Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Probably part of a bot net. Cannot get out of it. Expert help Required.


  • This topic is locked This topic is locked
3 replies to this topic

#1 ubermarx

ubermarx

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:37 PM

Posted 22 April 2017 - 02:26 PM

I think I am probably part of a botnet. My PC has become extremely slow. Lots of unknown processes in task list. When I ran netstat -n I got a few TCP and HTTP connections which were connecting to different IPs. 

 

Active Connections
 
  Proto  Local Address          Foreign Address        State
  TCP    192.168.0.107:1469     111.221.29.127:443     ESTABLISHED
  TCP    192.168.0.107:1480     74.125.130.109:993     ESTABLISHED
  TCP    192.168.0.107:2100     54.230.151.80:443      CLOSE_WAIT
  TCP    192.168.0.107:2119     23.15.157.68:80        ESTABLISHED
  TCP    192.168.0.107:2120     23.15.149.129:80       CLOSE_WAIT
  TCP    192.168.0.107:2121     23.15.149.129:80       ESTABLISHED
  TCP    192.168.0.107:2124     163.53.140.138:80      ESTABLISHED
  TCP    192.168.0.107:2125     65.55.163.221:443      ESTABLISHED
 

 

Whenever I want to browse any website, I am getting too many robot checks. The ip address shown in cloudfare protection is 103.217.111.242 which is a malicious ip according to project honeypot. 

[Cloudflare Ray ID: 353aea6c512370aa  Your IP: 103.217.111.242 ] 

 

Anyone to help?

 

 

Moved from Am I Infected

NickAu


Edited by NickAu, 24 April 2017 - 04:46 PM.
Mod edit


BC AdBot (Login to Remove)

 


