Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Filestore72.info Browser redirect - Am I clean?


  • This topic is locked This topic is locked
8 replies to this topic

#1 Bto125

Bto125

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:06 PM

Posted 19 July 2017 - 03:49 PM

Hello,

 

This topic is a follow up from this thread

https://www.bleepingcomputer.com/forums/t/651867/filestore72info-browser-hijack-concern/

 

Im now wondering if my computer is clean from infection. Would apperciate any help to determine if my computer is clean.

 

FRST Log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-07-2017
Ran by xxxxxx (administrator) on LENOVO-PC (19-07-2017 21:27:59)
Running from C:\Users\xxxxxx\Downloads
Loaded Profiles: xxxxxx (Available Profiles: xxxxxx)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Conexant Systems Inc.) C:\windows\System32\CxAudMsg64.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\windows\SysWOW64\NLSSRV32.EXE
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Conexant Systems, Inc.) C:\windows\SysWOW64\SASrv.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\windows\System32\hkcmd.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\nis.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\nis.exe
(Microsoft Corporation) C:\windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_26_0_0_137.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_26_0_0_137.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-31] (Intel Corporation)
HKLM\...\Run: [RtsFT] => C:\windows\RTFTrack.exe [6340312 2013-07-19] (Realtek semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2894664 2013-08-08] (ELAN Microelectronics Corp.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [903384 2013-07-25] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM-x32\...\Run: [Lenovo App Shop] => C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe [156000 2013-07-18] (Intel Corporation)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink Corp.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-08-19] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] (Qualcomm®Atheros®)
HKU\S-1-5-21-4156324292-2763408431-2406914074-1001\...\Run: [EPSON0A4D31 (Epson Stylus SX430)] => C:\windows\system32\spool\DRIVERS\x64\3\E_IATIHAE.EXE [232448 2011-01-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-4156324292-2763408431-2406914074-1001\...\Run: [EPSON SX430 Series (Copy 1)] => C:\windows\system32\spool\DRIVERS\x64\3\E_IATIHAE.EXE [232448 2011-01-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-4156324292-2763408431-2406914074-1001\...\Run: [EPSON SX430 Series] => C:\windows\system32\spool\DRIVERS\x64\3\E_IATIHAE.EXE [232448 2011-01-20] (SEIKO EPSON CORPORATION)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{C9D4E1C1-3E18-449B-8C74-2BEF55D2A490}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-4156324292-2763408431-2406914074-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4156324292-2763408431-2406914074-1001 -> DefaultScope {989A393A-FBCD-43F5-ADD0-065533E21F52} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll => No File
BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\coIEPlg.dll [2017-07-14] (Symantec Corporation)
BHO-x32: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine32\22.10.0.85\coIEPlg.dll [2017-07-14] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\coIEPlg.dll [2017-07-14] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine32\22.10.0.85\coIEPlg.dll [2017-07-14] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-4156324292-2763408431-2406914074-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\coIEPlg.dll [2017-07-14] (Symantec Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\swrez7xw.default [2017-07-19]
FF Homepage: Mozilla\Firefox\Profiles\swrez7xw.default -> www.google.co.uk
FF Keyword.URL: Mozilla\Firefox\Profiles\swrez7xw.default -> hxxps://uk.search.yahoo.com/search?fr=mcafee&type=B111GB0D20141003&p=
FF Extension: (Adblock Plus) - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\swrez7xw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-07]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.0.124\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.0.124\coFFAddon [2017-07-19]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.0.124\coFFAddon
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2014-10-11]
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_26_0_0_137.dll [2017-07-11] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-11] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-08-13] (DivX, LLC)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-08] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-08] (Intel Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2013-07-24] (Nitro PDF)
FF Plugin HKU\S-1-5-21-4156324292-2763408431-2406914074-1001: intel.com/AppUp -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp.dll [2013-07-18] (Intel)
FF Plugin HKU\S-1-5-21-4156324292-2763408431-2406914074-1001: intel.com/AppUpx64 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll [2013-07-18] (Intel)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\Exts\Chrome.crx [2017-07-19]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\Exts\Chrome.crx [2017-07-19]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows ® Win 7 DDK provider) [File not signed]
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [92160 2013-07-29] (ELAN Microelectronics Corp.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-31] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\NIS.exe [326144 2017-07-15] (Symantec Corporation)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-07-24] (Nitro PDF Software)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2013-11-30] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-09-07] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-16] (Qualcomm Atheros Communications, Inc.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\BASHDefs\20170717.001\BHDrvx64.sys [1862816 2017-06-28] (Symantec Corporation)
