Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

bitdefender threat scanner messge


  • This topic is locked This topic is locked
28 replies to this topic

#1 abruzzojohn

abruzzojohn

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 10 February 2018 - 09:06 AM

Started getting a message about a bitdefender threat dmp and to contact them so downloaded their scanner tool and now i have even more msgs .
 
After reading a topic here with the same probs i registered and downloaded and ran Farbar Recovery Scan Tool (x32
 
and have attched the two files it gave me and i stopped at that point
Attached File  Addition.txt   57.09KB   7 downloadsAttached File  FRST.txt   32.35KB   6 downloads
i run microsoft security essentials and trusteer and i believe my bitorrent has another antivirus system within it
 
i also have a problem with my hardisk which i knew of and it was flagged up again when i ran the farbar scan so i guess it maight be a good time to trya to sort that
 
am not including much more system info because i think the scan files will give a better view of everything i run and on what system although am happy to assist or add anything i can to help
 
i live in Italy so am on CEU time
 
thank you for reading and will wait to see if you can help

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10.02.2018 01
Ran by a (administrator) on ABRUZZO (10-02-2018 14:02:07)
Running from C:\Users\a\Downloads
Loaded Profiles: a (Available Profiles: a & admin)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Microsoft Corporation) C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(HP Inc.) C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
(VIA) C:\Program Files\VIA\VIAudioi\VDeck\VDECK.EXE
(ASUS) C:\Windows\AsScrPro.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
(Acer Inc.) C:\Windows\System32\USBPlug.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(BitTorrent Inc.) C:\Users\a\AppData\Roaming\uTorrent\uTorrent.exe
(Skype Technologies S.A.) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Skype Technologies S.A.) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Skype Technologies S.A.) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe
(Skype Technologies S.A.) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClient.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HDAudDeck] => C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [1474560 2009-07-13] (VIA)
HKLM\...\Run: [ASUS Screen Saver Protector] => C:\Windows\AsScrPro.exe [3054136 2009-08-04] (ASUS)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1002984 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [hpqSRMon] => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM\...\Run: [dscService] => C:\Windows\system32\USBPlug.exe [278528 2005-03-01] (Acer Inc.)
HKU\S-1-5-21-440912354-2210421725-969274775-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [7972528 2017-12-01] (Piriform Ltd)
HKU\S-1-5-21-440912354-2210421725-969274775-1000\...\Run: [uTorrent] => C:\Users\a\AppData\Roaming\uTorrent\uTorrent.exe [1985464 2018-01-01] (BitTorrent Inc.)
HKU\S-1-5-21-440912354-2210421725-969274775-1000\...\Run: [Skype for Desktop] => C:\Program Files\Microsoft\Skype for Desktop\Skype.exe [58899912 2018-02-02] (Skype Technologies S.A.)
HKU\S-1-5-21-440912354-2210421725-969274775-1000\...\MountPoints2: {58977655-e4fe-11df-977c-e21ef94a908b} - F:\Install.exe
HKU\S-1-5-21-440912354-2210421725-969274775-1000\...\MountPoints2: {5d82a47d-2731-11e1-942d-001e101f82a7} - F:\AutoRun.exe
HKU\S-1-5-21-440912354-2210421725-969274775-1000\...\MountPoints2: {5d82a480-2731-11e1-942d-001e101f82a7} - F:\AutoRun.exe
HKU\S-1-5-21-440912354-2210421725-969274775-1000\...\MountPoints2: {99ddb68a-9e5d-11e1-977b-001e101f1053} - F:\AutoRun.exe
HKU\S-1-5-21-440912354-2210421725-969274775-1000\...\MountPoints2: {9b93e9eb-c008-11e0-b930-0026189d3c85} - F:\AutoRun.exe
HKU\S-1-5-21-440912354-2210421725-969274775-1000\...\MountPoints2: {9b93e9f0-c008-11e0-b930-0026189d3c85} - F:\AutoRun.exe
HKU\S-1-5-21-440912354-2210421725-969274775-1000\...\MountPoints2: {ad0cfd32-fcb5-11e0-a8fa-0026189d3c85} - F:\AutoRun.exe
HKU\S-1-5-21-440912354-2210421725-969274775-1000\...\MountPoints2: {ad0cfd64-fcb5-11e0-a8fa-0026189d3c85} - F:\AutoRun.exe
HKU\S-1-5-21-440912354-2210421725-969274775-1000\...\MountPoints2: {ad0cfd7b-fcb5-11e0-a8fa-0026189d3c85} - F:\AutoRun.exe
HKU\S-1-5-21-440912354-2210421725-969274775-1000\...\MountPoints2: {ad0cfd91-fcb5-11e0-a8fa-0026189d3c85} - F:\AutoRun.exe
HKU\S-1-5-21-440912354-2210421725-969274775-1000\...\MountPoints2: {ad0cfee3-fcb5-11e0-a8fa-0026189d3c85} - H:\AutoRun.exe
HKU\S-1-5-21-440912354-2210421725-969274775-1000\...\MountPoints2: {c4966918-0e9c-11e1-901f-001e101fabdd} - F:\AutoRun.exe
HKU\S-1-5-21-440912354-2210421725-969274775-1000\...\MountPoints2: {c6b6f782-015e-11e0-8ba1-fe0f6c1daa8e} - F:\Install.exe
HKU\S-1-5-21-440912354-2210421725-969274775-1000\...\MountPoints2: {f257f440-1f12-11e1-8fe9-0026189d3c85} - F:\AutoRun.exe
HKU\S-1-5-21-440912354-2210421725-969274775-1000\...\MountPoints2: {fe0fa572-85fb-11e1-937b-001e101f859f} - F:\AutoRun.exe
HKU\S-1-5-21-440912354-2210421725-969274775-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> none
Lsa: [Notification Packages] scecli C:\Program Files\ASUS\ASUS Data Security Manager\ASPWDFLT
BootExecute: autocheck autochk /p \??\C:autocheck autochk /p \??\D:autocheck autochk *
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{24F40DD7-210C-4C42-98B0-5A69FA2EFBA2}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{CC252793-DB1E-401E-9133-A70D221235C2}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-440912354-2210421725-969274775-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-440912354-2210421725-969274775-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKLM - (No Name) - {098d800d-0712-45ff-a3e4-686bd68f29f8} - No File
SearchScopes: HKLM -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-440912354-2210421725-969274775-1000 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StOI93zwfugoWJItNRYPZ4VbE2sMC5kTdDjUEv72ckUzx8YVRqSA3sl6kayd07pcrphb2l-eFAAuE4c_C5fZDgzWpPLZK6VuLFpQjJv0Am4HObHla11nXdbZnwix7kVSSB3GsIggW3jjseMJd52mvrgo402mQLQLBPmrZsbyjPmXsjS9HYyilslk2uiw8URGKEtTptZJud&q={searchTerms}
SearchScopes: HKU\S-1-5-21-440912354-2210421725-969274775-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StOI93zwfugoWJItNRYPZ4VbE2sMC5kTdDjUEv72ckUzx8YVRqSA3sl6kayd07pcrphb2l-eFAAuE4c_C5fZDgzWpPLZK6VuLFpQjJv0Am4HObHla11nXdbZnwix7kVSSB3GsIggW3jjseMJd52mvrgo402mQLQLBPmrZsbyjPmXsjS9HYyilslk2uiw8URGKEtTptZJud&q={searchTerms}
SearchScopes: HKU\S-1-5-21-440912354-2210421725-969274775-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D010118-A9FCDBB39EF&form=CONBDF&conlogo=CT3335799&q={searchTerms}
SearchScopes: HKU\S-1-5-21-440912354-2210421725-969274775-1000 -> {2608BD2E-A72C-4D83-9114-8AC874A7F3F5} URL = hxxps://it.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=779227&p={searchTerms}
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO: No Name -> {30F9B915-B755-4826-820B-08FBA6BD249D} -> No File
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22] (Microsoft Corporation)
BHO: No Name -> {84FF7BD6-B47F-46F8-9130-01B2696B36CB} -> No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKU\S-1-5-21-440912354-2210421725-969274775-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-440912354-2210421725-969274775-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\S-1-5-21-440912354-2210421725-969274775-1000 -> No Name - {098D800D-0712-45FF-A3E4-686BD68F29F8} - No File
Toolbar: HKU\S-1-5-21-440912354-2210421725-969274775-1000 -> No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
StartMenuInternet: IEXPLORE.EXE - c:\program files\internet explorer\iexplore.exe hxxp://www.delta-homes.com/?type=sc&ts=1426769146&from=wpm031932&uid=ST9500325AS_6VE1DZRTXXXX6VE1DZRT