#2 ubermarx

ubermarx
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:37 PM

Posted 22 April 2017 - 03:08 PM

farbar.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-04-2017 01
Ran by user (administrator) on userPC (23-04-2017 00:03:15)
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user)
Platform: Microsoft Windows 8 Pro (X86) Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\sched.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avguard.exe
(Lenovo) C:\Program Files\Lenovo\Connect2\Connect2.Service.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Oracle Corporation) F:\orcl\soft\BIN\omtsreco.exe
(TeamViewer GmbH) F:\Program Files\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avshadow.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.3\GoogleCrashHandler.exe
(OmicronLab) F:\Program Files\Avro Keyboard\Avro Keyboard.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe\LiveComm.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [28344776 2017-04-17] (Dropbox, Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [61944 2017-04-11] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\Antivirus\avgnt.exe [909744 2017-03-21] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3331372526-1816156090-2968472259-1001\...\Run: [Avro Keyboard] => F:\Program Files\Avro Keyboard\Avro Keyboard.exe [4703600 2014-02-22] (OmicronLab)
HKU\S-1-5-21-3331372526-1816156090-2968472259-1001\...\Run: [Facebook Update] => C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-05-08] (Facebook Inc.)
HKU\S-1-5-21-3331372526-1816156090-2968472259-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3331372526-1816156090-2968472259-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [23819304 2017-03-21] (Google)
HKU\S-1-5-21-3331372526-1816156090-2968472259-1001\...\Run: [uTorrent] => C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe [2147520 2017-03-27] (BitTorrent Inc.)
HKU\S-1-5-21-3331372526-1816156090-2968472259-1001\...\Run: [DAEMON Tools Lite] => F:\Program Files\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-20] (DT Soft Ltd)
HKU\S-1-5-21-3331372526-1816156090-2968472259-1001\...\Run: [Viber] => C:\Users\user\AppData\Local\Viber\Viber.exe [69268048 2016-04-13] (Viber Media S.Ã  r.l.)
HKU\S-1-5-21-3331372526-1816156090-2968472259-1001\...\Run: [Google Update] => C:\Users\user\AppData\Local\Google\Update\1.3.33.3\GoogleUpdateCore.exe [599632 2017-04-11] (Google Inc.)
HKU\S-1-5-21-3331372526-1816156090-2968472259-1001\...\Run: [Google Photos Backup] => C:\Users\user\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3790936 2016-04-09] (Google, Inc)
HKU\S-1-5-21-3331372526-1816156090-2968472259-1001\...\MountPoints2: {071ab3c7-17f9-11e6-b00a-8a47be8109dc} - "K:\Windows/AutoRun.exe" 
HKU\S-1-5-21-3331372526-1816156090-2968472259-1001\...\MountPoints2: {8c5b1da0-6b51-11e6-b012-cf12729aa1d4} - "K:\Windows/AutoRun.exe" 
HKU\S-1-5-21-3331372526-1816156090-2968472259-1001\...\MountPoints2: {a62a7c39-69cf-11e4-afaf-00241dbac2e0} - "J:\Launcher.exe" 
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2017-03-21] (Google)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{F2DDC0F4-6E23-4C91-828F-1793B0BB16C6}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-3331372526-1816156090-2968472259-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3331372526-1816156090-2968472259-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.msn.com/
SearchScopes: HKU\S-1-5-21-3331372526-1816156090-2968472259-1001 -> DefaultScope {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = 
BHO: Octh Class -> {000123B4-9B42-4900-B3F7-F4B073EFC214} -> F:\Program Files\Orbitdownloader\orbitcth.dll [2013-09-11] (Orbitdownloader.com)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> F:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-10-04] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> F:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-10-04] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - F:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-01-23] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wlkk8llr.default [not found]
FF ProfilePath: C:\Users\user\AppData\Roaming\Pencil\Profiles\hh99rpoi.default [2015-05-23]
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\w8edz4bl.default-1492713948214 [2017-04-21]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-04-08] ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-10-04] (Oracle Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> F:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3331372526-1816156090-2968472259-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\user\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-3331372526-1816156090-2968472259-1001: @tools.google.com/Google Update;version=3 -> C:\Users\user\AppData\Local\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)
FF Plugin HKU\S-1-5-21-3331372526-1816156090-2968472259-1001: @tools.google.com/Google Update;version=9 -> C:\Users\user\AppData\Local\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.facebook.com/
CHR StartupUrls: Default -> "hxxp://www.facebook.com/","hxxp://www.prothom-alo.com/","hxxp://bangla.bdnews24.com/","hxxp://www.banglanews24.com/"
CHR NewTab: Default ->  Active:"chrome-extension://oooelhhaglnggehlocjjmgngfknfclak/vocab.html"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2017-04-23]
CHR Extension: (Yahoo Web) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\acjpdakpjonkfmggcmanlhdakfkhloii [2017-03-16]
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-11]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (AdBlock) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-04-13]
CHR Extension: (Betternet Unlimited Free VPN Proxy) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjknjjomckknofjidppipffbpoekiipm [2017-02-25]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2016-04-22]
CHR Extension: (Google Hangouts) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2017-03-16]
CHR Extension: (RSS Subscription Extension (by Google)) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd [2014-08-28]
CHR Extension: (Awesome Screenshot: Screen capture, Annotate) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlipoenfbbikpbjkfpfillcgkoblgpmj [2017-03-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Magoosh Vocabulary) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\oooelhhaglnggehlocjjmgngfknfclak [2017-03-16]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-06]
CHR HKLM\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3331372526-1816156090-2968472259-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 AntiVirMailService; C:\Program Files\Avira\Antivirus\avmailc7.exe [1115552 2017-03-21] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\Antivirus\sched.exe [487432 2017-03-21] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\Antivirus\avguard.exe [487432 2017-03-21] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\Antivirus\avwebg7.exe [1519136 2017-03-21] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [350120 2017-04-11] (Avira Operations GmbH & Co. KG)
R2 connect2hotspot; C:\Program Files\Lenovo\Connect2\Connect2.Service.exe [100680 2016-11-29] (Lenovo)
S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [42288 2017-04-17] (Dropbox, Inc.)
S3 Lenovo EasyPlus Hotspot; C:\Program Files\Common Files\LENOVO\easyplussdk\bin\EPHotspot.exe [509424 2015-06-08] (Lenovo)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3303888 2017-01-20] (Malwarebytes)
R2 OracleMTSRecoveryService; F:\orcl\soft\bin\omtsreco.exe [69632 2010-04-01] (Oracle Corporation) [File not signed]
S2 OracleServiceORCL; f:\orcl\soft\bin\ORACLE.EXE [106487808 2010-04-02] (Oracle Corporation) [File not signed]
S3 Origin Client Service; F:\Program Files\Origin\OriginClientService.exe [2057736 2015-09-16] (Electronic Arts)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [1050904 2013-12-12] () [File not signed]
S2 SkypeUpdate; F:\Skype\Updater\Updater.exe [317400 2017-02-27] (Skype Technologies)
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; F:\Program Files\TeamViewer_Service.exe [7032080 2016-05-12] (TeamViewer GmbH)
S3 uSHAREitSvc; f:\SHAREit Technologies\SHAREit\SHAREit.Service.exe [33224 2017-01-20] (SHAREit Technologies Co.Ltd)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13864 2012-07-26] (Microsoft Corporation)
S2 Mobizen plugin; F:\Program Files\RSUPPORT\MobizenService\MobizenService.exe [X]
S2 OracleDBConsoleorcl; F:\orcl\soft\bin\nmesrvc.exe [X]
S4 OracleJobSchedulerORCL; f:\orcl\soft\Bin\extjob.exe ORCL [X]
S3 OracleOraDb11g_home1ClrAgent; F:\orcl\soft\bin\OraClrAgnt.exe agent_sid=CLRExtProc max_dispatchers=2 tcp_dispatchers=0 max_task_threads=6 max_sessions=25 ENVS="EXTPROC_DLLS=ONLY:F:\orcl\soft\bin\oraclr11.dll" <==== ATTENTION
S2 OracleOraDb11g_home1TNSListener; F:\orcl\soft\BIN\TNSLSNR  [X]
S3 OracleVssWriterORCL; f:\orcl\soft\bin\OraVSSW.exe ORCL [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\system32\DRIVERS\athr.sys [2273280 2012-06-02] (Qualcomm Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [135744 2017-03-21] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [162216 2017-03-21] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [53256 2017-03-21] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [77560 2017-03-21] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [45400 2017-03-21] (Avira Operations GmbH & Co. KG)
S3 CEDRIVER60; F:\Cheat Engine 6.3\dbk32.sys [82400 2013-06-02] ()
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [218688 2015-06-16] (DT Soft Ltd)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [59904 2017-03-22] ()
S3 GdmUWm; C:\Windows\system32\DRIVERS\gdmuwm.sys [92160 2009-11-13] (GCT Semiconductor, Inc.) [File not signed]
S3 libusb0; C:\Windows\system32\DRIVERS\libusb0.sys [42592 2014-02-06] (hxxp://libusb-win32.sourceforge.net)
S3 libusbK; C:\Windows\System32\drivers\libusbK.sys [42552 2015-01-06] (hxxp://libusb-win32.sourceforge.net)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [161216 2017-04-21] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [96704 2017-04-22] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [39360 2017-04-22] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [220088 2017-04-22] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [73664 2017-04-22] (Malwarebytes)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15688 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [10320 2013-09-30] ()
S3 silabenm; C:\Windows\system32\DRIVERS\silabenm.sys [16128 2014-04-11] (Silicon Laboratories)
S3 silabser; C:\Windows\system32\DRIVERS\silabser.sys [67968 2014-04-11] (Silicon Laboratories)
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [184192 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [28072 2012-07-26] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [199920 2012-07-26] (Microsoft Corporation)
R3 WinDriver6; C:\Windows\system32\drivers\windrvr6.sys [204320 2014-01-28] (Jungo Connectivity)
R3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 GDMINIT; \SystemRoot\System32\drivers\gdminit.sys [X]
S2 GdmWmPrt; \SystemRoot\system32\DRIVERS\gdmwmprt.sys [X]
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-04-23 00:00 - 2017-04-23 00:03 - 00056497 _____ C:\Users\user\Desktop\Addition.txt
2017-04-22 23:58 - 2017-04-23 00:03 - 00022405 _____ C:\Users\user\Desktop\FRST.txt
2017-04-22 23:56 - 2017-04-23 00:03 - 00000000 ____D C:\FRST
2017-04-22 23:39 - 2017-04-22 23:39 - 01767424 _____ (Farbar) C:\Users\user\Desktop\FRST.exe
2017-04-22 23:29 - 2017-04-22 23:29 - 00000117 _____ C:\Windows\system32\netcfg-72840343.txt
2017-04-22 23:29 - 2017-04-22 23:29 - 00000117 _____ C:\Windows\system32\netcfg-72837578.txt
2017-04-22 23:29 - 2017-04-22 23:29 - 00000117 _____ C:\Windows\system32\netcfg-72834406.txt
2017-04-22 23:29 - 2017-04-22 23:29 - 00000117 _____ C:\Windows\system32\netcfg-72832406.txt
2017-04-22 20:04 - 2017-04-22 20:04 - 00000117 _____ C:\Windows\system32\netcfg-60547562.txt
2017-04-22 20:04 - 2017-04-22 20:04 - 00000117 _____ C:\Windows\system32\netcfg-60547078.txt
2017-04-22 15:36 - 2017-04-22 15:36 - 00000117 _____ C:\Windows\system32\netcfg-44490625.txt
2017-04-22 15:36 - 2017-04-22 15:36 - 00000117 _____ C:\Windows\system32\netcfg-44485546.txt
2017-04-22 03:13 - 2017-04-22 03:13 - 00100752 _____ C:\ProgramData\1492809125.bdinstall.bin
2017-04-22 02:53 - 2017-04-22 02:53 - 00058707 _____ C:\ProgramData\1492807945.bdinstall.bin
2017-04-22 02:52 - 2017-04-22 02:52 - 00037280 _____ C:\ProgramData\1492807913.bdinstall.bin
2017-04-22 02:38 - 2017-04-22 02:38 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
2017-04-22 02:36 - 2017-03-21 13:01 - 00162216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2017-04-22 02:36 - 2017-03-21 13:01 - 00135744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2017-04-22 02:36 - 2017-03-21 13:01 - 00077560 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2017-04-22 02:36 - 2017-03-21 13:01 - 00053256 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2017-04-22 02:36 - 2017-03-21 13:01 - 00045400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avusbflt.sys
2017-04-22 02:27 - 2017-04-22 02:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-04-22 02:27 - 2017-04-22 02:36 - 00000000 ____D C:\Program Files\Avira
2017-04-22 02:27 - 2017-04-22 02:27 - 00001166 _____ C:\Users\Public\Desktop\Avira Connect.lnk
2017-04-22 02:25 - 2017-04-22 02:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-04-22 01:36 - 2017-04-22 01:36 - 00000117 _____ C:\Windows\system32\netcfg-80139796.txt
2017-04-22 01:36 - 2017-04-22 01:36 - 00000117 _____ C:\Windows\system32\netcfg-80136906.txt
2017-04-22 01:36 - 2017-04-22 01:36 - 00000117 _____ C:\Windows\system32\netcfg-80130421.txt
2017-04-22 01:36 - 2017-04-22 01:36 - 00000117 _____ C:\Windows\system32\netcfg-80129437.txt
2017-04-21 03:19 - 2017-04-21 03:19 - 00000117 _____ C:\Windows\system32\netcfg-4930078.txt
2017-04-21 03:19 - 2017-04-21 03:19 - 00000117 _____ C:\Windows\system32\netcfg-4928718.txt
2017-04-21 02:15 - 2017-04-21 02:15 - 00011321 _____ C:\Users\user\Desktop\tasklist.txt
2017-04-21 02:14 - 2017-04-21 02:14 - 00000117 _____ C:\Windows\system32\netcfg-1074296.txt
2017-04-21 02:14 - 2017-04-21 02:14 - 00000117 _____ C:\Windows\system32\netcfg-1073562.txt
2017-04-21 01:59 - 2017-04-21 01:59 - 00000117 _____ C:\Windows\system32\netcfg-145578.txt
2017-04-21 01:56 - 2017-04-21 01:56 - 00000117 _____ C:\Windows\system32\netcfg-383069609.txt
2017-04-21 01:28 - 2017-04-22 23:31 - 00073664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-04-21 01:28 - 2017-04-22 03:18 - 00096704 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-04-21 01:28 - 2017-04-21 02:27 - 00161216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-04-21 01:27 - 2017-04-22 03:18 - 00039360 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-04-21 01:27 - 2017-04-22 03:17 - 00220088 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-04-21 01:26 - 2017-04-21 01:26 - 00002024 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-04-21 01:26 - 2017-04-21 01:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-04-21 01:26 - 2017-04-21 01:26 - 00000000 ____D C:\Program Files\Malwarebytes
2017-04-21 01:26 - 2017-03-22 11:02 - 00059904 _____ C:\Windows\system32\Drivers\mbae.sys
2017-04-21 01:13 - 2017-04-21 01:13 - 00000117 _____ C:\Windows\system32\netcfg-380478796.txt
2017-04-21 01:13 - 2017-04-21 01:13 - 00000117 _____ C:\Windows\system32\netcfg-380478671.txt
2017-04-21 01:12 - 2017-04-21 01:12 - 00000117 _____ C:\Windows\system32\netcfg-380452984.txt
2017-04-21 01:12 - 2017-04-21 01:12 - 00000117 _____ C:\Windows\system32\netcfg-380452734.txt
2017-04-21 00:59 - 2017-04-21 00:59 - 00000156 _____ C:\Windows\system32\netcfg-379644796.txt
2017-04-21 00:59 - 2017-04-21 00:59 - 00000117 _____ C:\Windows\system32\netcfg-379659468.txt
2017-04-21 00:59 - 2017-04-21 00:59 - 00000117 _____ C:\Windows\system32\netcfg-379652078.txt
2017-04-20 22:53 - 2017-04-20 22:53 - 00000117 _____ C:\Windows\system32\netcfg-372108625.txt
2017-04-20 22:53 - 2017-04-20 22:53 - 00000117 _____ C:\Windows\system32\netcfg-372107359.txt
2017-04-20 22:01 - 2017-04-20 22:01 - 00000117 _____ C:\Windows\system32\netcfg-368997687.txt
2017-04-20 22:01 - 2017-04-20 22:01 - 00000117 _____ C:\Windows\system32\netcfg-368997625.txt
2017-04-20 22:01 - 2017-04-20 22:01 - 00000117 _____ C:\Windows\system32\netcfg-368979390.txt
2017-04-20 22:01 - 2017-04-20 22:01 - 00000117 _____ C:\Windows\system32\netcfg-368978390.txt
2017-04-20 15:39 - 2017-04-20 15:39 - 00000117 _____ C:\Windows\system32\netcfg-346076937.txt
2017-04-20 15:39 - 2017-04-20 15:39 - 00000117 _____ C:\Windows\system32\netcfg-346073203.txt
2017-04-20 11:21 - 2017-04-20 11:21 - 00000117 _____ C:\Windows\system32\netcfg-330607312.txt
