Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Keep seeing popups with onclkds.com then link are redirected


  • This topic is locked This topic is locked
82 replies to this topic

#1 fabstr64

fabstr64

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 03 April 2017 - 12:58 PM

When I use a browser, either MS-IE or Mozilla Firefox, by clicking on any part of the browser from 1 to 3 popup windows open up. In the addressbar it starts with onclkds.com then the window is redirected to other websites, that could be betting sites, dating sites or else ...
 
My feeling is that I got the bug after downloading the Free Youtube Downloader file, which actually never worked (I used that software before), but when I installed it last time I started to have problems that have worsened over time.
 
I ran the following softwares: Malwarebytes, ADWcleaner, Junkware Removal Tool, Microsoft Security Essentials, Microsoft Support Emergency response Tool, Zemana, Hitman Pro, RKill, SuperAntiSpyware, Eusing Free Registry Cleaner, CCleaner (which erased everything-sigh!) and two softwares finding bugs and asking for money to clean the PC (only after the scan-Gridin Malware and Paretologic PC Health Advisor). Nothing relevant found.
I ran Hijackthis and now FRST. Here is the log
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by fab (administrator) on FAB-PC (03-04-2017 19:49:53)
Running from C:\Users\fab\Desktop\20170403-backup\fab\MyDownLo\antivirus
Loaded Profiles: fab (Available Profiles: fab)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Conexant) C:\Windows\System32\MicTray64.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\HP-NB-AIO\CxUtilSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(HP) C:\Program Files (x86)\HP\HP Hotkey Support\QLBController.exe
(HP) C:\Program Files (x86)\HP\HP Hotkey Support\HotkeyService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(HP) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(PalmSource, Inc) C:\Program Files (x86)\Palm\Hotsync.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\HP-NB-AIO\SmartAudio3.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YARNIXE.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIIXE.EXE

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartAudio] => C:\Program Files\Conexant\SA3\HP-NB-AIO\SACpl.exe [1831256 2016-01-08] (Conexant Systems, Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322472 2015-08-18] (Intel Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [296216 2015-09-25] (Intel Corporation)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [127528 2015-07-08] (Hewlett-Packard Company)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
HKLM-x32\...\Run: [HotSync] => C:\Program Files (x86)\Palm\Hotsync.exe [1392640 2008-01-03] (PalmSource, Inc)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [318128 2016-11-16] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-3826657254-1162688353-3954212084-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7946144 2017-02-06] (SUPERAntiSpyware)
HKU\S-1-5-21-3826657254-1162688353-3954212084-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIIXE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HotSync Manager.lnk [2016-12-16]
ShortcutTarget: HotSync Manager.lnk -> C:\Program Files (x86)\Palm\Hotsync.exe (PalmSource, Inc)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Manager HotSync.lnk [2016-12-16]
ShortcutTarget: Manager HotSync.lnk -> C:\Program Files (x86)\Palm\Hotsync.exe (PalmSource, Inc)
Startup: C:\Users\fab\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HotSync Manager.lnk [2016-12-16]
ShortcutTarget: HotSync Manager.lnk -> C:\Program Files (x86)\Palm\Hotsync.exe (PalmSource, Inc)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1                activate.adobe.com
Tcpip\Parameters: [DhcpNameServer] 185.162.9.197 8.8.4.4
Tcpip\..\Interfaces\{69B005FE-0ECC-40EB-BCB2-1E9E6CC986B9}: [DhcpNameServer] 185.162.9.197 8.8.4.4

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com
HKU\S-1-5-21-3826657254-1162688353-3954212084-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com
HKU\S-1-5-21-3826657254-1162688353-3954212084-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3826657254-1162688353-3954212084-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com

