Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't install any untivirus ! Help !


  • This topic is locked This topic is locked
26 replies to this topic

#1 Nwer

Nwer

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 28 August 2017 - 09:46 AM

Mod Edit... Moved to Malware Removal Los ~~ boopme

Hi ,
I have a windows 7 64bit (cracked not original version).
I used to have avg and it was working  smoothly, once i uninstalled it , i can no more install any antivirus.
here are the steps i took trying resolve this ,  and their results :
 
1- Reinstall AVG = error
2-  Try installing avast , panda and NPE  = error 
3- Install malwarebytes = error "the system can not find the path specified"
4- eset online scan = cached 8 infected files and marked them as "cleaned" , but still can't install antivirus
5- RunRKiller = error " r killer is terminated ! "
6- Rename Rkiller extension , downloading other renamed versions of your site = same error
7- Run (hopelessly)  Microsoft windows malicious software = cached 4 infected files while scanning and when it finished i got a message like  " No malicious found!!!"
8- Run combofix (Sorryy , didn't know) = it was about 50 stages completed and after the rebooting still exist my problem

 

Note :  Any other software except AVs can be installed and work fine .
 
Thank you in advance , i apprecciate you effort.
 
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
Ran by user1 (administrator) on HEMA-PC (28-08-2017 17:02:29)
Running from D:\Downloads
Loaded Profiles: False (Available Profiles: user1) <==== ATTENTION (Temporary Profile?)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Famatech Corp.) C:\Windows\SysWOW64\rserver30\rserver3.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files\ACD Systems\ACDSee Pro\8.0\ACDSeeCommanderPro8.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Famatech Corp.) C:\Windows\SysWOW64\rserver30\FamItrfc.Exe
(Famatech Corp.) C:\Windows\SysWOW64\rserver30\FamItrfc.Exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-11-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1314816 2010-06-15] (Analog Devices, Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-18\...\Run: [ACDSeeCommanderPro8] => C:\Program Files\ACD Systems\ACDSee Pro\8.0\ACDSeeCommanderPro8.exe [2136072 2014-09-19] ()
HKU\S-1-5-18\...\Run: [Lync] => C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe [23153344 2017-08-08] (Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL -> No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{DFD87EF2-114E-4DB5-9B1F-B44B2260DFA8}: [NameServer] 199.85.126.20,199.85.127.20
Tcpip\..\Interfaces\{DFD87EF2-114E-4DB5-9B1F-B44B2260DFA8}: [DhcpNameServer] 8.8.8.8 8.8.4.4

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ar.hao123.com/?tn=bav_pro_hp_01_hao123_ar
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://ar.hao123.com/?tn=bav_pro_hp_01_hao123_ar
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-07-27] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2017-07-27] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-27] (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> No File
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-07-26] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL => No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2017-07-26] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-07-26] (Microsoft Corporation)
BHO-x32: No Name -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> No File
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL No File
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-26] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-26] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-26] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-26] (Microsoft Corporation)
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll No File
Handler: WSAllMyTubechrome - No CLSID Value
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\computersoft\AppData\Roaming\Mozilla\Firefox\Profiles\ocgl3mtp.default\extensions\deskCutv2@gmail.com => not found
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 => not found
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\dlsecuretb.xml [2015-04-08]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2017-03-10]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yoursearching.xml [2016-01-12]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_194.dll [2015-06-28] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-06-28] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-07-27] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-07-26] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-05-16] (Adobe Systems Inc.)
FF Plugin HKU\.DEFAULT: @citrixonline.com/appdetectorplugin -> C:\Windows\system32\config\systemprofile\AppData\Local\Citrix\Plugins\104\npappdetector.dll [No File]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - <no Path/update_url>
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [dfachbhccemanebkkbeppgnnhkpicifp] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3705536 2017-07-03] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-11-14] (NVIDIA Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-11-14] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-11-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-11-14] (NVIDIA Corporation)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2015-07-18] ()
R2 RServer3; C:\Windows\SysWOW64\rserver30\RServer3.exe [1154752 2012-12-19] (Famatech Corp.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S3 Microsoft Office Groove Audit Service; "C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [44640 2014-09-12] (The OpenVPN Project)
R3 atmeltpm; C:\Windows\System32\DRIVERS\atmeltpm64.sys [19456 2011-08-05] (Atmel, Inc.)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [24056 2016-01-14] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [21496 2016-01-14] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2016-07-11] ()
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [10208 2016-07-11] ()
R3 fspad_win764; C:\Windows\System32\DRIVERS\fspad_win764.sys [67584 2012-09-07] (Sentelic Corporation)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-08-17] (REALiX™)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-03-05] (Intel Corporation)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (EZB Systems, Inc.)
R3 mirrorv3; C:\Windows\System32\DRIVERS\rminiv3.sys [5632 2012-12-18] (Famatech International Corp.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-11-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-11-14] (NVIDIA Corporation)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-28 17:02 - 2017-08-28 17:02 - 000000000 ____D C:\FRST
2017-08-28 15:10 - 2017-08-28 15:10 - 000042708 _____ C:\ComboFix.txt
2017-08-28 14:56 - 2017-08-28 15:11 - 000000000 ____D C:\Qoobox
2017-08-28 14:56 - 2017-08-28 15:09 - 000000000 ____D C:\Windows\erdnt
2017-08-28 14:56 - 2011-06-26 09:45 - 000256000 _____ C:\Windows\PEV.exe
2017-08-28 14:56 - 2010-11-07 20:20 - 000208896 _____ C:\Windows\MBR.exe
2017-08-28 14:56 - 2009-04-20 07:56 - 000060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-08-28 14:56 - 2000-08-31 03:00 - 000518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-08-28 14:56 - 2000-08-31 03:00 - 000406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-08-28 14:56 - 2000-08-31 03:00 - 000098816 _____ C:\Windows\sed.exe
2017-08-28 14:56 - 2000-08-31 03:00 - 000080412 _____ C:\Windows\grep.exe
2017-08-28 14:56 - 2000-08-31 03:00 - 000068096 _____ C:\Windows\zip.exe
2017-08-28 11:26 - 2017-08-28 11:47 - 000000000 ____D C:\Users\TEMP\AppData\Local\AvgSetupLog
2017-08-28 04:29 - 2017-08-28 05:09 - 000000000 ____D C:\Program Files (x86)\TrojanHunter
2017-08-27 20:26 - 2017-08-27 20:27 - 000000000 ____D C:\AVG_ResetAccess
2017-08-27 20:26 - 2017-08-27 20:26 - 000000000 ____D C:\Users\TEMP\AppData\Local\Avg
2017-08-27 20:26 - 2017-08-27 20:26 - 000000000 ____D C:\AVG_Remover
2017-08-26 21:09 - 2017-02-21 09:29 - 000053008 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\TURegOpt.exe
2017-08-26 21:09 - 2017-02-21 09:25 - 000044304 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\authuitu.dll
2017-08-26 21:09 - 2017-02-21 09:25 - 000042256 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\SysWOW64\authuitu.dll
2017-08-24 04:59 - 2017-08-24 16:32 - 000000000 _____ C:\Windows\SysWOW64\last.dump
2017-08-22 20:56 - 2017-08-22 20:56 - 000000000 ____D C:\Users\Public\Documents\iSunshare RAR Password Genius
2017-08-22 12:29 - 2017-08-22 12:29 - 000000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2017-08-22 11:46 - 2017-08-22 11:46 - 000000000 ____D C:\Users\Default\AppData\Local\CEF
2017-08-21 19:44 - 2017-08-21 20:10 - 000000784 _____ C:\Users\TEMP\Desktop\iSumsoft ZIP Password Refixer.lnk
2017-08-21 19:44 - 2017-08-21 19:44 - 000000000 ____D C:\Users\Public\Documents\iSumsoft ZIP Password Refixer
2017-08-01 17:55 - 2017-08-01 17:55 - 000000652 _____ C:\Users\Public\Desktop\Fotor.lnk
2017-08-01 13:15 - 2017-08-01 13:15 - 000000000 ____D C:\Program Files (x86)\Photo!

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-28 15:38 - 2009-07-14 07:45 - 000020512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-08-28 15:38 - 2009-07-14 07:45 - 000020512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-08-28 15:35 - 2009-07-14 08:13 - 000738558 _____ C:\Windows\system32\PerfStringBackup.INI
2017-08-28 15:35 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\inf
2017-08-28 15:32 - 2016-12-20 14:13 - 000000000 ____D C:\Users\TEMP\AppData\LocalLow\Mozilla
2017-08-28 15:31 - 2009-07-14 08:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-08-28 15:06 - 2009-07-14 08:08 - 000032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-08-28 15:06 - 2009-07-14 05:34 - 000000215 _____ C:\Windows\system.ini
2017-08-28 15:05 - 2009-07-14 05:34 - 083361792 _____ C:\Windows\system32\config\SOFTWARE.bak
2017-08-28 15:05 - 2009-07-14 05:34 - 083361792 _____ C:\Windows\system32\config\SOFTWARE.bak
2017-08-28 15:05 - 2009-07-14 05:34 - 020185088 _____ C:\Windows\system32\config\SYSTEM.bak
2017-08-28 15:05 - 2009-07-14 05:34 - 020185088 _____ C:\Windows\system32\config\SYSTEM.bak
2017-08-28 15:05 - 2009-07-14 05:34 - 005505024 _____ C:\Windows\system32\config\DEFAULT.bak
2017-08-28 15:05 - 2009-07-14 05:34 - 005505024 _____ C:\Windows\system32\config\DEFAULT.bak
2017-08-28 15:05 - 2009-07-14 05:34 - 000262144 _____ C:\Windows\system32\config\SECURITY.bak
2017-08-28 15:05 - 2009-07-14 05:34 - 000262144 _____ C:\Windows\system32\config\SECURITY.bak
2017-08-28 15:05 - 2009-07-14 05:34 - 000057344 _____ C:\Windows\system32\config\SAM.bak
2017-08-28 15:05 - 2009-07-14 05:34 - 000057344 _____ C:\Windows\system32\config\SAM.bak
2017-08-28 12:34 - 2015-06-28 20:56 - 140394280 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-08-27 19:08 - 2017-02-08 19:14 - 000000000 ____D C:\Windows\SysWOW64\%LOCALAPPDATA%
2017-08-27 18:54 - 2009-07-14 05:34 - 038273024 _____ C:\Windows\system32\config\COMPONENTS.bak
2017-08-27 18:54 - 2009-07-14 05:34 - 038273024 _____ C:\Windows\system32\config\COMPONENTS.bak
2017-08-24 11:11 - 2017-01-22 11:52 - 000000000 ____D C:\AITEMP
2017-08-24 04:59 - 2017-05-06 08:22 - 000000000 ____D C:\Program Files\Boris FX, Inc
2017-08-23 07:43 - 2015-06-28 16:09 - 000000000 ____D C:\Program Files\WinRAR
2017-08-17 12:43 - 2017-04-16 11:14 - 000002149 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-08-15 14:09 - 2015-07-18 14:28 - 000271200 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2017-08-15 14:09 - 2015-07-18 14:28 - 000271200 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2017-08-14 11:17 - 2016-07-01 17:29 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-08-13 14:56 - 2016-12-20 14:12 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-08-08 21:22 - 2017-03-28 10:01 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-08-01 23:56 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\system32\NDF

