume2
path                    \EFI\Microsoft\Boot\memtest.efi
description             Windows Memory Diagnostic
locale                  en-GB
inherit                 {globalsettings}
badmemoryaccess         Yes
 
EMS Settings
------------
identifier              {emssettings}
bootems                 No
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Device options
--------------
identifier              {4ec62fee-ed5e-11e6-8e71-981113f61e49}
description             Windows Recovery
ramdisksdidevice        partition=\Device\HarddiskVolume1
ramdisksdipath          \Recovery\4ec62fed-ed5e-11e6-8e71-981113f61e49\boot.sdi
 
 
LastRegBack: 2017-02-07 18:01 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-02-2017
Ran by kk (08-02-2017 21:08:55)
Running from C:\Users\kk\Downloads
Windows 8 Pro with Media Center (X64) (2017-02-07 18:14:07)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1013708965-3533531930-921066416-500 - Administrator - Enabled)
Guest (S-1-5-21-1013708965-3533531930-921066416-501 - Limited - Disabled)
kk (S-1-5-21-1013708965-3533531930-921066416-1001 - Administrator - Enabled) => C:\Users\kk
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Spybot - Search and Destroy (Enabled - Up to date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Norton Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
AOMEI Partition Assistant Standard Edition 6.1 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version:  - AOMEI Technology Co., Ltd.)
CyberGhost 6 (HKLM\...\CyberGhost 6_is1) (Version:  - CyberGhost S.R.L.)
Driver Booster 4.2 (HKLM-x32\...\Driver Booster_is1) (Version: 4.2.0 - IObit)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Mozilla Firefox 51.0.1 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-GB)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1 - Mozilla)
Norton Security (HKLM-x32\...\NS) (Version: 22.6.0.142 - Symantec Corporation)
Opera Stable 43.0.2442.806 (HKLM-x32\...\Opera 43.0.2442.806) (Version: 43.0.2442.806 - Opera Software)
PrivaZer (HKLM-x32\...\PrivaZer) (Version: 3.0.16.0 - Goversoft LLC)
RogueKiller version 12.9.7.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.9.7.0 - Adlice Software)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Start Menu 8 (HKLM-x32\...\IObit_StartMenu8_is1) (Version: 4.0.2.1 - IObit)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {044BF395-B33C-4832-BC26-AFA180C290E4} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {2C77680F-B9B3-45F5-88F7-02B5E63E0FFE} - System32\Tasks\Norton Security\Norton Error Processor => C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\SymErr.exe [2016-02-10] (Symantec Corporation)
Task: {3ADCD7F9-B976-4978-9B52-4A4BEFF5DB6B} - System32\Tasks\Norton Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\SymErr.exe [2016-02-10] (Symantec Corporation)
Task: {6D258A12-0039-4A99-8E50-A5DD66B537A0} - System32\Tasks\Opera scheduled Autoupdate 1486580881 => C:\Program Files\Opera\launcher.exe [2017-02-06] (Opera Software)
Task: {A765EF14-AFA7-4D08-AF66-AAD589FEECB7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-07] (Adobe Systems Incorporated)
Task: {ADD0C863-5577-438B-A0F3-0CE4DBACCB2D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-07] (Google Inc.)
Task: {C782C136-E82A-42F4-8A1B-4465578D3193} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-07] (Google Inc.)
Task: {C7ACF189-6C73-4455-AE5B-5D5C7F5EC68C} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2016-02-26] (Symantec Corporation)
Task: {D583C32D-ECF1-450D-BF3E-551577E53904} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {E9E06F3A-FB74-4030-8112-87D0094C331F} - System32\Tasks\PrivaZer_SkipUAC => C:\Program Files (x86)\PrivaZer\PrivaZer.exe [2017-02-08] (Goversoft LLC)
Task: {EB72EEFA-6450-4D4E-84B7-69EA16409859} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\WSCStub.exe [2016-02-26] (Symantec Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-02-08 12:08 - 2017-02-06 14:42 - 00306736 _____ () C:\Program Files\CyberGhost 6\MobileConcepts45.dll
2017-02-08 12:08 - 2017-02-06 14:42 - 00025648 _____ () C:\Program Files\CyberGhost 6\BugSplatDotNet.dll
2017-02-08 12:08 - 2017-02-06 14:42 - 00120368 _____ () C:\Program Files\CyberGhost 6\CyberGhost.RESTCommunicator.dll
2017-02-08 13:30 - 2017-02-08 13:30 - 03525431 _____ () C:\Program Files (x86)\PrivaZer\PrivaMenu5.dll
2017-02-08 12:08 - 2017-02-06 14:42 - 00081968 _____ () C:\Program Files\CyberGhost 6\MPHelper.dll
2017-02-08 12:08 - 2017-02-06 14:42 - 00095792 _____ () C:\Program Files\CyberGhost 6\ZendeskApi.Client.dll
2017-02-08 12:08 - 2017-02-06 14:42 - 00057904 _____ () C:\Program Files\CyberGhost 6\ZendeskApi.Contracts.dll
2017-02-08 20:33 - 2017-01-20 07:47 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-02-08 20:33 - 2017-01-20 07:47 - 02829776 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2017-02-08 20:33 - 2017-01-20 07:47 - 02254800 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-02-07 19:02 - 2015-12-29 11:30 - 00355616 _____ () C:\Program Files (x86)\IObit\Classic Start\madExcept_.bpl
2017-02-07 19:02 - 2015-12-29 11:29 - 00190240 _____ () C:\Program Files (x86)\IObit\Classic Start\madBasic_.bpl
2017-02-07 19:02 - 2015-12-29 11:30 - 00057632 _____ () C:\Program Files (x86)\IObit\Classic Start\madDisAsm_.bpl
2017-02-07 19:02 - 2015-12-29 11:30 - 00275576 _____ () C:\Program Files (x86)\IObit\Classic Start\sqlite3.dll
2017-02-07 19:02 - 2015-12-29 11:30 - 00059680 _____ () C:\Program Files (x86)\IObit\Classic Start\parseAuto.dll
2017-02-07 19:02 - 2016-10-20 09:59 - 00631072 _____ () C:\Program Files (x86)\IObit\Classic Start\ProductStatistics.dll
2017-02-07 19:02 - 2015-12-29 11:31 - 00047904 _____ () C:\Program Files (x86)\IObit\Classic Start\winkey.dll
2017-02-08 19:15 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2017-02-08 19:15 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2017-02-08 19:15 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2017-02-08 19:15 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2017-02-08 19:15 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2017-02-08 19:15 - 2014-04-25 14:11 - 02972112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\NotificationSpreader.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\str => ""="service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7930 more sites.
 