FireFox:
========
FF ProfilePath: C:\Users\fab\AppData\Roaming\Mozilla\Firefox\Profiles\ohlqn408.default-1491040247195 [2017-04-03]
FF Extension: (Site Deployment Checker) - C:\Users\fab\AppData\Roaming\Mozilla\Firefox\Profiles\ohlqn408.default-1491040247195\features\{a00931e4-c7ab-4f62-8fd0-8926b684c232}\deployment-checker@mozilla.org.xpi [2017-04-02]
FF Extension: (Site Deployment Checker) - C:\Program Files (x86)\Mozilla Firefox\browser\features\deployment-checker@mozilla.org.xpi [2017-03-23] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-14] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-14] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @palmsource.com/installer,version=1.0 -> C:\PROGRA~2\Palm\PACKAG~1\NPInstal.dll [2007-03-19] ()
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\fab\AppData\Local\Google\Chrome\User Data\Default [2017-04-03]
CHR Extension: (Google Slides) - C:\Users\fab\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-04-03]
CHR Extension: (Google Docs) - C:\Users\fab\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-04-03]
CHR Extension: (Google Drive) - C:\Users\fab\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-04-03]
CHR Extension: (YouTube) - C:\Users\fab\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-03]
CHR Extension: (Google Sheets) - C:\Users\fab\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-04-03]
CHR Extension: (Google Docs Offline) - C:\Users\fab\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-04-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\fab\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-03]
CHR Extension: (Gmail) - C:\Users\fab\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-04-03]
CHR Extension: (Chrome Media Router) - C:\Users\fab\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-03]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-31] (SUPERAntiSpyware.com)
R2 CxUtilSvc; C:\Program Files\Conexant\SA3\HP-NB-AIO\CxUtilSvc.exe [135288 2015-08-09] (Conexant Systems, Inc.)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 HP Hotkey Service; C:\Program Files (x86)\HP\HP Hotkey Support\HotkeyService.exe [781864 2015-12-21] (HP)
R3 hpqwmiex; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [1102560 2015-10-19] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [24888 2015-07-11] (Hewlett-Packard Company)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-08-18] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373736 2016-04-27] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2016-01-07] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-12-02] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (DEVGURU Co., LTD.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246376 2016-01-09] (Synaptics Incorporated)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [76288 2015-09-24] (Synaptics Incorporated)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3832224 2015-12-02] (Intel® Corporation)
S3 PasscapeLoader64; "J:\WPR\loader64.exe" [X]
S3 WprPasscapeLoader; "J:\WPR\loader.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 iaStorB; C:\Windows\system32\drivers\iaStorB.sys [580592 2014-06-13] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [31144 2015-08-27] (Intel Corporation)
S3 iaStorS; C:\Windows\system32\drivers\iaStorS.sys [658416 2014-06-13] (Intel Corporation)
S3 megasas2; C:\Windows\system32\drivers\megasas2.sys [52048 2013-02-06] (LSI Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [180264 2015-12-24] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3422472 2016-01-01] (Intel Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 rccfg; C:\Windows\system32\drivers\rccfg.sys [21680 2015-03-12] (AMD, Inc.)
S3 rcraid; C:\Windows\system32\drivers\rcraid.sys [540336 2015-03-12] (AMD, Inc.)
S3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [753368 2015-06-16] (Realsil Semiconductor Corporation)
U5 RTSUER; C:\Windows\System32\Drivers\RTSUER.sys [402136 2015-05-28] (Realsil Semiconductor Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [2665496 2014-12-09] ()
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-03 18:33 - 2017-04-03 18:33 - 00053228 _____ C:\Users\fab\Desktop\NewPostOnBleepingComputer.txt
2017-04-03 18:06 - 2017-04-03 19:49 - 00000000 ____D C:\FRST
2017-04-03 17:41 - 2017-04-03 17:45 - 00000000 ____D C:\Users\fab\Desktop\20170403-backup
2017-04-03 16:55 - 2017-04-03 18:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-04-03 16:54 - 2017-04-03 16:58 - 00000000 ____D C:\Program Files (x86)\Google
2017-04-03 16:54 - 2017-04-03 16:57 - 00000000 ____D C:\Users\fab\AppData\Local\Google
2017-04-03 16:39 - 2017-04-03 16:50 - 00221090 _____ C:\TDSSKiller.3.1.0.12_03.04.2017_16.39.06_log.txt
2017-04-03 11:59 - 2017-04-03 12:00 - 00000000 ____D C:\KVRT_Data
2017-04-03 08:25 - 2017-04-03 08:25 - 00000000 __SHD C:\found.000
2017-04-02 21:00 - 2017-04-02 21:00 - 00001170 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-04-02 21:00 - 2017-04-02 21:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-04-02 21:00 - 2017-04-02 21:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-04-02 18:59 - 2017-04-03 18:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2017-04-02 18:59 - 2017-04-02 18:59 - 00001815 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2017-04-02 18:59 - 2017-04-02 18:59 - 00000000 ____D C:\Users\fab\AppData\Roaming\SUPERAntiSpyware.com
2017-04-02 18:59 - 2017-04-02 18:59 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2017-04-02 18:59 - 2017-04-02 18:59 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-04-02 18:22 - 2017-04-02 18:22 - 00000000 ____D C:\Users\fab\AppData\Roaming\ParetoLogic
2017-04-02 16:46 - 2017-04-02 16:46 - 00003152 _____ C:\Windows\System32\Tasks\{6595E3C3-6E38-407E-8BDA-922C3EA156BE}
2017-04-02 16:25 - 2017-04-02 16:25 - 00003252 _____ C:\Windows\System32\Tasks\GridinSoft Anti-Malware
2017-04-02 16:24 - 2017-04-02 16:24 - 00000000 ____D C:\ProgramData\GridinSoft
2017-04-02 14:02 - 2017-04-02 14:28 - 00000000 ____D C:\ProgramData\HitmanPro
2017-04-02 13:02 - 2017-04-02 20:00 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-04-02 13:02 - 2017-04-02 19:59 - 00212144 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-04-02 13:02 - 2017-04-02 15:46 - 00060766 _____ C:\Windows\ZAM.krnl.trace
2017-04-02 13:01 - 2017-04-02 13:01 - 00000000 ____D C:\Users\fab\AppData\Local\Zemana
2017-03-22 18:44 - 2017-04-01 11:26 - 00000000 ____D C:\Users\fab\dwhelper