2017-04-20 11:21 - 2017-04-20 11:21 - 00000117 _____ C:\Windows\system32\netcfg-330605453.txt
2017-04-20 11:15 - 2017-04-20 11:15 - 00000117 _____ C:\Windows\system32\netcfg-330204281.txt
2017-04-20 11:14 - 2017-04-20 11:14 - 00000117 _____ C:\Windows\system32\netcfg-330160062.txt
2017-04-20 02:48 - 2017-04-20 02:48 - 00000117 _____ C:\Windows\system32\netcfg-299816171.txt
2017-04-20 02:47 - 2017-04-20 02:47 - 00000117 _____ C:\Windows\system32\netcfg-299754125.txt
2017-04-20 02:18 - 2017-04-20 02:19 - 00000117 _____ C:\Windows\system32\netcfg-298047953.txt
2017-04-20 02:17 - 2017-04-20 02:17 - 00000117 _____ C:\Windows\system32\netcfg-297987156.txt
2017-04-20 00:14 - 2017-04-20 00:14 - 00000117 _____ C:\Windows\system32\netcfg-290599484.txt
2017-04-20 00:13 - 2017-04-20 00:13 - 00000117 _____ C:\Windows\system32\netcfg-290537531.txt
2017-04-20 00:04 - 2017-04-20 00:04 - 00000117 _____ C:\Windows\system32\netcfg-289987000.txt
2017-04-20 00:03 - 2017-04-20 00:03 - 00000117 _____ C:\Windows\system32\netcfg-289944859.txt
2017-04-19 22:28 - 2017-04-19 22:28 - 00000117 _____ C:\Windows\system32\netcfg-284191796.txt
2017-04-19 22:28 - 2017-04-19 22:28 - 00000117 _____ C:\Windows\system32\netcfg-284191484.txt
2017-04-19 22:25 - 2017-04-19 22:25 - 00000117 _____ C:\Windows\system32\netcfg-284019703.txt
2017-04-19 22:25 - 2017-04-19 22:25 - 00000117 _____ C:\Windows\system32\netcfg-284017328.txt
2017-04-19 19:14 - 2017-04-19 19:14 - 00000117 _____ C:\Windows\system32\netcfg-272573312.txt
2017-04-19 19:14 - 2017-04-19 19:14 - 00000117 _____ C:\Windows\system32\netcfg-272569453.txt
2017-04-19 19:04 - 2017-04-19 19:04 - 00000117 _____ C:\Windows\system32\netcfg-271975000.txt
2017-04-19 19:04 - 2017-04-19 19:04 - 00000117 _____ C:\Windows\system32\netcfg-271974328.txt
2017-04-19 17:14 - 2017-04-19 17:14 - 00000117 _____ C:\Windows\system32\netcfg-265370078.txt
2017-04-19 17:14 - 2017-04-19 17:14 - 00000117 _____ C:\Windows\system32\netcfg-265365968.txt
2017-04-19 17:00 - 2017-04-19 17:00 - 00000117 _____ C:\Windows\system32\netcfg-264519578.txt
2017-04-19 17:00 - 2017-04-19 17:00 - 00000117 _____ C:\Windows\system32\netcfg-264516500.txt
2017-04-19 16:59 - 2017-04-19 16:59 - 00000117 _____ C:\Windows\system32\netcfg-264509140.txt
2017-04-19 16:59 - 2017-04-19 16:59 - 00000117 _____ C:\Windows\system32\netcfg-264478343.txt
2017-04-19 15:49 - 2017-04-19 15:49 - 00000117 _____ C:\Windows\system32\netcfg-260261375.txt
2017-04-19 15:49 - 2017-04-19 15:49 - 00000117 _____ C:\Windows\system32\netcfg-260261218.txt
2017-04-19 15:34 - 2017-04-19 15:34 - 00000117 _____ C:\Windows\system32\netcfg-259389750.txt
2017-04-19 15:34 - 2017-04-19 15:34 - 00000117 _____ C:\Windows\system32\netcfg-259389250.txt
2017-04-19 14:30 - 2017-04-19 14:30 - 00000117 _____ C:\Windows\system32\netcfg-255546687.txt
2017-04-19 14:30 - 2017-04-19 14:30 - 00000117 _____ C:\Windows\system32\netcfg-255544343.txt
2017-04-19 03:23 - 2017-04-19 03:25 - 00000315 _____ C:\Users\user\Desktop\pagar - Copy.txt
2017-04-19 02:30 - 2017-04-19 02:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-04-19 02:29 - 2017-04-19 02:29 - 00000000 ____D C:\Program Files\Skype
2017-04-19 02:29 - 2017-04-19 02:29 - 00000000 ____D C:\Program Files\Common Files\Skype
2017-04-19 00:55 - 2017-04-19 00:55 - 00000117 _____ C:\Windows\system32\netcfg-206651953.txt
2017-04-19 00:55 - 2017-04-19 00:55 - 00000117 _____ C:\Windows\system32\netcfg-206649015.txt
2017-04-18 21:15 - 2017-04-18 21:15 - 00000117 _____ C:\Windows\system32\netcfg-193476984.txt
2017-04-18 17:41 - 2017-04-18 17:41 - 00000117 _____ C:\Windows\system32\netcfg-180615828.txt
2017-04-18 16:48 - 2017-04-18 16:48 - 00000117 _____ C:\Windows\system32\netcfg-177435546.txt
2017-04-18 16:48 - 2017-04-18 16:48 - 00000117 _____ C:\Windows\system32\netcfg-177435390.txt
2017-04-18 16:13 - 2017-04-18 16:13 - 00000117 _____ C:\Windows\system32\netcfg-175314109.txt
2017-04-18 16:13 - 2017-04-18 16:13 - 00000117 _____ C:\Windows\system32\netcfg-175313687.txt
2017-04-18 15:35 - 2017-04-18 15:35 - 00000117 _____ C:\Windows\system32\netcfg-173040812.txt
2017-04-18 15:35 - 2017-04-18 15:35 - 00000117 _____ C:\Windows\system32\netcfg-173038109.txt
2017-04-18 15:20 - 2017-04-18 15:20 - 00000117 _____ C:\Windows\system32\netcfg-172143250.txt
2017-04-18 15:19 - 2017-04-18 15:19 - 00000117 _____ C:\Windows\system32\netcfg-172116625.txt
2017-04-18 15:06 - 2017-04-18 15:06 - 00000117 _____ C:\Windows\system32\netcfg-171308546.txt
2017-04-18 15:06 - 2017-04-18 15:06 - 00000117 _____ C:\Windows\system32\netcfg-171300953.txt
2017-04-18 09:52 - 2017-04-18 09:52 - 00000117 _____ C:\Windows\system32\netcfg-152474984.txt
2017-04-17 21:14 - 2017-04-17 21:14 - 00042288 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-04-17 19:51 - 2017-04-17 19:51 - 00000117 _____ C:\Windows\system32\netcfg-102018062.txt
2017-04-17 16:17 - 2017-04-17 16:17 - 00000117 _____ C:\Windows\system32\netcfg-89171156.txt
2017-04-17 16:17 - 2017-04-17 16:17 - 00000117 _____ C:\Windows\system32\netcfg-89170171.txt
2017-04-17 15:37 - 2017-04-17 15:37 - 00000117 _____ C:\Windows\system32\netcfg-86767500.txt
2017-04-17 15:37 - 2017-04-17 15:37 - 00000117 _____ C:\Windows\system32\netcfg-86767078.txt
2017-04-17 15:24 - 2017-04-17 15:24 - 00000117 _____ C:\Windows\system32\netcfg-85978156.txt
2017-04-17 15:24 - 2017-04-17 15:24 - 00000117 _____ C:\Windows\system32\netcfg-85975343.txt
2017-04-17 15:23 - 2017-04-17 15:23 - 00000117 _____ C:\Windows\system32\netcfg-85944781.txt
2017-04-17 15:23 - 2017-04-17 15:23 - 00000117 _____ C:\Windows\system32\netcfg-85940843.txt
2017-04-17 15:20 - 2017-04-17 15:20 - 00000117 _____ C:\Windows\system32\netcfg-85774531.txt
2017-04-17 15:20 - 2017-04-17 15:20 - 00000117 _____ C:\Windows\system32\netcfg-85774484.txt
2017-04-17 15:10 - 2017-04-17 15:10 - 00000117 _____ C:\Windows\system32\netcfg-85149187.txt
2017-04-17 15:10 - 2017-04-17 15:10 - 00000117 _____ C:\Windows\system32\netcfg-85146125.txt
2017-04-17 15:10 - 2017-04-17 15:10 - 00000117 _____ C:\Windows\system32\netcfg-85139859.txt
2017-04-17 15:10 - 2017-04-17 15:10 - 00000117 _____ C:\Windows\system32\netcfg-85138343.txt
2017-04-17 15:09 - 2017-04-17 15:09 - 00000117 _____ C:\Windows\system32\netcfg-85103156.txt
2017-04-17 15:09 - 2017-04-17 15:09 - 00000117 _____ C:\Windows\system32\netcfg-85102359.txt
2017-04-17 12:49 - 2017-04-17 12:49 - 00000117 _____ C:\Windows\system32\netcfg-76675187.txt
2017-04-17 12:49 - 2017-04-17 12:49 - 00000117 _____ C:\Windows\system32\netcfg-76673718.txt
2017-04-16 21:05 - 2017-04-16 21:05 - 00000117 _____ C:\Windows\system32\netcfg-20033515.txt
2017-04-16 20:00 - 2017-04-16 20:00 - 00000117 _____ C:\Windows\system32\netcfg-16144703.txt
2017-04-16 15:52 - 2017-04-16 15:52 - 00000117 _____ C:\Windows\system32\netcfg-1257828.txt
2017-04-16 15:49 - 2017-04-16 15:49 - 00000117 _____ C:\Windows\system32\netcfg-1135250.txt
2017-04-16 15:47 - 2017-04-16 15:47 - 00000117 _____ C:\Windows\system32\netcfg-984593.txt
2017-04-16 15:47 - 2017-04-16 15:47 - 00000117 _____ C:\Windows\system32\netcfg-984531.txt
2017-04-16 15:40 - 2017-04-16 15:40 - 00000117 _____ C:\Windows\system32\netcfg-578140.txt
2017-04-16 15:40 - 2017-04-16 15:40 - 00000117 _____ C:\Windows\system32\netcfg-578062.txt
2017-04-16 15:38 - 2017-04-16 15:38 - 00000117 _____ C:\Windows\system32\netcfg-476437.txt
2017-04-16 15:38 - 2017-04-16 15:38 - 00000117 _____ C:\Windows\system32\netcfg-476375.txt
2017-04-16 15:35 - 2017-04-16 15:35 - 00000117 _____ C:\Windows\system32\netcfg-276359.txt
2017-04-16 15:35 - 2017-04-16 15:35 - 00000117 _____ C:\Windows\system32\netcfg-273281.txt
2017-04-16 15:35 - 2017-04-16 15:35 - 00000117 _____ C:\Windows\system32\netcfg-269734.txt
2017-04-16 15:35 - 2017-04-16 15:35 - 00000117 _____ C:\Windows\system32\netcfg-268921.txt
2017-04-15 00:13 - 2017-04-15 00:13 - 00000117 _____ C:\Windows\system32\netcfg-1115216312.txt
2017-04-15 00:13 - 2017-04-15 00:13 - 00000117 _____ C:\Windows\system32\netcfg-1115206171.txt
2017-04-14 15:45 - 2017-04-14 15:45 - 00000117 _____ C:\Windows\system32\netcfg-1084748484.txt
2017-04-14 15:45 - 2017-04-14 15:45 - 00000117 _____ C:\Windows\system32\netcfg-1084745796.txt
2017-04-13 20:50 - 2017-04-13 20:50 - 00000117 _____ C:\Windows\system32\netcfg-1016590859.txt
2017-04-13 20:49 - 2017-04-13 20:50 - 00000117 _____ C:\Windows\system32\netcfg-1016583250.txt
2017-04-13 10:36 - 2017-04-13 10:36 - 00000117 _____ C:\Windows\system32\netcfg-979777078.txt
2017-04-13 10:36 - 2017-04-13 10:36 - 00000117 _____ C:\Windows\system32\netcfg-979773906.txt
2017-04-13 10:36 - 2017-04-13 10:36 - 00000117 _____ C:\Windows\system32\netcfg-979768000.txt
2017-04-13 10:36 - 2017-04-13 10:36 - 00000117 _____ C:\Windows\system32\netcfg-979766828.txt
2017-04-13 00:55 - 2017-04-13 00:55 - 00000117 _____ C:\Windows\system32\netcfg-944934921.txt
2017-04-13 00:55 - 2017-04-13 00:55 - 00000117 _____ C:\Windows\system32\netcfg-944932093.txt
2017-04-12 21:07 - 2017-04-12 21:07 - 00000117 _____ C:\Windows\system32\netcfg-931258046.txt
2017-04-12 17:05 - 2017-04-12 17:05 - 00000117 _____ C:\Windows\system32\netcfg-916733984.txt
2017-04-12 16:30 - 2017-04-12 16:30 - 00000117 _____ C:\Windows\system32\netcfg-914598312.txt
2017-04-12 16:30 - 2017-04-12 16:30 - 00000117 _____ C:\Windows\system32\netcfg-914597796.txt
2017-04-12 15:39 - 2017-04-12 15:39 - 00000117 _____ C:\Windows\system32\netcfg-911559640.txt
2017-04-12 15:39 - 2017-04-12 15:39 - 00000117 _____ C:\Windows\system32\netcfg-911557984.txt
2017-04-12 15:07 - 2017-04-12 15:07 - 00000117 _____ C:\Windows\system32\netcfg-909623750.txt
2017-04-12 15:07 - 2017-04-12 15:07 - 00000117 _____ C:\Windows\system32\netcfg-909622625.txt
2017-04-12 15:06 - 2017-04-12 15:06 - 00000117 _____ C:\Windows\system32\netcfg-909578640.txt
2017-04-12 15:06 - 2017-04-12 15:06 - 00000117 _____ C:\Windows\system32\netcfg-909573515.txt
2017-04-12 15:06 - 2017-04-12 15:06 - 00000117 _____ C:\Windows\system32\netcfg-909571609.txt
2017-04-12 15:06 - 2017-04-12 15:06 - 00000117 _____ C:\Windows\system32\netcfg-909571546.txt
2017-04-12 15:05 - 2017-04-12 15:05 - 00000117 _____ C:\Windows\system32\netcfg-909532515.txt
2017-04-12 15:05 - 2017-04-12 15:05 - 00000117 _____ C:\Windows\system32\netcfg-909532437.txt
2017-04-12 15:02 - 2017-04-12 15:02 - 00000117 _____ C:\Windows\system32\netcfg-909346125.txt
2017-04-12 15:02 - 2017-04-12 15:02 - 00000117 _____ C:\Windows\system32\netcfg-909346046.txt
2017-04-12 15:02 - 2017-04-12 15:02 - 00000117 _____ C:\Windows\system32\netcfg-909319562.txt
2017-04-12 15:02 - 2017-04-12 15:02 - 00000117 _____ C:\Windows\system32\netcfg-909319500.txt
2017-04-12 15:00 - 2017-04-12 15:00 - 00001095 _____ C:\Windows\system32\netcfg-909195093.txt
2017-04-12 15:00 - 2017-04-12 15:00 - 00000117 _____ C:\Windows\system32\netcfg-909211000.txt
2017-04-12 15:00 - 2017-04-12 15:00 - 00000117 _____ C:\Windows\system32\netcfg-909210906.txt
2017-04-12 14:58 - 2017-04-12 14:58 - 00000117 _____ C:\Windows\system32\netcfg-909088609.txt
2017-04-12 14:58 - 2017-04-12 14:58 - 00000117 _____ C:\Windows\system32\netcfg-909085703.txt
2017-04-12 13:04 - 2017-04-12 13:04 - 00000117 _____ C:\Windows\system32\netcfg-902256515.txt
2017-04-12 13:04 - 2017-04-12 13:04 - 00000117 _____ C:\Windows\system32\netcfg-902252312.txt
2017-04-12 13:03 - 2017-04-12 13:03 - 00000117 _____ C:\Windows\system32\netcfg-902204687.txt
2017-04-12 13:03 - 2017-04-12 13:03 - 00000117 _____ C:\Windows\system32\netcfg-902204578.txt
2017-04-12 13:02 - 2017-04-12 13:03 - 00001095 _____ C:\Windows\system32\netcfg-902134109.txt
2017-04-12 13:00 - 2017-04-12 13:00 - 00000117 _____ C:\Windows\system32\netcfg-902047359.txt
2017-04-12 13:00 - 2017-04-12 13:00 - 00000117 _____ C:\Windows\system32\netcfg-902046578.txt
2017-04-12 12:59 - 2017-04-12 12:59 - 00000117 _____ C:\Windows\system32\netcfg-901944156.txt
2017-04-12 12:59 - 2017-04-12 12:59 - 00000117 _____ C:\Windows\system32\netcfg-901942234.txt
2017-04-12 12:58 - 2017-04-12 12:58 - 00000117 _____ C:\Windows\system32\netcfg-901919765.txt
2017-04-12 12:58 - 2017-04-12 12:58 - 00000117 _____ C:\Windows\system32\netcfg-901919125.txt
2017-04-12 12:58 - 2017-04-12 12:58 - 00000117 _____ C:\Windows\system32\netcfg-901913453.txt
2017-04-12 12:58 - 2017-04-12 12:58 - 00000117 _____ C:\Windows\system32\netcfg-901912500.txt
2017-04-12 12:57 - 2017-04-12 12:57 - 00000117 _____ C:\Windows\system32\netcfg-901854828.txt
2017-04-12 12:57 - 2017-04-12 12:57 - 00000117 _____ C:\Windows\system32\netcfg-901854375.txt
2017-04-12 12:57 - 2017-04-12 12:57 - 00000117 _____ C:\Windows\system32\netcfg-901835296.txt
2017-04-12 12:56 - 2017-04-12 12:56 - 00000117 _____ C:\Windows\system32\netcfg-901774687.txt
2017-04-12 12:56 - 2017-04-12 12:56 - 00000117 _____ C:\Windows\system32\netcfg-901768421.txt
2017-04-12 12:55 - 2017-04-12 12:55 - 00000117 _____ C:\Windows\system32\netcfg-901732343.txt
2017-04-11 22:48 - 2017-04-11 22:48 - 00000117 _____ C:\Windows\system32\netcfg-850910031.txt
2017-04-11 17:21 - 2017-04-11 17:21 - 00000117 _____ C:\Windows\system32\netcfg-831277062.txt
2017-04-11 16:43 - 2017-04-11 16:43 - 00000117 _____ C:\Windows\system32\netcfg-829025265.txt
2017-04-11 16:43 - 2017-04-11 16:43 - 00000117 _____ C:\Windows\system32\netcfg-829025203.txt
2017-04-11 16:40 - 2017-04-11 16:40 - 00000117 _____ C:\Windows\system32\netcfg-828843828.txt
2017-04-11 16:40 - 2017-04-11 16:40 - 00000117 _____ C:\Windows\system32\netcfg-828840031.txt
2017-04-11 15:40 - 2017-04-11 15:40 - 00000117 _____ C:\Windows\system32\netcfg-825209906.txt
2017-04-11 15:40 - 2017-04-11 15:40 - 00000117 _____ C:\Windows\system32\netcfg-825207734.txt
2017-04-11 15:39 - 2017-04-11 15:39 - 00000117 _____ C:\Windows\system32\netcfg-825159921.txt
2017-04-11 15:39 - 2017-04-11 15:39 - 00000117 _____ C:\Windows\system32\netcfg-825159781.txt
2017-04-11 15:19 - 2017-04-11 15:19 - 00000117 _____ C:\Windows\system32\netcfg-823967187.txt
2017-04-11 15:19 - 2017-04-11 15:19 - 00000117 _____ C:\Windows\system32\netcfg-823966046.txt
2017-04-11 05:00 - 2017-04-11 05:00 - 00000117 _____ C:\Windows\system32\netcfg-786851437.txt
2017-04-11 05:00 - 2017-04-11 05:00 - 00000117 _____ C:\Windows\system32\netcfg-786850859.txt
2017-04-11 01:54 - 2017-04-11 01:54 - 00000117 _____ C:\Windows\system32\netcfg-775669484.txt
2017-04-10 19:57 - 2017-04-10 19:57 - 00000117 _____ C:\Windows\system32\netcfg-754273765.txt
2017-04-10 15:46 - 2017-04-10 15:46 - 00000117 _____ C:\Windows\system32\netcfg-739171656.txt
2017-04-10 15:46 - 2017-04-10 15:46 - 00000117 _____ C:\Windows\system32\netcfg-739171453.txt
2017-04-10 15:38 - 2017-04-10 15:38 - 00000117 _____ C:\Windows\system32\netcfg-738702078.txt
2017-04-10 15:38 - 2017-04-10 15:38 - 00000117 _____ C:\Windows\system32\netcfg-738700593.txt
2017-04-10 09:42 - 2017-04-10 09:42 - 00000117 _____ C:\Windows\system32\netcfg-717387593.txt
2017-04-10 09:42 - 2017-04-10 09:42 - 00000117 _____ C:\Windows\system32\netcfg-717386531.txt
2017-04-10 05:57 - 2017-04-10 06:03 - 00002799 ____T C:\Windows\system32\lic2tmp.xml12868
2017-04-10 02:30 - 2017-04-10 02:30 - 00000776 _____ C:\Users\user\Desktop\q10.exe - Shortcut.lnk
2017-04-09 23:59 - 2017-04-09 23:59 - 00000117 _____ C:\Windows\system32\netcfg-682377468.txt
2017-04-09 23:57 - 2017-04-09 23:57 - 00000117 _____ C:\Windows\system32\netcfg-682254421.txt
2017-04-09 20:44 - 2017-04-09 20:44 - 00000117 _____ C:\Windows\system32\netcfg-670657593.txt
2017-04-09 20:44 - 2017-04-09 20:44 - 00000117 _____ C:\Windows\system32\netcfg-670657453.txt
2017-04-09 17:07 - 2017-04-09 17:07 - 00000975 _____ C:\Users\user\Desktop\AntiPlagiarist.lnk
2017-04-09 17:07 - 2017-04-09 17:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AntiPlagiarist
2017-04-09 16:53 - 2017-04-09 16:53 - 00000117 _____ C:\Windows\system32\netcfg-656801953.txt
2017-04-09 16:53 - 2017-04-09 16:53 - 00000117 _____ C:\Windows\system32\netcfg-656801890.txt
2017-04-09 16:52 - 2017-04-09 16:52 - 00000117 _____ C:\Windows\system32\netcfg-656771734.txt
2017-04-09 16:52 - 2017-04-09 16:52 - 00000117 _____ C:\Windows\system32\netcfg-656768000.txt
2017-04-09 16:40 - 2017-04-09 16:40 - 00000117 _____ C:\Windows\system32\netcfg-656049515.txt
2017-04-09 16:40 - 2017-04-09 16:40 - 00000117 _____ C:\Windows\system32\netcfg-656049453.txt
2017-04-09 16:06 - 2017-04-09 16:06 - 00000117 _____ C:\Windows\system32\netcfg-654026562.txt
2017-04-09 16:06 - 2017-04-09 16:06 - 00000117 _____ C:\Windows\system32\netcfg-654026484.txt
2017-04-09 15:36 - 2017-04-09 15:36 - 00000117 _____ C:\Windows\system32\netcfg-652230937.txt
2017-04-09 15:36 - 2017-04-09 15:36 - 00000117 _____ C:\Windows\system32\netcfg-652230796.txt
2017-04-09 15:36 - 2017-04-09 15:36 - 00000117 _____ C:\Windows\system32\netcfg-652194312.txt
2017-04-09 02:59 - 2017-04-09 02:59 - 00000117 _____ C:\Windows\system32\netcfg-606809187.txt