==================== Files in the root of some directories =======

2015-06-22 13:03 - 2008-09-03 20:23 - 004232704 _____ (Adobe Systems, Inc.) C:\Program Files (x86)\FlashPlayer.exe
2015-06-22 13:03 - 2014-10-26 23:40 - 011212976 _____ (Adobe Systems, Inc.) C:\Program Files (x86)\flashplayer_15_sa.exe
2017-05-30 13:39 - 2017-05-30 13:39 - 000000132 _____ () C:\Windows\system32\config\systemprofile\AppData\Roaming\Adobe IllExport Filter CC Prefs
2016-03-19 15:38 - 2017-07-09 21:45 - 000000132 _____ () C:\Windows\system32\config\systemprofile\AppData\Roaming\Adobe PNG Format CC Prefs
2017-08-27 14:30 - 2017-08-27 14:30 - 000048552 _____ () C:\ProgramData\agent.1503833414.bdinstall.bin
2017-08-27 16:08 - 2017-08-27 16:08 - 000030402 _____ () C:\ProgramData\agent.uninstall.1503839315.bdinstall.bin
2017-05-14 13:44 - 2017-05-14 13:44 - 000005087 _____ () C:\ProgramData\czchsjpj.srw
2017-08-25 10:08 - 2017-08-25 10:09 - 000000132 _____ () C:\ProgramData\log.bin
2017-03-27 11:24 - 2017-08-25 10:08 - 000000128 _____ () C:\ProgramData\log.ewb
2017-03-27 11:24 - 2017-08-25 10:08 - 000003198 _____ () C:\ProgramData\log.ewbt
2017-05-14 13:44 - 2017-05-14 13:44 - 000000016 _____ () C:\ProgramData\mntemp

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-08-21 06:27

==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by user1 (28-08-2017 17:03:01)
Running from D:\Downloads
Windows 7 Professional Service Pack 1 (X64) (2014-08-27 06:40:54)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-880046013-2077095381-1442674848-500 - Administrator - Enabled)
Guest (S-1-5-21-880046013-2077095381-1442674848-501 - Limited - Disabled)
user1 (S-1-5-21-880046013-2077095381-1442674848-1000 - Administrator - Enabled) => C:\Users\TEMP

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (HKLM\...\{BE930E38-7BB3-45B6-85B2-5251F374F844}) (Version: 6.2.2 - Hewlett-Packard) Hidden
ACDSee Pro 8 (64-bit) (HKLM\...\{F84CE839-8CDD-4DC1-9A05-FA93BEA8B63D}) (Version: 8.0.0.262 - ACD Systems International Inc.)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.194 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.194 - Adobe Systems Incorporated)
Adobe Illustrator CC (HKLM-x32\...\{F2321021-08A2-44D6-B1DF-BDB415F23EC3}) (Version: 17.0 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) - Arabic (HKLM-x32\...\{AC76BA86-7AD7-1025-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Analyseur et SDK MSXML 4.0 SP2 (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
AVG PC TuneUp (HKLM-x32\...\{149D912F-03DB-4895-913E-820CB11965C0}) (Version: 16.74.1 - AVG Technologies) Hidden
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Fotor 2.0.3 (HKLM-x32\...\Fotor) (Version: 2.0.3 - Everimaging Co., Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.101 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
K-Lite Mega Codec Pack 11.2.4 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.2.4 - )
Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0006.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 365 ProPlus - ar-sa (HKLM\...\O365ProPlusRetail - ar-sa) (Version: 16.0.7766.2099 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.7766.2099 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Save as PDF Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B0-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.1.6388 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nokia Connectivity Cable Driver (HKLM\...\{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}) (Version: 7.1.32.69 - )
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 342.01 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.125 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.125 - NVIDIA Corporation)
NVIDIA Graphics Driver 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 342.01 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.7766.2099 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.7766.2099 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.7766.2099 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0401-0000-0000000FF1CE}) (Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
PDF Settings CC (HKLM-x32\...\{1FBAE18D-4DE4-47AA-83EC-D1B046F262DC}) (Version: 12.0 - Adobe Systems Incorporated) Hidden
Petit Larousse 2009 (HKLM-x32\...\{422FADA9-FED2-41D7-B5FA-472BB98B7784}) (Version:  - )
Radmin Server 3.5 (HKLM-x32\...\{1B25B709-0909-4C30-8E85-BF3823DF7555}) (Version: 3.50.0000 - Famatech)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.125 - NVIDIA Corporation) Hidden
SmartWebPrinting (HKLM-x32\...\{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}) (Version: 140.0.186.000 - Hewlett-Packard) Hidden
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
UltraISO Premium V9.61 (HKLM-x32\...\UltraISO_is1) (Version:  - )
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VSDC Free Video Editor version 5.7.7.702 (HKLM-x32\...\VSDC Free Video Editor_is1) (Version: 5.7.7.702 - Flash-Integro LLC)
Windows 7 Manager (HKLM\...\{782FC52F-1971-4CAC-93B8-AEF78C507C73}) (Version: 4.4.6 - Yamicsoft)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} =>  -> No File
ShellIconOverlayIdentifiers-x32-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL -> No File
ShellIconOverlayIdentifiers-x32-x32-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL -> No File
ShellIconOverlayIdentifiers-x32-x32-x32-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL -> No File
ShellIconOverlayIdentifiers-x32-x32-x32-x32-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL -> No File
ShellIconOverlayIdentifiers-x32-x32-x32-x32-x32-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL -> No File
ContextMenuHandlers1: [PicaViewCtxMenuShlExt] -> {F3CBBA61-EE3F-4D6D-B1C6-B3474E579936} => C:\Program Files\Common Files\ACD Systems\PicaView\ACDSeePV.dll [2014-09-19] (ACD Systems International Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers1-x32-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL -> No File
ContextMenuHandlers2: [IVBShlExt] -> {5B9C04C2-5EB5-4B60-8B71-46964DB8CDBF} =>  -> No File
ContextMenuHandlers2: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2014-01-02] (EZB Systems, Inc.)
ContextMenuHandlers3-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL -> No File
ContextMenuHandlers4: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2014-01-02] (EZB Systems, Inc.)
ContextMenuHandlers4-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2016-11-14] (NVIDIA Corporation)
ContextMenuHandlers5-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL -> No File
ContextMenuHandlers6: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2014-01-02] (EZB Systems, Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers6-x32-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL -> No File
ContextMenuHandlers1_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers4_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers5_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0397F340-0EAC-4367-B2A9-016A686A102C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-16] (Google Inc.)
Task: {06A60019-6FEA-4014-8711-D5EEA34D0087} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe
Task: {158669E8-1A2F-46B1-AC9E-CE51BDDF170D} - System32\Tasks\{93774301-9378-442F-B062-7430C1258087} => C:\Windows\system32\pcalua.exe -a "K:\Abdulrahman\Francias\3D French Dict\3D French Dict\instmsia.exe" -d "K:\Abdulrahman\Francias\3D French Dict\3D French Dict"
Task: {1656BB2B-49AE-4126-805A-A6AFC845E3EC} - System32\Tasks\{CE881689-6839-4E88-BDE0-A710AA4BE0C8} => C:\Windows\system32\pcalua.exe -a "D:\Pro Evolution Soccer 2015 [Steam-Rip]\Pro Evolution Soccer 2015\_CommonRedist\vcredist\2010\vcredist_x64.exe" -d "D:\Pro Evolution Soccer 2015 [Steam-Rip]\Pro Evolution Soccer 2015\_CommonRedist\vcredist\2010"
Task: {2B5A7602-5E3C-4882-AB7B-9C6FBD0A1CA5} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-07-03] (Microsoft Corporation)
Task: {31844ABF-7238-4F22-BCD3-20294B7D86B5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-08-08] (Microsoft Corporation)
Task: {44D6C8F1-D7FA-41DF-B2C7-E1FDFE020484} - System32\Tasks\Microsoft\Windows\Multimedia\Manager => C:\Windows\system32\config\systemprofile\AppData\Roaming\Adobe\Manager.exe
Task: {585BD2D0-3AD6-4A34-8698-BE8240FF905D} - System32\Tasks\{46A70FD9-6337-47D8-BB2E-466B5A3F2B14} => C:\Windows\system32\pcalua.exe -a E:\install.exe -d E:\
Task: {5B3B4C7A-FB75-4781-94DD-23EB130BCA65} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-16] (Google Inc.)
Task: {662D2A91-4341-4285-922D-11665B87398A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-08-08] (Microsoft Corporation)
Task: {666B26A9-CB69-4099-9334-DC96C0A0A3EA} - System32\Tasks\{2C9A13D2-A807-49A3-BA7B-F3E4ABD37B60} => C:\Windows\system32\pcalua.exe -a "D:\Call of Duty- Modern Warfare 3\Redist\vcredist_x86.exe" -d "D:\Call of Duty- Modern Warfare 3\Redist"
Task: {66F9BB89-9434-4DE6-8D3D-62D0F542939E} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-08-08] (Microsoft Corporation)
Task: {6C3B2AAB-6E0C-4AB8-94E6-A9742E408A95} - System32\Tasks\{97D61B1E-7455-42E4-953F-AE58C77E7D0E} => C:\Windows\system32\pcalua.exe -a "D:\Call of Duty Black Ops 2 PC full game ^^nosTEAM^^\Call of Duty Black Ops 2\vcredist_x86.exe" -d "D:\Call of Duty Black Ops 2 PC full game ^^nosTEAM^^\Call of Duty Black Ops 2"
Task: {98472E7E-0F56-482D-900A-67D1086DF634} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {98FF63FA-70A9-4313-9C53-8AEFBE8FBBE6} - System32\Tasks\{90A41914-EC62-4A28-9288-3BDC79D0DEAB} => C:\Windows\system32\pcalua.exe -a "D:\DMC Devi May Cry\redist\vcredist_x86_2008.exe" -d "D:\DMC Devi May Cry\redist"
Task: {9B3C4D54-F4C0-4E7C-8093-2480C56E63E4} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-07-03] (Microsoft Corporation)
Task: {9BCA9B0A-C1D8-4B7D-90CC-2145B01BCA33} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {9F00E29B-179E-4951-B01F-052DB7C3377D} - \RunAtStartup -> No File <==== ATTENTION
Task: {E8299F1E-F22A-4EEB-9D69-745A02A347E5} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) ==============