2017-03-15 11:27 - 2017-03-04 19:24 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-03-15 11:27 - 2017-03-04 18:39 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-03-15 11:27 - 2017-03-04 10:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-03-15 11:27 - 2017-03-04 10:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-03-15 11:27 - 2017-03-04 10:02 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-03-15 11:27 - 2017-03-04 10:01 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-03-15 11:27 - 2017-03-04 10:01 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-03-15 11:27 - 2017-03-04 10:01 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-03-15 11:27 - 2017-03-04 10:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-03-15 11:27 - 2017-03-04 09:59 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-03-15 11:27 - 2017-03-04 09:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-03-15 11:27 - 2017-03-04 09:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-03-15 11:27 - 2017-03-04 09:48 - 25746944 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-03-15 11:27 - 2017-03-04 09:46 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-03-15 11:27 - 2017-03-04 09:45 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-03-15 11:27 - 2017-03-04 09:45 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-03-15 11:27 - 2017-03-04 09:45 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-03-15 11:27 - 2017-03-04 09:44 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-03-15 11:27 - 2017-03-04 09:36 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-03-15 11:27 - 2017-03-04 09:32 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-03-15 11:27 - 2017-03-04 09:31 - 06045696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-03-15 11:27 - 2017-03-04 09:23 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-03-15 11:27 - 2017-03-04 09:21 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-03-15 11:27 - 2017-03-04 09:16 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-03-15 11:27 - 2017-03-04 09:16 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-03-15 11:27 - 2017-03-04 09:13 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-03-15 11:27 - 2017-03-04 09:11 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-03-15 11:27 - 2017-03-04 08:57 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-03-15 11:27 - 2017-03-04 08:55 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-03-15 11:27 - 2017-03-04 08:54 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-03-15 11:27 - 2017-03-04 08:52 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-03-15 11:27 - 2017-03-04 08:52 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-03-15 11:27 - 2017-03-04 08:26 - 15259648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-03-15 11:27 - 2017-03-04 08:25 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-03-15 11:27 - 2017-03-04 08:12 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-03-15 11:27 - 2017-03-04 08:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-03-15 11:27 - 2017-03-04 06:18 - 20281856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-03-15 11:27 - 2017-03-02 20:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-03-15 11:27 - 2017-03-02 20:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-03-15 11:27 - 2017-03-02 20:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-03-15 11:27 - 2017-03-02 20:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-03-15 11:27 - 2017-03-02 20:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-03-15 11:27 - 2017-03-02 20:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-03-15 11:27 - 2017-03-02 19:55 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-03-15 11:27 - 2017-03-02 19:54 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-03-15 11:27 - 2017-03-02 19:53 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-03-15 11:27 - 2017-03-02 19:51 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-03-15 11:27 - 2017-03-02 19:50 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-03-15 11:27 - 2017-03-02 19:49 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-03-15 11:27 - 2017-03-02 19:49 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-03-15 11:27 - 2017-03-02 19:41 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-03-15 11:27 - 2017-03-02 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-03-15 11:27 - 2017-03-02 19:35 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-03-15 11:27 - 2017-03-02 19:32 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-03-15 11:27 - 2017-03-02 19:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-03-15 11:27 - 2017-03-02 19:29 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-03-15 11:27 - 2017-03-02 19:28 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-03-15 11:27 - 2017-03-02 19:22 - 04604416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-03-15 11:27 - 2017-03-02 19:21 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-03-15 11:27 - 2017-03-02 19:19 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-03-15 11:27 - 2017-03-02 19:17 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-03-15 11:27 - 2017-03-02 19:17 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-03-15 11:27 - 2017-03-02 19:11 - 13654528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-03-15 11:27 - 2017-03-02 18:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-03-15 11:27 - 2017-03-02 18:50 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-03-15 11:27 - 2017-03-02 18:50 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-03-15 11:27 - 2017-02-11 17:58 - 00462848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-03-15 11:27 - 2017-02-11 17:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-03-15 11:27 - 2017-02-11 17:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-03-15 11:27 - 2017-02-10 18:32 - 00803328 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-03-15 11:27 - 2017-02-10 18:32 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-03-15 11:27 - 2017-02-10 18:17 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-03-15 11:27 - 2017-02-10 18:17 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-03-15 11:27 - 2017-02-10 16:33 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-03-15 11:27 - 2017-02-09 18:36 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-03-15 11:27 - 2017-02-09 18:35 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-03-15 11:27 - 2017-02-09 18:35 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-03-15 11:27 - 2017-02-09 18:35 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-03-15 11:27 - 2017-02-09 18:35 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-03-15 11:27 - 2017-02-09 18:33 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-03-15 11:27 - 2017-02-09 18:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-03-15 11:27 - 2017-02-09 18:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-03-15 11:27 - 2017-02-09 18:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-03-15 11:27 - 2017-02-09 18:32 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-03-15 11:27 - 2017-02-09 18:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-03-15 11:27 - 2017-02-09 18:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-03-15 11:27 - 2017-02-09 18:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-03-15 11:27 - 2017-02-09 18:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-03-15 11:27 - 2017-02-09 18:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-03-15 11:27 - 2017-02-09 18:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-03-15 11:27 - 2017-02-09 18:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-03-15 11:27 - 2017-02-09 18:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-03-15 11:27 - 2017-02-09 18:32 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