IE restricted site: HKU\PE_C_DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\PE_C_DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\PE_C_DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\PE_C_DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\PE_C_DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\PE_C_DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\PE_C_DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\PE_C_DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\PE_C_DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\PE_C_DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\PE_C_DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\PE_C_DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\PE_C_DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\PE_C_DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\PE_C_DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\PE_C_DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\PE_C_DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\PE_C_DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\PE_C_DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\PE_C_DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7930 more sites.
 
IE restricted site: HKU\S-1-5-21-1013708965-3533531930-921066416-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1013708965-3533531930-921066416-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1013708965-3533531930-921066416-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1013708965-3533531930-921066416-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1013708965-3533531930-921066416-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1013708965-3533531930-921066416-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1013708965-3533531930-921066416-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1013708965-3533531930-921066416-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1013708965-3533531930-921066416-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1013708965-3533531930-921066416-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1013708965-3533531930-921066416-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1013708965-3533531930-921066416-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1013708965-3533531930-921066416-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1013708965-3533531930-921066416-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1013708965-3533531930-921066416-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1013708965-3533531930-921066416-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1013708965-3533531930-921066416-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1013708965-3533531930-921066416-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1013708965-3533531930-921066416-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1013708965-3533531930-921066416-1001\...\123simsen.com -> www.123simsen.com
 
There are 7930 more sites.
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-26 05:26 - 2017-02-08 19:31 - 00454176 ____R C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
 