2017-04-09 02:53 - 2017-04-09 02:53 - 00000117 _____ C:\Windows\system32\netcfg-606427390.txt
2017-04-08 23:14 - 2017-04-08 23:14 - 00000117 _____ C:\Windows\system32\netcfg-593298625.txt
2017-04-08 18:20 - 2017-04-08 18:20 - 00000117 _____ C:\Windows\system32\netcfg-575649593.txt
2017-04-08 18:20 - 2017-04-08 18:20 - 00000117 _____ C:\Windows\system32\netcfg-575647171.txt
2017-04-06 19:54 - 2017-04-06 19:54 - 00000117 _____ C:\Windows\system32\netcfg-408481343.txt
2017-04-06 19:54 - 2017-04-06 19:54 - 00000117 _____ C:\Windows\system32\netcfg-408480140.txt
2017-04-06 16:17 - 2017-04-06 16:17 - 00000117 _____ C:\Windows\system32\netcfg-395461750.txt
2017-04-06 16:15 - 2017-04-06 16:15 - 00000117 _____ C:\Windows\system32\netcfg-395339109.txt
2017-04-06 15:45 - 2017-04-06 15:45 - 00000117 _____ C:\Windows\system32\netcfg-393536531.txt
2017-04-06 15:45 - 2017-04-06 15:45 - 00000117 _____ C:\Windows\system32\netcfg-393536437.txt
2017-04-06 15:37 - 2017-04-06 15:37 - 00000117 _____ C:\Windows\system32\netcfg-393072156.txt
2017-04-06 15:37 - 2017-04-06 15:37 - 00000117 _____ C:\Windows\system32\netcfg-393071453.txt
2017-04-06 11:27 - 2017-04-06 11:27 - 00000117 _____ C:\Windows\system32\netcfg-378083328.txt
2017-04-06 11:27 - 2017-04-06 11:27 - 00000117 _____ C:\Windows\system32\netcfg-378082765.txt
2017-04-06 07:03 - 2017-04-06 07:03 - 00000117 _____ C:\Windows\system32\netcfg-362209140.txt
2017-04-06 07:03 - 2017-04-06 07:03 - 00000117 _____ C:\Windows\system32\netcfg-362206062.txt
2017-04-06 02:19 - 2017-04-06 02:19 - 00000117 _____ C:\Windows\system32\netcfg-345189671.txt
2017-04-06 02:19 - 2017-04-06 02:19 - 00000117 _____ C:\Windows\system32\netcfg-345188125.txt
2017-04-05 22:26 - 2017-04-05 22:26 - 00000117 _____ C:\Windows\system32\netcfg-331198296.txt
2017-04-05 22:25 - 2017-04-05 22:25 - 00000117 _____ C:\Windows\system32\netcfg-331194203.txt
2017-04-05 18:49 - 2017-04-05 18:49 - 00000117 _____ C:\Windows\system32\netcfg-318213031.txt
2017-04-05 18:49 - 2017-04-05 18:49 - 00000117 _____ C:\Windows\system32\netcfg-318211484.txt
2017-04-05 18:49 - 2017-04-05 18:49 - 00000117 _____ C:\Windows\system32\netcfg-318206531.txt
2017-04-05 18:48 - 2017-04-05 18:48 - 00000117 _____ C:\Windows\system32\netcfg-318146171.txt
2017-04-05 16:51 - 2017-04-05 16:51 - 00000117 _____ C:\Windows\system32\netcfg-311150031.txt
2017-04-05 16:23 - 2017-04-05 16:23 - 00000117 _____ C:\Windows\system32\netcfg-309418546.txt
2017-04-05 16:21 - 2017-04-05 16:21 - 00000117 _____ C:\Windows\system32\netcfg-309305500.txt
2017-04-05 16:02 - 2017-04-05 16:02 - 00000117 _____ C:\Windows\system32\netcfg-308163093.txt
2017-04-05 15:59 - 2017-04-05 15:59 - 00000117 _____ C:\Windows\system32\netcfg-308030578.txt
2017-04-05 15:59 - 2017-04-05 15:59 - 00000117 _____ C:\Windows\system32\netcfg-308012859.txt
2017-04-05 15:59 - 2017-04-05 15:59 - 00000117 _____ C:\Windows\system32\netcfg-308012671.txt
2017-04-05 15:51 - 2017-04-05 15:51 - 00000132 _____ C:\Windows\system32\netcfg-307506531.txt
2017-04-05 15:51 - 2017-04-05 15:51 - 00000117 _____ C:\Windows\system32\netcfg-307504937.txt
2017-04-05 15:48 - 2017-04-05 15:48 - 00000117 _____ C:\Windows\system32\netcfg-307332859.txt
2017-04-05 15:48 - 2017-04-05 15:48 - 00000117 _____ C:\Windows\system32\netcfg-307332703.txt
2017-04-05 15:28 - 2017-04-05 15:28 - 00000117 _____ C:\Windows\system32\netcfg-306163937.txt
2017-04-05 15:28 - 2017-04-05 15:28 - 00000117 _____ C:\Windows\system32\netcfg-306163796.txt
2017-04-05 11:53 - 2017-04-05 11:53 - 00000117 _____ C:\Windows\system32\netcfg-293230343.txt
2017-04-05 11:53 - 2017-04-05 11:53 - 00000117 _____ C:\Windows\system32\netcfg-293226671.txt
2017-04-04 22:58 - 2017-04-04 22:58 - 00000117 _____ C:\Windows\system32\netcfg-246747296.txt
2017-04-04 22:58 - 2017-04-04 22:58 - 00000117 _____ C:\Windows\system32\netcfg-246747046.txt
2017-04-04 22:13 - 2017-04-04 22:13 - 00000117 _____ C:\Windows\system32\netcfg-244071265.txt
2017-04-04 22:13 - 2017-04-04 22:13 - 00000117 _____ C:\Windows\system32\netcfg-244065468.txt
2017-04-04 17:07 - 2017-04-04 17:07 - 00000117 _____ C:\Windows\system32\netcfg-225727718.txt
2017-04-04 17:07 - 2017-04-04 17:07 - 00000117 _____ C:\Windows\system32\netcfg-225724656.txt
2017-04-04 17:07 - 2017-04-04 17:07 - 00000117 _____ C:\Windows\system32\netcfg-225718234.txt
2017-04-04 17:05 - 2017-04-04 17:05 - 00000117 _____ C:\Windows\system32\netcfg-225566375.txt
2017-04-04 17:05 - 2017-04-04 17:05 - 00000117 _____ C:\Windows\system32\netcfg-225566031.txt
2017-04-04 15:39 - 2017-04-04 15:39 - 00000132 _____ C:\Windows\system32\netcfg-220415765.txt
2017-04-04 15:39 - 2017-04-04 15:39 - 00000117 _____ C:\Windows\system32\netcfg-220414484.txt
2017-04-04 15:34 - 2017-04-04 15:34 - 00000117 _____ C:\Windows\system32\netcfg-220107312.txt
2017-04-04 15:34 - 2017-04-04 15:34 - 00000117 _____ C:\Windows\system32\netcfg-220107203.txt
2017-04-04 13:49 - 2017-04-04 13:49 - 00000117 _____ C:\Windows\system32\netcfg-213824328.txt
2017-04-04 13:20 - 2017-04-04 13:20 - 00000117 _____ C:\Windows\system32\netcfg-212058765.txt
2017-04-04 13:16 - 2017-04-04 13:16 - 00000117 _____ C:\Windows\system32\netcfg-211812687.txt
2017-04-04 13:15 - 2017-04-04 13:16 - 00000117 _____ C:\Windows\system32\netcfg-211804609.txt
2017-04-03 21:14 - 2017-04-03 21:14 - 00000117 _____ C:\Windows\system32\netcfg-154139375.txt
2017-04-03 21:13 - 2017-04-03 21:13 - 00000117 _____ C:\Windows\system32\netcfg-154077015.txt
2017-04-03 20:20 - 2017-04-03 20:20 - 00000117 _____ C:\Windows\system32\netcfg-150871656.txt
2017-04-03 20:20 - 2017-04-03 20:20 - 00000117 _____ C:\Windows\system32\netcfg-150871265.txt
2017-04-03 20:09 - 2017-04-03 20:09 - 00000117 _____ C:\Windows\system32\netcfg-150218828.txt
2017-04-03 20:09 - 2017-04-03 20:09 - 00000117 _____ C:\Windows\system32\netcfg-150218515.txt
2017-04-03 16:56 - 2017-04-03 16:56 - 00000117 _____ C:\Windows\system32\netcfg-138665953.txt
2017-04-03 16:56 - 2017-04-03 16:56 - 00000117 _____ C:\Windows\system32\netcfg-138665781.txt
2017-04-03 16:56 - 2017-04-03 16:56 - 00000117 _____ C:\Windows\system32\netcfg-138665546.txt
2017-04-03 16:56 - 2017-04-03 16:56 - 00000000 ____D C:\Users\user\AppData\Roaming\Umeng
2017-04-03 15:38 - 2017-04-03 15:38 - 00000132 _____ C:\Windows\system32\netcfg-133996531.txt
2017-04-03 15:38 - 2017-04-03 15:38 - 00000117 _____ C:\Windows\system32\netcfg-133991218.txt
2017-04-03 15:37 - 2017-04-03 15:37 - 00000117 _____ C:\Windows\system32\netcfg-133911125.txt
2017-04-03 15:37 - 2017-04-03 15:37 - 00000117 _____ C:\Windows\system32\netcfg-133905656.txt
2017-04-03 15:36 - 2017-04-03 15:37 - 00000117 _____ C:\Windows\system32\netcfg-133881546.txt
2017-04-02 16:14 - 2017-04-02 16:14 - 00000132 _____ C:\Windows\system32\netcfg-49763640.txt
2017-04-02 16:14 - 2017-04-02 16:14 - 00000117 _____ C:\Windows\system32\netcfg-49757828.txt
2017-04-02 16:12 - 2017-04-02 16:12 - 00000710 _____ C:\Users\Public\Desktop\SHAREit.lnk
2017-04-02 16:12 - 2017-04-02 16:12 - 00000000 ____D C:\Users\user\Downloads\SHAREit
2017-04-02 16:12 - 2017-04-02 16:12 - 00000000 ____D C:\Users\user\AppData\Local\SHAREit Technologies
2017-04-02 16:12 - 2017-04-02 16:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SHAREit
2017-04-02 16:01 - 2017-04-02 16:01 - 00000117 _____ C:\Windows\system32\netcfg-48950234.txt
2017-04-02 16:01 - 2017-04-02 16:01 - 00000117 _____ C:\Windows\system32\netcfg-48950171.txt
2017-04-02 16:00 - 2017-04-02 16:00 - 00000117 _____ C:\Windows\system32\netcfg-48927546.txt
2017-04-02 16:00 - 2017-04-02 16:00 - 00000117 _____ C:\Windows\system32\netcfg-48926281.txt
2017-04-02 16:00 - 2017-04-02 16:00 - 00000117 _____ C:\Windows\system32\netcfg-48923187.txt
2017-04-02 16:00 - 2017-04-02 16:00 - 00000117 _____ C:\Windows\system32\netcfg-48917281.txt
2017-04-02 16:00 - 2017-04-02 16:00 - 00000117 _____ C:\Windows\system32\netcfg-48911812.txt
2017-04-02 16:00 - 2017-04-02 16:00 - 00000117 _____ C:\Windows\system32\netcfg-48911718.txt
2017-04-02 16:00 - 2017-04-02 16:00 - 00000117 _____ C:\Windows\system32\netcfg-48882109.txt
2017-04-02 15:36 - 2017-04-02 15:36 - 00000117 _____ C:\Windows\system32\netcfg-47451140.txt
2017-04-02 13:24 - 2017-04-02 13:24 - 00000117 _____ C:\Windows\system32\netcfg-39564328.txt
2017-04-02 13:24 - 2017-04-02 13:24 - 00000117 _____ C:\Windows\system32\netcfg-39564250.txt
2017-04-02 10:29 - 2017-04-02 10:29 - 00000117 _____ C:\Windows\system32\netcfg-29066156.txt
2017-04-02 10:29 - 2017-04-02 10:29 - 00000117 _____ C:\Windows\system32\netcfg-29064203.txt
2017-04-02 09:00 - 2017-04-02 09:00 - 00000117 _____ C:\Windows\system32\netcfg-23721921.txt
2017-04-02 09:00 - 2017-04-02 09:00 - 00000117 _____ C:\Windows\system32\netcfg-23721437.txt
2017-04-02 03:17 - 2017-04-02 03:17 - 00000117 _____ C:\Windows\system32\netcfg-3102921.txt
2017-04-02 03:13 - 2017-04-02 03:13 - 00000117 _____ C:\Windows\system32\netcfg-2912406.txt
2017-04-02 02:19 - 2017-04-02 02:19 - 00000117 _____ C:\Windows\system32\netcfg--462409609.txt
2017-04-02 02:18 - 2017-04-02 02:18 - 00002900 _____ C:\Windows\system32\lic2.xml13371
2017-04-01 16:01 - 2017-04-02 02:19 - 00000117 _____ C:\Windows\system32\netcfg--499505250.txt
2017-04-01 08:43 - 2017-04-01 08:43 - 00000117 _____ C:\Windows\system32\netcfg--525764312.txt
2017-04-01 08:43 - 2017-04-01 08:43 - 00000117 _____ C:\Windows\system32\netcfg--525757968.txt
2017-03-31 16:57 - 2017-04-17 15:15 - 00000000 ____D C:\Users\user\Desktop\CVs for Lecturer
2017-03-31 14:58 - 2017-03-31 14:58 - 00000117 _____ C:\Windows\system32\netcfg--589678687.txt
2017-03-31 14:58 - 2017-03-31 14:58 - 00000117 _____ C:\Windows\system32\netcfg--589674687.txt
2017-03-30 21:49 - 2017-03-30 21:49 - 00000117 _____ C:\Windows\system32\netcfg--651433984.txt
2017-03-30 21:49 - 2017-03-30 21:49 - 00000117 _____ C:\Windows\system32\netcfg--651427062.txt
2017-03-30 17:12 - 2017-03-30 17:12 - 00000117 _____ C:\Windows\system32\netcfg--668068875.txt
2017-03-30 15:37 - 2017-03-30 15:37 - 00000117 _____ C:\Windows\system32\netcfg--673729734.txt
2017-03-29 22:10 - 2017-03-29 22:10 - 00000117 _____ C:\Windows\system32\netcfg--736543703.txt
2017-03-29 22:10 - 2017-03-29 22:10 - 00000117 _____ C:\Windows\system32\netcfg--736541640.txt
2017-03-29 17:32 - 2017-03-29 17:32 - 00000117 _____ C:\Windows\system32\netcfg--753262296.txt
2017-03-29 17:32 - 2017-03-29 17:32 - 00000117 _____ C:\Windows\system32\netcfg--753241781.txt
2017-03-29 17:28 - 2017-03-29 17:28 - 00000117 _____ C:\Windows\system32\netcfg--753456125.txt
2017-03-29 15:41 - 2017-03-29 15:41 - 00000117 _____ C:\Windows\system32\netcfg--759896515.txt
2017-03-28 22:39 - 2017-03-28 22:39 - 00000117 _____ C:\Windows\system32\netcfg--821214437.txt
2017-03-28 22:39 - 2017-03-28 22:39 - 00000117 _____ C:\Windows\system32\netcfg--821212875.txt
2017-03-28 18:01 - 2017-03-28 18:01 - 00000117 _____ C:\Windows\system32\netcfg--837912625.txt
2017-03-28 14:23 - 2017-03-28 14:23 - 00000117 _____ C:\Windows\system32\netcfg--850979468.txt
2017-03-28 07:10 - 2017-03-28 07:10 - 00000117 _____ C:\Windows\system32\netcfg--876949562.txt
2017-03-28 07:09 - 2017-03-28 07:09 - 00000117 _____ C:\Windows\system32\netcfg--877008500.txt
2017-03-27 22:19 - 2017-03-27 22:20 - 07091710 _____ C:\Users\user\Desktop\jpg2pdf.pdf
2017-03-27 20:48 - 2017-03-27 20:48 - 00000117 _____ C:\Windows\system32\netcfg--914265703.txt
2017-03-27 16:58 - 2017-03-27 16:58 - 00000000 ____D C:\Users\user\AppData\LocalLow\uTorrent
2017-03-27 16:57 - 2017-03-27 16:57 - 00000117 _____ C:\Windows\system32\netcfg--928099328.txt
2017-03-27 12:56 - 2017-03-27 12:56 - 00000117 _____ C:\Windows\system32\netcfg--942574328.txt
2017-03-27 12:56 - 2017-03-27 12:56 - 00000117 _____ C:\Windows\system32\netcfg--942574234.txt
2017-03-27 12:47 - 2017-03-27 12:47 - 00000117 _____ C:\Windows\system32\netcfg--943135109.txt
2017-03-27 12:47 - 2017-03-27 12:47 - 00000117 _____ C:\Windows\system32\netcfg--943134859.txt
2017-03-27 12:45 - 2017-03-27 12:45 - 00000117 _____ C:\Windows\system32\netcfg--943228593.txt
2017-03-27 12:42 - 2017-03-27 12:42 - 00000117 _____ C:\Windows\system32\netcfg--943429781.txt
2017-03-27 11:34 - 2017-03-27 11:34 - 00000117 _____ C:\Windows\system32\netcfg--947531640.txt
2017-03-27 11:33 - 2017-03-27 11:33 - 00000117 _____ C:\Windows\system32\netcfg--947536421.txt
2017-03-27 11:22 - 2017-03-27 11:22 - 00000117 _____ C:\Windows\system32\netcfg--948252046.txt
2017-03-27 11:22 - 2017-03-27 11:22 - 00000117 _____ C:\Windows\system32\netcfg--948251734.txt
2017-03-27 10:18 - 2017-03-27 10:18 - 00000117 _____ C:\Windows\system32\netcfg--952080953.txt
2017-03-27 10:18 - 2017-03-27 10:18 - 00000117 _____ C:\Windows\system32\netcfg--952079515.txt
2017-03-26 20:53 - 2017-03-26 20:53 - 00000117 _____ C:\Windows\system32\netcfg--1000383312.txt
2017-03-26 20:53 - 2017-03-26 20:53 - 00000117 _____ C:\Windows\system32\netcfg--1000382687.txt
2017-03-26 20:47 - 2017-03-26 20:47 - 00000117 _____ C:\Windows\system32\netcfg--1000740718.txt
2017-03-26 20:46 - 2017-03-26 20:47 - 00000117 _____ C:\Windows\system32\netcfg--1000770359.txt
2017-03-26 00:38 - 2017-03-26 00:38 - 00000117 _____ C:\Windows\system32\netcfg--1073255609.txt
2017-03-26 00:38 - 2017-03-26 00:38 - 00000117 _____ C:\Windows\system32\netcfg--1073253890.txt
2017-03-25 21:51 - 2017-03-25 21:51 - 00000117 _____ C:\Windows\system32\netcfg--1083267421.txt
2017-03-25 21:51 - 2017-03-25 21:51 - 00000117 _____ C:\Windows\system32\netcfg--1083263343.txt
2017-03-25 17:52 - 2017-03-25 17:52 - 00000117 _____ C:\Windows\system32\netcfg--1097603875.txt
2017-03-25 17:52 - 2017-03-25 17:52 - 00000117 _____ C:\Windows\system32\netcfg--1097601546.txt
2017-03-25 11:01 - 2017-03-25 11:01 - 00000117 _____ C:\Windows\system32\netcfg--1122262593.txt
2017-03-25 11:01 - 2017-03-25 11:01 - 00000117 _____ C:\Windows\system32\netcfg--1122258921.txt
2017-03-24 22:05 - 2017-03-24 22:05 - 00000117 _____ C:\Windows\system32\netcfg--1168799890.txt
2017-03-24 22:05 - 2017-03-24 22:05 - 00000117 _____ C:\Windows\system32\netcfg--1168798953.txt
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-04-22 16:24 - 2015-04-08 02:21 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-04-22 16:19 - 2015-06-10 22:49 - 00000914 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-04-22 09:30 - 2014-05-08 21:25 - 00000950 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3331372526-1816156090-2968472259-1001UA.job
2017-04-22 03:20 - 2016-06-18 04:01 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps
2017-04-22 03:18 - 2015-06-10 22:49 - 00000910 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-04-22 03:15 - 2012-07-26 12:04 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-22 03:14 - 2012-07-26 10:17 - 01048576 ___SH C:\Windows\system32\config\BBI
2017-04-22 03:13 - 2014-05-03 23:37 - 00853312 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-22 03:13 - 2012-07-26 10:43 - 00000000 ____D C:\Windows\inf
2017-04-22 02:36 - 2014-05-19 21:51 - 00000000 ____D C:\ProgramData\Avira
2017-04-22 02:26 - 2014-05-19 21:51 - 00000000 ____D C:\ProgramData\Package Cache
2017-04-22 02:25 - 2015-06-10 21:11 - 00000000 ____D C:\Program Files\Dropbox
2017-04-22 02:00 - 2014-05-07 21:34 - 00000000 ____D C:\Users\user\AppData\Local\Adobe
2017-04-21 01:26 - 2015-08-16 02:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-04-20 22:02 - 2014-10-10 01:16 - 00000000 ____D C:\Users\user\AppData\Roaming\Skype
2017-04-20 11:14 - 2016-08-01 02:23 - 00000000 ____D C:\Users\user\AppData\Roaming\vlc
2017-04-19 22:30 - 2012-07-26 12:53 - 00000000 ___HD C:\Program Files\WindowsApps
2017-04-19 22:30 - 2012-07-26 12:53 - 00000000 ____D C:\Windows\AUInstallAgent
2017-04-19 17:06 - 2014-05-03 23:35 - 00000000 ____D C:\Users\user\AppData\Local\Packages
2017-04-19 02:31 - 2014-10-10 01:16 - 00000000 ____D C:\ProgramData\Skype
2017-04-16 21:30 - 2014-05-08 21:25 - 00000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3331372526-1816156090-2968472259-1001Core.job
2017-04-16 21:24 - 2014-08-11 20:08 - 00001456 _____ C:\Users\user\AppData\Local\Adobe Save for Web 12.0 Prefs
2017-04-12 15:08 - 2012-07-26 12:53 - 00000000 ____D C:\Windows\system32\NDF
2017-04-12 13:05 - 2014-05-03 11:27 - 00000000 ____D C:\Users\user\AppData\Local\ElevatedDiagnostics
2017-04-06 02:30 - 2014-05-10 21:13 - 00002141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-02 14:56 - 2016-04-09 12:14 - 00000000 ____D C:\ProgramData\Lenovo
2017-04-02 14:55 - 2015-02-26 00:12 - 00000000 ____D C:\Users\user\AppData\Local\Lenovo
2017-04-02 03:13 - 2015-01-21 02:56 - 00000587 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2017-04-02 02:26 - 2012-07-26 12:00 - 03943960 _____ C:\Windows\system32\FNTCACHE.DAT
2017-04-02 02:23 - 2014-05-03 23:59 - 00000000 ____D C:\Users\user\AppData\Roaming\uTorrent
2017-03-26 20:53 - 2014-08-27 23:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
 