2017-03-15 11:27 - 2017-02-09 18:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-03-15 11:27 - 2017-02-09 18:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-03-15 11:27 - 2017-02-09 18:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-03-15 11:27 - 2017-02-09 18:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-03-15 11:27 - 2017-02-09 18:31 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-03-15 11:27 - 2017-02-09 18:31 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-03-15 11:27 - 2017-02-09 18:31 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-03-15 11:27 - 2017-02-09 18:31 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-03-15 11:27 - 2017-02-09 18:31 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-03-15 11:27 - 2017-02-09 18:31 - 00625664 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2017-03-15 11:27 - 2017-02-09 18:31 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-03-15 11:27 - 2017-02-09 18:31 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-03-15 11:27 - 2017-02-09 18:31 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-03-15 11:27 - 2017-02-09 18:31 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-03-15 11:27 - 2017-02-09 18:31 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2017-03-15 11:27 - 2017-02-09 18:31 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-03-15 11:27 - 2017-02-09 18:31 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-03-15 11:27 - 2017-02-09 18:31 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-03-15 11:27 - 2017-02-09 18:31 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-03-15 11:27 - 2017-02-09 18:31 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-03-15 11:27 - 2017-02-09 18:31 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-03-15 11:27 - 2017-02-09 18:31 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-03-15 11:27 - 2017-02-09 18:31 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-03-15 11:27 - 2017-02-09 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-03-15 11:27 - 2017-02-09 18:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-03-15 11:27 - 2017-02-09 18:31 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-03-15 11:27 - 2017-02-09 18:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-15 11:27 - 2017-02-09 18:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-15 11:27 - 2017-02-09 18:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-15 11:27 - 2017-02-09 18:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-03-15 11:27 - 2017-02-09 18:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-15 11:27 - 2017-02-09 18:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-03-15 11:27 - 2017-02-09 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-15 11:27 - 2017-02-09 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-15 11:27 - 2017-02-09 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-15 11:27 - 2017-02-09 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-03-15 11:27 - 2017-02-09 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-03-15 11:27 - 2017-02-09 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-15 11:27 - 2017-02-09 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-03-15 11:27 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-03-15 11:27 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-03-15 11:27 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-03-15 11:27 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-03-15 11:27 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-03-15 11:27 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-15 11:27 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-03-15 11:27 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-03-15 11:27 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-15 11:27 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-03-15 11:27 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-03-15 11:27 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-03-15 11:27 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-03-15 11:27 - 2017-02-09 18:19 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-03-15 11:27 - 2017-02-09 18:19 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-03-15 11:27 - 2017-02-09 18:16 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-03-15 11:27 - 2017-02-09 18:14 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-03-15 11:27 - 2017-02-09 18:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-03-15 11:27 - 2017-02-09 18:14 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-03-15 11:27 - 2017-02-09 18:14 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-03-15 11:27 - 2017-02-09 18:14 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-03-15 11:27 - 2017-02-09 18:14 - 00481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2017-03-15 11:27 - 2017-02-09 18:14 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-03-15 11:27 - 2017-02-09 18:14 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-03-15 11:27 - 2017-02-09 18:14 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-03-15 11:27 - 2017-02-09 18:14 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-03-15 11:27 - 2017-02-09 18:14 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-03-15 11:27 - 2017-02-09 18:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
2017-03-15 11:27 - 2017-02-09 18:14 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-03-15 11:27 - 2017-02-09 18:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-03-15 11:27 - 2017-02-09 18:14 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-03-15 11:27 - 2017-02-09 18:14 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-03-15 11:27 - 2017-02-09 18:14 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-03-15 11:27 - 2017-02-09 18:14 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-03-15 11:27 - 2017-02-09 18:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-03-15 11:27 - 2017-02-09 18:14 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-03-15 11:27 - 2017-02-09 18:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-03-15 11:27 - 2017-02-09 18:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-03-15 11:27 - 2017-02-09 18:14 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-03-15 11:27 - 2017-02-09 18:14 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-03-15 11:27 - 2017-02-09 18:14 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-03-15 11:27 - 2017-02-09 18:14 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-03-15 11:27 - 2017-02-09 18:14 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-15 11:27 - 2017-02-09 18:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-15 11:27 - 2017-02-09 18:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-03-15 11:27 - 2017-02-09 18:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-03-15 11:27 - 2017-02-09 18:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-15 11:27 - 2017-02-09 18:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-03-15 11:27 - 2017-02-09 18:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-15 11:27 - 2017-02-09 18:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-15 11:27 - 2017-02-09 18:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-03-15 11:27 - 2017-02-09 18:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-15 11:27 - 2017-02-09 18:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-15 11:27 - 2017-02-09 18:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-03-15 11:27 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-03-15 11:27 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-15 11:27 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-03-15 11:27 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-03-15 11:27 