2015-06-28 22:25 - 2016-11-14 14:15 - 000135224 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-03-28 13:05 - 2017-01-29 16:55 - 008930504 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-02-08 14:16 - 2016-11-14 15:30 - 000367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2017-02-08 14:16 - 2016-11-14 15:30 - 001147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2017-02-08 14:16 - 2016-11-14 15:30 - 003611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2017-02-08 14:16 - 2016-11-14 15:30 - 000288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2015-07-18 14:28 - 2015-07-18 14:28 - 000075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-09-19 23:56 - 2014-09-19 23:56 - 002136072 _____ () C:\Program Files\ACD Systems\ACDSee Pro\8.0\ACDSeeCommanderPro8.exe
2017-02-08 14:16 - 2016-11-14 15:30 - 002665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2017-02-08 14:16 - 2016-11-14 15:30 - 001988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2017-02-08 14:16 - 2016-11-14 15:30 - 001840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2017-02-08 14:16 - 2016-11-14 15:30 - 000207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2017-02-08 14:16 - 2016-11-14 15:30 - 000034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2017-02-08 14:16 - 2016-11-14 15:30 - 000920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll

==================== Alternate Data Streams (Whitelisted) =========

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 05:34 - 2017-08-28 15:06 - 000000027 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

DNS Servers: 199.85.126.20 - 199.85.127.20
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdobeARMservice => 3
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AdobeUpdateService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Hyperappel du Petit Larousse 2009.lnk => C:\Windows\pss\Hyperappel du Petit Larousse 2009.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^computersoft^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: ACDSeeCommanderPro8 => C:\Program Files\ACD Systems\ACDSee Pro\8.0\ACDSeeCommanderPro8.exe
MSCONFIG\startupreg: ACPW08EN => "C:\Program Files\ACD Systems\ACDSee Pro\8.0\acdIDInTouch2.exe"
MSCONFIG\startupreg: Adobe Creative Cloud =>
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: CyCpIo =>
MSCONFIG\startupreg: CyHidWin =>
MSCONFIG\startupreg: DelaypluginInstall =>
MSCONFIG\startupreg: Free Download Manager => "D:\IM Dwonloads\Free Download Manager\fdm.exe" --minimized
MSCONFIG\startupreg: fspuip =>
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{D8A40E55-EE93-4B97-A490-DB582866DAE2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{05302A74-912F-425C-B5E5-E8091AF88379}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3E9E9E85-FAE2-4F0A-8D1D-881B952C4EA7}] => (Allow) C:\Windows\SysWOW64\rserver30\rserver3.exe
FirewallRules: [{48F262CF-A4D4-45C7-8C2A-110CB36E63E8}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{EF2714CB-FFDC-4EBD-A36C-C6B1533C8D3B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{3853EAAE-0FAF-45EB-A218-85ADD0DC0F9A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{167458F6-1DD3-4F0C-9833-66D591C6D32F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{E3A0BE07-9F95-48E8-93AA-EB1E904E2A50}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{1361E3DB-2231-4BA4-B99B-7ECBE8169540}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{DE5FAE49-DE6C-485E-BA7F-01E6BF1266FF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{81D62395-5219-485B-A76C-A75F5EF08787}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{2A565D80-4978-43F2-B383-8FA2942CCE6F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{415C6D6F-2B8F-4308-A1A1-F050F841F106}] => (Allow) C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{348E5F4C-9D50-46F2-BE55-9464F732A06E}] => (Allow) C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{A5C29F61-C085-48E9-B68C-C740D2E90F3E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{B31D9E24-C1CC-48D0-8808-5D87F263E588}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{EDA9B929-AEFD-4F05-9FDB-C1EDF495AB6C}] => (Allow) LPort=2869
FirewallRules: [{690ACB29-26DD-492E-9621-3AE6A7E82B88}] => (Allow) LPort=1900
FirewallRules: [{63FC0CAD-C3C4-4024-A210-21217DC6DC47}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\VideoEditor.exe
FirewallRules: [{85393F2A-A312-4E24-B91F-2697224F2FAE}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\VideoEditor.exe
FirewallRules: [{206E97D6-7915-4EA1-86D8-AFB617B56398}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Activation.exe
FirewallRules: [{80D49EDF-5107-4F8A-94F6-E04889A44C9E}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Activation.exe
FirewallRules: [{54488F9E-F846-479F-BDF4-627F8417FE77}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Updater.exe
FirewallRules: [{E453D43F-67E4-454E-A85E-053E648942ED}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Updater.exe
FirewallRules: [{19B4AB7B-2E65-41FB-B1DA-253FC9CF1956}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{8E2577E0-4A0B-45CD-9625-5312AB23C197}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{176226DF-F3BF-4A92-8441-ACF652AE3E2A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{E376A6B5-0BA2-4A6D-B420-B945F2AA6760}C:\users\temp\anaconda3\pythonw.exe] => (Block) C:\users\temp\anaconda3\pythonw.exe
FirewallRules: [UDP Query User{458FB419-9756-4B66-A5AD-ED8249E6CC4E}C:\users\temp\anaconda3\pythonw.exe] => (Block) C:\users\temp\anaconda3\pythonw.exe
FirewallRules: [TCP Query User{C27C7103-7E4C-4DB6-9C83-8CFEF453D27B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{64B85F39-FA3E-485B-9842-35057BA5DEA9}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe

==================== Restore Points =========================

01-07-2017 13:07:06 Installed Ginger
22-08-2017 12:28:32 Installed AVG 2016
22-08-2017 12:28:51 Installed AVG
24-08-2017 04:58:30 Removed HitFilm 4 Express
24-08-2017 15:15:39 Removed AVG
24-08-2017 15:16:19 Removed AVG 2016

==================== Faulty Device Manager Devices =============

Name: {00c97d86-accb-4288-9972-6d929c1fe93a}Gw64
Description: {00c97d86-accb-4288-9972-6d929c1fe93a}Gw64
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: {00c97d86-accb-4288-9972-6d929c1fe93a}Gw64
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: {00c97d86-accb-4288-9972-6d929c1fe93a}w64
Description: {00c97d86-accb-4288-9972-6d929c1fe93a}w64
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: {00c97d86-accb-4288-9972-6d929c1fe93a}w64
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/28/2017 04:25:11 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: HEMA-PC)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.

 DETAIL - Access is denied.

Error: (08/28/2017 03:31:43 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: HEMA-PC)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.

 DETAIL - Access is denied.

Error: (08/28/2017 03:31:28 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: HEMA-PC)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.

 DETAIL - Access is denied.

Error: (08/28/2017 03:30:40 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: HEMA-PC)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.

 DETAIL - Access is denied.

Error: (08/28/2017 03:29:23 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: HEMA-PC)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.

 DETAIL - Access is denied.

Error: (08/28/2017 03:29:12 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: HEMA-PC)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.

 DETAIL - Access is denied.

Error: (08/28/2017 03:28:27 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: HEMA-PC)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.

 DETAIL - Access is denied.