R3 BTATH_LWFLT; C:\windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
R1 ccSet_NIS; C:\windows\system32\drivers\NISx64\160A000.055\ccSetx64.sys [187520 2017-07-14] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [508032 2017-06-28] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [158336 2017-06-28] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\IPSDefs\20170718.001\IDSvia64.sys [1056920 2017-07-18] (Symantec Corporation)
R3 MEIx64; C:\windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-08] (Intel Corporation)
S3 NETwNe64; C:\windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
R3 rtsuvc; C:\windows\system32\DRIVERS\rtsuvc.sys [8247640 2013-07-19] (Realtek Semiconductor Corp.)
R1 SRTSP; C:\windows\System32\Drivers\NISx64\160A000.055\SRTSP64.SYS [810136 2017-07-14] (Symantec Corporation)
R1 SRTSPX; C:\windows\system32\drivers\NISx64\160A000.055\SRTSPX64.SYS [49304 2017-07-14] (Symantec Corporation)
R0 SymEFASI; C:\windows\System32\drivers\NISx64\160A000.055\SYMEFASI64.SYS [1868416 2017-07-14] (Symantec Corporation)
S0 SymELAM; C:\windows\System32\drivers\NISx64\160A000.055\SymELAM.sys [24608 2017-05-11] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [102568 2017-07-19] (Symantec Corporation)
R1 SymIRON; C:\windows\system32\drivers\NISx64\160A000.055\Ironx64.SYS [301288 2017-07-14] (Symantec Corporation)
R1 SymNetS; C:\windows\System32\Drivers\NISx64\160A000.055\SYMNETS.SYS [566912 2017-07-14] (Symantec Corporation)
S3 WdBoot; C:\windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
S3 wsvd; C:\windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-19 21:27 - 2017-07-19 21:27 - 00000000 ____D C:\windows\System32\Tasks\Remediation
2017-07-19 20:54 - 2017-07-19 20:54 - 02382336 _____ (Farbar) C:\Users\Thomas\Downloads\frst64.exe
2017-07-19 19:34 - 2017-07-19 19:34 - 00003236 _____ C:\windows\System32\Tasks\Norton WSC Integration
2017-07-19 19:34 - 2017-07-19 19:34 - 00002449 _____ C:\Users\Public\Desktop\Norton Internet Security.lnk
2017-07-19 19:34 - 2017-07-19 19:34 - 00000000 ____D C:\windows\System32\Tasks\Norton Internet Security
2017-07-19 00:09 - 2017-07-19 00:09 - 00006358 _____ C:\Users\Thomas\Documents\esetscan.txt
2017-07-18 21:08 - 2017-07-18 21:08 - 00000000 ____D C:\Users\Thomas\AppData\Local\ESET
2017-07-18 21:07 - 2017-07-18 21:07 - 06754944 _____ (ESET spol. s r.o.) C:\Users\Thomas\Downloads\esetonlinescanner_enu.exe
2017-07-18 21:04 - 2017-07-18 21:04 - 00000544 _____ C:\Users\Thomas\Documents\JRT1.txt
2017-07-18 20:58 - 2017-07-18 20:58 - 01790024 _____ (Malwarebytes) C:\Users\Thomas\Downloads\JRT.exe
2017-07-18 20:35 - 2017-07-18 20:42 - 00026925 _____ C:\Users\Thomas\Downloads\MTB.txt
2017-07-18 20:12 - 2017-07-18 20:12 - 00892416 _____ (Farbar) C:\Users\Thomas\Downloads\minitoolbox.exe
2017-07-18 14:10 - 2017-07-18 14:11 - 65033984 _____ (Malwarebytes ) C:\Users\Thomas\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe
2017-07-18 13:18 - 2017-07-18 13:18 - 00028272 _____ C:\windows\system32\Drivers\TrueSight.sys
2017-07-18 13:17 - 2017-07-18 14:08 - 00000000 ____D C:\ProgramData\RogueKiller
2017-07-18 13:12 - 2017-07-18 13:12 - 35679504 _____ (Adlice Software ) C:\Users\Thomas\Downloads\RogueKiller_setup_ref3.exe
2017-07-17 23:03 - 2017-07-17 23:03 - 08162248 _____ (Malwarebytes) C:\Users\Thomas\Downloads\adwcleaner_7.0.0.0.exe
2017-07-17 22:22 - 2017-07-17 22:22 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Thomas\Downloads\mbar-1.09.3.1001.exe
2017-07-17 19:19 - 2017-07-17 19:19 - 51725936 _____ (Safer-Networking Ltd. ) C:\Users\Thomas\Downloads\spybotsd-2.6.46.exe
2017-07-17 19:10 - 2017-07-17 19:10 - 00000000 ____D C:\Program Files\HitmanPro
2017-07-17 19:09 - 2017-07-17 19:09 - 11584088 _____ (SurfRight B.V.) C:\Users\Thomas\Downloads\hitmanpro_x64.exe
2017-07-17 18:16 - 2017-07-17 18:16 - 30346648 _____ (SUPERAntiSpyware) C:\Users\Thomas\Downloads\SUPERAntiSpyware.exe
2017-07-13 22:01 - 2017-06-30 01:27 - 00835576 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2017-07-13 22:01 - 2017-06-30 01:27 - 00177656 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-07-12 11:33 - 2017-07-06 09:52 - 00119296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\bthpan.sys
2017-07-12 11:33 - 2017-06-29 07:27 - 25734656 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2017-07-12 11:33 - 2017-06-29 07:02 - 00576512 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2017-07-12 11:33 - 2017-06-29 06:50 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2017-07-12 11:33 - 2017-06-29 06:44 - 05975552 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2017-07-12 11:33 - 2017-06-29 06:23 - 20270592 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2017-07-12 11:33 - 2017-06-29 06:23 - 00499200 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2017-07-12 11:33 - 2017-06-29 06:17 - 01033216 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2017-07-12 11:33 - 2017-06-29 06:13 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2017-07-12 11:33 - 2017-06-29 06:09 - 00806912 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2017-07-12 11:33 - 2017-06-29 05:58 - 15253504 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2017-07-12 11:33 - 2017-06-29 05:53 - 03240960 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2017-07-12 11:33 - 2017-06-29 05:52 - 04549632 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2017-07-12 11:33 - 2017-06-29 05:51 - 00880640 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2017-07-12 11:33 - 2017-06-29 05:47 - 00693248 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2017-07-12 11:33 - 2017-06-29 05:43 - 13663744 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2017-07-12 11:33 - 2017-06-29 05:41 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2017-07-12 11:33 - 2017-06-29 05:29 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2017-07-12 11:33 - 2017-06-29 05:28 - 02767872 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2017-07-12 11:33 - 2017-06-29 05:24 - 01314816 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2017-07-12 11:33 - 2017-06-29 05:23 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2017-07-12 11:33 - 2017-06-27 15:29 - 07796736 _____ (Microsoft Corporation) C:\windows\system32\Windows.Data.Pdf.dll