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-03-15 11:27 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-03-15 11:27 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-15 11:27 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-03-15 11:27 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-03-15 11:27 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-03-15 11:27 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-03-15 11:27 - 2017-02-09 18:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-03-15 11:27 - 2017-02-09 18:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-03-15 11:27 - 2017-02-09 18:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-03-15 11:27 - 2017-02-09 18:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-03-15 11:27 - 2017-02-09 18:00 - 03220480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-03-15 11:27 - 2017-02-09 17:59 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-03-15 11:27 - 2017-02-09 17:58 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-03-15 11:27 - 2017-02-09 17:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-03-15 11:27 - 2017-02-09 17:55 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-03-15 11:27 - 2017-02-09 17:55 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-03-15 11:27 - 2017-02-09 17:54 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-03-15 11:27 - 2017-02-09 17:54 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-03-15 11:27 - 2017-02-09 17:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-03-15 11:27 - 2017-02-09 17:51 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcsPlugInService.dll
2017-03-15 11:27 - 2017-02-09 17:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-03-15 11:27 - 2017-02-09 17:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-03-15 11:27 - 2017-02-09 17:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-03-15 11:27 - 2017-02-09 17:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-03-15 11:27 - 2017-02-09 17:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-03-15 11:27 - 2017-02-09 17:49 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-03-15 11:27 - 2017-02-09 17:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-15 11:27 - 2017-02-09 17:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-03-15 11:27 - 2017-02-09 17:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-03-15 11:27 - 2017-02-09 16:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-03-15 11:27 - 2017-02-09 16:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-03-15 11:27 - 2017-02-06 18:14 - 00733696 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-03-15 11:27 - 2017-01-13 20:00 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-03-15 11:27 - 2017-01-13 20:00 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2017-03-15 11:27 - 2017-01-13 19:45 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-03-15 11:27 - 2017-01-13 19:45 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2017-03-15 11:27 - 2017-01-11 20:01 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-03-15 11:27 - 2017-01-11 20:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2017-03-15 11:27 - 2017-01-11 19:43 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2017-03-15 11:27 - 2017-01-11 19:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2017-03-15 11:27 - 2017-01-06 20:00 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-03-15 11:27 - 2017-01-06 19:44 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-03-15 11:25 - 2017-02-23 01:42 - 00084712 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-03-15 11:25 - 2017-02-23 01:37 - 01285632 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-03-15 11:25 - 2017-02-18 16:05 - 01609216 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-03-15 11:25 - 2017-02-18 16:05 - 00646656 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-03-15 11:25 - 2016-12-31 17:36 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-03-15 11:25 - 2016-12-31 17:36 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-03-15 11:25 - 2016-12-31 17:36 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-03-15 11:25 - 2016-12-31 17:36 - 00233984 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-03-15 11:25 - 2016-12-31 17:36 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-03 19:37 - 2017-01-05 10:09 - 00000000 ____D C:\Users\fab\AppData\Roaming\vlc
2017-04-03 18:56 - 2016-11-16 20:05 - 00000000 ____D C:\Users\fab\AppData\LocalLow\Mozilla
2017-04-03 18:49 - 2009-07-14 06:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-03 18:49 - 2009-07-14 06:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-03 18:46 - 2009-07-14 07:13 - 00783606 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-03 18:46 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2017-04-03 18:41 - 2016-09-27 19:38 - 00000000 __SHD C:\Users\fab\IntelGraphicsProfiles
2017-04-03 18:41 - 2016-09-27 19:07 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-04-03 18:41 - 2016-09-27 19:02 - 00000000 ____D C:\ProgramData\Synaptics
2017-04-03 18:41 - 2016-09-27 16:04 - 00087336 _____ C:\Users\fab\AppData\Local\GDIPFONTCACHEV1.DAT
2017-04-03 18:41 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-03 18:39 - 2016-12-16 10:54 - 00000000 ____D C:\Users\fab\Documents\Palm OS Desktop
2017-04-03 18:39 - 2016-11-17 14:42 - 00000000 ____D C:\Windows\Minidump
2017-04-03 18:39 - 2016-11-04 19:14 - 00000000 ____D C:\ProgramData\FLEXnet
2017-04-03 18:39 - 2016-09-27 19:18 - 00000000 ___HD C:\Windows\system32\WLANProfiles
2017-04-03 18:39 - 2016-09-26 22:56 - 00000000 ____D C:\Users\fab
2017-04-03 18:39 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2017-04-03 17:03 - 2016-09-27 07:21 - 00000000 ____D C:\Windows\Panther
2017-04-02 21:11 - 2016-09-27 18:20 - 00003910 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{C83D630E-5F38-48F1-B7FB-ED797B6227BF}
2017-04-02 18:01 - 2016-11-23 17:25 - 00000000 ____D C:\AdwCleaner
2017-04-02 17:21 - 2016-11-23 16:55 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-03-30 21:08 - 2010-11-21 05:27 - 00513192 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2017-03-24 23:21 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2017-03-21 19:46 - 2016-09-26 22:56 - 00000000 ____D C:\Users\fab\AppData\Local\VirtualStore
2017-03-15 15:11 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2017-03-15 14:42 - 2009-07-14 06:45 - 02625736 _____ C:\Windows\system32\FNTCACHE.DAT
2017-03-15 14:40 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\DVD Maker
2017-03-15 14:39 - 2016-10-01 03:35 - 00000000 ___SD C:\Windows\system32\CompatTel
2017-03-15 14:39 - 2016-10-01 03:35 - 00000000 ____D C:\Windows\system32\appraiser
2017-03-15 14:15 - 2016-09-30 08:10 - 00000000 ____D C:\Windows\system32\MRT
2017-03-15 14:13 - 2016-09-30 08:09 - 138634176 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-03-14 15:07 - 2016-11-07 09:31 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-03-14 15:07 - 2016-11-07 09:31 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-14 15:07 - 2016-11-07 09:31 - 00000000 ____D C:\Windows\system32\Macromed
2017-03-14 15:07 - 2016-11-04 18:46 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-03-14 15:07 - 2016-11-04 18:46 - 00000000 ____D C:\Users\fab\AppData\Local\Adobe
2017-03-06 10:59 - 2016-09-28 19:08 - 00000000 ____D C:\Users\fab\AppData\Local\ElevatedDiagnostics