Error: (08/28/2017 03:16:01 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "c:\program files (x86)\microsoft office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "c:\program files (x86)\microsoft office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (08/28/2017 03:13:02 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (08/28/2017 03:13:02 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (08/28/2017 03:31:37 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
{00c97d86-accb-4288-9972-6d929c1fe93a}Gw64
{00c97d86-accb-4288-9972-6d929c1fe93a}w64

Error: (08/28/2017 03:31:20 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (08/28/2017 03:31:17 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (08/28/2017 03:29:14 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
{00c97d86-accb-4288-9972-6d929c1fe93a}Gw64
{00c97d86-accb-4288-9972-6d929c1fe93a}w64

Error: (08/28/2017 03:29:04 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (08/28/2017 03:28:59 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (08/28/2017 03:21:33 PM) (Source: DCOM) (EventID: 10000) (User: )
Description: Unable to start a DCOM Server: {3519154C-227E-47F3-9CC9-12C3F05817F1}. The error:
"1018"
Happened while starting this command:
C:\Windows\SysWOW64\DllHost.exe /Processid:{AD3EDBCA-0901-415B-82E9-C16D3B65E38C}

Error: (08/28/2017 03:17:11 PM) (Source: DCOM) (EventID: 10000) (User: )
Description: Unable to start a DCOM Server: {B8FB4AD7-EA4A-4B47-BFDC-BFC94160A8EA}. The error:
"1018"
Happened while starting this command:
C:\Windows\system32\DeviceDisplayObjectProvider.exe -Embedding

Error: (08/28/2017 03:13:09 PM) (Source: DCOM) (EventID: 10000) (User: )
Description: Unable to start a DCOM Server: {06622D85-6856-4460-8DE1-A81921B41C4B}. The error:
"1018"
Happened while starting this command:
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

Error: (08/28/2017 03:10:33 PM) (Source: DCOM) (EventID: 10000) (User: )
Description: Unable to start a DCOM Server: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}. The error:
"1018"
Happened while starting this command:
C:\Windows\system32\wbem\wmiprvse.exe -Embedding


CodeIntegrity:
===================================
  Date: 2017-08-28 15:04:26.911
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-08-28 15:04:26.849
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-06-28 16:56:57.558
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2015-06-28 15:29:44.045
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2015-06-28 13:33:35.449
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Xeon® CPU W3530 @ 2.80GHz
Percentage of memory in use: 20%
Total physical RAM: 8189.59 MB
Available physical RAM: 6521.98 MB
Total Virtual: 16377.37 MB
Available Virtual: 14391.73 MB

==================== Drives ================================

Drive c: (system) (Fixed) (Total:150.16 GB) (Free:86.3 GB) NTFS
Drive d: (Data) (Fixed) (Total:781.25 GB) (Free:463.84 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 6ED4EA39)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=150.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=781.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


Edited by Nwer, 28 August 2017 - 11:18 AM.
Moved from MRL to AV/AM Software - Hamluis.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,447 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:12 PM

Posted 31 August 2017 - 08:04 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
=======


Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL -> No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL => No File
BHO-x32: No Name -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> No File
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL No File
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll No File
Handler: WSAllMyTubechrome - No CLSID Value
FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\computersoft\AppData\Roaming\Mozilla\Firefox\Profiles\ocgl3mtp.default\extensions\deskCutv2@gmail.com => not found
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\dlsecuretb.xml [2015-04-08]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2017-03-10]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yoursearching.xml [2016-01-12]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin HKU\.DEFAULT: @citrixonline.com/appdetectorplugin -> C:\Windows\system32\config\systemprofile\AppData\Local\Citrix\Plugins\104\npappdetector.dll [No File]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - <no Path/update_url>
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
S3 Microsoft Office Groove Audit Service; "C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe" [X]
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\dlsecuretb.xml
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yoursearching.xml
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} =>  -> No File
ShellIconOverlayIdentifiers-x32-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL -> No File
ShellIconOverlayIdentifiers-x32-x32-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL -> No File
ShellIconOverlayIdentifiers-x32-x32-x32-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL -> No File
ShellIconOverlayIdentifiers-x32-x32-x32-x32-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL -> No File
ShellIconOverlayIdentifiers-x32-x32-x32-x32-x32-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL -> No File
ContextMenuHandlers1-x32-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL -> No File
ContextMenuHandlers2: [IVBShlExt] -> {5B9C04C2-5EB5-4B60-8B71-46964DB8CDBF} =>  -> No File
ContextMenuHandlers3-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL -> No File
ContextMenuHandlers4-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL -> No File
ContextMenuHandlers5-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL -> No File
ContextMenuHandlers6-x32-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL -> No File
ContextMenuHandlers1_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers4_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers5_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
Task: {9F00E29B-179E-4951-B01F-052DB7C3377D} - \RunAtStartup -> No File <==== ATTENTION

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.

#3 Nwer

Nwer
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 01 September 2017 - 03:00 AM

I downloaded it and i closed all the programs

When i run it  "as administrator"  , it gives me this message " system cannot find the right path"

I've also tried to run it without "as administrator" = same error

that doesn't happen whit other software . but it's common with avs , like this one and malwarbytes .



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,447 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:12 PM

Posted 01 September 2017 - 08:50 AM



Running from D:\Downloads
Loaded Profiles: False (Available Profiles: user1) <==== ATTENTION (Temporary Profile?)


The fixlist.txt must be located where the Farbar tool is located.

It's running from the d:\Download folder

#5 Nwer

Nwer
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 01 September 2017 - 11:19 AM

Hi again nasdaq
 
the fixlist.txt is located in d:\Download folder  now . but that's not the problem .
 
the thing is , Rogukiller does not run , it's always the message "cannot find the right path" that appears !

Rogukiller is also in same folder where Farbar is and fixlist.txt

 

Thanks for help nasdaq


Edited by Nwer, 01 September 2017 - 11:20 AM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,447 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:12 PM

Posted 01 September 2017 - 01:16 PM



Hi,

Move the Farbar program and the Fixlist.txt file from the Download folder to this folder C:\desktop.

If still no joy.

Restart the computer with an Administrator account.

Copy the Farbar program and the Fixlist.txt on the Desktop.

Any luck?

#7 Nwer

Nwer
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 02 September 2017 - 02:38 AM

did it as you said , still can't run roguekiller !

 

Note : i still didn't do the scan thing with Farbar and the Fixlist.txt ,i'm waiting till Roguekiller succed to run . do you want me to ignore Roguekiller step and proceed with Farbar and the fixlist , or that would do harm to my PC ?

 

thanks for your patience nasdaq



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,447 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:12 PM

Posted 02 September 2017 - 06:48 AM

Yes stop the Roguekiller from running. Just execute the Farbar fix for now.

#9 Nwer

Nwer
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 02 September 2017 - 07:32 AM

Here is the fixlog , but still can't run avs

i tried to run avast and malwarbytes but still blocks 

 

 

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by user1 (02-09-2017 14:22:27) Run:1
Running from D:\Downloads
Loaded Profiles: False (Available Profiles: user1)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL -> No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL => No File
BHO-x32: No Name -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> No File
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL No File
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll No File
Handler: WSAllMyTubechrome - No CLSID Value
FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\computersoft\AppData\Roaming\Mozilla\Firefox\Profiles\ocgl3mtp.default\extensions\deskCutv2@gmail.com => not found
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\dlsecuretb.xml [2015-04-08]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2017-03-10]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yoursearching.xml [2016-01-12]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin HKU\.DEFAULT: @citrixonline.com/appdetectorplugin -> C:\Windows\system32\config\systemprofile\AppData\Local\Citrix\Plugins\104\npappdetector.dll [No File]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - <no Path/update_url>
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
S3 Microsoft Office Groove Audit Service; "C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe" [X]
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\dlsecuretb.xml
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yoursearching.xml
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} =>  -> No File
ShellIconOverlayIdentifiers-x32-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL -> No File
ShellIconOverlayIdentifiers-x32-x32-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL -> No File
ShellIconOverlayIdentifiers-x32-x32-x32-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL -> No File
ShellIconOverlayIdentifiers-x32-x32-x32-x32-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL -> No File
ShellIconOverlayIdentifiers-x32-x32-x32-x32-x32-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL -> No File
ContextMenuHandlers1-x32-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL -> No File
ContextMenuHandlers2: [IVBShlExt] -> {5B9C04C2-5EB5-4B60-8B71-46964DB8CDBF} =>  -> No File
ContextMenuHandlers3-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL -> No File
ContextMenuHandlers4-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL -> No File
ContextMenuHandlers5-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL -> No File
ContextMenuHandlers6-x32-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL -> No File
ContextMenuHandlers1_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers4_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers5_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
Task: {9F00E29B-179E-4951-B01F-052DB7C3377D} - \RunAtStartup -> No File <==== ATTENTION

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{B5A7F190-DDA6-4420-B3BA-52453494E6CD} => value removed successfully
HKLM\SOFTWARE\WOW6432Node\Classes\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD} => key removed successfully
HKLM\SOFTWARE\Policies\Google => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61} => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{0347C33E-8762-4905-BF09-768834316C61} => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E} => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E} => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} => key not found.
HKLM\Software\Classes\PROTOCOLS\Handler\grooveLocalGWS => key removed successfully
HKLM\Software\Classes\CLSID\{88FED34C-F0CA-4636-A375-3CB6248B04CD} => key not found.
HKLM\Software\Classes\PROTOCOLS\Handler\wlpg => key removed successfully
HKLM\Software\Classes\CLSID\{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} => key not found.
HKLM\Software\Classes\PROTOCOLS\Handler\WSAllMyTubechrome => key removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\deskCutv2@gmail.com => value removed successfully
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\dlsecuretb.xml => moved successfully
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml => moved successfully
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yoursearching.xml => moved successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331 => key removed successfully
HKU\.DEFAULT\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin => key removed successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Citrix\Plugins\104\npappdetector.dll => not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\jeaohhlajejodfjadcponpnjgkiikocn => key removed successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\ngpampappnmepgilojfohadhhmbhlaek => key removed successfully
HKLM\System\CurrentControlSet\Services\Microsoft Office Groove Audit Service => key removed successfully
Microsoft Office Groove Audit Service => service removed successfully
"C:\Program Files (x86)\mozilla firefox\browser\searchplugins\dlsecuretb.xml" => not found.
"C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml" => not found.
"C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yoursearching.xml" => not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => key removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\BaiduAntivirusIconLock => key removed successfully
HKLM\Software\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => key not found.
ShellIconOverlayIdentifiers-x32-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL -> No File => Error: No automatic fix found for this entry.
ShellIconOverlayIdentifiers-x32-x32-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL -> No File => Error: No automatic fix found for this entry.
ShellIconOverlayIdentifiers-x32-x32-x32-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL -> No File => Error: No automatic fix found for this entry.
ShellIconOverlayIdentifiers-x32-x32-x32-x32-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL -> No File => Error: No automatic fix found for this entry.
ShellIconOverlayIdentifiers-x32-x32-x32-x32-x32-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL -> No File => Error: No automatic fix found for this entry.
ContextMenuHandlers1-x32-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL -> No File => Error: No automatic fix found for this entry.
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\IVBShlExt => key removed successfully
HKLM\Software\Classes\CLSID\{5B9C04C2-5EB5-4B60-8B71-46964DB8CDBF} => key not found.
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{6C467336-8281-4E60-8204-430CED96822D} => key removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{6C467336-8281-4E60-8204-430CED96822D} => key not found.
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{6C467336-8281-4E60-8204-430CED96822D} => key not found.
ContextMenuHandlers6-x32-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL -> No File => Error: No automatic fix found for this entry.
HKU\\Software\Classes\*\ShellEx\ContextMenuHandlers\ FileSyncEx => key not found.
HKLM\Software\Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => key not found.
HKU\\Software\Classes\Directory\ShellEx\ContextMenuHandlers\ FileSyncEx => key not found.
HKLM\Software\Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => key not found.
HKU\\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\ FileSyncEx => key not found.
HKLM\Software\Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9F00E29B-179E-4951-B01F-052DB7C3377D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F00E29B-179E-4951-B01F-052DB7C3377D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RunAtStartup => key removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 200373061 B
Java, Flash, Steam htmlcache => 410 B
Windows/system/drivers => 3779632 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 443205 B
Public => 0 B
ProgramData => 0 B
systemprofile => 8644057 B
systemprofile32 => 97223649 B
LocalService => 66228 B
NetworkService => 66228 B
TEMP => 230195 B
computersoft => 0 B