==================== Files in the root of some directories =======
 
2014-05-03 23:50 - 2014-05-03 23:50 - 0026619 _____ () C:\Program Files\safebrowsing.crx
2014-05-03 23:50 - 2014-05-03 23:50 - 0033830 _____ () C:\Program Files\safebrowsing.xpi
2015-12-15 18:12 - 2015-12-15 18:12 - 0000132 _____ () C:\Users\user\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
2016-04-26 17:56 - 2016-11-21 19:10 - 0000132 _____ () C:\Users\user\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-03-08 22:59 - 2017-03-14 23:52 - 0000034 _____ () C:\Users\user\AppData\Roaming\AdobeWLCMCache.dat
2014-09-30 22:58 - 2014-10-13 00:40 - 1177208 _____ () C:\Users\user\AppData\Roaming\AndyCleanupTool.exe
2014-09-30 22:58 - 2014-10-13 00:40 - 1176696 _____ () C:\Users\user\AppData\Roaming\AndyCleanVM.exe
2016-11-15 13:54 - 2016-12-12 22:27 - 0001393 _____ () C:\Users\user\AppData\Roaming\gnuplot_history
2014-08-11 20:08 - 2017-04-16 21:24 - 0001456 _____ () C:\Users\user\AppData\Local\Adobe Save for Web 12.0 Prefs
2017-02-15 22:12 - 2017-02-15 22:12 - 0004357 _____ () C:\Users\user\AppData\Local\recently-used.xbel
2014-09-11 17:44 - 2014-10-09 23:38 - 0007605 _____ () C:\Users\user\AppData\Local\resmon.resmoncfg
2015-04-02 01:37 - 2015-04-02 01:37 - 0000358 _____ () C:\Users\user\AppData\Local\winconf.pxt
2015-06-24 23:31 - 2015-06-24 23:31 - 0000000 _____ () C:\Users\user\AppData\Local\{A06DDB17-BEFA-4274-AB87-E014237FACAD}
2015-04-23 19:23 - 2015-04-23 19:23 - 0217138 _____ () C:\ProgramData\1429795043.bdinstall.bin
2017-04-22 02:52 - 2017-04-22 02:52 - 0037280 _____ () C:\ProgramData\1492807913.bdinstall.bin
2017-04-22 02:53 - 2017-04-22 02:53 - 0058707 _____ () C:\ProgramData\1492807945.bdinstall.bin
2017-04-22 03:13 - 2017-04-22 03:13 - 0100752 _____ () C:\ProgramData\1492809125.bdinstall.bin
2016-04-30 23:48 - 2016-04-30 23:48 - 0000016 _____ () C:\ProgramData\mntemp
2016-08-05 18:57 - 2016-08-05 18:57 - 0001534 _____ () C:\ProgramData\ss.ini
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-04-11 15:50
 