2017-07-12 11:33 - 2017-06-27 15:29 - 07077376 _____ (Microsoft Corporation) C:\windows\system32\glcndFilter.dll
2017-07-12 11:33 - 2017-06-27 15:26 - 05274112 _____ (Microsoft Corporation) C:\windows\SysWOW64\glcndFilter.dll
2017-07-12 11:33 - 2017-06-27 15:26 - 05268992 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Data.Pdf.dll
2017-07-12 11:33 - 2017-06-22 15:22 - 04169216 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2017-07-12 11:33 - 2017-06-17 17:45 - 03631616 _____ (Microsoft Corporation) C:\windows\system32\tquery.dll
2017-07-12 11:33 - 2017-06-17 17:34 - 02749952 _____ (Microsoft Corporation) C:\windows\SysWOW64\tquery.dll
2017-07-12 11:33 - 2017-06-17 17:11 - 02551808 _____ (Microsoft Corporation) C:\windows\system32\mssrch.dll
2017-07-12 11:33 - 2017-06-17 17:05 - 01920000 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssrch.dll
2017-07-12 11:33 - 2017-06-15 23:02 - 00990040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\http.sys
2017-07-12 11:33 - 2017-06-15 14:45 - 07440728 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2017-07-12 11:33 - 2017-06-15 14:45 - 01674520 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2017-07-12 11:33 - 2017-06-15 14:45 - 01534064 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2017-07-12 11:33 - 2017-06-15 14:45 - 01499920 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2017-07-12 11:33 - 2017-06-15 14:45 - 01370320 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2017-07-12 11:33 - 2017-06-15 14:45 - 00086360 _____ (Microsoft Corporation) C:\windows\system32\Drivers\pdc.sys
2017-07-12 11:33 - 2017-06-12 01:06 - 00376672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\clfs.sys
2017-07-12 11:33 - 2017-06-11 23:21 - 00590848 _____ (Microsoft Corporation) C:\windows\system32\wvc.dll
2017-07-12 11:33 - 2017-06-11 22:43 - 00371200 _____ (Microsoft Corporation) C:\windows\system32\msinfo32.exe
2017-07-12 11:33 - 2017-06-11 22:25 - 00478720 _____ (Microsoft Corporation) C:\windows\SysWOW64\wvc.dll
2017-07-12 11:33 - 2017-06-11 22:15 - 01436672 _____ (Microsoft Corporation) C:\windows\system32\wdc.dll
2017-07-12 11:33 - 2017-06-11 22:08 - 00358912 _____ (Microsoft Corporation) C:\windows\system32\Wldap32.dll
2017-07-12 11:33 - 2017-06-11 22:07 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\sysmon.ocx
2017-07-12 11:33 - 2017-06-11 22:00 - 00962560 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2017-07-12 11:33 - 2017-06-11 21:58 - 00334336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msinfo32.exe
2017-07-12 11:33 - 2017-06-11 21:40 - 01323008 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdc.dll
2017-07-12 11:33 - 2017-06-11 21:35 - 00325120 _____ (Microsoft Corporation) C:\windows\SysWOW64\Wldap32.dll
2017-07-12 11:33 - 2017-06-11 21:31 - 00781312 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2017-07-12 11:33 - 2017-06-11 16:15 - 02013528 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2017-07-12 11:33 - 2017-06-06 21:52 - 03120640 _____ (Microsoft Corporation) C:\windows\system32\ExplorerFrame.dll
2017-07-12 11:33 - 2017-06-06 21:42 - 00925696 _____ (Microsoft Corporation) C:\windows\system32\autoconv.exe
2017-07-12 11:33 - 2017-06-06 21:38 - 00039424 _____ (Microsoft Corporation) C:\windows\system32\cnvfat.dll
2017-07-12 11:33 - 2017-06-06 21:36 - 00168448 _____ (Microsoft Corporation) C:\windows\system32\uudf.dll
2017-07-12 11:33 - 2017-06-06 21:36 - 00020992 _____ (Microsoft Corporation) C:\windows\system32\convert.exe
2017-07-12 11:33 - 2017-06-06 21:35 - 00517120 _____ (Microsoft Corporation) C:\windows\system32\uReFS.dll
2017-07-12 11:33 - 2017-06-06 20:13 - 00177664 _____ (Microsoft Corporation) C:\windows\system32\ulib.dll
2017-07-12 11:33 - 2017-06-06 20:11 - 00557568 _____ (Microsoft Corporation) C:\windows\system32\untfs.dll
2017-07-12 11:33 - 2017-06-06 20:11 - 00220672 _____ (Microsoft Corporation) C:\windows\system32\ifsutil.dll
2017-07-12 11:33 - 2017-06-06 20:11 - 00131072 _____ (Microsoft Corporation) C:\windows\system32\ufat.dll
2017-07-12 11:33 - 2017-06-06 20:11 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\uexfat.dll
2017-07-12 11:33 - 2017-06-06 20:08 - 02712576 _____ (Microsoft Corporation) C:\windows\SysWOW64\ExplorerFrame.dll
2017-07-12 11:33 - 2017-06-06 20:03 - 00837632 _____ (Microsoft Corporation) C:\windows\SysWOW64\autoconv.exe
2017-07-12 11:33 - 2017-06-06 19:59 - 00034816 _____ (Microsoft Corporation) C:\windows\SysWOW64\cnvfat.dll
2017-07-12 11:33 - 2017-06-06 19:57 - 00141824 _____ (Microsoft Corporation) C:\windows\SysWOW64\uudf.dll
2017-07-12 11:33 - 2017-06-06 19:56 - 00375296 _____ (Microsoft Corporation) C:\windows\SysWOW64\uReFS.dll
2017-07-12 11:33 - 2017-06-06 19:03 - 00143360 _____ (Microsoft Corporation) C:\windows\SysWOW64\ulib.dll
2017-07-12 11:33 - 2017-06-06 19:02 - 00513536 _____ (Microsoft Corporation) C:\windows\SysWOW64\untfs.dll
2017-07-12 11:33 - 2017-06-06 19:02 - 00197120 _____ (Microsoft Corporation) C:\windows\SysWOW64\ifsutil.dll
2017-07-12 11:33 - 2017-06-06 19:02 - 00106496 _____ (Microsoft Corporation) C:\windows\SysWOW64\ufat.dll
2017-07-12 11:33 - 2017-06-06 19:02 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\uexfat.dll
2017-07-12 11:33 - 2017-06-03 17:27 - 02346496 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2017-07-12 11:33 - 2017-06-03 17:03 - 01549312 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2017-07-12 11:33 - 2017-05-31 22:20 - 00470360 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
2017-07-12 11:33 - 2017-05-15 23:09 - 00057688 _____ (Microsoft Corporation) C:\windows\system32\Drivers\stornvme.sys
2017-07-12 11:33 - 2017-05-15 21:03 - 00379744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
2017-07-12 11:33 - 2017-05-09 15:37 - 00658432 _____ (Microsoft Corporation) C:\windows\system32\WSDApi.dll
2017-07-12 11:33 - 2017-05-09 15:35 - 00555520 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSDApi.dll