RecycleBin => 0 B
EmptyTemp: => 304.4 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 14:23:18 ====



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,447 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:12 PM

Posted 03 September 2017 - 06:47 AM


Hi,

SID: S-1-5-21domain-500
Name: Administrator
Description: A user account for the system administrator. By default, it is the only user account that is given full control over the system.


Can you run the Farbar program in this Administrator account.

Administrator (S-1-5-21-880046013-2077095381-1442674848-500 - Administrator - Enabled)

Run the Program and post fresh FRST and Addition.txt logs for my review.

#11 Nwer

Nwer
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 03 September 2017 - 08:25 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
Ran by Administrator (administrator) on HEMA-PC (03-09-2017 15:20:45)
Running from D:\Downloads
Loaded Profiles: False (Available Profiles: user1) <==== ATTENTION (Temporary Profile?)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Famatech Corp.) C:\Windows\SysWOW64\rserver30\rserver3.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files\ACD Systems\ACDSee Pro\8.0\ACDSeeCommanderPro8.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Famatech Corp.) C:\Windows\SysWOW64\rserver30\FamItrfc.Exe
(Famatech Corp.) C:\Windows\SysWOW64\rserver30\FamItrfc.Exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-11-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1314816 2010-06-15] (Analog Devices, Inc.)
HKU\S-1-5-18\...\Run: [ACDSeeCommanderPro8] => C:\Program Files\ACD Systems\ACDSee Pro\8.0\ACDSeeCommanderPro8.exe [2136072 2014-09-19] ()
HKU\S-1-5-18\...\Run: [Lync] => C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe [23153344 2017-08-08] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{DFD87EF2-114E-4DB5-9B1F-B44B2260DFA8}: [NameServer] 199.85.126.20,199.85.127.20
Tcpip\..\Interfaces\{DFD87EF2-114E-4DB5-9B1F-B44B2260DFA8}: [DhcpNameServer] 8.8.8.8 8.8.4.4

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ar.hao123.com/?tn=bav_pro_hp_01_hao123_ar
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://ar.hao123.com/?tn=bav_pro_hp_01_hao123_ar
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-07-27] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2017-07-27] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-27] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-07-26] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2017-07-26] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-07-26] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-26] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-26] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-26] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-26] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_194.dll [2015-06-28] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-06-28] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-07-27] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-07-26] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-05-16] (Adobe Systems Inc.)

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [dfachbhccemanebkkbeppgnnhkpicifp] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3705536 2017-07-03] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-11-14] (NVIDIA Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-11-14] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-11-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-11-14] (NVIDIA Corporation)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2015-07-18] ()
R2 RServer3; C:\Windows\SysWOW64\rserver30\RServer3.exe [1154752 2012-12-19] (Famatech Corp.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [44640 2014-09-12] (The OpenVPN Project)
R3 atmeltpm; C:\Windows\System32\DRIVERS\atmeltpm64.sys [19456 2011-08-05] (Atmel, Inc.)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [24056 2016-01-14] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [21496 2016-01-14] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2016-07-11] ()
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [10208 2016-07-11] ()
R3 fspad_win764; C:\Windows\System32\DRIVERS\fspad_win764.sys [67584 2012-09-07] (Sentelic Corporation)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-08-17] (REALiX™)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-03-05] (Intel Corporation)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (EZB Systems, Inc.)
R3 mirrorv3; C:\Windows\System32\DRIVERS\rminiv3.sys [5632 2012-12-18] (Famatech International Corp.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-11-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-11-14] (NVIDIA Corporation)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-03 14:09 - 2017-09-03 14:09 - 000000000 ____D C:\Mozilla
2017-08-28 17:02 - 2017-09-03 15:20 - 000000000 ____D C:\FRST
2017-08-28 15:10 - 2017-08-28 15:10 - 000042708 _____ C:\ComboFix.txt
2017-08-28 14:56 - 2017-08-28 15:11 - 000000000 ____D C:\Qoobox
2017-08-28 14:56 - 2017-08-28 15:09 - 000000000 ____D C:\Windows\erdnt
2017-08-28 14:56 - 2011-06-26 09:45 - 000256000 _____ C:\Windows\PEV.exe
2017-08-28 14:56 - 2010-11-07 20:20 - 000208896 _____ C:\Windows\MBR.exe
2017-08-28 14:56 - 2009-04-20 07:56 - 000060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-08-28 14:56 - 2000-08-31 03:00 - 000518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-08-28 14:56 - 2000-08-31 03:00 - 000406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-08-28 14:56 - 2000-08-31 03:00 - 000098816 _____ C:\Windows\sed.exe
2017-08-28 14:56 - 2000-08-31 03:00 - 000080412 _____ C:\Windows\grep.exe
2017-08-28 14:56 - 2000-08-31 03:00 - 000068096 _____ C:\Windows\zip.exe
2017-08-28 11:26 - 2017-08-28 11:47 - 000000000 ____D C:\Users\TEMP\AppData\Local\AvgSetupLog
2017-08-28 04:29 - 2017-08-28 05:09 - 000000000 ____D C:\Program Files (x86)\TrojanHunter
2017-08-27 20:26 - 2017-08-27 20:27 - 000000000 ____D C:\AVG_ResetAccess
2017-08-27 20:26 - 2017-08-27 20:26 - 000000000 ____D C:\Users\TEMP\AppData\Local\Avg
2017-08-27 20:26 - 2017-08-27 20:26 - 000000000 ____D C:\AVG_Remover
2017-08-26 21:09 - 2017-02-21 09:29 - 000053008 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\TURegOpt.exe
2017-08-26 21:09 - 2017-02-21 09:25 - 000044304 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\authuitu.dll
2017-08-26 21:09 - 2017-02-21 09:25 - 000042256 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\SysWOW64\authuitu.dll
2017-08-24 04:59 - 2017-08-24 16:32 - 000000000 _____ C:\Windows\SysWOW64\last.dump
2017-08-22 20:56 - 2017-08-22 20:56 - 000000000 ____D C:\Users\Public\Documents\iSunshare RAR Password Genius
2017-08-22 12:29 - 2017-08-22 12:29 - 000000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2017-08-22 11:46 - 2017-08-22 11:46 - 000000000 ____D C:\Users\Default\AppData\Local\CEF
2017-08-21 19:44 - 2017-08-21 20:10 - 000000784 _____ C:\Users\TEMP\Desktop\iSumsoft ZIP Password Refixer.lnk
2017-08-21 19:44 - 2017-08-21 19:44 - 000000000 ____D C:\Users\Public\Documents\iSumsoft ZIP Password Refixer