==================== End of FRST.txt ============================
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-04-2017 01
Ran by user (23-04-2017 00:04:24)
Running from C:\Users\user\Desktop
Microsoft Windows 8 Pro (X86) (2014-05-03 17:34:52)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3331372526-1816156090-2968472259-500 - Administrator - Disabled)
user (S-1-5-21-3331372526-1816156090-2968472259-1001 - Administrator - Enabled) => C:\Users\user
Guest (S-1-5-21-3331372526-1816156090-2968472259-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3331372526-1816156090-2968472259-1001\...\uTorrent) (Version: 3.4.9.43388 - BitTorrent Inc.)
7-Zip 9.08 alpha (HKLM\...\7-Zip) (Version:  - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\{F22C3C05-B1D9-47FF-AA17-4F9DCBFE850F}) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Illustrator CC 2014 (HKLM\...\{F2321021-08A2-44D6-B1DF-BDB415F23EC4}) (Version: 18.0 - Adobe Systems Incorporated)
Adobe Photoshop CS5 (HKLM\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM\...\Adobe SVG Viewer) (Version:  3.0 - Adobe Systems, Inc.)
Adobe Update Management Tool (HKLM\...\{534A7A1A-7102-4AF6-23EA-7CD279C7B625}_is1) (Version: 8.0 - PainteR)
ArcSoft WebCam Companion 4 (HKLM\...\{12450631-3289-40F7-AEC3-F6DCB6E1BDCF}) (Version: 4.0.20.365 - ArcSoft)
Atmel Driver Files (HKLM\...\{5983051E-5C4D-484F-AAF8-BF9D49539531}) (Version: 7.0.954 - Atmel Corporation)
Atmel Jungo USB Driver (HKLM\...\{F5988B43-CDCC-4AD2-91EC-9D4AA75087F4}) (Version: 7.0.136 - Atmel)
Atmel LibUSB0 Driver (x86) (HKLM\...\{A5F681F3-D51D-4EAA-A116-7A1497BFAECE}) (Version: 7.0.125 - Atmel)
Atmel Segger USB Drivers (501e) (HKLM\...\{4C9675D0-C21D-40F0-BBD2-F51BFF7CAFE4}) (Version: 7.0.417 - Atmel)
Atmel WinUSB (HKLM\...\{22D3C72E-42F9-4B0F-B331-E0AA134ADF76}) (Version: 6.2.32 - Atmel)
Audacity 1.3.13 (Unicode) (HKLM\...\Audacity 1.3 Beta (Unicode)_is1) (Version:  - Audacity Team)
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.25.172 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM\...\{897e4d08-9554-48e9-ba07-ce6040867fa3}) (Version: 1.2.83.46341 - Avira Operations GmbH & Co. KG)
Avira Connect (Version: 1.2.83.46341 - Avira Operations GmbH & Co. KG) Hidden
Avro Keyboard 5.5.0 (HKLM\...\Avro Keyboard_is1) (Version: 5.5.0 - OmicronLab)
CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform)
CodeBlocks (HKU\S-1-5-21-3331372526-1816156090-2968472259-1001\...\CodeBlocks) (Version: 13.12 - The Code::Blocks Team)
Command & Conquer™ Red Alert™ 3 (HKLM\...\{296D8550-CB06-48E4-9A8B-E5034FB64715}) (Version: 1.0.1.0 - Electronic Arts)
Connect2 (HKLM\...\Connect2_is1) (Version: 4.1.1.3444 - Lenovo)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.40.2.0131 - DT Soft Ltd)
Dropbox (HKLM\...\Dropbox) (Version: 24.4.16 - Dropbox, Inc.)
Dropbox Update Helper (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
emu8086 microprocessor emulator (HKLM\...\emu8086 microprocessor emulator_is1) (Version:  - emu8086)
EPS Viewer (HKLM\...\{32E05824-A0AC-4DFE-B965-5F52C28FBE9F}_is1) (Version:  - IdeaMK)
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Foxit Cloud (HKLM\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 3.7.143.923 - Foxit Software Inc.)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 7.1.5.425 - Foxit Software Inc.)
Git version 2.10.2 (HKLM\...\Git_is1) (Version: 2.10.2 - The Git Development Community)
gnuplot 5.0 patchlevel 4 (HKLM\...\{AB419AC3-9BC1-4EC5-A75B-4D8870DD651F}_is1) (Version: 5.0 patchlevel 4 - gnuplot development team)
Google Chrome (HKLM\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
Google Drive (HKLM\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
Google Photos Backup (HKU\S-1-5-21-3331372526-1816156090-2968472259-1001\...\Google Photos Backup) (Version: 1.1.2.13 - Google, Inc.)
Google Update Helper (Version: 1.3.33.3 - Google Inc.) Hidden
Inkscape 0.92.0 (HKLM\...\Inkscape) (Version: 0.92.0 - Inkscape Project)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java SE Development Kit 7 Update 13 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0170130}) (Version: 1.7.0.130 - Oracle)
JetBrains PyCharm Community Edition 2016.2.3 (HKLM\...\PyCharm Community Edition 2016.2.3) (Version: 162.1967.10 - JetBrains s.r.o.)
KMSpico v9.1.3 (HKLM\...\KMSpico_is1) (Version: 9.1.3 - )
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Metric Collection SDK 35 (Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft Help Viewer 2.2 (HKLM\...\Microsoft Help Viewer 2.2) (Version: 2.2.23107 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3331372526-1816156090-2968472259-1001\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 English (HKLM\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft Visio Professional 2013 (HKLM\...\Office15.VISPRO) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
MiniTool Partition Wizard Home Edition 8.1.1 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
Mozilla Firefox 40.0 (x86 en-US) (HKU\S-1-5-21-3331372526-1816156090-2968472259-1001\...\Mozilla Firefox 40.0 (x86 en-US)) (Version: 40.0 - Mozilla)
Orbit Downloader (HKLM\...\Orbit_is1) (Version:  - www.orbitdownloader.com)
Origin (HKLM\...\Origin) (Version: 9.7.2.53208 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
PremiumSoft Navicat Premium 10.1 (HKLM\...\PremiumSoft Navicat Premium_is1) (Version: 10.1.6 - PremiumSoft CyberTech Ltd.)
Proteus 8 Professional (HKLM\...\{A686E9C2-C318-4FA0-BAC2-D6FDA2E1B556}) (Version: 8.1.17358.0 - Labcenter Electronics)
Python 2.7 (HKLM\...\{20c31435-2a0a-4580-be8b-ac06fc243ca4}) (Version: 2.7.150 - Python Software Foundation)
Python 3.5.2 (32-bit) (HKU\S-1-5-21-3331372526-1816156090-2968472259-1001\...\{cf72a2ab-2f1d-49fd-a0d7-1065e6357e1e}) (Version: 3.5.2150.0 - Python Software Foundation)
Python 3.5.2 Add to Path (32-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Core Interpreter (32-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Development Libraries (32-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Documentation (32-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Executables (32-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 pip Bootstrap (32-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Standard Library (32-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Tcl/Tk Support (32-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Test Suite (32-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Utility Scripts (32-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM\...\{963ECCDD-F09F-4C24-9367-8B5D748AA7C8}) (Version: 3.5.2121.0 - Python Software Foundation)
Recuva (HKLM\...\Recuva) (Version: 1.40 - Piriform)
Secure Download Manager (HKLM\...\{E040B65B-8683-4228-8C33-D44A141E40EA}) (Version: 3.1.60 - Kivuto Solutions Inc.)
SHAREit (HKLM\...\www.ushareit.com_is1) (Version: 4.0.5.171 - SHAREit Technologies Co.Ltd)
Skype™ 7.33 (HKLM\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
SourceTree (HKLM\...\SourceTree 1.7.0.32509) (Version: 1.7.0.32509 - Atlassian)
SourceTree (Version: 1.7.0.32509 - Atlassian) Hidden
Sublime Text 2.0.2 (HKLM\...\Sublime Text 2_is1) (Version:  - )
TeamViewer 11 (HKLM\...\TeamViewer) (Version: 11.0.59518 - TeamViewer)
Texmaker (HKLM\...\Texmaker) (Version:  - )
Tournaman (HKLM\...\{18B474D8-C9E3-411B-A2FA-FB0C44C43248}) (Version: 2.1.0 - Senff/Fischer)
Universal Adb Driver (HKLM\...\{C0E08D8D-6076-4117-B644-2AF34F35B757}) (Version: 1.0.4 - ClockworkMod)
Viber (HKU\S-1-5-21-3331372526-1816156090-2968472259-1001\...\Viber) (Version: 5.2.0.2546 - Viber Media Inc)
Virtual MIDI Piano Keyboard (HKLM\...\Virtual MIDI Piano Keyboard) (Version: 0.6.0 - VMPK)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WinDjView 2.1 (HKLM\...\WinDjView) (Version: 2.1 - Andrew Zhezherun)
WinHTTrack Website Copier 3.48-19 (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.48.19 - HTTrack)
XAMPP (HKLM\...\xampp) (Version: 5.6.8-0 - Bitnami)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3331372526-1816156090-2968472259-1001_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3331372526-1816156090-2968472259-1001_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-3331372526-1816156090-2968472259-1001_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\user\AppData\Local\Google\Update\1.3.33.3\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3331372526-1816156090-2968472259-1001_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\user\AppData\Local\Google\Update\1.3.33.3\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3331372526-1816156090-2968472259-1001_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\user\AppData\Local\Google\Update\1.3.33.3\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3331372526-1816156090-2968472259-1001_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\user\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-3331372526-1816156090-2968472259-1001_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\user\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-3331372526-1816156090-2968472259-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.33.3\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3331372526-1816156090-2968472259-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331372526-1816156090-2968472259-1001_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3331372526-1816156090-2968472259-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331372526-1816156090-2968472259-1001_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.33.3\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3331372526-1816156090-2968472259-1001_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.33.3\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3331372526-1816156090-2968472259-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331372526-1816156090-2968472259-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.32.7\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3331372526-1816156090-2968472259-1001_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\user\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CustomCLSID: HKU\S-1-5-21-3331372526-1816156090-2968472259-1001_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\user\AppData\Local\Google\Update\1.3.33.3\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3331372526-1816156090-2968472259-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.33.3\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3331372526-1816156090-2968472259-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331372526-1816156090-2968472259-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\FileSyncApi.dll (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {07A78078-9D19-4517-8276-A6CF86963938} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 35 => %ProgramFiles%\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe 
Task: {0A2BD3CB-5F03-451B-AE16-1F33FE87F885} - System32\Tasks\AutoRunDev => C:\Program Files\Seowon\SW_WiMaxCM.exe 
Task: {0E264651-703C-42E1-BFD7-BE673900150A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {11EDDB0F-AB64-40E0-A64D-CC35739010A5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3331372526-1816156090-2968472259-1001Core => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2017-03-05] (Google Inc.)
Task: {214D36CC-5708-4D1B-A6D7-BA42369E7EFF} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {22091F6C-D23B-43D4-873A-AEA46205F05A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3331372526-1816156090-2968472259-1001Core => C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-05-08] (Facebook Inc.)
Task: {41FCFD0A-D3F5-4019-80D8-804F71163956} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2013-12-12] ()
Task: {4FC182D6-6F3D-4B8F-889C-48478C2DF658} - System32\Tasks\{055CECDF-96C2-4897-9C66-2477A12A4D88} => Chrome.exe hxxp://ui.skype.com/ui/0/7.17.0.105/en/abandoninstall?page=tsProgressBar
Task: {51AA41B7-4704-4BB1-9C07-EB409545D35F} - System32\Tasks\{FBE319F8-36A8-434C-B6E6-06A08DC8598E} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.21.0.104&amp;LastError=2
Task: {5B5FD59B-76DE-416A-BC9E-2C1170942B14} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-08] (Adobe Systems Incorporated)
Task: {6115F6B0-EBF9-4F75-8560-00CCBBFA380B} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3331372526-1816156090-2968472259-1001UA => C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-05-08] (Facebook Inc.)
Task: {65EE4F3B-BD6C-4FBA-80A5-0FD827300ABF} - System32\Tasks\{DC226671-A506-41E3-8A62-02D6BD241C6D} => Chrome.exe hxxp://ui.skype.com/ui/0/7.17.0.105/en/abandoninstall?page=tsProgressBar
Task: {95607765-93A3-4E67-9158-714DA01F81CB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3331372526-1816156090-2968472259-1001UA => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2017-03-05] (Google Inc.)
Task: {A3D31A7E-61AE-470F-B081-024B63765EF9} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {C0E45BCB-52CC-4381-8F4B-27FDF713CA6D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => F:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {C8D795DC-9025-44A3-8A07-19968BF34DAE} - System32\Tasks\AdobeAAMUpdater-1.0-userPC-user => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {C9D06145-CBAC-41B1-B6BE-A1CD978886FD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {D480185B-48AD-4D5E-B370-B56222C11A68} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => F:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {EBE6A636-9792-4AF2-99A8-0593E2C1C075} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {EE4864BA-445B-4DD8-8326-908E40731389} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3331372526-1816156090-2968472259-1001Core.job => C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3331372526-1816156090-2968472259-1001UA.job => C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-05-27 09:57 - 2012-09-18 15:26 - 00169472 _____ () C:\Windows\System32\zlhp1020.dll
2016-05-27 09:57 - 2012-09-18 15:26 - 00059904 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\pphp1020.dll
2017-04-21 01:26 - 2017-03-22 10:24 - 01736992 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-04-21 01:26 - 2017-03-23 19:40 - 01726928 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2013-02-22 17:59 - 2013-02-22 17:59 - 06523472 _____ () F:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-05-03 23:58 - 2014-05-04 00:05 - 00140208 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2017-04-06 02:30 - 2017-03-29 08:04 - 02187096 _____ () C:\Program Files\Google\Chrome\Application\57.0.2987.133\libglesv2.dll
2017-04-06 02:30 - 2017-03-29 08:04 - 00086360 _____ () C:\Program Files\Google\Chrome\Application\57.0.2987.133\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-26 10:17 - 2015-12-16 13:30 - 00000822 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3331372526-1816156090-2968472259-1001\Control Panel\Desktop\\Wallpaper -> G:\downloaded\images\65848.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run: => "AdobeCS5ServiceManager"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "SwitchBoard"
HKLM\...\StartupApproved\Run: => "QuickTime Task"
HKLM\...\StartupApproved\Run: => "BlueStacks Agent"
HKLM\...\StartupApproved\Run: => "Adobe ARM"
HKLM\...\StartupApproved\Run: => "Dropbox"
HKU\S-1-5-21-3331372526-1816156090-2968472259-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-3331372526-1816156090-2968472259-1001\...\StartupApproved\Run: => "Viber"
HKU\S-1-5-21-3331372526-1816156090-2968472259-1001\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-3331372526-1816156090-2968472259-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-3331372526-1816156090-2968472259-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-3331372526-1816156090-2968472259-1001\...\StartupApproved\Run: => "IDMan"
HKU\S-1-5-21-3331372526-1816156090-2968472259-1001\...\StartupApproved\Run: => "Google Photos Backup"
HKU\S-1-5-21-3331372526-1816156090-2968472259-1001\...\StartupApproved\Run: => "Google Update"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{8A4843FF-A9D6-46E1-A02F-98991A156053}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{B9D1D843-A80C-4D9E-BF3C-B97C4CF334DA}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{F8F2A880-93C7-4A0E-8DD3-E0760ADB5190}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{A4C70CC0-A2A9-4321-8E66-BDF4C8B22BE0}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{2783C96F-6EA3-408A-9EC0-9BA5ADE3EC9D}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{18592887-4D0F-4CBA-9B4E-5A8012963094}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{4234FD0E-9949-443F-A62B-6DEE4A20D5E6}] => (Allow) C:\Users\user\AppData\Local\Viber\Viber.exe
FirewallRules: [{DE872229-C336-4FE1-A39E-9E736B437377}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{DB827668-0FC5-409C-A334-B8F99280652C}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [TCP Query User{28D5DBD2-1269-4898-BCBE-3BFA4A8B0D76}F:\movies\defcon\gamefiles\defcon.exe] => (Allow) F:\movies\defcon\gamefiles\defcon.exe
FirewallRules: [UDP Query User{3462FC6C-1307-4E32-AFE8-D8BA7A39C110}F:\movies\defcon\gamefiles\defcon.exe] => (Allow) F:\movies\defcon\gamefiles\defcon.exe
FirewallRules: [TCP Query User{2FB66F7C-BEE6-4D6E-83DF-1EA2345742CE}F:\movies\defcon\new\defcon.exe] => (Allow) F:\movies\defcon\new\defcon.exe
FirewallRules: [UDP Query User{E9ABB53A-DE65-4BC9-BEC1-24805D396C2E}F:\movies\defcon\new\defcon.exe] => (Allow) F:\movies\defcon\new\defcon.exe
FirewallRules: [TCP Query User{0D715DE2-1281-4C29-9F12-655D6F98DC2A}F:\defcon\defcon.exe] => (Allow) F:\defcon\defcon.exe
FirewallRules: [UDP Query User{7F08C2C3-7494-45C3-B9E5-7BEED1AFB79B}F:\defcon\defcon.exe] => (Allow) F:\defcon\defcon.exe
FirewallRules: [{4D93AB0C-C999-4C5D-A7F1-AC311B164578}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{242CBA3E-F0BF-4BC2-A830-19F61BEF0C3C}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [TCP Query User{B48BDAF4-9EF8-4F40-B235-651C3135465E}F:\aoe\age of empires ii\empires2.exe] => (Allow) F:\aoe\age of empires ii\empires2.exe
FirewallRules: [UDP Query User{A0B71ADC-4EFC-408E-BF10-1853A15710CC}F:\aoe\age of empires ii\empires2.exe] => (Allow) F:\aoe\age of empires ii\empires2.exe
FirewallRules: [TCP Query User{F92CB6DF-401B-4100-8FE0-373F48B8BE78}C:\program files\java\jdk1.7.0_13\bin\java.exe] => (Allow) C:\program files\java\jdk1.7.0_13\bin\java.exe
FirewallRules: [UDP Query User{589C388C-0D37-4D7C-8425-5CEEA331B748}C:\program files\java\jdk1.7.0_13\bin\java.exe] => (Allow) C:\program files\java\jdk1.7.0_13\bin\java.exe
FirewallRules: [TCP Query User{D180E63A-7640-4165-8271-58C94E814F1B}F:\command & conquer red alert 2\game.exe] => (Allow) F:\command & conquer red alert 2\game.exe
FirewallRules: [UDP Query User{07071C25-426E-4736-95EF-F08149FF13CC}F:\command & conquer red alert 2\game.exe] => (Allow) F:\command & conquer red alert 2\game.exe
FirewallRules: [TCP Query User{E443580B-D588-4C8A-9D88-70D7696A5AEE}F:\program files\orbitdownloader\orbitnet.exe] => (Allow) F:\program files\orbitdownloader\orbitnet.exe
FirewallRules: [UDP Query User{0AA7B64B-502B-4273-B20B-BB9949170263}F:\program files\orbitdownloader\orbitnet.exe] => (Allow) F:\program files\orbitdownloader\orbitnet.exe
FirewallRules: [TCP Query User{0ED7974A-AD6D-4FF2-8C61-3C76EB33A5F9}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{B2B8DB34-A55E-4E5E-96CD-F7D367F367EA}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{BB5E5832-DDFF-41E0-9DF9-3C009C7FA9FA}F:\python34\python.exe] => (Allow) F:\python34\python.exe
FirewallRules: [UDP Query User{9C7D41FC-306F-40E8-A88F-0021C89B4DA3}F:\python34\python.exe] => (Allow) F:\python34\python.exe
FirewallRules: [TCP Query User{8960B310-61CF-4C00-AB3D-50B6F43A0FCE}F:\defcon\defcon (2).exe] => (Allow) F:\defcon\defcon (2).exe
FirewallRules: [UDP Query User{1BC4D06E-4130-4DCE-BB54-0808D230F174}F:\defcon\defcon (2).exe] => (Allow) F:\defcon\defcon (2).exe
FirewallRules: [TCP Query User{8C599189-32F9-4026-99E1-B00FF6633657}J:\gamefiles\defcon.exe] => (Block) J:\gamefiles\defcon.exe
FirewallRules: [UDP Query User{F133BBD8-A158-4C42-BACB-38505ABD2EF3}J:\gamefiles\defcon.exe] => (Block) J:\gamefiles\defcon.exe
FirewallRules: [{1D32B760-A9E9-4C14-B009-1FE73A66EA59}] => (Allow) C:\Users\user\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [TCP Query User{C7F38880-2BE3-4BAE-81EB-521E08DAF92D}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [UDP Query User{39B0F571-DA74-490E-9305-0717D765BD18}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [TCP Query User{7B801BC2-3A2F-4C24-9CE6-6C984B174BC7}F:\vmpk\vmpk.exe] => (Allow) F:\vmpk\vmpk.exe
FirewallRules: [UDP Query User{202507E2-16A2-4957-95AD-32898912A6F7}F:\vmpk\vmpk.exe] => (Allow) F:\vmpk\vmpk.exe
FirewallRules: [{0F214B9F-F6A4-4FE4-8D0F-98EA962F215C}] => (Block) F:\vmpk\vmpk.exe
FirewallRules: [{BFBE7752-E878-4197-8053-7DCDD5410B2E}] => (Block) F:\vmpk\vmpk.exe
FirewallRules: [TCP Query User{F7867A56-EBB7-4553-9FD7-52C6067CC617}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [UDP Query User{67D1021C-B8F4-41D2-B210-5C51CAFB27C4}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [TCP Query User{5E30FAC7-B1D6-40EF-B759-860B203E5DFF}F:\fifa 12\game\fifa.exe] => (Block) F:\fifa 12\game\fifa.exe
FirewallRules: [UDP Query User{D0AA3F76-F21F-449B-ACC0-CC967649B2DC}F:\fifa 12\game\fifa.exe] => (Block) F:\fifa 12\game\fifa.exe
FirewallRules: [TCP Query User{A2E76572-C67B-4419-8152-171A1FD5B5C0}F:\skype\phone\skype.exe] => (Allow) F:\skype\phone\skype.exe
FirewallRules: [{90BAAE6D-F57F-4733-8F6A-98FE2FFF7B40}] => (Allow) C:\Users\user\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [TCP Query User{E749AF27-0F59-4AFE-A660-1EB15A1B90DF}F:\python34\python.exe] => (Allow) F:\python34\python.exe
FirewallRules: [UDP Query User{3BD544AF-5AB8-4980-BF8C-C5D3EB5962D8}F:\python34\python.exe] => (Allow) F:\python34\python.exe
FirewallRules: [TCP Query User{B7C0E9AA-DFED-4BC1-8ABC-BAC132C10152}F:\java\netbeans 7.4\bin\netbeans.exe] => (Allow) F:\java\netbeans 7.4\bin\netbeans.exe
FirewallRules: [UDP Query User{51AEE72A-5FAC-4CC7-B5E3-11D579E5F0C6}F:\java\netbeans 7.4\bin\netbeans.exe] => (Allow) F:\java\netbeans 7.4\bin\netbeans.exe
FirewallRules: [TCP Query User{370F8D2C-998F-491B-9ED6-71D84BFF2E56}F:\aoe\age of empires ii\age2_x1.exe] => (Block) F:\aoe\age of empires ii\age2_x1.exe
FirewallRules: [UDP Query User{43FA37B2-1DDB-4743-AC7E-EB34257DCF4E}F:\aoe\age of empires ii\age2_x1.exe] => (Block) F:\aoe\age of empires ii\age2_x1.exe
FirewallRules: [{E966C556-9E75-4C97-AA7A-73F70FDDF33D}] => (Allow) F:\steam\Steam.exe
FirewallRules: [{6BB646AF-5152-4DEB-B30F-148B2B3C4B03}] => (Allow) F:\steam\Steam.exe
FirewallRules: [{6E535659-4640-4E37-9038-D5782ABA619E}] => (Allow) F:\steam\bin\steamwebhelper.exe
FirewallRules: [{A9E32A4B-5464-4371-A261-3C4BE6573B7C}] => (Allow) F:\steam\bin\steamwebhelper.exe
FirewallRules: [{C877B82B-C26C-4C59-AF83-0127C203B433}] => (Allow) F:\steam\steamapps\common\Defcon\defcon.exe
FirewallRules: [{23E97E99-7BBD-482B-BF37-A56005718A32}] => (Allow) F:\steam\steamapps\common\Defcon\defcon.exe
FirewallRules: [{3885F355-5F6F-4302-AD08-8E79559A9528}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{758DC1DA-C0B5-4217-B07C-2DA63A5C220D}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F18FAD96-2AB8-49F7-990C-9ECE7983F392}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1746C309-BF57-4A2B-9DBC-07EAA9E1387C}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{284E375B-2736-42FD-9AF6-612FD3631BE6}F:\call of duty 4 - modern warfare\call of duty 4 - modern warfare\call of duty 4 - modern warfare\iw3mp.exe] => (Allow) F:\call of duty 4 - modern warfare\call of duty 4 - modern warfare\call of duty 4 - modern warfare\iw3mp.exe
FirewallRules: [UDP Query User{8B011B4D-B919-4690-A3C6-DDD1DFB2D88A}F:\call of duty 4 - modern warfare\call of duty 4 - modern warfare\call of duty 4 - modern warfare\iw3mp.exe] => (Allow) F:\call of duty 4 - modern warfare\call of duty 4 - modern warfare\call of duty 4 - modern warfare\iw3mp.exe
FirewallRules: [TCP Query User{24FFFB5F-4C9E-434F-893F-B0BB98E0C12A}F:\mirc\mirc.exe] => (Allow) F:\mirc\mirc.exe
FirewallRules: [UDP Query User{461FCF4E-E0C9-462E-B538-E1051E80EE39}F:\mirc\mirc.exe] => (Allow) F:\mirc\mirc.exe
FirewallRules: [TCP Query User{58E20686-2164-43F0-B437-72E99BCE1FB2}F:\android\eclipse-java-luna-sr1a-win32\eclipse\eclipse.exe] => (Allow) F:\android\eclipse-java-luna-sr1a-win32\eclipse\eclipse.exe
FirewallRules: [UDP Query User{4D72D43E-A8AC-4885-AF9C-F3B8C0DE9F98}F:\android\eclipse-java-luna-sr1a-win32\eclipse\eclipse.exe] => (Allow) F:\android\eclipse-java-luna-sr1a-win32\eclipse\eclipse.exe
FirewallRules: [TCP Query User{16811152-75D8-48D9-9BAF-629460AA4405}C:\users\user\appdata\local\temp\orainstall2015-02-27_07-12-41pm\jdk\jre\bin\javaw.exe] => (Allow) C:\users\user\appdata\local\temp\orainstall2015-02-27_07-12-41pm\jdk\jre\bin\javaw.exe
FirewallRules: [UDP Query User{E4D20A4E-59FC-4EC3-85C3-D937C9EB584E}C:\users\user\appdata\local\temp\orainstall2015-02-27_07-12-41pm\jdk\jre\bin\javaw.exe] => (Allow) C:\users\user\appdata\local\temp\orainstall2015-02-27_07-12-41pm\jdk\jre\bin\javaw.exe
FirewallRules: [TCP Query User{210AEF04-7483-4E79-B768-A36D6FC1543F}F:\orcl\soft\jdk\jre\bin\java.exe] => (Allow) F:\orcl\soft\jdk\jre\bin\java.exe
FirewallRules: [UDP Query User{0A36CAB8-689C-4723-8E4B-4F354B38FD47}F:\orcl\soft\jdk\jre\bin\java.exe] => (Allow) F:\orcl\soft\jdk\jre\bin\java.exe
FirewallRules: [TCP Query User{3D7BA2CF-2ADF-46B2-BB03-BE5780447171}F:\backup\program files\mozilla firefox\firefox.exe] => (Allow) F:\backup\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{8700F3F0-1E3B-4642-91C3-20A8BB05A918}F:\backup\program files\mozilla firefox\firefox.exe] => (Allow) F:\backup\program files\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{AF467C26-FF58-4884-8693-CAB6B5305088}F:\backup\program files\mozilla firefox\firefox.exe] => (Allow) F:\backup\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{9D690990-41A5-4705-8B24-B929662613D9}F:\backup\program files\mozilla firefox\firefox.exe] => (Allow) F:\backup\program files\mozilla firefox\firefox.exe
FirewallRules: [{D7B4A735-B7C7-483F-94CC-F8485CB42963}] => (Allow) C:\Program Files\MyPublicWiFi\MyPublicWiFi.exe
FirewallRules: [{1A014206-FAD4-47E8-803C-5622805AF7CF}] => (Allow) C:\Program Files\MyPublicWiFi\MyPublicWiFi.exe
FirewallRules: [{5914AF1A-44B6-4E11-8CBC-CB9CC92CDA5F}] => (Allow) F:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{C3012413-0696-4FFA-B3B4-409BBD0EFBC6}] => (Allow) F:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{36A8AF0D-B368-47C4-9771-7099CA8A0914}] => (Allow) F:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{F42BFCAC-2936-4407-9788-0DF44E6A921D}] => (Allow) F:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{4E084A55-D5F5-4694-B7BB-442AC5D4B140}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{F795D89A-8C25-4924-BD41-531A95643D84}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [TCP Query User{75161E6C-E491-47EE-80B1-8290C575F983}C:\users\user\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\user\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [UDP Query User{EA395394-2878-4BB0-BBA2-EFBB21CF2189}C:\users\user\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\user\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [{DA54BF31-75F6-4DE3-9681-049E77BE0F96}] => (Allow) F:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{F793D761-AB9A-463F-84E1-B07FCA8973BF}] => (Allow) F:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{F4FEAEAA-E463-44B8-A74F-965CAE8344A7}] => (Allow) F:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{6A60F260-836E-4AE6-A040-8B8EA3C9133E}] => (Allow) F:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{CDFE641B-4D31-4686-A756-C010926493AB}C:\users\user\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\user\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [UDP Query User{9235C1C4-FBA6-4145-8090-795CF579317C}C:\users\user\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\user\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [TCP Query User{813E0545-344B-4255-AB28-D878EFDC92B2}C:\users\user\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\user\appdata\local\popcorn time\nw.exe
FirewallRules: [UDP Query User{2466807B-6A95-4153-B443-C91587B75A2E}C:\users\user\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\user\appdata\local\popcorn time\nw.exe
FirewallRules: [TCP Query User{C5FD6762-A4A2-4094-AC2F-6CA08F771050}G:\books\3-2 books\cse 322 computer networks sessional\offline 2_dll\offline 2_dll\mainoffline_whatwevetodo\exe\exe\connectiondaemon.exe] => (Allow) G:\books\3-2 books\cse 322 computer networks sessional\offline 2_dll\offline 2_dll\mainoffline_whatwevetodo\exe\exe\connectiondaemon.exe
FirewallRules: [UDP Query User{53594713-6249-45B5-B2FA-BE12AB86B88B}G:\books\3-2 books\cse 322 computer networks sessional\offline 2_dll\offline 2_dll\mainoffline_whatwevetodo\exe\exe\connectiondaemon.exe] => (Allow) G:\books\3-2 books\cse 322 computer networks sessional\offline 2_dll\offline 2_dll\mainoffline_whatwevetodo\exe\exe\connectiondaemon.exe
FirewallRules: [TCP Query User{58AAE537-F1E6-4213-8DFC-FA8CE5CBAB75}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{004FA5F8-86C7-4142-AF2A-0028C4A19C80}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{99B90566-C273-407D-8DC3-E062D5350905}] => (Allow) F:\Program Files\Labcenter Electronics\Proteus 8 Professional\BIN\PDS.EXE
FirewallRules: [{E1CAC919-6C6F-46E9-9436-430E926C9087}] => (Allow) F:\Program Files\Labcenter Electronics\Proteus 8 Professional\BIN\PDS.EXE
FirewallRules: [TCP Query User{7AF7DD7A-279C-4B8D-B70D-507DCE5D18DA}F:\program files\arduino\java\bin\javaw.exe] => (Allow) F:\program files\arduino\java\bin\javaw.exe
FirewallRules: [UDP Query User{3816B68A-1EAB-4883-8013-292039FE9559}F:\program files\arduino\java\bin\javaw.exe] => (Allow) F:\program files\arduino\java\bin\javaw.exe
FirewallRules: [TCP Query User{238C9C01-D6CF-4F04-8B4E-42EE916FE20B}F:\program files\cisco packet tracer 6.1.1sv\bin\packettracer6.exe] => (Allow) F:\program files\cisco packet tracer 6.1.1sv\bin\packettracer6.exe
FirewallRules: [UDP Query User{D4F6407D-4DD4-4EA7-B83F-29122477F0C7}F:\program files\cisco packet tracer 6.1.1sv\bin\packettracer6.exe] => (Allow) F:\program files\cisco packet tracer 6.1.1sv\bin\packettracer6.exe
FirewallRules: [{16CF4AB6-6CC0-4FE8-BEE0-103C266C70F7}] => (Allow) F:\proteus\BIN\\PDS.EXE
FirewallRules: [{84615836-FB52-4D5C-A549-CD4A7B7B305C}] => (Allow) F:\proteus\BIN\\PDS.EXE
FirewallRules: [{424A6C34-2450-40A0-ADCC-B56188EF7DF0}] => (Allow) F:\Program Files\TeamViewer.exe
FirewallRules: [{27B134B7-25E7-42C7-B954-5B263B31D14D}] => (Allow) F:\Program Files\TeamViewer.exe
FirewallRules: [{BBC8063A-B533-416E-B35C-E87ECD3A2950}] => (Allow) F:\Program Files\TeamViewer_Service.exe
FirewallRules: [{DDE9420B-16C8-4117-9EF6-C612367F74D3}] => (Allow) F:\Program Files\TeamViewer_Service.exe
FirewallRules: [{6456858F-3CA5-46F7-A2ED-A406158008F5}] => (Allow) C:\Program Files\Lenovo\Connect2\Connect2.exe
FirewallRules: [{C300951E-5C0B-4D31-84AC-6FC52DA23E20}] => (Allow) C:\Program Files\Lenovo\Connect2\Connect2.exe
FirewallRules: [{E548B7C9-C400-4BFC-B156-07729E23D0B0}] => (Allow) C:\Program Files\Lenovo\Connect2\Connect2.exe
FirewallRules: [TCP Query User{5C5DD8B3-6979-4D3C-9314-D80D3A0DD5D5}F:\python\python.exe] => (Allow) F:\python\python.exe
FirewallRules: [UDP Query User{19011053-450B-4746-81FA-53E1958634F1}F:\python\python.exe] => (Allow) F:\python\python.exe
FirewallRules: [{98AFF8BD-5F85-475F-B9D5-AB155565B6A5}] => (Allow) f:\SHAREit Technologies\SHAREit\SHAREit.exe
FirewallRules: [{5BC4379E-599A-45C2-BB5F-990E1D04E4EB}] => (Allow) f:\SHAREit Technologies\SHAREit\SHAREit.exe
FirewallRules: [{CBA68503-D7C3-4796-BC6D-B0EA842A4755}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{74DA37A8-6210-42A7-B725-09985E0AF35A}] => (Allow) LPort=1688
FirewallRules: [{393840B6-6544-45B0-83A9-8ED4E9964DCF}] => (Allow) C:\Program Files\Dropbox\Client\Dropbox.exe
StandardProfile\AuthorizedApplications: [F:\Program Files\Orbitdownloader\orbitdm.exe] => Enabled:Orbit
StandardProfile\AuthorizedApplications: [F:\Program Files\Orbitdownloader\orbitnet.exe] => Enabled:Orbit
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
Name: Qualcomm Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.30)
Description: Qualcomm Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.30)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros
Service: L1C
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/22/2017 03:48:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.2.9200.16384, time stamp: 0x501088d9
Faulting module name: ntdll.dll, version: 6.2.9200.16384, time stamp: 0x5010aeb6
Exception code: 0xc000000d
Fault offset: 0x000e888c
Faulting process id: 0xa84
Faulting application start time: 0x01d2bae8673cecad
Faulting application path: C:\Windows\System32\svchost.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 3dc69846-26dc-11e7-b026-861f77527aa9
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (04/22/2017 03:20:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LiveComm.exe, version: 17.0.1119.516, time stamp: 0x519504e6
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x12f4
Faulting application start time: 0x01d2bae4e28d7aa0
Faulting application path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe\LiveComm.exe
Faulting module path: unknown
Report Id: 5dceddde-26d8-11e7-b026-861f77527aa9
Faulting package full name: microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe
Faulting package-relative application ID: Microsoft.WindowsLive.Mail
 