==================== Files in the root of some directories =======

2016-12-06 09:56 - 2017-01-18 22:50 - 0005120 _____ () C:\Users\fab\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-09-27 19:01 - 2016-09-27 19:03 - 1594036 _____ () C:\ProgramData\SynFPRmsiLogs.log

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-04-03 10:31

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by fab (03-04-2017 19:50:35)
Running from C:\Users\fab\Desktop\20170403-backup\fab\MyDownLo\antivirus
Windows 7 Professional Service Pack 1 (X64) (2016-09-26 20:56:20)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3826657254-1162688353-3954212084-500 - Administrator - Disabled)
fab (S-1-5-21-3826657254-1162688353-3954212084-1000 - Administrator - Enabled) => C:\Users\fab
Guest (S-1-5-21-3826657254-1162688353-3954212084-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.2.443 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.1.0.5790 - Adobe Systems Inc.)
Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 4 Master Collection (HKLM-x32\...\Adobe_b2d6abde968e6f277ddbfd501383e02) (Version: 4.0 - Adobe Systems Incorporated)
Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{3A6829EF-0791-4FDD-9382-C690DD0821B9}) (Version: 10.0.2.54 - Adobe Systems, Inc.)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.19) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.19 - Adobe Systems Incorporated)
Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.133.0 - Conexant Systems)
Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON Universal Print Driver 2.62 (HKLM-x32\...\{00324A41-F61C-4AE7-86A8-781270B72248}) (Version: 1.00.0000 - Epson Europe)
EPSON Universal Print Driver Printer Uninstall (HKLM\...\EPSON Universal Print Driver) (Version: - SEIKO EPSON Corporation)
EPSON WF-2510 Series Printer Uninstall (HKLM\...\EPSON WF-2510 Series) (Version: - SEIKO EPSON Corporation)
GIMP 2.8.18 (HKLM\...\GIMP-2_is1) (Version: 2.8.18 - The GIMP Team)
HP 3D DriveGuard (HKLM-x32\...\{E8D0E2B8-B64B-44BC-8E01-00DDACBDF78A}) (Version: 6.0.28.1 - Hewlett-Packard Company)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{B9947FC1-4DC3-43CC-8106-8C9E43D6F349}) (Version: 3.3.1 - Hewlett-Packard Company)
HP Hotkey Support (HKLM-x32\...\{26FAA50B-1840-42CC-9AE9-8ECF89D28A8D}) (Version: 6.2.18.1 - HP)
HP SoftPaq Download Manager (HKLM-x32\...\{BB51845C-10A6-457F-A215-9B2D3E130889}) (Version: 3.6.2.0 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.0.29.6 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{8B2A4795-A036-42FC-800A-7CE294276B10}) (Version: 12.0.26.62 - Hewlett-Packard Company)
Intel® Chipset Device Software (x32 Version: 10.1.1.9 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1177 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4444 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.6.1.1030 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 4.0.2.42 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{f6a1d9e5-6ef0-4bdb-8637-4241ffee4179}) (Version: 18.32.1 - Intel Corporation)
kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
LibreOffice 5.2.2.2 (HKLM-x32\...\{69751441-D5E0-4668-893F-CB797B082D09}) (Version: 5.2.2.2 - The Document Foundation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Camera Codec Pack (HKLM\...\{A40DE187-D051-44A2-89BE-A9A45C36572C}) (Version: 6.3.9723.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 52.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 52.0.2 (x86 en-US)) (Version: 52.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.2 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Palm Desktop by ACCESS (HKLM-x32\...\{FD6034A3-655C-49F0-B496-D4CBFD74D7A7}) (Version: 6.4.0.0 - Nome società)
palmOne (HKLM-x32\...\{E434580A-2D4A-4433-A81E-4BCAE86AD148}) (Version: 4.1.0420 - Palm, Inc.)
PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: - )
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.370.95 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.94.723.2015 - Realtek)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.4.16113.3 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.4.16113.3 - Samsung Electronics Co., Ltd.) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.61.0 - Samsung Electronics Co., Ltd.)
Sony RAW Driver (HKLM-x32\...\{166FCF01-AC98-4288-A01C-90BEB808C059}) (Version: 2.0.00.08130 - Sony Corporation)
Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1236 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.43 - Synaptics Incorporated)
Synaptics WBF Fingerprint Reader (HKLM\...\{B9151DD5-DAFE-494E-AA1F-C351D5FD9E9B}) (Version: 4.5.321.0 - Synaptics)
Treodesktop 2.14 (HKLM-x32\...\Treodesktop_is1) (Version: - Treodesktop)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0C17145B-048B-4615-AD85-93F9DB74F52C} - System32\Tasks\{AF83E6E4-4BAD-427D-AC1B-E4B2BA1EF249} => pcalua.exe -a J:\Passcape.Windows.Password.Recovery.v3.3.1.312.Advanced.Edition\wpr_setup.exe -d J:\Passcape.Windows.Password.Recovery.v3.3.1.312.Advanced.Edition
Task: {1A8A67DF-E81F-4630-A293-326DCC68795E} - System32\Tasks\HP\HP Hotkey Support\Start QLBController Process => C:\Program Files (x86)\HP\HP Hotkey Support\QLBController.exe [2015-12-21] (HP)
Task: {24DB0169-CE0D-4057-88F6-CE83BE3342AA} - System32\Tasks\Microsoft\Windows\Conexant\MicTray => C:\Windows\System32\MicTray64.exe [2015-12-24] (Conexant)
Task: {65376F33-86B7-4717-9470-0B10B376826F} - System32\Tasks\{B775A4C3-ABD6-4425-82CB-072CD08AD0ED} => C:\Program Files (x86)\Free YouTube Downloader\YouTubeDownloader.exe
Task: {6A31F8F7-1053-44A9-9E12-AA3703045BBC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\First Boot => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe [2015-07-11] (Hewlett-Packard Company)
Task: {75F70BC8-BA68-404A-90C7-DA1592E17E15} - System32\Tasks\{33888B25-E78D-4CAD-BA89-320A92886BED} => C:\Program Files (x86)\Free YouTube Downloader\YouTubeDownloader.exe
Task: {79730A19-CDC5-4389-84EF-DA588E6CE1D8} - System32\Tasks\{00A1D3B9-2C2A-4A49-B4D6-1C5A6071D4F5} => C:\Program Files (x86)\Free YouTube Downloader\YouTubeDownloader.exe
Task: {9483D673-DCDA-41C6-8DE3-D5C1B9DA14AE} - System32\Tasks\{20AB39C4-0E95-413F-91D5-DCE7601BA7D4} => C:\Program Files (x86)\Free YouTube Downloader\YouTubeDownloader.exe
Task: {9CB1DE93-5E50-448E-8282-27253A171947} - System32\Tasks\{352F7E10-6FD3-4937-BF2C-42C039BD30FB} => pcalua.exe -a F:\SETUP.EXE -d F:\
Task: {BADE6916-5BDB-4411-8A73-02F36B56BF74} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-07-11] (Hewlett-Packard Company)
Task: {BB19623B-D2BC-4EE6-8D9D-37344A58E05B} - System32\Tasks\{6595E3C3-6E38-407E-8BDA-922C3EA156BE} => pcalua.exe -a C:\Users\fab\Downloads\antivirus\HijackThis.exe -d C:\Users\fab\Downloads\antivirus
Task: {C9B5AA8B-7EBE-4749-A89B-600BFA401E31} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {F56E1747-B315-47DF-B14F-5796E6A0CF10} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {F7F8A2C1-1CB7-4B8B-A7B4-622924943200} - System32\Tasks\GridinSoft Anti-Malware => C:\Program Files\GridinSoft Anti-Malware\gsam.exe
Task: {F906F3E0-3F0B-4196-8E95-CD91EF662E51} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-06-19] (Hewlett-Packard)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-11-13 16:06 - 2011-03-02 13:40 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2016-09-27 19:05 - 2016-04-27 16:05 - 00401904 _____ () C:\Windows\system32\igfxTray.exe
2016-01-07 01:48 - 2016-01-07 01:48 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2016-11-13 16:51 - 00000857 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 activate.adobe.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3826657254-1162688353-3954212084-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 185.162.9.197 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{05219D1A-8E4E-4CFC-85D7-B2193F3037F1}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{F018FF73-049A-4777-A8E5-F1031FF08617}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F84B1F30-2F5B-40F2-9717-E351934F5663}] => (Allow) LPort=5353
FirewallRules: [{EC42F339-046C-424B-A882-2B68F7A53D0C}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
FirewallRules: [{8598776C-441E-451C-BDAA-4EA38DE39050}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