2017-07-12 11:33 - 2017-05-09 15:29 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\wsdchngr.dll
2017-07-12 11:33 - 2017-05-09 15:29 - 00014848 _____ (Microsoft Corporation) C:\windows\system32\snmptrap.exe
2017-07-12 11:33 - 2017-05-09 15:28 - 00193024 _____ (Microsoft Corporation) C:\windows\system32\DAFWSD.dll
2017-07-12 11:33 - 2017-05-09 15:28 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\wsdchngr.dll
2017-07-12 11:33 - 2017-05-09 15:12 - 00448576 _____ C:\windows\system32\ApnDatabase.xml
2017-07-12 11:33 - 2017-05-06 17:45 - 01114624 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2017-07-12 11:33 - 2017-05-06 17:41 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\rdsdwmdr.dll
2017-07-12 11:33 - 2017-05-02 21:09 - 00686592 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2017-07-12 11:33 - 2017-05-02 21:08 - 00415744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv.sys
2017-07-12 11:33 - 2017-05-02 21:08 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2017-07-12 11:33 - 2017-05-02 19:41 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\sscore.dll
2017-07-12 11:33 - 2017-05-02 19:31 - 00329216 _____ (Microsoft Corporation) C:\windows\system32\srvsvc.dll
2017-07-12 11:33 - 2017-05-02 19:31 - 00207360 _____ (Microsoft Corporation) C:\windows\system32\smbwmiv2.dll
2017-07-12 11:33 - 2017-05-02 18:35 - 00031744 _____ (Microsoft Corporation) C:\windows\SysWOW64\sscore.dll
2017-07-12 11:33 - 2017-04-30 17:48 - 00080078 _____ C:\windows\system32\normidna.nls
2017-07-12 11:33 - 2017-04-28 02:13 - 01292288 _____ (Microsoft Corporation) C:\windows\system32\certutil.exe
2017-07-12 11:33 - 2017-04-28 02:11 - 01060352 _____ (Microsoft Corporation) C:\windows\SysWOW64\certutil.exe
2017-07-12 11:25 - 2017-05-04 00:11 - 00103600 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2017-07-12 11:25 - 2017-05-03 14:43 - 01555968 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2017-07-12 11:25 - 2017-05-03 14:43 - 01206272 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2017-07-12 11:25 - 2017-05-03 14:43 - 00620544 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2017-07-12 11:25 - 2017-05-03 14:43 - 00535552 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2017-07-12 11:25 - 2017-05-03 14:43 - 00325632 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2017-07-12 11:25 - 2017-05-03 14:43 - 00311296 _____ (Microsoft Corporation) C:\windows\system32\centel.dll
2017-07-12 11:25 - 2017-05-03 14:43 - 00217088 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2017-07-12 11:25 - 2017-05-03 14:43 - 00127488 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-19 21:28 - 2017-04-02 21:48 - 00015652 _____ C:\Users\Thomas\Downloads\FRST.txt
2017-07-19 21:27 - 2017-04-02 21:46 - 00000000 ____D C:\FRST
2017-07-19 21:27 - 2015-06-10 12:34 - 00000000 ____D C:\Program Files\Common Files\AV
2017-07-19 21:24 - 2016-11-16 12:25 - 00000000 ____D C:\Users\Thomas\AppData\LocalLow\Mozilla
2017-07-19 21:23 - 2014-11-22 12:52 - 00000544 _____ C:\Users\Thomas\Desktop\JRT.txt
2017-07-19 21:20 - 2014-05-16 21:06 - 00000000 ____D C:\AdwCleaner
2017-07-19 20:25 - 2014-03-19 13:43 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4156324292-2763408431-2406914074-1001
2017-07-19 20:20 - 2014-05-16 21:18 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-07-19 19:34 - 2015-07-01 16:22 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2017-07-19 19:34 - 2014-05-06 18:47 - 00000000 ____D C:\windows\system32\Drivers\NISx64
2017-07-19 19:32 - 2014-05-06 18:47 - 00102568 _____ (Symantec Corporation) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
2017-07-19 19:32 - 2014-05-06 18:47 - 00008309 _____ C:\windows\system32\Drivers\SYMEVENT64x86.CAT
2017-07-19 18:19 - 2014-03-19 13:45 - 00003790 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{3A23A64C-2B2C-458D-AB6C-22C87ED72590}
2017-07-19 16:56 - 2013-10-07 19:27 - 01160048 _____ C:\windows\system32\PerfStringBackup.INI
2017-07-19 16:56 - 2013-08-22 14:36 - 00000000 ____D C:\windows\Inf
2017-07-19 15:35 - 2016-11-15 19:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-07-19 13:01 - 2015-10-21 21:12 - 00000568 _____ C:\windows\Tasks\MATLAB R2015b Startup Accelerator.job
2017-07-19 12:39 - 2013-08-22 16:36 - 00000000 ____D C:\windows\AppReadiness
2017-07-19 11:52 - 2014-03-19 13:44 - 00000000 __RDO C:\Users\Thomas\SkyDrive
2017-07-18 20:51 - 2013-08-22 15:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2017-07-18 20:51 - 2013-08-22 14:25 - 00262144 ___SH C:\windows\system32\config\ELAM
2017-07-18 20:50 - 2013-11-30 00:25 - 00070144 _____ C:\windows\system32\VfService.trf
2017-07-18 20:50 - 2013-08-22 14:25 - 00262144 ___SH C:\windows\system32\config\BBI
2017-07-18 15:08 - 2013-08-22 16:36 - 00000000 ____D C:\windows\system32\NDF
2017-07-17 22:52 - 2016-09-24 12:30 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-07-17 22:52 - 2016-09-24 12:29 - 00000000 ____D C:\Users\Thomas\Desktop\mbar
2017-07-17 22:41 - 2014-09-30 17:30 - 00000000 ___RD C:\Users\Thomas\Documents\Scanned Documents
2017-07-17 20:35 - 2014-10-17 22:37 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-07-17 19:20 - 2014-10-17 22:37 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-07-14 12:59 - 2013-08-22 15:44 - 00498744 _____ C:\windows\system32\FNTCACHE.DAT
2017-07-13 23:59 - 2014-12-12 02:08 - 00000000 ____D C:\windows\system32\appraiser
2017-07-13 22:08 - 2014-03-22 22:01 - 00000000 ____D C:\windows\system32\MRT
2017-07-13 22:05 - 2014-03-22 22:01 - 135225752 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2017-07-13 22:05 - 2013-08-22 16:20 - 00000000 ____D C:\windows\CbsTemp
2017-07-12 00:03 - 2014-03-19 13:35 - 00000000 ____D C:\Users\Thomas
2017-07-11 20:35 - 2014-03-20 17:07 - 00004152 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2017-07-11 20:34 - 2013-08-22 16:36 - 00000000 ____D C:\windows\SysWOW64\Macromed
2017-07-11 20:34 - 2013-08-22 16:36 - 00000000 ____D C:\windows\system32\Macromed
2017-07-03 12:52 - 2014-03-20 17:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