FireFox:
========
FF DefaultProfile: h94qd0e1.default-1465380852298
FF ProfilePath: C:\Users\a\Desktop\Old Firefox Data [not found] <==== ATTENTION
FF ProfilePath: C:\Users\a\AppData\Roaming\Mozilla\Firefox\Profiles\h94qd0e1.default-1465380852298 [2018-02-10]
FF Homepage: Mozilla\Firefox\Profiles\h94qd0e1.default-1465380852298 -> about:home
FF NewTab: Mozilla\Firefox\Profiles\h94qd0e1.default-1465380852298 -> hxxp://www.bing.com/?pc=COSP&ptag=D010118-A9FCDBB39EF&form=CONMHP&conlogo=CT3335799
FF Extension: (IBM Security Rapport) - C:\Users\a\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\rapportext@trusteer.com.xpi [2018-01-18]
FF Extension: (SetupVPN - Lifetime Free VPN) - C:\Users\a\AppData\Roaming\Mozilla\Firefox\Profiles\h94qd0e1.default-1465380852298\Extensions\@setupvpncom.xpi [2018-02-01]
FF Extension: (No Name) - C:\Users\a\AppData\Roaming\Mozilla\Firefox\Profiles\h94qd0e1.default-1465380852298\Extensions\d.lehr@chello.at.xpi [2017-10-05]
FF Extension: (HTTPS Everywhere) - C:\Users\a\AppData\Roaming\Mozilla\Firefox\Profiles\h94qd0e1.default-1465380852298\Extensions\https-everywhere@eff.org.xpi [2018-01-30]
FF Extension: (Google Translator for Firefox) - C:\Users\a\AppData\Roaming\Mozilla\Firefox\Profiles\h94qd0e1.default-1465380852298\Extensions\translator@zoli.bod.xpi [2018-01-08]
FF Extension: (No Name) - C:\Users\a\AppData\Roaming\Mozilla\Firefox\Profiles\h94qd0e1.default-1465380852298\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2018-01-01]
FF Extension: (Adblock Plus) - C:\Users\a\AppData\Roaming\Mozilla\Firefox\Profiles\h94qd0e1.default-1465380852298\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-12-12]
FF SearchPlugin: C:\Users\a\AppData\Roaming\Mozilla\Firefox\Profiles\h94qd0e1.default-1465380852298\searchplugins\bing-lavasoft.xml [2018-01-01]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-01-06] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [Hotbar@Hotbar.com] - C:\Program Files\Hotbar\bin\11.0.175.0\firefox\extensions => not found
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-11-11] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [ocr@babylon.com] - C:\Program Files\Babylon\Babylon-Pro\Utils\ocr@babylon.com => not found
FF HKU\S-1-5-21-440912354-2210421725-969274775-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_28_0_0_161.dll [2018-02-06] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1200112.dll [2013-02-18] (Adobe Systems, Inc.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [No File]
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll [2013-07-27] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2010-05-24] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [No File]
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [No File]
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @microsoft.com/wpi,version=1.4 -> C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll [2011-04-01] (Microsoft Corp)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-14] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-14] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-440912354-2210421725-969274775-1000: @tools.google.com/Google Update;version=3 -> C:\Users\a\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-440912354-2210421725-969274775-1000: @tools.google.com/Google Update;version=9 -> C:\Users\a\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-440912354-2210421725-969274775-1000: SkypePlugin -> C:\Users\a\AppData\Local\SkypePlugin\7.17.0.44\npGatewayNpapi.dll [2016-03-31] (Skype Technologies S.A.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\dsengine.js [2018-01-01] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\dsengine.cfg [2018-01-01] <==== ATTENTION

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.co.uk/
CHR StartupUrls: Default -> "hxxps://www.google.co.uk/"
CHR NewTab: Default -> "active": true,
"entry": "chrome-extension://icpgjfneehieebagbmdbhnlpiopdcmna/main.html"

CHR Profile: C:\Users\a\AppData\Local\Google\Chrome\User Data\Default [2018-02-09]
CHR Extension: (Docs) - C:\Users\a\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-14]
CHR Extension: (Google Drive) - C:\Users\a\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-12-14]
CHR Extension: (IBM Security Rapport) - C:\Users\a\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2018-01-04]
CHR Extension: (YouTube) - C:\Users\a\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-14]
CHR Extension: (Adblock Plus) - C:\Users\a\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-12-14]
CHR Extension: (Google Docs Offline) - C:\Users\a\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-12-16]
CHR Extension: (New Tab Redirect) - C:\Users\a\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna [2017-12-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\a\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-12-14]
CHR Extension: (SetupVPN - Lifetime Free VPN) - C:\Users\a\AppData\Local\Google\Chrome\User Data\Default\Extensions\oofgbpoabipfcfjapgnbbjjaenockbdp [2018-01-04]
CHR Extension: (Gmail) - C:\Users\a\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-12-14]
CHR Extension: (Chrome Media Router) - C:\Users\a\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-14]
CHR HKLM\...\Chrome\Extension: [ainbkicbloikcngphmjfpjdemblcojdd] - C:\Users\a\AppData\Local\Google\Chrome\User Data\Default\Extensions\slidebar.crx <not found>
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM\...\Chrome\Extension: [ogfjmhfnldnajmfaofeiaepghjenbgjo] - C:\Users\a\AppData\Local\Google\Chrome\User Data\Default\Extensions\ep.crx <not found>
CHR HKLM\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\a\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx <not found>
CHR HKU\S-1-5-21-440912354-2210421725-969274775-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\a\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx <not found>
CHR HKU\S-1-5-21-440912354-2210421725-969274775-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [35440 2016-11-07] (Dropbox, Inc.)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Users\a\AppData\Local\Temp\7zS7532\hpslpsvc32.dll [701288 2012-08-27] (Hewlett-Packard Co.) <==== ATTENTION
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332144 2017-11-21] (HP Inc.)
R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-21] (HP Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 MsDepSvc; C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [67400 2011-04-01] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [103696 2016-11-14] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280864 2016-11-14] (Microsoft Corporation)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RapportMgmtService; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [5249008 2018-01-24] (IBM Corp.)
S2 rpcnet; C:\Windows\system32\rpcnet.exe [73232 2017-02-13] (Absolute Software Corp.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AmUStor; C:\Windows\System32\drivers\AmUStor.SYS [27136 2009-08-21] (Alcor Micro, Corp.)
R0 AsDsm; C:\Windows\system32\Drivers\AsDsm.sys [30264 2010-01-07] (ASUSTek Computer Inc)
R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [87040 2009-07-29] (ELAN Microelectronic Corp.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
R3 L1E; C:\Windows\System32\DRIVERS\L1E62x86.sys [48640 2009-08-23] (Atheros Communications, Inc.)
R0 lullaby; C:\Windows\System32\DRIVERS\lullaby.sys [15416 2009-06-18] (Windows ® Win 7 DDK provider)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [252808 2016-08-25] (Microsoft Corporation)
R1 MpKsl23565dd4; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D84DA75E-DB67-4CA6-96FB-5C0D8ACF6C64}\MpKsl23565dd4.sys [49504 2018-02-10] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [14392 2009-05-13] (ASUS)
S3 ONDA_MW823UP_cdc_acm; C:\Windows\System32\DRIVERS\ONDA_MW823UP_cdc_acm.sys [67584 2010-01-27] (ONDA)
S3 ONDA_MW823UP_cdc_ecm; C:\Windows\System32\DRIVERS\ONDA_MW823UP_cdc_ecm.sys [79872 2010-01-27] (ONDA)
S3 ONDA_MW823UP_cpo; C:\Windows\System32\DRIVERS\ONDA_MW823UP_cpo.sys [9728 2010-01-27] (ONDA)
R3 ONDA_MW823UP_dc_enum; C:\Windows\System32\DRIVERS\ONDA_MW823UP_dc_enum.sys [61952 2010-01-27] (ONDA)
R1 RapportAegle; C:\Program Files\Trusteer\Rapport\bin\RapportAegle.sys [302168 2018-01-24] (IBM Corp.)
R1 RapportCerberus_1908103; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_1908103.sys [1119272 2018-02-04] (IBM Corp.)
R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [401360 2018-01-24] (IBM Corp.)
R0 RapportHades; C:\Windows\System32\Drivers\RapportHades.sys [206360 2018-01-24] (IBM Corp.)
S3 RapportKELL; C:\Windows\System32\Drivers\RapportKELL.sys [326672 2018-01-24] (IBM Corp.)
R1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [472080 2018-01-24] (IBM Corp.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1766592 2009-06-05] ()
S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [32768 2011-05-25] (AnchorFree Inc)
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1066496 2009-07-09] (VIA Technologies, Inc.)
S2 ASMMAP; \??\C:\Program Files\ATKGFNEX\ASMMAP.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S2 ghaio; \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 ipswuio; System32\DRIVERS\ipswuio.sys [X]
S1 iSafeKrnlMon; \??\C:\Program Files\Elex-tech\YAC\iSafeKrnlMon.sys [X] <==== ATTENTION
U4 secdrv; no ImagePath
S1 ttnfd; system32\drivers\ttnfd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-10 14:02 - 2018-02-10 14:09 - 000026208 _____ C:\Users\a\Downloads\FRST.txt
2018-02-10 14:00 - 2018-02-10 14:02 - 000000000 ____D C:\FRST
2018-02-10 13:58 - 2018-02-10 13:59 - 001763840 _____ (Farbar) C:\Users\a\Downloads\FRST.exe
2018-02-08 22:33 - 2018-02-08 22:33 - 000000000 ____D C:\Users\a\Downloads\windowsw
2018-02-06 19:11 - 2018-02-06 19:11 - 048750920 _____ C:\Users\a\Downloads\BDPUARLauncher.exe
2018-01-24 17:13 - 2018-01-24 17:13 - 000326672 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportKELL.sys
2018-01-24 17:13 - 2018-01-24 17:13 - 000206360 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportHades.sys
2018-01-23 18:54 - 2018-01-23 18:57 - 304724038 _____ C:\Users\a\Downloads\Ipotesi Sopravvivenza Threads - italiana guardare(1).mp4
2018-01-18 16:14 - 2018-01-18 16:14 - 000488944 _____ (IBM Corp.) C:\Users\a\Downloads\RapportSetup.exe
2018-01-14 16:41 - 2018-02-09 22:03 - 000000000 ____D C:\Users\a\Desktop\films feb 2018
2018-01-12 19:50 - 2018-02-09 19:36 - 000000304 _____ C:\Windows\Tasks\HPCeeScheduleFora.job