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-03 08:15 - 2009-07-14 07:45 - 000020512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-09-03 08:15 - 2009-07-14 07:45 - 000020512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-09-03 08:14 - 2009-07-14 08:13 - 000738558 _____ C:\Windows\system32\PerfStringBackup.INI
2017-09-03 08:14 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\inf
2017-09-03 08:07 - 2009-07-14 08:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-09-02 14:24 - 2016-07-01 17:29 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-09-02 14:16 - 2016-12-20 14:13 - 000000000 ____D C:\Users\TEMP\AppData\LocalLow\Mozilla
2017-09-02 14:16 - 2016-12-20 14:12 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-09-01 10:14 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\system32\NDF
2017-08-28 20:45 - 2017-04-16 11:14 - 000002149 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-08-28 15:06 - 2009-07-14 08:08 - 000032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-08-28 15:06 - 2009-07-14 05:34 - 000000215 _____ C:\Windows\system.ini
2017-08-28 15:05 - 2009-07-14 05:34 - 083361792 _____ C:\Windows\system32\config\SOFTWARE.bak
2017-08-28 15:05 - 2009-07-14 05:34 - 083361792 _____ C:\Windows\system32\config\SOFTWARE.bak
2017-08-28 15:05 - 2009-07-14 05:34 - 020185088 _____ C:\Windows\system32\config\SYSTEM.bak
2017-08-28 15:05 - 2009-07-14 05:34 - 020185088 _____ C:\Windows\system32\config\SYSTEM.bak
2017-08-28 15:05 - 2009-07-14 05:34 - 005505024 _____ C:\Windows\system32\config\DEFAULT.bak
2017-08-28 15:05 - 2009-07-14 05:34 - 005505024 _____ C:\Windows\system32\config\DEFAULT.bak
2017-08-28 15:05 - 2009-07-14 05:34 - 000262144 _____ C:\Windows\system32\config\SECURITY.bak
2017-08-28 15:05 - 2009-07-14 05:34 - 000262144 _____ C:\Windows\system32\config\SECURITY.bak
2017-08-28 15:05 - 2009-07-14 05:34 - 000057344 _____ C:\Windows\system32\config\SAM.bak
2017-08-28 15:05 - 2009-07-14 05:34 - 000057344 _____ C:\Windows\system32\config\SAM.bak
2017-08-28 12:34 - 2015-06-28 20:56 - 140394280 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-08-27 19:08 - 2017-02-08 19:14 - 000000000 ____D C:\Windows\SysWOW64\%LOCALAPPDATA%
2017-08-27 18:54 - 2009-07-14 05:34 - 038273024 _____ C:\Windows\system32\config\COMPONENTS.bak
2017-08-27 18:54 - 2009-07-14 05:34 - 038273024 _____ C:\Windows\system32\config\COMPONENTS.bak
2017-08-24 11:11 - 2017-01-22 11:52 - 000000000 ____D C:\AITEMP
2017-08-24 04:59 - 2017-05-06 08:22 - 000000000 ____D C:\Program Files\Boris FX, Inc
2017-08-23 07:43 - 2015-06-28 16:09 - 000000000 ____D C:\Program Files\WinRAR
2017-08-15 14:09 - 2015-07-18 14:28 - 000271200 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2017-08-15 14:09 - 2015-07-18 14:28 - 000271200 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2017-08-08 21:22 - 2017-03-28 10:01 - 000000000 ____D C:\Program Files (x86)\Microsoft Office

==================== Files in the root of some directories =======

2015-06-22 13:03 - 2008-09-03 20:23 - 004232704 _____ (Adobe Systems, Inc.) C:\Program Files (x86)\FlashPlayer.exe
2015-06-22 13:03 - 2014-10-26 23:40 - 011212976 _____ (Adobe Systems, Inc.) C:\Program Files (x86)\flashplayer_15_sa.exe
2017-05-30 13:39 - 2017-05-30 13:39 - 000000132 _____ () C:\Windows\system32\config\systemprofile\AppData\Roaming\Adobe IllExport Filter CC Prefs
2016-03-19 15:38 - 2017-07-09 21:45 - 000000132 _____ () C:\Windows\system32\config\systemprofile\AppData\Roaming\Adobe PNG Format CC Prefs
2017-08-27 14:30 - 2017-08-27 14:30 - 000048552 _____ () C:\ProgramData\agent.1503833414.bdinstall.bin
2017-08-27 16:08 - 2017-08-27 16:08 - 000030402 _____ () C:\ProgramData\agent.uninstall.1503839315.bdinstall.bin
2017-05-14 13:44 - 2017-05-14 13:44 - 000005087 _____ () C:\ProgramData\czchsjpj.srw
2017-08-25 10:08 - 2017-08-25 10:09 - 000000132 _____ () C:\ProgramData\log.bin
2017-03-27 11:24 - 2017-08-25 10:08 - 000000128 _____ () C:\ProgramData\log.ewb
2017-03-27 11:24 - 2017-08-25 10:08 - 000003198 _____ () C:\ProgramData\log.ewbt
2017-05-14 13:44 - 2017-05-14 13:44 - 000000016 _____ () C:\ProgramData\mntemp

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-08-31 21:42

==================== End of FRST.txt ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by Administrator (03-09-2017 15:21:11)
Running from D:\Downloads
Windows 7 Professional Service Pack 1 (X64) (2014-08-27 06:40:54)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-880046013-2077095381-1442674848-500 - Administrator - Enabled)
Guest (S-1-5-21-880046013-2077095381-1442674848-501 - Limited - Disabled)
user1 (S-1-5-21-880046013-2077095381-1442674848-1000 - Administrator - Enabled) => C:\Users\TEMP

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (HKLM\...\{BE930E38-7BB3-45B6-85B2-5251F374F844}) (Version: 6.2.2 - Hewlett-Packard) Hidden
ACDSee Pro 8 (64-bit) (HKLM\...\{F84CE839-8CDD-4DC1-9A05-FA93BEA8B63D}) (Version: 8.0.0.262 - ACD Systems International Inc.)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.194 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.194 - Adobe Systems Incorporated)
Adobe Illustrator CC (HKLM-x32\...\{F2321021-08A2-44D6-B1DF-BDB415F23EC3}) (Version: 17.0 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) - Arabic (HKLM-x32\...\{AC76BA86-7AD7-1025-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Analyseur et SDK MSXML 4.0 SP2 (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
AVG PC TuneUp (HKLM-x32\...\{149D912F-03DB-4895-913E-820CB11965C0}) (Version: 16.74.1 - AVG Technologies) Hidden
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Fotor 2.0.3 (HKLM-x32\...\Fotor) (Version: 2.0.3 - Everimaging Co., Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
K-Lite Mega Codec Pack 11.2.4 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.2.4 - )
Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0006.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 365 ProPlus - ar-sa (HKLM\...\O365ProPlusRetail - ar-sa) (Version: 16.0.7766.2099 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.7766.2099 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Save as PDF Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B0-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 55.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 55.0.3 (x86 en-US)) (Version: 55.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 55.0.3.6445 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nokia Connectivity Cable Driver (HKLM\...\{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}) (Version: 7.1.32.69 - )
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 342.01 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.125 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.125 - NVIDIA Corporation)
NVIDIA Graphics Driver 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 342.01 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.7766.2099 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.7766.2099 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.7766.2099 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0401-0000-0000000FF1CE}) (Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
PDF Settings CC (HKLM-x32\...\{1FBAE18D-4DE4-47AA-83EC-D1B046F262DC}) (Version: 12.0 - Adobe Systems Incorporated) Hidden
Petit Larousse 2009 (HKLM-x32\...\{422FADA9-FED2-41D7-B5FA-472BB98B7784}) (Version:  - )
Radmin Server 3.5 (HKLM-x32\...\{1B25B709-0909-4C30-8E85-BF3823DF7555}) (Version: 3.50.0000 - Famatech)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.125 - NVIDIA Corporation) Hidden
SmartWebPrinting (HKLM-x32\...\{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}) (Version: 140.0.186.000 - Hewlett-Packard) Hidden
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
UltraISO Premium V9.61 (HKLM-x32\...\UltraISO_is1) (Version:  - )
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VSDC Free Video Editor version 5.7.7.702 (HKLM-x32\...\VSDC Free Video Editor_is1) (Version: 5.7.7.702 - Flash-Integro LLC)
Windows 7 Manager (HKLM\...\{782FC52F-1971-4CAC-93B8-AEF78C507C73}) (Version: 4.4.6 - Yamicsoft)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers-x32-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL -> No File
ShellIconOverlayIdentifiers-x32-x32-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL -> No File
ShellIconOverlayIdentifiers-x32-x32-x32-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL -> No File
ShellIconOverlayIdentifiers-x32-x32-x32-x32-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL -> No File
ShellIconOverlayIdentifiers-x32-x32-x32-x32-x32-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL -> No File
ContextMenuHandlers1: [PicaViewCtxMenuShlExt] -> {F3CBBA61-EE3F-4D6D-B1C6-B3474E579936} => C:\Program Files\Common Files\ACD Systems\PicaView\ACDSeePV.dll [2014-09-19] (ACD Systems International Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
ContextMenuHandlers2: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2014-01-02] (EZB Systems, Inc.)
ContextMenuHandlers4: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2014-01-02] (EZB Systems, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2016-11-14] (NVIDIA Corporation)
ContextMenuHandlers6: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2014-01-02] (EZB Systems, Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
ContextMenuHandlers1_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers4_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers5_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0397F340-0EAC-4367-B2A9-016A686A102C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-16] (Google Inc.)
Task: {06A60019-6FEA-4014-8711-D5EEA34D0087} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe
Task: {158669E8-1A2F-46B1-AC9E-CE51BDDF170D} - System32\Tasks\{93774301-9378-442F-B062-7430C1258087} => C:\Windows\system32\pcalua.exe -a "K:\Abdulrahman\Francias\3D French Dict\3D French Dict\instmsia.exe" -d "K:\Abdulrahman\Francias\3D French Dict\3D French Dict"
Task: {1656BB2B-49AE-4126-805A-A6AFC845E3EC} - System32\Tasks\{CE881689-6839-4E88-BDE0-A710AA4BE0C8} => C:\Windows\system32\pcalua.exe -a "D:\Pro Evolution Soccer 2015 [Steam-Rip]\Pro Evolution Soccer 2015\_CommonRedist\vcredist\2010\vcredist_x64.exe" -d "D:\Pro Evolution Soccer 2015 [Steam-Rip]\Pro Evolution Soccer 2015\_CommonRedist\vcredist\2010"
Task: {2B5A7602-5E3C-4882-AB7B-9C6FBD0A1CA5} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-07-03] (Microsoft Corporation)
Task: {31844ABF-7238-4F22-BCD3-20294B7D86B5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-08-08] (Microsoft Corporation)
Task: {44D6C8F1-D7FA-41DF-B2C7-E1FDFE020484} - System32\Tasks\Microsoft\Windows\Multimedia\Manager => C:\Windows\system32\config\systemprofile\AppData\Roaming\Adobe\Manager.exe
Task: {585BD2D0-3AD6-4A34-8698-BE8240FF905D} - System32\Tasks\{46A70FD9-6337-47D8-BB2E-466B5A3F2B14} => C:\Windows\system32\pcalua.exe -a E:\install.exe -d E:\
Task: {5B3B4C7A-FB75-4781-94DD-23EB130BCA65} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-16] (Google Inc.)
Task: {662D2A91-4341-4285-922D-11665B87398A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-08-08] (Microsoft Corporation)
Task: {666B26A9-CB69-4099-9334-DC96C0A0A3EA} - System32\Tasks\{2C9A13D2-A807-49A3-BA7B-F3E4ABD37B60} => C:\Windows\system32\pcalua.exe -a "D:\Call of Duty- Modern Warfare 3\Redist\vcredist_x86.exe" -d "D:\Call of Duty- Modern Warfare 3\Redist"
Task: {66F9BB89-9434-4DE6-8D3D-62D0F542939E} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-08-08] (Microsoft Corporation)
Task: {6C3B2AAB-6E0C-4AB8-94E6-A9742E408A95} - System32\Tasks\{97D61B1E-7455-42E4-953F-AE58C77E7D0E} => C:\Windows\system32\pcalua.exe -a "D:\Call of Duty Black Ops 2 PC full game ^^nosTEAM^^\Call of Duty Black Ops 2\vcredist_x86.exe" -d "D:\Call of Duty Black Ops 2 PC full game ^^nosTEAM^^\Call of Duty Black Ops 2"
Task: {98472E7E-0F56-482D-900A-67D1086DF634} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {98FF63FA-70A9-4313-9C53-8AEFBE8FBBE6} - System32\Tasks\{90A41914-EC62-4A28-9288-3BDC79D0DEAB} => C:\Windows\system32\pcalua.exe -a "D:\DMC Devi May Cry\redist\vcredist_x86_2008.exe" -d "D:\DMC Devi May Cry\redist"
Task: {9B3C4D54-F4C0-4E7C-8093-2480C56E63E4} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-07-03] (Microsoft Corporation)
Task: {9BCA9B0A-C1D8-4B7D-90CC-2145B01BCA33} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {E8299F1E-F22A-4EEB-9D69-745A02A347E5} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) ==============