==================== Files in the root of some directories =======

2013-11-30 00:03 - 2013-11-30 00:03 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
2017-07-18 13:17 - 2017-05-14 19:06 - 1737600 _____ (Microsoft Corporation) C:\Users\Thomas\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-03-08 00:53

==================== End of FRST.txt ============================

 

Addition.txt log

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-07-2017
Ran by xxxxx (19-07-2017 21:30:11)
Running from C:\Users\xxxxxx\Downloads
Windows 8.1 (Update) (X64) (2014-03-19 12:36:24)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4156324292-2763408431-2406914074-500 - Administrator - Disabled)
Guest (S-1-5-21-4156324292-2763408431-2406914074-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4156324292-2763408431-2406914074-1003 - Limited - Enabled)
Thomas (S-1-5-21-4156324292-2763408431-2406914074-1001 - Administrator - Enabled) => C:\Users\Thomas

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Enabled - Up to date) {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {8B15A0D7-38AE-74BB-CE13-B9D7D5768117}
FW: Norton Internet Security (Enabled) {084FC016-54FB-7A6D-DFFC-2B9050228CD1}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 26.0.0.118 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.3.53 - Conexant)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM\...\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.88 - DivX, LLC)
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
EPSON SX430 Series Printer Uninstall (HKLM\...\EPSON SX430 Series) (Version:  - SEIKO EPSON Corporation)
EPSON XP-202 203 206 Series Printer Uninstall (HKLM\...\EPSON XP-202 203 206 Series) (Version:  - SEIKO EPSON Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3304 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Lenovo App Shop (HKLM-x32\...\Lenovo App Shop 45246) (Version: 3.10.0.45246.24 - Lenovo)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10240 - Realtek Semiconductor Corp.)
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.25.1 - ELAN Microelectronic Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.)
Lenovo Solution Center (HKLM\...\{4041B18B-DE30-4D78-9D60-6ADC586C5E00}) (Version: 2.1.003.00 - Lenovo Group Limited)
Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)
MATLAB R2015b (HKLM\...\Matlab R2015b) (Version: 8.6 - MathWorks)
Microsoft SkyDrive (HKU\S-1-5-21-4156324292-2763408431-2406914074-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Mozilla Firefox 54.0.1 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-GB)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.1.6388 - Mozilla)
Nitro Pro 8 (HKLM\...\{6E7DFD3E-2E89-4F35-B4F2-D3301A4AD190}) (Version: 8.5.6.5 - Nitro)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 22.10.0.85 - Symantec Corporation)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.10525 - CyberLink Corp.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Qualcomm Atheros Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39048 - Realtek Semiconductor Corp.)
SoftwareWatcher bundle (HKLM-x32\...\SoftwareWatcher bundle) (Version: 2.0.0.3 - SoftwareWatcher)
UserGuide (HKLM-x32\...\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.17 - Lenovo) Hidden
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.17 - Lenovo)
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) Hidden
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4156324292-2763408431-2406914074-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-4156324292-2763408431-2406914074-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-4156324292-2763408431-2406914074-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Thomas\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4156324292-2763408431-2406914074-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Thomas\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4156324292-2763408431-2406914074-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Thomas\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4156324292-2763408431-2406914074-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Thomas\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {014F27E2-6D75-4E42-A0E9-2A2C68498AFA} =>  -> No File
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine32\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine32\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine32\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [KAVOverlayIcon] -> {014F27E2-6D75-4E42-A0E9-2A2C68498AFA} =>  -> No File
ContextMenuHandlers01: [Atheros] -> {B8952421-0E55-400B-94A6-FA858FC0A39F} => C:\Program Files (x86)\Bluetooth Suite\BtvAppExt.dll [2013-09-07] (Qualcomm®Atheros®)
ContextMenuHandlers01: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ContextMenuHandlers01: [NP8ShellExtension] -> {9C4B85B8-956C-49BF-9BA5-101384E562B2} => C:\Program Files\Common Files\Nitro\Pro\8.0\NPShellExtension64.dll [2013-07-24] (Nitro PDF)
ContextMenuHandlers01: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\NavShExt.dll [2017-07-14] (Symantec Corporation)
ContextMenuHandlers01: [UnLockerMenu] -> {A6FF0E3A-8437-482C-8E04-4F9E15C57538} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll -> No File
ContextMenuHandlers01: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-08-27] (Alexander Roshal)
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers02: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\NavShExt.dll [2017-07-14] (Symantec Corporation)
ContextMenuHandlers03: [FTShellContext] -> {AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} => C:\Program Files (x86)\Bluetooth Suite\ShellContextExt.dll [2013-09-07] (Qualcomm®Atheros®)
ContextMenuHandlers04: [UnLockerMenu] -> {A6FF0E3A-8437-482C-8E04-4F9E15C57538} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll -> No File
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll [2013-09-12] (Intel Corporation)
ContextMenuHandlers06: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ContextMenuHandlers06: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\NavShExt.dll [2017-07-14] (Symantec Corporation)
ContextMenuHandlers06: [UnLockerMenu] -> {A6FF0E3A-8437-482C-8E04-4F9E15C57538} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll -> No File
ContextMenuHandlers06: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-08-27] (Alexander Roshal)
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {078F0B20-1F3E-489E-8A17-0D50DDB95355} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2013-05-18] (Lenovo)
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {13C3D3B4-3B18-4120-8E92-991255889464} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-05-18] ()
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {21D84CE2-AF4C-4A59-8FE9-CD34C6B1A6EB} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {30DE5380-B1D8-45BD-BDA7-5C79D877A8A5} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-09] (CyberLink Corp.)
Task: {33EE7F67-2C09-454B-8906-4743CDC57AB4} - System32\Tasks\Lenovo\LSC\Time72Task => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2013-05-18] (Lenovo)
Task: {392091EA-D7F3-416A-A32E-BEBE4DA5A0BE} - System32\Tasks\Lenovo\LSC\RebootCountTask => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2013-05-18] (Lenovo)
Task: {440964D1-1696-40FB-A3C9-4F821F601E14} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {48D6E107-3341-4554-938F-1AC156FD0AC2} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {564A8AA6-C7E9-40DC-9BA7-A872CFE529F7} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\WSCStub.exe [2017-07-14] (Symantec Corporation)
Task: {5656D294-BB68-43BE-B2E2-9313DDCFED6E} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4156324292-2763408431-2406914074-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {568D5EE5-9897-46B3-9A19-9E01EFE395A6} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-05-18] (Lenovo)
Task: {5ABF53E1-DCB3-4D87-AC6A-ABF865170D20} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {6A6CB36B-487B-491F-B449-11830B3FDFE5} - System32\Tasks\Norton Internet Security\Norton Internet Security Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\SymErr.exe [2017-07-14] (Symantec Corporation)
Task: {6CBEB110-3ED7-4936-A6B2-E7B89AEE2A84} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4156324292-2763408431-2406914074-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {735E18C5-227F-4BEC-894F-DA81CEF9ED06} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {74C4E327-7E78-4A2A-8634-8E64EB96FFE4} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2017-07-14] (Symantec Corporation)
Task: {92227432-7E6A-4B44-B33E-399C4114EE85} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {9269AC84-393B-47EC-8862-F5D7C3D47373} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {957E34DC-B73B-40E9-BF81-ED2E3C3E2F14} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {962EAE8A-FF9E-4621-98C1-852EA4307728} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2017-07-13] (Microsoft Corporation)
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {BAD7AFEC-1CF0-42A3-AF40-B00891F7CE61} - System32\Tasks\MATLAB R2015b Startup Accelerator => C:\Program Files\MATLAB\R2015b\bin\win64\MATLABStartupAccelerator.exe [2015-07-30] ()
Task: {CD6ECABB-B6D3-4791-B85D-FE268E2429C1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
Task: {DC41B3EA-F55B-4EC2-B701-0F4F373A3730} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
Task: {E6B1DA52-04D9-444B-BC46-1A92EE417601} - System32\Tasks\Norton Internet Security\Norton Internet Security Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\SymErr.exe [2017-07-14] (Symantec Corporation)
Task: {E70A2FE2-B2A9-4F07-B732-5C8B7934EE67} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-11] (Adobe Systems Incorporated)
Task: {E84D56BF-0A6D-4FC9-9ABB-F8F081FA83C6} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {EC2D2852-3EBA-4DCB-9C90-DA8689DCA357} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {F3EE7D6C-6B49-465A-A14A-2B8E02E4EF3D} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {FAFF46E3-5CD2-4D12-85E6-68F9CA754375} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\MATLAB R2015b Startup Accelerator.job => C:\Program Files\MATLAB\R2015b\bin\win64\MATLABStartupAccelerator.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2013-11-30 00:22 - 2012-04-24 11:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2013-11-30 00:25 - 2013-11-30 00:25 - 00068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
2013-11-30 00:25 - 2013-11-30 00:25 - 00669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\windows:nlsPreferences [386]
AlternateDataStreams: C:\ProgramData\Temp:40640B7D [116]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7866 more sites.