There are 15586 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1013708965-3533531930-921066416-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{F0E9452F-E858-40D7-9DC0-A8330DC96400}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{53305668-6970-4A05-9386-2C5A0AD29181}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4A386245-CAEE-4E9B-962D-870FA1E32068}] => C:\Program Files (x86)\IObit\Driver Booster\4.2.0\DriverBooster.exe
FirewallRules: [{FA2D50D2-CE67-4E93-8563-B92CB7DA83BF}] => C:\Program Files (x86)\IObit\Driver Booster\4.2.0\DriverBooster.exe
FirewallRules: [{E9CA431F-F2AD-41A1-8292-85AC178E8DAA}] => C:\Program Files (x86)\IObit\Driver Booster\4.2.0\DBDownloader.exe
FirewallRules: [{A08E21E1-F384-439D-9B53-C7ABC5B029F7}] => C:\Program Files (x86)\IObit\Driver Booster\4.2.0\DBDownloader.exe
FirewallRules: [{9723FCAF-AFA5-451F-B8DB-5628AD5B194D}] => C:\Program Files (x86)\IObit\Driver Booster\4.2.0\AutoUpdate.exe
FirewallRules: [{8303FD2F-4E2C-4B96-990E-39FFD8C36317}] => C:\Program Files (x86)\IObit\Driver Booster\4.2.0\AutoUpdate.exe
FirewallRules: [{7C528C1D-9582-49D2-AA70-684D5C4E9893}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{BECEDC0E-2765-426B-99CB-0E930B59BE93}] => C:\Program Files\Opera\43.0.2442.806\opera.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Restore Points =========================
 
07-02-2017 20:40:36 Add features to Windows 8
08-02-2017 16:29:15 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
Name: PCI Encryption/Decryption Controller
Description: PCI Encryption/Decryption Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: USB2.0-CRW
Description: USB2.0-CRW
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/08/2017 08:35:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SDTools.exe version 2.4.40.157 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 109c
 
Start Time: 01d282464d464c56
 
Termination Time: 22
 
Application Path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTools.exe
 
Report Id: fca416da-ee3d-11e6-be72-30f7720b0616
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (02/08/2017 06:21:51 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\AOMEI Partition Assistant Standard Edition 6.1\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/08/2017 06:21:51 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\AOMEI Partition Assistant Standard Edition 6.1\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/08/2017 06:18:16 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\AOMEI Partition Assistant Standard Edition 6.1\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/08/2017 06:18:16 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\AOMEI Partition Assistant Standard Edition 6.1\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/08/2017 06:13:27 PM) (Source: Windows Search Service) (EventID: 3079) (User: )
Description: Notifications for the volume C:\ are not active. 
 
Context: Windows Application
 
Details:
The parameter is incorrect.  (HRESULT : 0x80070057) (0x80070057)
 
Error: (02/08/2017 04:47:19 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\AOMEI Partition Assistant Standard Edition 6.1\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/08/2017 04:47:18 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\AOMEI Partition Assistant Standard Edition 6.1\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/08/2017 01:04:26 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: mm)
Description: App Microsoft.Camera_8wekyb3d8bbwe!Microsoft.Camera did not launch within its allotted time.
 
Error: (02/08/2017 12:27:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 51.0.1.6234 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: b20
 
Start Time: 01d2820493866679
 
Termination Time: 4294967295
 
Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
Report Id: ff7688df-edf9-11e6-be6e-30f7720b0616
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (02/08/2017 09:02:45 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
 
Error: (02/08/2017 09:02:45 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
 
Error: (02/08/2017 07:41:18 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
 
Error: (02/08/2017 07:21:30 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
 
Error: (02/08/2017 06:37:43 PM) (Source: Tcpip) (EventID: 4294) (User: )
Description: An attempt to clear a packet coalescing filter on the network adapter with hardware address 30-F7-72-0B-06-15 has failed (IPv6 0xc0010011 6).
 
Error: (02/08/2017 06:37:43 PM) (Source: Tcpip) (EventID: 4294) (User: )
Description: An attempt to clear a packet coalescing filter on the network adapter with hardware address 30-F7-72-0B-06-15 has failed (IPv6 0xc0010011 5).
 
Error: (02/08/2017 06:25:27 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
 
Error: (02/08/2017 06:17:10 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error: 
The file or directory is corrupted and unreadable.
 
Error: (02/08/2017 06:16:29 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
 
Error: (02/08/2017 05:17:44 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error: 
The file or directory is corrupted and unreadable.
 