==================== Restore Points =========================

20-03-2017 17:37:53 Windows Update
24-03-2017 08:53:52 Windows Update
28-03-2017 08:34:54 Windows Update
31-03-2017 09:01:14 Windows Update
02-04-2017 18:10:12 JRT Pre-Junkware Removal
02-04-2017 23:45:19 Windows Update
03-04-2017 18:35:40 Restore Operation
03-04-2017 18:51:26 Windows Update

==================== Faulty Device Manager Devices =============

Name: ZAM Helper Driver
Description: ZAM Helper Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ZAM
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: ZAM Guard Driver
Description: ZAM Guard Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ZAM_Guard
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Communications Port (COM3)
Description: Communications Port
Class Guid: {4d36e978-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard port types)
Service: Serial
Problem: : Windows cannot determine the settings for this device. Consult the documentation that came with this device and use the Resource tab to set the configuration. (Code 34)
Resolution: The device requires manual configuration. See the hardware documentation or contact the hardware vendor for instructions on manually configuring the device. After you configure the device itself, you can use the "Resources" tab in Device Manager to configure the resource settings in Windows.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/03/2017 06:41:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (04/03/2017 05:21:38 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/03/2017 05:21:38 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/03/2017 05:21:38 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/03/2017 05:21:38 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)

Error: (04/03/2017 05:21:36 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/03/2017 05:21:36 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

Details:
The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)

Error: (04/03/2017 05:21:36 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/03/2017 05:21:36 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/03/2017 05:21:35 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: The Windows Search Service cannot open the Jet property store.

Details:
0x%08x (0xc0041800 - The content index database is corrupt. (HRESULT : 0xc0041800))


System errors:
=============
Error: (04/03/2017 06:51:57 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.239.713.0).

Error: (04/03/2017 06:51:43 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.239.603.0

Update Source: Microsoft Update Server

Update Stage: Install

Source Path: http://www.microsoft.com

Signature Type: AntiVirus

Update Type: Full

User: NT AUTHORITY\SYSTEM

Current Engine Version:

Previous Engine Version: 1.1.13601.0

Error code: 0x80070643

Error description: Fatal error during installation.

Error: (04/03/2017 06:40:46 PM) (Source: Microsoft Antimalware) (EventID: 2004) (User: )
Description: Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.

Signatures Attempted: Current

Error Code: 0x80070002

Error description: The system cannot find the file specified.

Signature version: 0.0.0.0;0.0.0.0

Engine version: 0.0.0.0

Error: (04/03/2017 05:31:55 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.239.713.0).

Error: (04/03/2017 05:31:39 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.239.603.0

Update Source: Microsoft Update Server

Update Stage: Install

Source Path: http://www.microsoft.com

Signature Type: AntiVirus

Update Type: Full

User: NT AUTHORITY\SYSTEM

Current Engine Version:

Previous Engine Version: 1.1.13601.0

Error code: 0x80070643

Error description: Fatal error during installation.