IE restricted site: HKU\S-1-5-21-4156324292-2763408431-2406914074-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-4156324292-2763408431-2406914074-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4156324292-2763408431-2406914074-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-4156324292-2763408431-2406914074-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-4156324292-2763408431-2406914074-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-4156324292-2763408431-2406914074-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-4156324292-2763408431-2406914074-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-4156324292-2763408431-2406914074-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-4156324292-2763408431-2406914074-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-4156324292-2763408431-2406914074-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-4156324292-2763408431-2406914074-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-4156324292-2763408431-2406914074-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-4156324292-2763408431-2406914074-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-4156324292-2763408431-2406914074-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-4156324292-2763408431-2406914074-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-4156324292-2763408431-2406914074-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-4156324292-2763408431-2406914074-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-4156324292-2763408431-2406914074-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-4156324292-2763408431-2406914074-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4156324292-2763408431-2406914074-1001\...\1-se.com -> 1-se.com

There are 11403 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2015-03-11 00:30 - 00450771 ____R C:\windows\system32\Drivers\etc\hosts

127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com
127.0.0.1    www.123moviedownload.com

There are 15465 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4156324292-2763408431-2406914074-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A1E1A9DF-6F77-403F-AD56-4291EA49D8D9}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{F8D1A9CF-DF3E-4877-B637-01E3DA20AA1A}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{7275C8D0-EC1D-4E2F-9B69-84A059210D1E}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{AA0FFED0-9F71-40A2-A5A2-1D46E5EA5457}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{15455B2A-2256-4B40-9EC2-C4401DB42499}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{3C971B48-C8FA-42CC-A39A-865F1AE9C1AC}] => (Allow) C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe
FirewallRules: [{6F15BD5E-BFD9-461A-BDD5-F9FD92412D2E}] => (Allow) C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismloader.exe
FirewallRules: [{7A55CCC4-4FD7-4070-AD2B-DD025C5B1E07}] => (Allow) C:\Users\Thomas\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{89492AFC-F6FD-4000-804B-A51977D7E382}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{39711F6C-5A3B-4860-B0C5-2243B6373805}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6D75CB23-514A-4168-A0B0-97DF57725244}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{ADAA3CEA-027F-4B74-BD6C-2537A081F68D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{97BC5BD7-FD48-454C-A8F1-F67366D5FB60}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{779C3317-1811-4922-AC7E-BE8358AFDD4D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{23975019-F569-4216-918D-74368834ADFD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

13-05-2017 12:54:29 Windows Update
24-05-2017 14:21:00 Windows Update
14-06-2017 13:30:48 Windows Update
13-07-2017 22:00:28 Windows Update
17-07-2017 19:05:18 JRT Pre-Junkware Removal
17-07-2017 22:55:56 JRT Pre-Junkware Removal
18-07-2017 21:01:58 JRT Pre-Junkware Removal
19-07-2017 21:21:05 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/19/2017 08:38:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1be4

Start Time: 01d300c5e9a09240

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: dd8da2ec-6cb9-11e7-874d-40f02f40ae94

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (07/19/2017 12:12:36 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80070005).