 
==================== Memory info =========================== 
 
Processor: AMD A6-7310 APU with AMD Radeon R4 Graphics 
Percentage of memory in use: 52%
Total physical RAM: 7074.6 MB
Available physical RAM: 3383.32 MB
Total Virtual: 11426.6 MB
Available Virtual: 7935.51 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:223.18 GB) (Free:193.57 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 223.6 GB) (Disk ID: 1D0C7DC5)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 
 
 
 
 
 
 
 
 

==================== End of FRST.txt ============================ 



BC AdBot (Login to Remove)

 


#2 blueelvis

blueelvis

    Bleep Blop Bleep


  • Malware Response Team
  • 1,666 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:35 AM

Posted 10 February 2017 - 05:24 AM

Hi neil0502 & Welcome to the forums ^_^,

 

 


I would be helping you with your computer problems. Right now, I am a trainee at the Bleeping Computer Malware Removal Study Hall.
I am Pranav and now that we are friends, I would like to call you by your first name if that is fine with you    :hug:

All of my proposed fixes and suggestions must be approved by a fully-qualified Malware Removal Instructor. This will delay response times somewhat, but I will endeavor to respond within a reasonable time, normally 48 hours after your last post.

I will need some time to review your FRST logs and consult with the Malware Response Instructor (MRI) who will be assigned to supervise this topic. That could take a few days. Once I have reviewed my proposed response with the assigned MRI, I will reply to you with initial instructions.

While you wait for further instructions, kindly do not run any additional tools as that might complicate the process of fixing your computer and cause delays.

Have a nice day!

Regards,
Pranav 


Member of the Bleeping Computer A.I.I. early response team!


In case I have been helping you and you haven't received a reply from me in 48 hours, please feel free to PM me. Anything else? Still feel free to PM me :)

Did you read this? http://omgdebugging.com/5-tips-for-getting-the-best-bang-for-the-buck-at-fast-food-joints/

#3 neil0502

neil0502
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 10 February 2017 - 02:01 PM

thanks i look forward to your help



#4 blueelvis

blueelvis

    Bleep Blop Bleep


  • Malware Response Team
  • 1,666 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:35 AM

Posted 13 February 2017 - 05:45 AM

Hi Neil0502 ^_^,


Your system seems to be clean and running good. I checked out your log files and according to them, there are no other user accounts which are present on the system. I can only see the following user accounts -

Administrator (S-1-5-21-1013708965-3533531930-921066416-500 - Administrator - Enabled)
Guest (S-1-5-21-1013708965-3533531930-921066416-501 - Limited - Disabled)
kk (S-1-5-21-1013708965-3533531930-921066416-1001 - Administrator - Enabled) => C:\Users\kk
The first 2 accounts are present on Windows by default and the 3rd user account is the one with which you currently login.

I also noticed that you have set up several security defenses in place which seem to be working well since I have not found even a trace of a bad file.

If you still doubt that your machine is compromised or infected, could you please tell or show me any signs which show that the system has been compromised?
You can use this guide to take a screenshot = http://www.wikihow.com/Take-a-Screenshot-in-Microsoft-Windows

Thanks and have a nice day!


Regards,
Pranav

Member of the Bleeping Computer A.I.I. early response team!


In case I have been helping you and you haven't received a reply from me in 48 hours, please feel free to PM me. Anything else? Still feel free to PM me :)

Did you read this? http://omgdebugging.com/5-tips-for-getting-the-best-bang-for-the-buck-at-fast-food-joints/

#5 blueelvis

blueelvis

    Bleep Blop Bleep


  • Malware Response Team
  • 1,666 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:35 AM

Posted 16 February 2017 - 05:48 AM

Hi Neil0502 ^_^,


It has been 3 days since my last response. Are you still with me?



-Pranav

Member of the Bleeping Computer A.I.I. early response team!


In case I have been helping you and you haven't received a reply from me in 48 hours, please feel free to PM me. Anything else? Still feel free to PM me :)

Did you read this? http://omgdebugging.com/5-tips-for-getting-the-best-bang-for-the-buck-at-fast-food-joints/

#6 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:05 PM

Posted 19 February 2017 - 11:52 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users