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-10 14:08 - 2018-01-05 20:08 - 000000320 _____ C:\Windows\Tasks\HPCeeScheduleForadmin.job
2018-02-10 14:08 - 2013-02-26 15:42 - 000000000 ____D C:\Users\a\AppData\Roaming\uTorrent
2018-02-10 13:41 - 2012-06-28 09:25 - 000000892 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-440912354-2210421725-969274775-1000UA.job
2018-02-10 13:40 - 2011-10-26 09:11 - 000000000 ____D C:\Program Files\CCleaner
2018-02-10 11:41 - 2012-06-28 09:24 - 000000840 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-440912354-2210421725-969274775-1000Core.job
2018-02-10 10:02 - 2010-01-06 10:45 - 000019344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-02-10 10:02 - 2010-01-06 10:45 - 000019344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-02-10 09:49 - 2016-11-16 17:38 - 000000000 ____D C:\Users\a\AppData\LocalLow\Mozilla
2018-02-09 22:33 - 2014-09-24 08:13 - 000000000 ____D C:\Users\a\AppData\Roaming\vlc
2018-02-09 22:03 - 2015-12-29 19:23 - 000000000 ____D C:\Users\a\Desktop\films
2018-02-09 13:17 - 2014-04-30 08:26 - 000017408 _____ C:\Windows\system32\rpcnetp.exe
2018-02-09 10:16 - 2014-04-30 08:26 - 000017408 _____ C:\Windows\system32\rpcnetp.dll
2018-02-09 10:16 - 2014-04-12 10:27 - 000073232 _____ (Absolute Software Corp.) C:\Windows\system32\rpcnet.dll
2018-02-09 10:16 - 2009-07-14 05:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-02-08 22:34 - 2016-02-28 16:46 - 031126033 _____ C:\Users\a\Downloads\6305_vista_win7_pg537.zip
2018-02-07 17:23 - 2018-01-10 10:01 - 000001231 _____ C:\Users\Public\Desktop\Skype.lnk
2018-02-07 17:23 - 2018-01-10 10:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2018-02-06 22:08 - 2012-04-05 07:59 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2018-02-06 22:08 - 2011-06-09 08:41 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2018-02-06 22:08 - 2009-08-04 04:06 - 000000000 ____D C:\Windows\system32\Macromed
2018-02-05 22:41 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\inf
2018-02-05 20:03 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\system32\NDF
2018-02-04 16:40 - 2013-09-02 08:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2018-02-02 09:00 - 2017-12-14 15:36 - 000002137 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-01-31 16:00 - 2013-02-15 09:15 - 000000000 ____D C:\Users\a\Desktop\desktop holder
2018-01-31 15:58 - 2011-10-12 15:02 - 000000000 ____D C:\Users\a\Desktop\photos
2018-01-31 15:47 - 2016-11-16 10:35 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-01-31 15:47 - 2015-04-16 14:56 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2018-01-23 19:58 - 2009-11-27 08:40 - 000456864 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2018-01-22 15:36 - 2017-10-06 08:33 - 000000000 ____D C:\Users\admin\AppData\Local\Google
2018-01-14 15:15 - 2009-08-20 04:40 - 000800344 _____ C:\Windows\system32\PerfStringBackup.INI
2018-01-13 23:46 - 2012-08-10 07:58 - 001022464 ___SH C:\Users\a\Desktop\Thumbs.db
2018-01-11 09:15 - 2013-08-08 05:37 - 000000000 ____D C:\Windows\system32\MRT
2018-01-11 08:47 - 2017-10-12 08:19 - 126487616 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-01-11 08:46 - 2010-01-13 08:34 - 126487616 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2012-07-27 14:37 - 2011-05-14 12:46 - 000800272 _____ (MyWebSearch.com) C:\Program Files\Uninstall Fun Web Products.dll
2010-07-07 18:41 - 2002-07-26 16:02 - 000153088 ____N () C:\Program Files\UNWISE.EXE
2010-02-15 12:35 - 2010-08-20 19:10 - 000007168 _____ () C:\Users\a\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-01-10 15:36 - 2011-01-10 15:36 - 000000089 _____ () C:\Users\a\AppData\Local\fusioncache.dat
2011-04-30 12:43 - 2011-04-30 12:43 - 003002471 _____ (MyWebSearch.com) C:\Users\a\AppData\Local\mwsautSp.exe
2014-10-04 17:42 - 2014-10-04 17:41 - 000612080 _____ (ClickMeIn Limited) C:\Users\a\AppData\Local\nsw69EF.tmp
2012-11-20 12:55 - 2012-11-20 12:55 - 000000218 _____ () C:\Users\a\AppData\Local\recently-used.xbel
2011-01-22 10:48 - 2018-01-04 22:33 - 000007598 _____ () C:\Users\a\AppData\Local\resmon.resmoncfg
2016-11-20 15:29 - 2016-11-20 15:29 - 000020480 ____T () C:\Users\a\AppData\Local\uninstall.tmp

Some zero byte size files/folders:
==========================
C:\Windows\System32\defragproxy.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-01-22 14:14

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10.02.2018 01
Ran by a (10-02-2018 14:13:49)
Running from C:\Users\a\Downloads
Microsoft Windows 7 Home Premium Service Pack 1 (X86) (2010-01-06 10:46:34)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