Error: (04/22/2017 03:17:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Service_KMS.exe, version: 11.0.0.0, time stamp: 0x52a8d15d
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x00790598
Faulting process id: 0x91c
Faulting application start time: 0x01d2bae482d644a6
Faulting application path: C:\Program Files\KMSpico\Service_KMS.exe
Faulting module path: unknown
Report Id: f7a5bd34-26d7-11e7-b026-861f77527aa9
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (04/22/2017 03:07:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Service_KMS.exe, version: 11.0.0.0, time stamp: 0x52a8d15d
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x01520598
Faulting process id: 0x948
Faulting application start time: 0x01d2bae34309e9eb
Faulting application path: C:\Program Files\KMSpico\Service_KMS.exe
Faulting module path: unknown
Report Id: 97aa3841-26d6-11e7-b025-84c6f84e27ad
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (04/22/2017 01:36:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Service_KMS.exe, version: 11.0.0.0, time stamp: 0x52a8d15d
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x008e0598
Faulting process id: 0x8d8
Faulting application start time: 0x01d2ba1c6806fad8
Faulting application path: C:\Program Files\KMSpico\Service_KMS.exe
Faulting module path: unknown
Report Id: cc55100e-26c9-11e7-b024-9be44b55c7cb
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (04/21/2017 01:59:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Service_KMS.exe, version: 11.0.0.0, time stamp: 0x52a8d15d
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x012d0598
Faulting process id: 0x994
Faulting application start time: 0x01d2ba1083324ee3
Faulting application path: C:\Program Files\KMSpico\Service_KMS.exe
Faulting module path: unknown
Report Id: ec85fb5f-2603-11e7-b023-9d10ef7be0c6
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (04/21/2017 12:59:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LiveComm.exe, version: 17.0.1119.516, time stamp: 0x519504e6
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x9cc
Faulting application start time: 0x01d2b9f6b2a65bb6
Faulting application path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe\LiveComm.exe
Faulting module path: unknown
Report Id: 7df0f564-25fb-11e7-b022-d773389591d2
Faulting package full name: microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe
Faulting package-relative application ID: Microsoft.WindowsLive.Mail
 