Error: (07/18/2017 02:07:01 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (07/18/2017 02:07:01 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (07/18/2017 02:06:48 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (07/18/2017 02:06:48 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (07/17/2017 10:18:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: ba4

Start Time: 01d2ff41331cf25c

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 83816a18-6b35-11e7-874b-40f02f40ae94

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (07/17/2017 07:23:25 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Spybot - Search & Destroy 2\NotificationSpreader.dll".Error in manifest or policy file "C:\Program Files (x86)\Spybot - Search & Destroy 2\NotificationSpreader.dll" on line 2.
The manifest file root element must be assembly.

Error: (07/17/2017 07:23:25 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "C:\windows\System32\sdnclean64.exe".Error in manifest or policy file "C:\windows\System32\sdnclean64.exe" on line 2.
The manifest file root element must be assembly.

Error: (07/17/2017 07:23:25 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWinLogon.dll".Error in manifest or policy file "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWinLogon.dll" on line 2.
The manifest file root element must be assembly.


System errors:
=============
Error: (07/19/2017 12:02:26 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070003: 6918E89D.TheChessLv.100.

Error: (07/18/2017 09:21:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (07/18/2017 09:21:35 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Thomas\AppData\Local\Temp\ehdrv.sys

Error: (07/18/2017 09:21:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (07/18/2017 09:21:34 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Thomas\AppData\Local\Temp\ehdrv.sys

Error: (07/18/2017 09:21:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (07/18/2017 09:21:34 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Thomas\AppData\Local\Temp\ehdrv.sys

Error: (07/18/2017 08:50:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Conexant SmartAudio service service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/18/2017 08:50:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (07/18/2017 08:50:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).


CodeIntegrity:
===================================
  Date: 2015-10-13 20:16:44.248
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-10-13 20:13:04.686
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-13 18:36:29.013
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i7-4700MQ CPU @ 2.40GHz
Percentage of memory in use: 35%
Total physical RAM: 8104.27 MB
Available physical RAM: 5239.46 MB
Total Virtual: 16296.27 MB
Available Virtual: 13371.02 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:892.38 GB) (Free:838.03 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:21.62 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 361443B4)

Partition: GPT.

==================== End of Addition.txt ============================

 

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,528 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:06 AM

Posted 20 July 2017 - 07:10 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

GroupPolicy: Restriction <==== ATTENTION
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll => No File
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
FF Keyword.URL: Mozilla\Firefox\Profiles\swrez7xw.default -> hxxps://uk.search.yahoo.com/search?fr=mcafee&type=B111GB0D20141003&p=
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {014F27E2-6D75-4E42-A0E9-2A2C68498AFA} =>  -> No File
ShellIconOverlayIdentifiers-x32: [KAVOverlayIcon] -> {014F27E2-6D75-4E42-A0E9-2A2C68498AFA} =>  -> No File
ContextMenuHandlers01: [UnLockerMenu] -> {A6FF0E3A-8437-482C-8E04-4F9E15C57538} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll -> No File
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers04: [UnLockerMenu] -> {A6FF0E3A-8437-482C-8E04-4F9E15C57538} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll -> No File
ContextMenuHandlers06: [UnLockerMenu] -> {A6FF0E3A-8437-482C-8E04-4F9E15C57538} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll -> No File
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {48D6E107-3341-4554-938F-1AC156FD0AC2} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {5ABF53E1-DCB3-4D87-AC6A-ABF865170D20} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {735E18C5-227F-4BEC-894F-DA81CEF9ED06} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {92227432-7E6A-4B44-B33E-399C4114EE85} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {957E34DC-B73B-40E9-BF81-ED2E3C3E2F14} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {CD6ECABB-B6D3-4791-B85D-FE268E2429C1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
Task: {E84D56BF-0A6D-4FC9-9ABB-F8F081FA83C6} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {EC2D2852-3EBA-4DCB-9C90-DA8689DCA357} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {FAFF46E3-5CD2-4D12-85E6-68F9CA754375} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
AlternateDataStreams: C:\windows:nlsPreferences [386]
AlternateDataStreams: C:\ProgramData\Temp:40640B7D [116]


End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F

Clean the Firefox Cache.
https://kb.iu.edu/d/ahic#firefox
<<<>>>

Please let me know what problem persists with this computer.

p.s.
If not already done run the AdwCleaner tool and delete all of the items that are reported.

#3 Bto125

Bto125
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:06 PM

Posted 20 July 2017 - 08:55 AM

Hi nasdaq,

 

Thank you for your assistance.

 

Fixlog.txt log

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 18-07-2017
Ran by xxxxxx (20-07-2017 14:00:01) Run:2
Running from C:\Users\xxxxxx\Downloads
Loaded Profiles: xxxxx (Available Profiles: xxxxxx)
Boot Mode: Normal
==============================================

fixlist content:
*****************

Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

GroupPolicy: Restriction <==== ATTENTION
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll => No File
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
FF Keyword.URL: Mozilla\Firefox\Profiles\swrez7xw.default -> hxxps://uk.search.yahoo.com/search?fr=mcafee&type=B111GB0D20141003&p=
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {014F27E2-6D75-4E42-A0E9-2A2C68498AFA} =>  -> No File
ShellIconOverlayIdentifiers-x32: [KAVOverlayIcon] -> {014F27E2-6D75-4E42-A0E9-2A2C68498AFA} =>  -> No File
ContextMenuHandlers01: [UnLockerMenu] -> {A6FF0E3A-8437-482C-8E04-4F9E15C57538} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll -> No File
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers04: [UnLockerMenu] -> {A6FF0E3A-8437-482C-8E04-4F9E15C57538} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll -> No File
ContextMenuHandlers06: [UnLockerMenu] -> {A6FF0E3A-8437-482C-8E04-4F9E15C57538} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll -> No File
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {48D6E107-3341-4554-938F-1AC156FD0AC2} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {5ABF53E1-DCB3-4D87-AC6A-ABF865170D20} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {735E18C5-227F-4BEC-894F-DA81CEF9ED06} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {92227432-7E6A-4B44-B33E-399C4114EE85} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {957E34DC-B73B-40E9-BF81-ED2E3C3E2F14} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {CD6ECABB-B6D3-4791-B85D-FE268E2429C1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
Task: {E84D56BF-0A6D-4FC9-9ABB-F8F081FA83C6} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {EC2D2852-3EBA-4DCB-9C90-DA8689DCA357} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {FAFF46E3-5CD2-4D12-85E6-68F9CA754375} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
AlternateDataStreams: C:\windows:nlsPreferences [386]
AlternateDataStreams: C:\ProgramData\Temp:40640B7D [116]