a (S-1-5-21-440912354-2210421725-969274775-1000 - Administrator - Enabled) => C:\Users\a
admin (S-1-5-21-440912354-2210421725-969274775-1007 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-440912354-2210421725-969274775-500 - Administrator - Disabled)
ASPNET (S-1-5-21-440912354-2210421725-969274775-1003 - Limited - Enabled)
Guest (S-1-5-21-440912354-2210421725-969274775-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-440912354-2210421725-969274775-1006 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-440912354-2210421725-969274775-1000\...\uTorrent) (Version: 3.5.1.44332 - BitTorrent Inc.)
32 Bit HP CIO Components Installer (HKLM\...\{A80FA752-C491-4ED9-ABF0-4278563160B2}) (Version: 7.1.8 - Hewlett-Packard) Hidden
5600 (HKLM\...\{F2DC2589-C894-43DD-BA70-8FDCA7360584}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
5600_Help (HKLM\...\{7DCBC3D8-8954-491D-A1B9-8C61C563B004}) (Version: 82.0.242.000 - Hewlett-Packard) Hidden
5600Trb (HKLM\...\{2605461E-AB2E-49F5-8A16-64B7F3595030}) (Version: 82.0.242.000 - Hewlett-Packard) Hidden
7-Zip 15.14 (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Acrobat.com (HKLM\...\{77DCDCE3-2DED-62F3-8154-05E745472D07}) (Version: 1.1.377 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC - Italiano (HKLM\...\{AC76BA86-7AD7-1040-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe Flash Player 28 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.)
AIO_CDB_ProductContext (HKLM\...\{E7112940-5F8E-4918-B9FE-251F2F8DC81F}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (HKLM\...\{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (HKLM\...\{104066F4-5897-4067-85D3-4C88B67CCF75}) (Version: 130.0.421.000 - Hewlett-Packard) Hidden
Alcor Micro USB Card Reader (HKLM\...\{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}) (Version: 1.5.17.25482 - Alcor Micro Corp.) Hidden
Amazon Kindle (HKU\S-1-5-21-440912354-2210421725-969274775-1000\...\Amazon Kindle) (Version: 1.20.1.47037 - Amazon)
Amazon Send to Kindle (HKLM\...\SendToKindle) (Version: 1.0.1.241 - Amazon)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ASUS AI Recovery (HKLM\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.5 - ASUS)
ASUS CopyProtect (HKLM\...\{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}) (Version: 1.0.0015 - ASUS)
ASUS Data Security Manager (HKLM\...\{FA2092C5-7979-412D-A962-6485274AE1EE}) (Version: 1.00.0014 - ASUS)
ASUS LifeFrame3 (HKLM\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS)
ASUS SmartLogon (HKLM\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0007 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0028 - ASUS)
ATK Hotkey (HKLM\...\{7C05592D-424B-46CB-B505-E0013E8E75C9}) (Version: 1.0.0052 - ASUS)
ATK Media (HKLM\...\{D1E5870E-E3E5-4475-98A6-ADD614524ADF}) (Version: 2.0.0006 - ASUS)
ATKOSD2 (HKLM\...\{3B05F2FB-745B-4012-ADF2-439F36B2E70B}) (Version: 7.0.0006 - ASUS)
BufferChm (HKLM\...\{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}) (Version: 130.0.331.000 - Hewlett-Packard) Hidden
calibre (HKLM\...\{02EBD037-F206-488D-B717-B28C5A08D768}) (Version: 3.11.1 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.38 - Piriform)
Cisco EAP-FAST Module (HKLM\...\{3F4BA3A2-7BE0-48EA-B4BC-CA4D842A409A}) (Version: 2.2.9 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{934B3B19-8193-467A-B356-E73F82647D38}) (Version: 1.0.15 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{BAD1449B-DF0C-4118-B76D-68C54009576C}) (Version: 1.1.2 - Cisco Systems, Inc.)
Copy (HKLM\...\{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}) (Version: 130.0.428.000 - Hewlett-Packard) Hidden
D3DX10 (HKLM\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
Destinations (HKLM\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM\...\{2FF8C687-DB7D-4adc-A5DC-57983EC25046}) (Version: 130.0.465.000 - Hewlett-Packard) Hidden
DocProc (HKLM\...\{9B362566-EC1B-4700-BB9C-EC661BDE2175}) (Version: 13.0.0.0 - Hewlett-Packard) Hidden
FastStone Image Viewer 4.6 (HKLM\...\FastStone Image Viewer) (Version: 4.6 - FastStone Soft)
Fax (HKLM\...\{440B915A-0C85-45DB-92AE-75AE14704A64}) (Version: 130.0.418.000 - Hewlett-Packard) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 64.0.3282.140 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
GPBaseService2 (HKLM\...\{63FF21C9-A810-464F-B60A-3111747B1A6D}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Support Solutions Framework (HKLM\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.8.47.1 - Hewlett-Packard Company)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
HP Update (HKLM\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPPhotoGadget (HKLM\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (HKLM\...\{681B698F-C997-42C3-B184-B489C6CA24C9}) (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (HKLM\...\{D79113E7-274C-470B-BD46-01B10219DF6A}) (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM\...\{C43326F5-F135-4551-8270-7F7ABA0462E1}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
IIS 7.5 Express (HKLM\...\{22025051-1991-48EB-8BE8-7A3329DAE7ED}) (Version: 7.5.1070 - Microsoft Corporation)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2202 - Intel Corporation)
Intel® TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation)
Junk Mail filter update (HKLM\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LightScribe System Software 1.14.17.1 (HKLM\...\{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}) (Version: 1.14.17.1 - LightScribe)
MarketResearch (HKLM\...\{175F0111-2968-4935-8F70-33108C6A4DE3}) (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Mesh Runtime (HKLM\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (HKLM\...\{50816F92-1652-4A7C-B9BC-48F682742C4B}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET Web Pages (HKLM\...\{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{185292F7-7C0A-4F72-B2CC-CBEBD40B050E}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 ENU (HKLM\...\{2F141715-E144-48C0-8562-D193B7AB85BC}) (Version: 4.0.8482.1 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 Web Tools ENU (HKLM\...\{A51500FE-6408-4305-B071-B961F691A4CE}) (Version: 4.0.8482.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Web Deploy 2.0 (HKLM\...\{5134B35A-B559-4762-94A4-FD4918977953}) (Version: 2.0.1070 - Microsoft Corporation)
Microsoft Web Platform Installer 3.0 (HKLM\...\{CC4878C0-4A6A-49CD-AAA7-DD3FCB06CC84}) (Version: 3.0.5 - Microsoft Corporation)
Mozilla Firefox 58.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 58.0.1 (x86 en-US)) (Version: 58.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 58.0.1.6602 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Network (HKLM\...\{75247E38-5C9B-45D6-ADF8-E11CB56B4990}) (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Norton Internet Security (HKLM\...\{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}) (Version: 16.0.0.125 - Symantec Corporation) Hidden
OGA Notifier 2.0.0048.0 (HKLM\...\{B2544A03-10D0-4E5E-BA69-0362FFC20D18}) (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OpenOffice 4.1.4 (HKLM\...\{BDB210E1-06C5-451F-BDAC-C18DDC7C2F14}) (Version: 4.14.9788 - Apache Software Foundation)
Platform (HKLM\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.) Hidden
QuickTime 7 (HKLM\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Rapport (HKLM\...\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}) (Version: 3.5.1908.137 - Trusteer) Hidden
Scan (HKLM\...\{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}) (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Skype Click to Call (HKLM\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype version 8.15 (HKLM\...\Skype_is1) (Version: 8.15 - Skype Technologies S.A.)
Skype Web Plugin (HKLM\...\{7E4C8063-6644-4580-B27F-6B70B1A51F0E}) (Version: 7.17.0.44 - Skype Technologies S.A.)
SmartWebPrinting (HKLM\...\{DC635845-46D3-404B-BCB1-FC4A91091AFA}) (Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (HKLM\...\{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}) (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (HKLM\...\{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}) (Version: 130.0.469.000 - Hewlett-Packard) Hidden
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab (HKLM\...\{92482FB3-C05B-41C6-89E7-75D985602A6E}) (Version: 4.1.72.0 - Husdawg, LLC)
Tonido 5.81.0.26973 (HKLM\...\{E9355E4F-CA53-42EB-9392-2F288E3CD3F9}_is1) (Version: - CodeLathe LLC)
Toolbox (HKLM\...\{6BBA26E9-AB03-4FE7-831A-3535584CA002}) (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (HKLM\...\{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}) (Version: 130.0.422.000 - Hewlett-Packard) Hidden
Trusteer Endpoint Protection (HKLM\...\Rapport_msi) (Version: 3.5.1908.137 - Trusteer)
UnloadSupport (HKLM\...\{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}) (Version: 11.0.0 - Hewlett-Packard) Hidden
USB 2.0 1.3M UVC WebCam (HKLM\...\USB 2.0 1.3M UVC WebCam) (Version: - )
VIA Platform Device Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
WebReg (HKLM\...\{43CDF946-F5D9-4292-B006-BA0D92013021}) (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinFlash (HKLM\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.29.0 - ASUS)
Wireless Console 3 (HKLM\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.12 - ASUS)
YTD Video Downloader 4.9.2 (HKLM\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.9.2 - GreenTree Applications SRL) <==== ATTENTION