2017-02-08 14:16 - 2016-11-14 15:30 - 000367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2017-02-08 14:16 - 2016-11-14 15:30 - 001147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2017-02-08 14:16 - 2016-11-14 15:30 - 003611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2017-02-08 14:16 - 2016-11-14 15:30 - 000288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2015-07-18 14:28 - 2015-07-18 14:28 - 000075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2017-02-08 14:16 - 2016-11-14 15:30 - 002665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2017-02-08 14:16 - 2016-11-14 15:30 - 001988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2017-02-08 14:16 - 2016-11-14 15:30 - 001840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2017-02-08 14:16 - 2016-11-14 15:30 - 000207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2015-06-28 22:25 - 2016-11-14 14:15 - 000135224 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-03-28 13:05 - 2017-01-29 16:55 - 008930504 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2014-09-19 23:56 - 2014-09-19 23:56 - 002136072 _____ () C:\Program Files\ACD Systems\ACDSee Pro\8.0\ACDSeeCommanderPro8.exe
2017-02-08 14:16 - 2016-11-14 15:30 - 000034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2017-02-08 14:16 - 2016-11-14 15:30 - 000920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll

==================== Alternate Data Streams (Whitelisted) =========

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 05:34 - 2017-08-28 15:06 - 000000027 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

DNS Servers: 199.85.126.20 - 199.85.127.20
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdobeARMservice => 3
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AdobeUpdateService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Hyperappel du Petit Larousse 2009.lnk => C:\Windows\pss\Hyperappel du Petit Larousse 2009.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^computersoft^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: ACDSeeCommanderPro8 => C:\Program Files\ACD Systems\ACDSee Pro\8.0\ACDSeeCommanderPro8.exe
MSCONFIG\startupreg: ACPW08EN => "C:\Program Files\ACD Systems\ACDSee Pro\8.0\acdIDInTouch2.exe"
MSCONFIG\startupreg: Adobe Creative Cloud =>
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: CyCpIo =>
MSCONFIG\startupreg: CyHidWin =>
MSCONFIG\startupreg: DelaypluginInstall =>
MSCONFIG\startupreg: Free Download Manager => "D:\IM Dwonloads\Free Download Manager\fdm.exe" --minimized
MSCONFIG\startupreg: fspuip =>
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{D8A40E55-EE93-4B97-A490-DB582866DAE2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{05302A74-912F-425C-B5E5-E8091AF88379}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3E9E9E85-FAE2-4F0A-8D1D-881B952C4EA7}] => (Allow) C:\Windows\SysWOW64\rserver30\rserver3.exe
FirewallRules: [{48F262CF-A4D4-45C7-8C2A-110CB36E63E8}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{EF2714CB-FFDC-4EBD-A36C-C6B1533C8D3B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{3853EAAE-0FAF-45EB-A218-85ADD0DC0F9A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{167458F6-1DD3-4F0C-9833-66D591C6D32F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{E3A0BE07-9F95-48E8-93AA-EB1E904E2A50}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{1361E3DB-2231-4BA4-B99B-7ECBE8169540}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{DE5FAE49-DE6C-485E-BA7F-01E6BF1266FF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{81D62395-5219-485B-A76C-A75F5EF08787}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{2A565D80-4978-43F2-B383-8FA2942CCE6F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{415C6D6F-2B8F-4308-A1A1-F050F841F106}] => (Allow) C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{348E5F4C-9D50-46F2-BE55-9464F732A06E}] => (Allow) C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{A5C29F61-C085-48E9-B68C-C740D2E90F3E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{B31D9E24-C1CC-48D0-8808-5D87F263E588}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{EDA9B929-AEFD-4F05-9FDB-C1EDF495AB6C}] => (Allow) LPort=2869
FirewallRules: [{690ACB29-26DD-492E-9621-3AE6A7E82B88}] => (Allow) LPort=1900
FirewallRules: [{63FC0CAD-C3C4-4024-A210-21217DC6DC47}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\VideoEditor.exe
FirewallRules: [{85393F2A-A312-4E24-B91F-2697224F2FAE}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\VideoEditor.exe
FirewallRules: [{206E97D6-7915-4EA1-86D8-AFB617B56398}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Activation.exe
FirewallRules: [{80D49EDF-5107-4F8A-94F6-E04889A44C9E}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Activation.exe
FirewallRules: [{54488F9E-F846-479F-BDF4-627F8417FE77}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Updater.exe
FirewallRules: [{E453D43F-67E4-454E-A85E-053E648942ED}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Updater.exe
FirewallRules: [{19B4AB7B-2E65-41FB-B1DA-253FC9CF1956}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{8E2577E0-4A0B-45CD-9625-5312AB23C197}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [TCP Query User{E376A6B5-0BA2-4A6D-B420-B945F2AA6760}C:\users\temp\anaconda3\pythonw.exe] => (Block) C:\users\temp\anaconda3\pythonw.exe
FirewallRules: [UDP Query User{458FB419-9756-4B66-A5AD-ED8249E6CC4E}C:\users\temp\anaconda3\pythonw.exe] => (Block) C:\users\temp\anaconda3\pythonw.exe
FirewallRules: [TCP Query User{C27C7103-7E4C-4DB6-9C83-8CFEF453D27B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{64B85F39-FA3E-485B-9842-35057BA5DEA9}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{6CC35D7E-50D6-4635-87DE-94105E15652E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{9FD35AD7-3F6E-479F-A8A7-97CB32A5C362}D:\games\need for speed™ hot pursuit\nfs11 (3).exe] => (Block) D:\games\need for speed™ hot pursuit\nfs11 (3).exe
FirewallRules: [UDP Query User{32A800DF-BA1B-484A-A9DF-8A061EC6C80B}D:\games\need for speed™ hot pursuit\nfs11 (3).exe] => (Block) D:\games\need for speed™ hot pursuit\nfs11 (3).exe
FirewallRules: [TCP Query User{90783E94-9F38-416E-A30E-521F4A9FDA84}D:\games\call of duty black ops 2\c.o.d.b.o.2\call of duty black ops 2\sp.exe] => (Block) D:\games\call of duty black ops 2\c.o.d.b.o.2\call of duty black ops 2\sp.exe
FirewallRules: [UDP Query User{27C9BD30-6FA2-4429-9C73-98D8374C5C81}D:\games\call of duty black ops 2\c.o.d.b.o.2\call of duty black ops 2\sp.exe] => (Block) D:\games\call of duty black ops 2\c.o.d.b.o.2\call of duty black ops 2\sp.exe
FirewallRules: [TCP Query User{487A9743-5464-46C1-91DB-7B7D567AB22C}D:\games\sniper ghost warrior 2\bin32\sniperghostwarrior2.exe] => (Block) D:\games\sniper ghost warrior 2\bin32\sniperghostwarrior2.exe
FirewallRules: [UDP Query User{53C0203B-8603-423D-9334-12C221B877B1}D:\games\sniper ghost warrior 2\bin32\sniperghostwarrior2.exe] => (Block) D:\games\sniper ghost warrior 2\bin32\sniperghostwarrior2.exe

==================== Restore Points =========================

24-08-2017 04:58:30 Removed HitFilm 4 Express
24-08-2017 15:15:39 Removed AVG
24-08-2017 15:16:19 Removed AVG 2016
02-09-2017 14:22:30 Restore Point Created by FRST

==================== Faulty Device Manager Devices =============

Name: {00c97d86-accb-4288-9972-6d929c1fe93a}Gw64
Description: {00c97d86-accb-4288-9972-6d929c1fe93a}Gw64
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: {00c97d86-accb-4288-9972-6d929c1fe93a}Gw64
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: {00c97d86-accb-4288-9972-6d929c1fe93a}w64
Description: {00c97d86-accb-4288-9972-6d929c1fe93a}w64
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: {00c97d86-accb-4288-9972-6d929c1fe93a}w64
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/03/2017 03:01:27 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: HEMA-PC)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.

 DETAIL - The system cannot find the file specified.

Error: (09/03/2017 03:01:27 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: HEMA-PC)
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Error: (09/03/2017 02:32:07 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "c:\program files (x86)\microsoft office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "c:\program files (x86)\microsoft office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (09/03/2017 02:09:46 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: HEMA-PC)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.