Error: (04/20/2017 12:36:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LiveComm.exe, version: 17.0.1119.516, time stamp: 0x519504e6
Faulting module name: ntdll.dll, version: 6.2.9200.16384, time stamp: 0x5010aeb6
Exception code: 0xc000000d
Fault offset: 0x000e888c
Faulting process id: 0xc24
Faulting application start time: 0x01d2b9960561142a
Faulting application path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe\LiveComm.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: bed73337-2593-11e7-b022-d773389591d2
Faulting package full name: microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe
Faulting package-relative application ID: Microsoft.WindowsLive.Mail
 
Error: (04/20/2017 11:21:52 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: userPC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (04/20/2017 11:21:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LiveComm.exe, version: 17.0.1119.516, time stamp: 0x519504e6
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0xec0
Faulting application start time: 0x01d2b96a77f17f6b
Faulting application path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe\LiveComm.exe
Faulting module path: unknown
Report Id: 3f695f37-2589-11e7-b022-d773389591d2
Faulting package full name: microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe
Faulting package-relative application ID: Microsoft.WindowsLive.Mail
 
 
System errors:
=============
Error: (04/22/2017 08:04:43 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5
 
Error: (04/22/2017 05:04:18 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
 
Error: (04/22/2017 09:58:55 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5
 
Error: (04/22/2017 03:18:02 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Service KMSELDI service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/22/2017 03:16:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The OracleServiceORCL service failed to start due to the following error: 
%%1053 = The service did not respond to the start or control request in a timely fashion.
 
Error: (04/22/2017 03:16:15 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the OracleServiceORCL service to connect.
 
Error: (04/22/2017 03:16:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The OracleDBConsoleorcl service failed to start due to the following error: 
%%2 = The system cannot find the file specified.
 
Error: (04/22/2017 03:16:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Mobizen plugin service failed to start due to the following error: 
%%2 = The system cannot find the file specified.
 
Error: (04/22/2017 03:15:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The GCT WiMax Protocol Driver service failed to start due to the following error: 
%%2 = The system cannot find the file specified.
 
Error: (04/22/2017 03:14:35 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.
 
 
CodeIntegrity:
===================================
  Date: 2017-02-15 18:03:35.814
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\backgroundTaskHost.exe) attempted to load \Device\HarddiskVolume2\Program Files\WindowsApps\Microsoft.BingWeather_2.0.0.310_x86__8wekyb3d8bbwe\Platform.winmd with signing level Authenticode while the system requires signing level 6 or better to load.
 
  Date: 2017-02-15 17:33:52.757
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\backgroundTaskHost.exe) attempted to load \Device\HarddiskVolume2\Program Files\WindowsApps\Microsoft.BingSports_2.0.0.310_x86__8wekyb3d8bbwe\Platform.winmd with signing level Authenticode while the system requires signing level 6 or better to load.
 
  Date: 2017-02-15 16:53:26.290
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\backgroundTaskHost.exe) attempted to load \Device\HarddiskVolume2\Program Files\WindowsApps\Microsoft.BingNews_2.0.0.308_x86__8wekyb3d8bbwe\Platform.winmd with signing level Authenticode while the system requires signing level 6 or better to load.
 
  Date: 2017-02-15 16:53:26.259
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\backgroundTaskHost.exe) attempted to load \Device\HarddiskVolume2\Program Files\WindowsApps\Microsoft.BingTravel_2.0.0.308_x86__8wekyb3d8bbwe\Platform.winmd with signing level Authenticode while the system requires signing level 6 or better to load.
 
  Date: 2017-02-15 16:37:48.843
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\WWAHost.exe) attempted to load \Device\HarddiskVolume2\Program Files\WindowsApps\microsoft.windowsphotos_16.4.4396.311_x86__8wekyb3d8bbwe\Microsoft.winmd with signing level Authenticode while the system requires signing level 6 or better to load.
 
  Date: 2017-02-15 16:36:22.382
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe\LiveComm.exe with signing level Authenticode while the system requires signing level 6 or better to load.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3 CPU M 380 @ 2.53GHz
Percentage of memory in use: 75%
Total physical RAM: 1780.43 MB
Available physical RAM: 439.92 MB
Total Virtual: 3828.43 MB
Available Virtual: 1829 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:48.73 GB) (Free:7.08 GB) NTFS
Drive d: (Songs) (Fixed) (Total:62.54 GB) (Free:16.19 GB) NTFS
Drive e: (Videos) (Fixed) (Total:102.54 GB) (Free:18.09 GB) NTFS
Drive f: (Games) (Fixed) (Total:109.31 GB) (Free:34.1 GB) NTFS
Drive g: (Software) (Fixed) (Total:102.54 GB) (Free:5.63 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 9CD89EFA)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=48.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=102.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=314.4 GB) - (Type=OF Extended)
 
==================== End of Addition.txt ============================

Edited by ubermarx, 22 April 2017 - 03:11 PM.


#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:37 AM

Posted 25 April 2017 - 07:30 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove this program in bold via the Control Panel > Programs > Programs and Features.
KMSpico v9.1.3 (HKLM\...\KMSpico_is1) (Version: 9.1.3 - )
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-21-3331372526-1816156090-2968472259-1001\...\Run: [AdobeBridge] => [X]
BHO: Octh Class -> {000123B4-9B42-4900-B3F7-F4B073EFC214} -> F:\Program Files\Orbitdownloader\orbitcth.dll [2013-09-11] (Orbitdownloader.com)
CHR Extension: (Yahoo Web) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\acjpdakpjonkfmggcmanlhdakfkhloii [2017-03-16]
CHR Extension: (Betternet Unlimited Free VPN Proxy) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjknjjomckknofjidppipffbpoekiipm [2017-02-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-06]
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [1050904 2013-12-12] () [File not signed]
S2 Mobizen plugin; F:\Program Files\RSUPPORT\MobizenService\MobizenService.exe [X]
S2 OracleDBConsoleorcl; F:\orcl\soft\bin\nmesrvc.exe [X]
S4 OracleJobSchedulerORCL; f:\orcl\soft\Bin\extjob.exe ORCL [X]
S2 OracleOraDb11g_home1TNSListener; F:\orcl\soft\BIN\TNSLSNR  [X]
S3 OracleVssWriterORCL; f:\orcl\soft\bin\OraVSSW.exe ORCL [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 GDMINIT; \SystemRoot\System32\drivers\gdminit.sys [X]
S2 GdmWmPrt; \SystemRoot\system32\DRIVERS\gdmwmprt.sys [X]
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
CustomCLSID: HKU\S-1-5-21-3331372526-1816156090-2968472259-1001_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3331372526-1816156090-2968472259-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.32.7\psuser.dll => No File
Task: {41FCFD0A-D3F5-4019-80D8-804F71163956} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2013-12-12] ()
Task: {51AA41B7-4704-4BB1-9C07-EB409545D35F} - System32\Tasks\{FBE319F8-36A8-434C-B6E6-06A08DC8598E} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.21.0.104&amp;LastError=2
FirewallRules: [{8A4843FF-A9D6-46E1-A02F-98991A156053}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{B9D1D843-A80C-4D9E-BF3C-B97C4CF334DA}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{F8F2A880-93C7-4A0E-8DD3-E0760ADB5190}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{A4C70CC0-A2A9-4321-8E66-BDF4C8B22BE0}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{2783C96F-6EA3-408A-9EC0-9BA5ADE3EC9D}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{18592887-4D0F-4CBA-9B4E-5A8012963094}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{DE872229-C336-4FE1-A39E-9E736B437377}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{DB827668-0FC5-409C-A334-B8F99280652C}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{4D93AB0C-C999-4C5D-A7F1-AC311B164578}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{242CBA3E-F0BF-4BC2-A830-19F61BEF0C3C}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
C:\Program Files\KMSpico
CMD: C:\Windows\system32\netcfg*.txt
cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
===

ADOBE AIR

Navigate to this page and follow the instructions and get the latest version.
https://get.adobe.com/air/
===

ADOBE FLASH PLAYER

Go to this page with Firefox or Opera to download the current version for your browser:
https://get.adobe.com/flashplayer/

Note:
Flash Player is pre-installed in Google Chrome and updates automatically!
Flash Player is pre-installed in IE/Hedge and updates automatically!

Use Firefox it's installed.
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after these updates remove these old version(s) via the Control Panel > Programs > Programs and Features.

Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Flash Player 17 NPAPI (HKLM\...\{F22C3C05-B1D9-47FF-AA17-4F9DCBFE850F}) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java SE Development Kit 7 Update 13 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0170130}) (Version: 1.7.0.130 - Oracle)
===

Please post the Fixldog.txt and let me know what problem persists.

p.s.
If the problem persists run this program.
--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
=======

#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:37 AM

Posted 01 May 2017 - 07:08 AM

Are you still with me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users