Error: (04/03/2017 05:21:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (04/03/2017 05:21:38 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (04/03/2017 01:38:50 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (04/03/2017 01:38:50 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (04/03/2017 12:46:34 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.


==================== Memory info ===========================

Processor: Intel® Core™ i7-6500U CPU @ 2.50GHz
Percentage of memory in use: 40%
Total physical RAM: 8088.59 MB
Available physical RAM: 4848.06 MB
Total Virtual: 16175.37 MB
Available Virtual: 12845.81 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:912.36 GB) (Free:785.84 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:16.14 GB) (Free:1.76 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.93 GB) FAT32
Drive g: (Seagate Backup Plus Drive) (Fixed) (Total:931.51 GB) (Free:144.62 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 8F8FFF7F)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=912.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=16.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0B)

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 13BC6A61)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
==================== End of FRST.txt ============================

Attached Files


Edited by Oh My!, 05 April 2017 - 07:42 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,608 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:01 PM

Posted 05 April 2017 - 07:37 PM

Greetings fabstr64 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Your computer is clean. Do you know how to factory reset your modem and/or router?

Edited by Oh My!, 05 April 2017 - 07:48 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 fabstr64

fabstr64
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 07 April 2017 - 07:23 AM

Hi Gary,

please call me fabrizio.

I know how to factory reset the modem/router. I'll do it.

But why would the pop-up windows appear also in different places?

Thank you,

-fabrizio



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,608 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:01 PM

Posted 07 April 2017 - 09:32 AM

Not sure what you mean by different places. Pop ups are typically randomized events.

If things don't change after reset we will address the browsers. It may be both browsers continue to be compromised despite the numerous programs you have run.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 fabstr64

fabstr64
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 09 April 2017 - 10:57 AM

Thank you Gary! For different places I mean for example at work, in a bar or in a different city.

I am not seeing popups in other locations.

 

As soon as I will go back, I will reset the router and keep you posted.

In the meantime I thank you again,

-fabrizio



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,608 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:01 PM

Posted 09 April 2017 - 06:11 PM

:thumbsup2:
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,608 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:01 PM

Posted 12 April 2017 - 09:22 AM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 fabstr64

fabstr64
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 14 April 2017 - 01:13 AM

Dear Gary,

I am sorry I was traveling for work. YES I still need help. I reset the router to factory setting; re-installed and the onclkad windows keep popping up, especially when I read the newspaper.

What do you think should I do next.

Sorry for responding so late.

Thank you for all your help,

-fabrizio



#9 fabstr64

fabstr64
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 14 April 2017 - 01:19 AM

Hey Gary,

one more thing. When I reinstallad the router, I gave the same name to the network as before. Do you think can this be a problem?

Thank you again for all your help,

-fabrizio



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,608 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:01 PM

Posted 14 April 2017 - 09:15 AM

Greetings Fabrizio.

Thank you for the information and explanation. No problem on the delay, I just need to know you are still with me.

I gave the same name to the network as before.

This is perfectly fine. Just make sure it is password protected. The goal in the reset was to clear out any potential router infection. If that was our problem, which it is not, no matter what we did with your computer we would not accomplish a thing.

Please do this.

===================================================

SystemLook by jpshortstuff

--------------------
  • Please download SystemLook for either 64 bit or 32 bit systems and save it to your Desktop.
  • Right-click SystemLook.exe and select Run as administrator...
  • Copy the content of the following codebox into the main textfield:
:filefind
*onclkad*
:regfind
*onclkad*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • SystemLook log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 fabstr64

fabstr64
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 15 April 2017 - 03:56 AM

Hi Gary,

thank you very much. This is incredible. Nothing is found, but I keep seeing the popup window.

Another window was opening with the address onclkds and I tried also to substitute ad with ds in the lines you sent me.

I forgot to say in my initial message that before contacting you, I just re-installed Firefox.

Thank you again,

-fabrizio

 

 

 

SystemLook 30.07.11 by jpshortstuff
Log created at 09:57 on 15/04/2017 by fab
Administrator - Elevation successful

========== filefind ==========

Searching for "*onclkad*"
No files found.

========== regfind ==========

Searching for "*onclkad*"
No data found.

-= EOF =-

 

 

Second with onclkds

 

SystemLook 30.07.11 by jpshortstuff
Log created at 10:36 on 15/04/2017 by fab
Administrator - Elevation successful

========== filefind ==========

Searching for "*onclkds*"
No files found.

========== regfind ==========

Searching for "*onclkds*"
No data found.

-= EOF =-



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,608 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:01 PM

Posted 15 April 2017 - 01:57 PM

Thank you for the information.

Can you confirm you are still not receiving any pop ups when you access the Internet away from home? Do you have a combination modem/router or are they separate devices?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 fabstr64

fabstr64
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 16 April 2017 - 02:50 AM

Hi Gary,

at the present time I am elsewhere, I am using the same type of modem/router Kraun and I am not seeing popups. Yesterday, they were no longer appearing from newspapers pages but randomly from other sites. I will return on Tuesday.

Happy Easter,

-fabrizio



#14 fabstr64

fabstr64
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 19 April 2017 - 02:39 AM

Hi Gary,

I am back and popups appeared again from various sites. I am afraid that it could be the router as you said because I haven't seen one in days using a different one.

What do you think?

Thank you so much for all your help.

-fabrizio



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,608 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:01 PM

Posted 19 April 2017 - 09:14 AM

Not surprised.

What is the model number of the device?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users