End
*****************

Restore point was successfully created.
Processes closed successfully.
C:\windows\system32\GroupPolicy\Machine => moved successfully
C:\windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814} => key removed successfully
HKLM\Software\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814} => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C} => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C} => key removed successfully
Firefox "Keyword.URL" removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758} => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\KAVOverlayIcon => key removed successfully
HKLM\Software\Classes\CLSID\{014F27E2-6D75-4E42-A0E9-2A2C68498AFA} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\KAVOverlayIcon => key removed successfully
HKLM\Software\Classes\CLSID\{014F27E2-6D75-4E42-A0E9-2A2C68498AFA} => key not found.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\UnLockerMenu => key removed successfully
HKLM\Software\Classes\CLSID\{A6FF0E3A-8437-482C-8E04-4F9E15C57538} => key removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32 => key removed successfully
HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA} => key not found.
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\UnLockerMenu => key removed successfully
HKLM\Software\Classes\CLSID\{A6FF0E3A-8437-482C-8E04-4F9E15C57538} => key not found.
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\UnLockerMenu => key removed successfully
HKLM\Software\Classes\CLSID\{A6FF0E3A-8437-482C-8E04-4F9E15C57538} => key not found.
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32 => key removed successfully
HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0D8A891D-890C-4808-84D8-2F436AB14653} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D8A891D-890C-4808-84D8-2F436AB14653} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1274336E-AB06-46B6-A48C-0671C5557CC6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1274336E-AB06-46B6-A48C-0671C5557CC6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Maintenance Configurator => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1687544D-7247-4F5A-965A-A6E920E55278} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1687544D-7247-4F5A-965A-A6E920E55278} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Manual Maintenance => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{48D6E107-3341-4554-938F-1AC156FD0AC2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{48D6E107-3341-4554-938F-1AC156FD0AC2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5ABF53E1-DCB3-4D87-AC6A-ABF865170D20} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5ABF53E1-DCB3-4D87-AC6A-ABF865170D20} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6F02587F-8A2B-4552-97F6-DEEF229E335B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F02587F-8A2B-4552-97F6-DEEF229E335B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Idle Maintenance => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{735E18C5-227F-4BEC-894F-DA81CEF9ED06} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{735E18C5-227F-4BEC-894F-DA81CEF9ED06} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{92227432-7E6A-4B44-B33E-399C4114EE85} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92227432-7E6A-4B44-B33E-399C4114EE85} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{957E34DC-B73B-40E9-BF81-ED2E3C3E2F14} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{957E34DC-B73B-40E9-BF81-ED2E3C3E2F14} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B7992938-01F1-4F40-A0EC-0D23D2F0F152} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B7992938-01F1-4F40-A0EC-0D23D2F0F152} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Regular Maintenance => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CD6ECABB-B6D3-4791-B85D-FE268E2429C1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD6ECABB-B6D3-4791-B85D-FE268E2429C1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CFD7C21A-808B-487B-A6EC-8A10E44E8360} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFD7C21A-808B-487B-A6EC-8A10E44E8360} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SettingSync\BackupTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E84D56BF-0A6D-4FC9-9ABB-F8F081FA83C6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E84D56BF-0A6D-4FC9-9ABB-F8F081FA83C6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EC2D2852-3EBA-4DCB-9C90-DA8689DCA357} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EC2D2852-3EBA-4DCB-9C90-DA8689DCA357} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FAFF46E3-5CD2-4D12-85E6-68F9CA754375} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FAFF46E3-5CD2-4D12-85E6-68F9CA754375} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key not found.
C:\windows => ":nlsPreferences" ADS removed successfully.
C:\ProgramData\Temp => ":40640B7D" ADS removed successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 49320857 B
Java, Flash, Steam htmlcache => 523 B
Windows/system/drivers => 3172658 B
Edge => 0 B
Chrome => 0 B
Firefox => 12647549 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 331599 B
systemprofile32 => 646698 B
LocalService => 65326 B
NetworkService => 0 B
Thomas => 9728260 B

RecycleBin => 0 B
EmptyTemp: => 80.4 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 14:01:04 ====

 

I have done what you said and restarted firefox as well as cleared firefox cache

 

I have also ran adwcleaner again and the scan found nothing

 

So far my computer is running fine.



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,528 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:06 AM

Posted 20 July 2017 - 12:36 PM

Glad we could help.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===

#5 Bto125

Bto125
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:06 PM

Posted 20 July 2017 - 01:47 PM

Hi nasdaq,

 

So everything seems fine to you (like the log)?

 

And are there anymore steps I need to take?



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,528 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:06 AM

Posted 21 July 2017 - 07:26 AM

Download Delfix from this site.
https://www.bleepingcomputer.com/download/delfix/

DelFix is a tool developed by Xplode, the makers of AdwCleaner, which can remove all portable virus cleaning and disinfection tools you’ve ever used. It will also reset the restore points of your computer systems making it even safer.

The program makes some other adjustments to your PC too which include:

Activate UAC: It activates the user account control after cleaning the log files and the unnecessary clutter in your PC.
Remove disinfection tools: Removes the tool you’ve ever used to disinfect your PC.
Create registry backup: The program creates a registry backup and stores it under % windir% \ ERUNT \ DelFix.
Purge system restore: Deletes all your older restore points and creates a fresh one.
Reset system settings: It resets the system settings after the removal process is completed.


Just download the program and run it on your computer system.
There is a default check-mark on feature ‘Remove disinfection tools’ and you need to check other feature manually before running the program should you wish to.
Wait for a few minutes and your computer system will be free of all unnecessary files.

===

#7 Bto125

Bto125
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:06 PM

Posted 21 July 2017 - 09:19 AM

Hi nasdaq,

Thanks you for all your help on my problem.

Is my computer clean in your opinion? Is the cleaning process over now?

My computer is running fine at the moment (no popups etc).

 



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,528 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:06 AM

Posted 21 July 2017 - 10:23 AM

I think you are good.
Follow the recommendations as suggested in post no.4.

#9 Bto125

Bto125
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:06 PM

Posted 21 July 2017 - 10:33 AM

Ok, i'll be reading up on those link very soon.

Again thank you very much for your assistance.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users