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-440912354-2210421725-969274775-1000_Classes\CLSID\{0BFBE3EE-00BF-49F9-BC19-26B42AF261C1}\InprocServer32 -> C:\Users\a\AppData\Local\SkypePlugin\7.17.0.44\GatewayActiveX.dll (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-440912354-2210421725-969274775-1000_Classes\CLSID\{701D4227-14C2-45FB-A1DC-9A198DFB3BF9}\localserver32 -> C:\Users\a\AppData\Local\SkypePlugin\7.17.0.44\PluginHost.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-440912354-2210421725-969274775-1000_Classes\CLSID\{7253b364-18c5-555a-4b07-26abb39c9f99}\InprocServer32 -> C:\Users\a\AppData\Local\SkypePlugin\7.17.0.44\EdgeBrokerPS.dll (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-440912354-2210421725-969274775-1000_Classes\CLSID\{AC4E242D-28FB-40A2-9C2E-150FF1EE5B49}\localserver32 -> C:\Users\a\AppData\Local\SkypePlugin\7.17.0.44\GatewayVersion.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-440912354-2210421725-969274775-1000_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\a\AppData\Local\SkypePlugin\7.17.0.44\EdgeCalling.exe (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => -> No File
ShellIconOverlayIdentifiers: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => -> No File
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
ContextMenuHandlers1: [ADSMEnDecExt] -> {8BB925EB-A385-4F4D-B463-D9CC4A4F98F5} => -> No File
ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell.dll [2014-02-05] (Piriform Ltd)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers3: [STKContextMenu] -> {90DD7445-E924-4c6e-92AC-01F8C3A7E0C7} => C:\Program Files\Amazon\SendToKindle\stkContextMenu_241.dll [2015-09-10] (Amazon.com, Inc.)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-02-11] (Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell.dll [2014-02-05] (Piriform Ltd)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04A79920-A5F9-4C90-AF8B-94E5504B5C8F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {061C22AD-626B-459A-A742-5FBA2FFE3E54} - System32\Tasks\{75E4556E-079D-4662-9601-208483DFCDD6} => C:\Windows\system32\pcalua.exe -a "C:\Users\a\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BFNTZQPF\JavaSetup6u21[2].exe" -d C:\Users\a\Desktop
Task: {0F3251B6-6724-4E5F-851A-315D7742C259} - System32\Tasks\{C2FE96A9-14BF-42D8-907B-B34DFA47C056} => C:\Windows\system32\pcalua.exe -a E:\Setup.exe -d E:\
Task: {113E48B3-D893-466E-B6A1-6139727DD307} - System32\Tasks\ASUS Live Update => C:\Program Files\ASUS\ASUS Live Update\ALU.exe
Task: {11F9829E-87F3-4034-A109-05F7FB664EA9} - System32\Tasks\ASPG => C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe
Task: {132890D9-B508-4445-8C62-55ACB7938327} - System32\Tasks\{9C485EBA-23DF-4F83-9EA2-75CF8CD496C0} => C:\Riot Games\League of Legends\lol.launcher.exe
Task: {1767A5A5-4FC2-4FFC-A5C3-133708B87C0B} - System32\Tasks\{3D57952A-C196-475D-B43D-87DA9E1F3AC9} => C:\Users\a\AppData\Local\Amazon\Kindle\application\Kindle.exe [2017-03-21] (Amazon.com)
Task: {187B9DF1-40C4-429D-B0FD-7FFFC9C0E79F} - System32\Tasks\{333AA987-AF47-420A-8499-C185C5839A89} => C:\Users\a\AppData\Local\Amazon\Kindle\application\Kindle.exe [2017-03-21] (Amazon.com)
Task: {1B74AE22-ED51-46D8-9F53-7428C66C497D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {25339651-13A1-4707-9079-9E54E2168990} - System32\Tasks\{56715E3A-066B-4A5A-8CC3-C3F4FB5E8FA4} => C:\Users\a\AppData\Local\Amazon\Kindle\application\Kindle.exe [2017-03-21] (Amazon.com)
Task: {27366C5B-4D60-4483-AE88-2A6C24678566} - System32\Tasks\{356D2F41-59D9-4CC3-BD3E-8B4C8B4666CA} => C:\Windows\System32\java.exe
Task: {29B40D77-2733-4751-96B4-3E9936A3A993} - System32\Tasks\{061916CD-94B3-4A7E-A669-3B5219426FF3} => E:\SETUP.EXE
Task: {2BC97E60-74DC-4ED2-A652-F7F990084D8F} - System32\Tasks\{2D7F485A-74FC-4E61-BCEA-A67D6EEEE31F} => C:\Windows\system32\pcalua.exe -a C:\Windows\UbiSoft\SetupUbi.exe -d C:\Windows\UbiSoft -c -play rayman2
Task: {343C49E6-C53F-4122-9D8F-F084C30E3BC5} - System32\Tasks\{84394EB0-302F-4298-AB7A-6D916F1E7A15} => C:\Program Files\360Share Pro\Gui\360SharePro.exe
Task: {35758669-2717-4D75-94E1-FEB951E3907B} - System32\Tasks\{2C16FE3F-0FA7-437D-A7AC-A395733FFA3C} => C:\Windows\system32\pcalua.exe -a "C:\Users\a\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DBZ9PZL3\InstallWoW[2].exe" -d C:\Users\a\Desktop
Task: {366110E8-C839-4F07-B7BB-8FA336A5B6EB} - System32\Tasks\{3CAE5803-3FB1-47F1-98E9-D795C668D611} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\LimeWire\LimeWire.exe" -d "C:\Program Files\LimeWire"
Task: {39242A91-E69A-450C-A090-E1C7B7ECC9ED} - System32\Tasks\ACMON => C:\Program Files\ASUS\Splendid\ACMON.exe
Task: {39A6CF94-E3C1-4791-BF39-BD2F2338DF0D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {3A3B46E5-73F6-4C92-B44E-1BE99A0A64B3} - System32\Tasks\P4GIntlCtrl => IntlCtrl.exe
Task: {3C3393D9-17F3-4C50-A621-C9308612D369} - System32\Tasks\{EF97409C-B48A-44A0-A436-10FBD6CF7280} => C:\Windows\system32\pcalua.exe -a C:\Users\a\Documents\Henry\JavaSetup6u21.exe -d C:\Users\a\Desktop
Task: {3E2D35CA-051A-4429-A4B0-BBE1FA3C230B} - System32\Tasks\HPCeeScheduleForadmin => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {40B6DBEE-E08C-49D6-B6F7-BDE035B4EF9D} - System32\Tasks\Advanced File Optimizer_checkupdate_startup => C:\Program Files\Advanced File Optimizer\AdvancedFileOptimizer.exe
Task: {43034970-EE92-4478-9831-988339133180} - System32\Tasks\APSnotifierPP2 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {4D78FCE7-9279-424E-926E-CFEBAB8A035D} - System32\Tasks\{F3356251-0B03-4362-8E3B-8647F4BC5F32} => C:\Windows\system32\pcalua.exe -a C:\PROGRA~1\UNWISE.EXE -c /U C:\PROGRA~1\INSTALL.LOG
Task: {504D931F-7859-40E9-A930-1CDC41761135} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {5C2C8651-4743-4CD0-B0E3-4D99E39B6880} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-12-14] (Google Inc.)
Task: {5D5D9180-0116-4DD8-B0C4-62BB0E90082A} - System32\Tasks\{512F55F3-0C39-4E89-A852-487D49E6492A} => C:\Windows\system32\pcalua.exe -a "E:\Redis\Install Flash Player 9 AX.exe" -d E:\Redis
Task: {5FB703CF-FA02-475F-8DBF-FE004E6E91E6} - System32\Tasks\{4E561AD7-65F1-4DCC-A54F-0FCB6D565628} => C:\Windows\system32\pcalua.exe -a C:\Users\a\Downloads\Oryte_Games_2.exe -d C:\Users\a\Downloads
Task: {612D9E0B-2743-4AA6-8E96-1D559BA71144} - System32\Tasks\{8BB7623A-1201-4265-A821-56757A5EBB37} => C:\Windows\System32\java.exe
Task: {6342FBE4-1DA0-4866-8FFF-1A5F2541B6C4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-02-06] (Adobe Systems Incorporated)
Task: {638D0B59-3108-474A-8D63-7CBE66FF0B6D} - System32\Tasks\HPCeeScheduleFora => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {6728C6EB-4BD9-4E6A-BD79-CBB86783DCBC} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-11-28] (AVAST Software)
Task: {6985E395-F0F7-4A75-9B03-4FE55F73DA9F} - System32\Tasks\{A345E3D7-0CEE-435E-ACD3-5B3EFBA982C2} => C:\Windows\system32\pcalua.exe -a C:\PROGRA~1\EIDOSI~1\HITMAN~1\uninstall.exe
Task: {6C990B00-0FAC-4704-9B53-42D9C5060A8A} - System32\Tasks\APSnotifierPP3 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {6D7C8332-587E-4A2C-83E6-47F763DB8F4D} - System32\Tasks\{7CF8FED2-3F0B-4F1E-A740-FD83F91FA80C} => C:\Riot Games\League of Legends\lol.launcher.exe
Task: {6EA15B90-B3C1-4E81-8364-01E1DD573D43} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
Task: {6F95BB53-4B26-42AE-84BA-8515FF8DD49F} - System32\Tasks\{A80F8156-7AA5-46E4-9AFD-8DF47F35D74F} => C:\Program Files\Microsoft Windows OneCare Live\WinSSIntro.exe
Task: {76327588-7C25-45E8-BEF3-1AACEF60E12D} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - a => C:\Program Files\Windows Calendar\WinCal.exe
Task: {78E0CB43-9DB3-4647-9203-BD524A55E293} - System32\Tasks\{14E385C8-06A3-4262-9680-9F89C9BE2E6A} => C:\Program Files\360Share Pro\Gui\360SharePro.exe
Task: {7E282329-BEAD-4402-BCF5-43E9D3E4EBDD} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-17] ()
Task: {84CE70D9-FC08-40F6-81B1-177702107EA9} - System32\Tasks\{5DDCCEBD-EB63-4878-B5BA-3B9A1D8F56E2} => msiexec.exe /package "C:\Users\a\Downloads\calibre-2.75.1.msi"
Task: {8C2B00F7-49A9-46E1-AD7C-96F35FB58A8C} - System32\Tasks\{0EDE62E7-8DBC-44A2-AD9D-52FA43FA0D20} => C:\Program Files\Skype\\Phone\Skype.exe
Task: {8C6569A4-3237-4045-904D-65DB3BFA1A80} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks
Task: {8E4A0CAA-B71D-4848-922B-A60F974ED137} - System32\Tasks\{E3CF08B6-F14A-4E36-B8B3-2CC641A3359A} => "c:\program files\internet explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/5.8.0.158/en/go/help.faq.installer?LastError=1618