 DETAIL - The system cannot find the file specified.

Error: (09/03/2017 02:09:46 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: HEMA-PC)
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Error: (09/03/2017 02:09:45 PM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail (144) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed.

Error: (09/03/2017 02:09:45 PM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail (756) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed.

Error: (09/03/2017 02:09:44 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: HEMA-PC)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.

 DETAIL - The system cannot find the file specified.

Error: (09/03/2017 02:09:44 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: HEMA-PC)
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Error: (09/03/2017 02:09:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NvStreamUserAgent.exe, version: 7.1.2117.8928, time stamp: 0x57e24380
Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c8f9
Exception code: 0xc0000005
Fault offset: 0x0000000000052fc6
Faulting process id: 0xa2c
Faulting application start time: 0x01d324a525df51e9
Faulting application path: C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 6395624a-9098-11e7-8b3f-d4ae52bab034


System errors:
=============
Error: (09/03/2017 08:08:05 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
{00c97d86-accb-4288-9972-6d929c1fe93a}Gw64
{00c97d86-accb-4288-9972-6d929c1fe93a}w64

Error: (09/03/2017 08:07:56 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (09/03/2017 08:07:51 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (09/02/2017 05:02:45 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
{00c97d86-accb-4288-9972-6d929c1fe93a}Gw64
{00c97d86-accb-4288-9972-6d929c1fe93a}w64

Error: (09/02/2017 05:02:38 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (09/02/2017 05:02:33 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (09/02/2017 02:24:28 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
{00c97d86-accb-4288-9972-6d929c1fe93a}Gw64
{00c97d86-accb-4288-9972-6d929c1fe93a}w64

Error: (09/02/2017 02:24:20 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (09/02/2017 02:24:14 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (09/02/2017 02:22:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Streamer Network Service service terminated unexpectedly.  It has done this 1 time(s).


CodeIntegrity:
===================================
  Date: 2017-08-28 15:04:26.911
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-08-28 15:04:26.849
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-06-28 16:56:57.558
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2015-06-28 15:29:44.045
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2015-06-28 13:33:35.449
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Xeon® CPU W3530 @ 2.80GHz
Percentage of memory in use: 13%
Total physical RAM: 8189.59 MB
Available physical RAM: 7112.52 MB
Total Virtual: 16377.37 MB
Available Virtual: 14867.36 MB

==================== Drives ================================

Drive c: (system) (Fixed) (Total:150.16 GB) (Free:90.49 GB) NTFS
Drive d: (Data) (Fixed) (Total:781.25 GB) (Free:463.82 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 6ED4EA39)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=150.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=781.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,447 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:12 PM

Posted 03 September 2017 - 09:48 AM

Delete the current Fixlist.txt and create a new one in the Download folder in the Administrator profile.

Hi, Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ar.hao123.com/?tn=bav_pro_hp_01_hao123_ar
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://ar.hao123.com/?tn=bav_pro_hp_01_hao123_ar
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 => not found
CHR HKLM-x32\...\Chrome\Extension: [dfachbhccemanebkkbeppgnnhkpicifp] - hxxps://clients2.google.com/service/update2/crx
ShellIconOverlayIdentifiers-x32-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL -> No File
ShellIconOverlayIdentifiers-x32-x32-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL -> No File
ShellIconOverlayIdentifiers-x32-x32-x32-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL -> No File
ShellIconOverlayIdentifiers-x32-x32-x32-x32-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL -> No File
ShellIconOverlayIdentifiers-x32-x32-x32-x32-x32-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL -> No File
ContextMenuHandlers1-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
ContextMenuHandlers6-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
ContextMenuHandlers1_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers4_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers5_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
2017-08-27 14:30 - 2017-08-27 14:30 - 000048552 _____ () C:\ProgramData\agent.1503833414.bdinstall.bin
2017-08-27 16:08 - 2017-08-27 16:08 - 000030402 _____ () C:\ProgramData\agent.uninstall.1503839315.bdinstall.bin
2017-05-14 13:44 - 2017-05-14 13:44 - 000005087 _____ () C:\ProgramData\czchsjpj.srw
2017-08-25 10:08 - 2017-08-25 10:09 - 000000132 _____ () C:\ProgramData\log.bin
2017-03-27 11:24 - 2017-08-25 10:08 - 000000128 _____ () C:\ProgramData\log.ewb
2017-03-27 11:24 - 2017-08-25 10:08 - 000003198 _____ () C:\ProgramData\log.ewbt
2017-05-14 13:44 - 2017-05-14 13:44 - 000000016 _____ () C:\ProgramData\mntemp

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Move or copy the RogueKiller program to the Desktop of the Administrator profile and run it.

Is successful delete all the entries that will be identified as bad.

Post the logs for my review and let me know what problem persists.

Please let me know what problem persists with this computer.

#13 Nwer

Nwer
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 04 September 2017 - 10:02 AM

Hi again nasdaq,

 

this time there was a kind of progress after the Farbar fix , i tried Norton and it didn't block just after hitting run , i was able to see the interface and but when i tried to install it it gave me an error . 

I also tried AVG , it went through all the installation steps but at the end it gave me an error .

Roguekiller is not working as usual (copied on desktop).

 

Should i try other avs ??

 

here is the fixlog :

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by Administrator (04-09-2017 16:13:05) Run:2
Running from D:\Downloads
Loaded Profiles: False (Available Profiles: user1)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ar.hao123.com/?tn=bav_pro_hp_01_hao123_ar
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://ar.hao123.com/?tn=bav_pro_hp_01_hao123_ar
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 => not found
CHR HKLM-x32\...\Chrome\Extension: [dfachbhccemanebkkbeppgnnhkpicifp] - hxxps://clients2.google.com/service/update2/crx
ShellIconOverlayIdentifiers-x32-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL -> No File
ShellIconOverlayIdentifiers-x32-x32-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL -> No File
ShellIconOverlayIdentifiers-x32-x32-x32-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL -> No File
ShellIconOverlayIdentifiers-x32-x32-x32-x32-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL -> No File
ShellIconOverlayIdentifiers-x32-x32-x32-x32-x32-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL -> No File
ContextMenuHandlers1-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
ContextMenuHandlers6-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
ContextMenuHandlers1_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers4_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers5_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
2017-08-27 14:30 - 2017-08-27 14:30 - 000048552 _____ () C:\ProgramData\agent.1503833414.bdinstall.bin
2017-08-27 16:08 - 2017-08-27 16:08 - 000030402 _____ () C:\ProgramData\agent.uninstall.1503839315.bdinstall.bin
2017-05-14 13:44 - 2017-05-14 13:44 - 000005087 _____ () C:\ProgramData\czchsjpj.srw
2017-08-25 10:08 - 2017-08-25 10:09 - 000000132 _____ () C:\ProgramData\log.bin
2017-03-27 11:24 - 2017-08-25 10:08 - 000000128 _____ () C:\ProgramData\log.ewb
2017-03-27 11:24 - 2017-08-25 10:08 - 000003198 _____ () C:\ProgramData\log.ewbt
2017-05-14 13:44 - 2017-05-14 13:44 - 000000016 _____ () C:\ProgramData\mntemp

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\smartwebprinting@hp.com => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dfachbhccemanebkkbeppgnnhkpicifp => key removed successfully
ShellIconOverlayIdentifiers-x32-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL -> No File => Error: No automatic fix found for this entry.
ShellIconOverlayIdentifiers-x32-x32-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL -> No File => Error: No automatic fix found for this entry.
ShellIconOverlayIdentifiers-x32-x32-x32-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL -> No File => Error: No automatic fix found for this entry.
ShellIconOverlayIdentifiers-x32-x32-x32-x32-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL -> No File => Error: No automatic fix found for this entry.
ShellIconOverlayIdentifiers-x32-x32-x32-x32-x32-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL -> No File => Error: No automatic fix found for this entry.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{6C467336-8281-4E60-8204-430CED96822D} => key not found.
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{6C467336-8281-4E60-8204-430CED96822D} => key not found.
HKU\\Software\Classes\*\ShellEx\ContextMenuHandlers\ FileSyncEx => key not found.
HKLM\Software\Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => key not found.
HKU\\Software\Classes\Directory\ShellEx\ContextMenuHandlers\ FileSyncEx => key not found.
HKLM\Software\Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => key not found.
HKU\\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\ FileSyncEx => key not found.
HKLM\Software\Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => key not found.
C:\ProgramData\agent.1503833414.bdinstall.bin => moved successfully
C:\ProgramData\agent.uninstall.1503839315.bdinstall.bin => moved successfully
C:\ProgramData\czchsjpj.srw => moved successfully
C:\ProgramData\log.bin => moved successfully
C:\ProgramData\log.ewb => moved successfully
C:\ProgramData\log.ewbt => moved successfully
C:\ProgramData\mntemp => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 0 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 1669500 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 409604 B
systemprofile32 => 139923 B
LocalService => 66228 B
NetworkService => 0 B
TEMP => 0 B
computersoft => 0 B

RecycleBin => 0 B
EmptyTemp: => 10.2 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 16:13:23 ====



#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,447 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:12 PM

Posted 04 September 2017 - 10:44 AM

Hi,

Please post the exact error message.

#15 Nwer

Nwer
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 04 September 2017 - 12:48 PM

AVG after downloading it's components and finishing the installation  to reach 100%
it's gives me this error :  0xE0010602: General error (0x0602)

Note : I've tried AVG remover but it finds nothing.
 
 
Norton power eraser show it's scan interface without being installed !! any way after the scanning it's gives :

An error has occurred
user profile cannot be loaded
Error Code : 0x800701f4,n2E,nC0,n4

 

 

Avast gives : a message in Arabic like : installation problem , but No error code , it shows a list full of codes and things but unable to copy .






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users