Task: {9129ECDF-3AE9-4173-9D82-EBD444E17CA0} - System32\Tasks\{9BAB2458-4DD2-4A0E-B751-65E69EE6B96A} => E:\System\witcher.exe
Task: {993F01F0-CD36-4732-ADF9-6502F5B22635} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-12-14] (Google Inc.)
Task: {9F7F4F44-5F1C-4DAA-BC32-485E9241D39D} - System32\Tasks\{764D3871-12F2-4634-B620-0AA397D3036A} => C:\Riot Games\League of Legends\lol.launcher.exe
Task: {9FB08C7C-B2CE-4A3D-AA13-0C2BD2538854} - System32\Tasks\{47E48E6E-6A42-4D0E-BFB6-0390A95A3D57} => C:\Program Files\Microsoft Windows OneCare Live\WinSSIntro.exe
Task: {A268D745-81E4-4B07-ADAD-CFD63A71C439} - System32\Tasks\{88395A6B-4D38-4237-9301-3073A7F549CB} => C:\Windows\system32\pcalua.exe -a "C:\Users\a\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\921H5E5R\GwSetup.exe" -d C:\Users\a\Desktop
Task: {A3A9AA68-19F4-473C-B9C1-1A6918AFF342} - System32\Tasks\{F75508C1-4924-4EA9-B7C2-2BEAA6AED792} => E:\SETUP.EXE
Task: {A64FDB48-55FC-4526-A2CA-BB523899809C} - System32\Tasks\{7B7A6E6D-064A-43C0-AF51-0130CD293F58} => C:\Windows\system32\pcalua.exe -a C:\Users\a\AppData\Local\Temp\Temp1_IGI2-sp_demo_updated.zip\Setup.exe <==== ATTENTION
Task: {A6CFD10C-4B31-4615-B02E-53721E6F3A4E} - System32\Tasks\{C86E18E9-F93F-40DF-866F-2DEBF8945411} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriver.exe" -d C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\ -c /M{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}
Task: {A9C84D31-5AA8-4574-8153-0790DA42E00E} - System32\Tasks\{2BF75FDB-F92D-4008-A2D4-1112AF59C2A0} => C:\Windows\system32\pcalua.exe -a "C:\Users\a\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F1HAGT3X\GraboidVideoSetup-2.01b-Complete[1].exe" -d C:\Users\a\Desktop
Task: {AAF7C603-116A-4189-A606-391B4B3591D0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-12-01] (Piriform Ltd)
Task: {AC34CA2B-9C12-4C53-A727-CC5EC0E700F6} - System32\Tasks\{83804A81-A90A-465F-B4DA-504C9996729E} => C:\Windows\system32\pcalua.exe -a "C:\Users\a\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DBZ9PZL3\frozen_throne_beta_pc[1].exe" -d C:\Users\a\Desktop
Task: {AEF31656-9948-4C27-9B83-E7896FAA9C2A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {B550FA6D-560F-4B11-8307-5A1DFC6DDE7B} - System32\Tasks\{3B66C7E8-D615-4E48-93DF-87443C9CD9B2} => C:\Windows\system32\pcalua.exe -a "C:\Users\a\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AKMCW71Q\SetupOneCare[1].exe" -d C:\Users\a\Desktop
Task: {B62BB7E1-0336-4F8C-A088-81AD04A7DB35} - System32\Tasks\{292BCD5B-436F-4ACA-A7BB-2F351ADA9F73} => C:\Windows\system32\pcalua.exe -a "C:\Users\a\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BFNTZQPF\Oryte_Games_2[1].exe" -d C:\Users\a\Desktop
Task: {BD5B3CB2-A002-498A-AE21-5DD39BC5E83B} - System32\Tasks\{F1BED256-7332-4D82-9C1F-F60892C43176} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe"
Task: {C3A69BF2-41B6-44D2-BADA-C64DDC491465} - System32\Tasks\RunAsStdUser Task for VeohWebPlayer => C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
Task: {C3FAE27E-2927-4CEB-8ADC-F774C5FB4B85} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-11-08] (HP Inc.)
Task: {C91B7378-6F39-4E16-8ADC-AA66046502AF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-01-10] (HP Inc.)
Task: {CA72670C-F316-4D36-AD63-54973F971FC6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {CB3ACB26-3508-40F4-8977-2AD16F2916EF} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy
Task: {CF625972-C111-4F9D-808E-2209CF8C78E7} - System32\Tasks\WC3 => C:\Program Files\ASUS\Wireless Console 3\wcourier.exe
Task: {D0A7C097-DB3A-407A-AD4C-CD6717E642E6} - System32\Tasks\ASP => C:\Program Files\RCP\systweakasp.exe
Task: {D0C486D7-B8F1-474A-B692-EA9E96BAD12A} - System32\Tasks\Net4Switch => C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
Task: {D683DA90-E606-4D94-B9B7-C8E5838397D2} - System32\Tasks\{737EA531-9679-4F38-AC75-C5B814A23DF1} => C:\Windows\system32\pcalua.exe -a E:\autorun.exe -d E:\
Task: {D8C24839-E769-4E12-BC38-5879D607529B} - System32\Tasks\{01A78403-1947-44CC-B5C5-EE71656EA004} => C:\Windows\system32\pcalua.exe -a C:\Users\a\AppData\Local\Temp\Temp1_Warcraft3_Demo[1].zip\W3Demo.exe <==== ATTENTION
Task: {DA65977C-04CF-4F9C-B64F-223650D1409E} - System32\Tasks\{71A9FEE9-03E5-4ECD-97E1-8481DA845582} => C:\Users\a\AppData\Local\Amazon\Kindle\application\Kindle.exe [2017-03-21] (Amazon.com)
Task: {E0A6283B-7E19-4F61-B0F7-3E0797B7BEA7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-440912354-2210421725-969274775-1000Core => C:\Users\a\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {E4C9D381-2B43-4793-97BB-DE610CC826DB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-440912354-2210421725-969274775-1000UA => C:\Users\a\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {E8494464-63A2-4BC9-9A3D-2247F49241DA} - System32\Tasks\{60C4B488-4F7D-40AE-9C8A-4752F51BF678} => C:\Riot Games\League of Legends\lol.launcher.exe
Task: {ED38C19C-B3F1-4E99-893E-3CD446D3B227} - System32\Tasks\APSnotifierPP1 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {F983E318-B251-460B-921F-564D4C033948} - System32\Tasks\{B55B4949-7546-4E2B-910D-94468E7A468C} => C:\Users\a\AppData\Local\Amazon\Kindle\application\Kindle.exe [2017-03-21] (Amazon.com)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-440912354-2210421725-969274775-1000Core.job => C:\Users\a\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-440912354-2210421725-969274775-1000UA.job => C:\Users\a\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleFora.job => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForadmin.job => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2015-06-02 14:51 - 2015-06-02 14:51 - 000545792 _____ () C:\Program Files\Trusteer\Rapport\bin\js32.dll
2016-07-16 09:36 - 2009-05-07 23:50 - 000073728 _____ () C:\Program Files\VIA\VIAudioi\VDeck\QsApoApi.dll
2016-07-16 09:36 - 2009-05-07 23:53 - 000106496 _____ () C:\Program Files\VIA\VIAudioi\VDeck\Dts2ApoApi.dll
2016-07-16 09:36 - 2008-02-14 20:57 - 000094208 _____ () C:\Program Files\VIA\VIAudioi\VDeck\VMicApi.dll
2016-07-16 09:36 - 2009-07-06 21:37 - 047628288 _____ () C:\Program Files\VIA\VIAudioi\VDeck\Skin.dll
2017-11-28 10:45 - 2017-11-28 10:45 - 000054488 _____ () C:\Program Files\CCleaner\branding.dll
2018-01-10 10:00 - 2018-02-02 21:48 - 001782904 _____ () C:\Program Files\Microsoft\Skype for Desktop\ffmpeg.dll
2018-01-10 10:01 - 2018-02-02 21:48 - 000088064 _____ () \\?\C:\Program Files\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\keytar\build\Release\keytar.node
2018-01-10 10:00 - 2018-02-02 21:48 - 002559616 _____ () C:\Program Files\Microsoft\Skype for Desktop\libglesv2.dll
2018-01-10 10:00 - 2018-02-02 21:48 - 000031872 _____ () C:\Program Files\Microsoft\Skype for Desktop\libegl.dll
2018-02-07 17:23 - 2018-02-02 21:48 - 000208384 _____ () \\?\C:\Program Files\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\electron-ssid\build\Release\electron-ssid.node
2018-01-10 10:01 - 2018-02-02 21:48 - 000400384 _____ () \\?\C:\Program Files\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\@paulcbetts\spellchecker\build\Release\spellchecker.node
2018-01-10 10:01 - 2018-02-02 21:48 - 000129536 _____ () \\?\C:\Program Files\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\keyboard-layout\build\Release\keyboard-layout-manager.node
2018-01-10 10:01 - 2018-02-02 21:48 - 002167808 _____ () \\?\C:\Program Files\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\slimcore\bin\skypert.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:07BF512B [135]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-440912354-2210421725-969274775-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-440912354-2210421725-969274775-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-440912354-2210421725-969274775-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-440912354-2210421725-969274775-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-440912354-2210421725-969274775-1000\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-440912354-2210421725-969274775-1000\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 11:23 - 2006-09-18 22:41 - 000000761 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-440912354-2210421725-969274775-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\a\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ASUS Camera ScreenSaver => C:\Windows\AsScrProlog.exe
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: mbot_it_103 =>

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{404AB51E-D3DE-40E1-BCA4-86E1C525BF82}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{2B935387-F40B-448B-8E81-CC0EFD3F7CA7}] => (Allow) svchost.exe
FirewallRules: [{A7B84DD6-B284-4748-8488-8A9BFE398CB2}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [TCP Query User{A83B9667-6F7B-4F4A-9C8E-23D8BF51B1DB}F:\programmi\world of warcraft\backgrounddownloader.exe] => (Allow) F:\programmi\world of warcraft\backgrounddownloader.exe
FirewallRules: [UDP Query User{A3CFFE7D-750A-4443-A4A2-0D32443DDD0B}F:\programmi\world of warcraft\backgrounddownloader.exe] => (Allow) F:\programmi\world of warcraft\backgrounddownloader.exe
FirewallRules: [TCP Query User{F72B5874-A766-45F7-8D9B-98515C810D6A}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{023A240F-6201-43F2-B4F3-153441F3942F}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [{EE9CB56C-0C89-4A16-928F-6B0C66E8F143}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{7BC4FA0F-3CF9-4C98-B597-C464DB8A199B}] => (Allow) LPort=2869
FirewallRules: [{8B80B8BE-7E45-4640-ACD7-9864A74B9585}] => (Allow) LPort=1900
FirewallRules: [{E7DAAE17-A465-46ED-A954-496C174C3C6A}] => (Allow) C:\Program Files\Windows Live\Mesh\MOE.exe
FirewallRules: [{7B2903D6-2356-466D-BF8C-52861B70BE96}] => (Allow) LPort=8396
FirewallRules: [{CA0E68AF-FD25-48F0-B579-ED1941B1D80B}] => (Allow) LPort=8396
FirewallRules: [{1E82594F-7C3B-4A91-A2E8-5BA57BBFBD12}] => (Allow) LPort=8397
FirewallRules: [{CFB12CA1-6681-4809-A9E6-49F04D833CC2}] => (Allow) LPort=8397
FirewallRules: [{FF10C6D4-578A-490C-A674-A1C8176E662E}] => (Allow) LPort=6951
FirewallRules: [{DEC4B368-A1C7-4B08-B34D-F932BAB3F676}] => (Allow) LPort=6951
FirewallRules: [{9BC3D78E-826A-4B8C-8040-E01915431C7B}] => (Allow) LPort=6937
FirewallRules: [{3CA3C2A5-B9F3-4351-99E7-A269BC50B5A8}] => (Allow) LPort=6937
FirewallRules: [{EA604249-0BF0-4695-8E2C-92B300C73C1A}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{1E9692EA-39A8-4A51-B91F-0534604FF487}] => (Allow) C:\Windows\System32\msiexec.exe
FirewallRules: [{D9A2D59A-9714-4531-A266-469362EA60B4}] => (Allow) C:\Windows\System32\msiexec.exe
FirewallRules: [{7F535E75-D510-413D-9B42-C651CFBCBC6F}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{B5D2A39B-0BEC-417D-8463-200CF93F22A6}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{0A7AD844-9220-4557-83A8-AA71A35A5321}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{AD9044D1-7C4B-499B-980E-89DA7F3BDAEE}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{193A207B-B6A1-4CAE-B120-6D3F9BC33FB2}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{D90FAAD9-E0F0-42E2-AFE7-E1211D2654A4}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{3863497D-8809-4B36-BDCD-4DF642DAFB3A}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{F8DFF0A8-FF70-4B69-BB98-D09BDF402604}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{D7D71B00-828E-46D0-895A-C99066962192}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{B5ECAC9F-1A2F-4DA2-B955-FD33FCDBC7AA}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{5D3B7761-9861-4335-AAB9-E7DF332FC62A}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{29A96B4D-512D-48F5-9FE7-1F0080EEAA84}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{720E5DAC-15D2-49CF-94B8-D75DEA4661A1}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{3C90F946-73D9-42C7-A4BD-D7A0DAB702F1}] => (Allow) C:\Program Files\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{8B43EBEB-22D1-4537-A687-AC51A283FF75}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{C484A727-11CF-4661-A630-C8DD39F8D392}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{58AAE0C7-FB90-49E1-86C4-E7894D1649D0}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{8C10E431-94D6-48F4-86DA-E2E39E1DEE0F}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{D5754EE0-B210-4351-8EAE-ED1086599B9F}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{8064E638-45D9-4CB9-8381-128037C11DB0}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{4AD52D2E-591D-4551-88EC-8629CC0F2DDB}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{A4FE0770-F740-4BFC-AD84-E23B184C97DF}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{E26FD342-7D5D-48D7-9C56-8F9C7325CB32}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{B532482D-E3F3-4414-B900-2CC23ADDEF54}] => (Allow) C:\Program Files\HP\hp software update\hpwucli.exe
FirewallRules: [{EBCBBF2F-4CB4-452E-92D0-ED85B67839F4}] => (Allow) C:\Program Files\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [TCP Query User{0EF4E0AE-6A0F-4704-B04B-53491E2D8352}C:\users\a\appdata\roaming\tonido\tonido.exe] => (Allow) C:\users\a\appdata\roaming\tonido\tonido.exe
FirewallRules: [UDP Query User{0CC3E984-361A-4C5E-9F85-AAEB8082540A}C:\users\a\appdata\roaming\tonido\tonido.exe] => (Allow) C:\users\a\appdata\roaming\tonido\tonido.exe
FirewallRules: [TCP Query User{F0492F6D-1DEF-4B98-BF63-A4E889C4C7CF}C:\users\a\appdata\roaming\tonido\tonido.exe] => (Allow) C:\users\a\appdata\roaming\tonido\tonido.exe
FirewallRules: [UDP Query User{D7936C7B-D603-4C87-B63D-4E9E60A58A0A}C:\users\a\appdata\roaming\tonido\tonido.exe] => (Allow) C:\users\a\appdata\roaming\tonido\tonido.exe
FirewallRules: [{8063E04B-CBA6-489D-AF46-6DE352877724}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{448A5E90-D79C-49BD-806B-D79197A0F217}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{1C02A741-4F15-42D4-840D-95B12DDB967C}] => (Allow) C:\Windows\System32\muzapp.exe
FirewallRules: [{5B8DAAE3-0F69-4B3F-A044-F6E7C73C9EA4}] => (Allow) C:\Windows\System32\muzapp.exe
FirewallRules: [{365F34FB-7097-4B09-A964-F81193AB0DD2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{5256C656-3087-4B48-BB1B-4FE7D6559D04}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{2943F819-464E-4802-A13A-158FD358D5FB}C:\users\a\appdata\local\skypeplugin\7.17.0.44\pluginhost.exe] => (Block) C:\users\a\appdata\local\skypeplugin\7.17.0.44\pluginhost.exe
FirewallRules: [UDP Query User{7E0C1DF3-7257-497C-8DE2-98DD7500E7E2}C:\users\a\appdata\local\skypeplugin\7.17.0.44\pluginhost.exe] => (Block) C:\users\a\appdata\local\skypeplugin\7.17.0.44\pluginhost.exe
FirewallRules: [TCP Query User{87974636-5C40-4895-B565-F1E44900AB58}C:\users\a\appdata\roaming\utorrent\updates\3.4.9_42973.exe] => (Allow) C:\users\a\appdata\roaming\utorrent\updates\3.4.9_42973.exe
FirewallRules: [UDP Query User{B4AA2286-2DF3-4EF9-B927-2D9B58BDECFF}C:\users\a\appdata\roaming\utorrent\updates\3.4.9_42973.exe] => (Allow) C:\users\a\appdata\roaming\utorrent\updates\3.4.9_42973.exe
FirewallRules: [TCP Query User{45202BC5-0BBA-493A-A4EE-A13BBD66EED8}C:\users\a\appdata\roaming\utorrent\updates\3.4.9_42973.exe] => (Allow) C:\users\a\appdata\roaming\utorrent\updates\3.4.9_42973.exe
FirewallRules: [UDP Query User{9320ADA0-785E-4178-B934-FCF7D8E6CD9A}C:\users\a\appdata\roaming\utorrent\updates\3.4.9_42973.exe] => (Allow) C:\users\a\appdata\roaming\utorrent\updates\3.4.9_42973.exe
FirewallRules: [{69C6406F-E565-4BDC-BD35-14FF28103EAB}] => (Allow) C:\Users\a\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{07B9E647-B5B6-4DA1-9952-E288A5423625}] => (Allow) C:\Users\a\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{63E82476-5CEB-4F75-BF45-9862DBC76723}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{1908F036-2FB0-4814-8077-38AFCADCD233}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{166F9E51-50BB-4CF3-85EC-FE4BAF586C6F}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe

==================== Restore Points =========================

31-01-2018 12:37:52 Windows Update
04-02-2018 16:39:09 Installed Rapport
06-02-2018 12:22:21 Windows Update
09-02-2018 13:33:06 Windows Update

==================== Faulty Device Manager Devices =============

Name: ASMMAP
Description: ASMMAP
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ASMMAP
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: ttnfd
Description: ttnfd
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ttnfd
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: ghaio
Description: ghaio
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ghaio
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/10/2018 01:34:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BitTorrentAntivirus.exe, version: 1.0.0.1, time stamp: 0x58f7c0a8
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0xbdc
Faulting application start time: 0x01d3a26b8a9b6e26
Faulting application path: C:\Users\a\AppData\Roaming\uTorrent\VirusGuard\BitTorrentAntivirus.exe
Faulting module path: unknown
Report Id: cb352177-0e5e-11e8-a2ef-0026189d3c85

Error: (02/10/2018 12:34:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BitTorrentAntivirus.exe, version: 1.0.0.1, time stamp: 0x58f7c0a8
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0xcec
Faulting application start time: 0x01d3a2630938b3f6
Faulting application path: C:\Users\a\AppData\Roaming\uTorrent\VirusGuard\BitTorrentAntivirus.exe
Faulting module path: unknown
Report Id: 4a086c32-0e56-11e8-a2ef-0026189d3c85

Error: (02/10/2018 11:33:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BitTorrentAntivirus.exe, version: 1.0.0.1, time stamp: 0x58f7c0a8
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0xdac
Faulting application start time: 0x01d3a25a85326e33
Faulting application path: C:\Users\a\AppData\Roaming\uTorrent\VirusGuard\BitTorrentAntivirus.exe
Faulting module path: unknown
Report Id: c59c1020-0e4d-11e8-a2ef-0026189d3c85

Error: (02/10/2018 10:32:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BitTorrentAntivirus.exe, version: 1.0.0.1, time stamp: 0x58f7c0a8
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x398
Faulting application start time: 0x01d3a25202f9c341
Faulting application path: C:\Users\a\AppData\Roaming\uTorrent\VirusGuard\BitTorrentAntivirus.exe
Faulting module path: unknown
Report Id: 4b0edb1e-0e45-11e8-a2ef-0026189d3c85

Error: (02/09/2018 10:27:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BitTorrentAntivirus.exe, version: 1.0.0.1, time stamp: 0x58f7c0a8
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x12fc
Faulting application start time: 0x01d3a1ecbc7e19d5
Faulting application path: C:\Users\a\AppData\Roaming\uTorrent\VirusGuard\BitTorrentAntivirus.exe
Faulting module path: unknown
Report Id: ffeaa6cb-0ddf-11e8-a2ef-0026189d3c85

Error: (02/09/2018 09:26:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BitTorrentAntivirus.exe, version: 1.0.0.1, time stamp: 0x58f7c0a8
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x184
Faulting application start time: 0x01d3a1e43b1d346c
Faulting application path: C:\Users\a\AppData\Roaming\uTorrent\VirusGuard\BitTorrentAntivirus.exe
Faulting module path: unknown
Report Id: 7d4073b1-0dd7-11e8-a2ef-0026189d3c85

Error: (02/09/2018 08:25:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BitTorrentAntivirus.exe, version: 1.0.0.1, time stamp: 0x58f7c0a8
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0xd68
Faulting application start time: 0x01d3a1dbb9a2fa45
Faulting application path: C:\Users\a\AppData\Roaming\uTorrent\VirusGuard\BitTorrentAntivirus.exe
Faulting module path: unknown
Report Id: fc221681-0dce-11e8-a2ef-0026189d3c85

Error: (02/09/2018 07:24:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BitTorrentAntivirus.exe, version: 1.0.0.1, time stamp: 0x58f7c0a8
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0xa00
Faulting application start time: 0x01d3a1d3339b109c
Faulting application path: C:\Users\a\AppData\Roaming\uTorrent\VirusGuard\BitTorrentAntivirus.exe
Faulting module path: unknown
Report Id: 7bf744a3-0dc6-11e8-a2ef-0026189d3c85

Error: (02/09/2018 06:23:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BitTorrentAntivirus.exe, version: 1.0.0.1, time stamp: 0x58f7c0a8
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x1144
Faulting application start time: 0x01d3a1cab140372a
Faulting application path: C:\Users\a\AppData\Roaming\uTorrent\VirusGuard\BitTorrentAntivirus.exe
Faulting module path: unknown
Report Id: f53297e7-0dbd-11e8-a2ef-0026189d3c85

Error: (02/09/2018 05:22:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BitTorrentAntivirus.exe, version: 1.0.0.1, time stamp: 0x58f7c0a8
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0xc60
Faulting application start time: 0x01d3a1c22ddee661
Faulting application path: C:\Users\a\AppData\Roaming\uTorrent\VirusGuard\BitTorrentAntivirus.exe
Faulting module path: unknown
Report Id: 723f25b9-0db5-11e8-a2ef-0026189d3c85


System errors:
=============
Error: (02/10/2018 02:16:14 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume VistaOS.

Error: (02/10/2018 02:16:14 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume VistaOS.

Error: (02/10/2018 02:16:14 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume VistaOS.

Error: (02/10/2018 02:13:09 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume VistaOS.

Error: (02/10/2018 02:13:09 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume VistaOS.

Error: (02/10/2018 02:13:09 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume VistaOS.

Error: (02/10/2018 02:13:09 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume VistaOS.

Error: (02/10/2018 02:13:09 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume VistaOS.

Error: (02/10/2018 02:13:09 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume VistaOS.

Error: (02/10/2018 02:13:09 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume VistaOS.


==================== Memory info ===========================

Processor: Celeron® Dual-Core CPU T3000 @ 1.80GHz
Percentage of memory in use: 84%
Total physical RAM: 3037.09 MB
Available physical RAM: 459.8 MB
Total Virtual: 6072.51 MB
Available Virtual: 2520.86 MB

==================== Drives ================================

Drive c: (VistaOS) (Fixed) (Total:232.88 GB) (Free:98.53 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:221.16 GB) (Free:61.05 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 97646C29)
Partition 1: (Not Active) - (Size=11.7 GB) - (Type=1C)
Partition 2: (Active) - (Size=232.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=221.2 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================

Edited by Oh My!, 11 February 2018 - 04:30 PM.
Moved from Windows 7 forum as FRST log included


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,785 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:29 AM

Posted 11 February 2018 - 04:30 PM

Greetings abruzzojohn and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

What messages are you receiving?

Please consider an do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have Peer 2 Peer (torrent) program(s) installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Peer 2 Peer programs, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about CryptoLocker Ransomware, a type of Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Malwarebytes AdwCleaner

-------------------
  • Please download AdwCleaner and save it on your desktop.
  • Close all open programs and browsers
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed if there are threats found you will see Found 3 threats or something similar above the progress bar
  • Click each tab under Results and uncheck any items you want to keep
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Click OK twice to finish the removal process by automatically rebooting your computer
  • Once completed an AdwCleaner document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-440912354-2210421725-969274775-1000\...\MountPoints2: {58977655-e4fe-11df-977c-e21ef94a908b} - F:\Install.exe
HKU\S-1-5-21-440912354-2210421725-969274775-1000\...\MountPoints2: {5d82a47d-2731-11e1-942d-001e101f82a7} - F:\AutoRun.exe
HKU\S-1-5-21-440912354-2210421725-969274775-1000\...\MountPoints2: {5d82a480-2731-11e1-942d-001e101f82a7} - F:\AutoRun.exe
HKU\S-1-5-21-440912354-2210421725-969274775-1000\...\MountPoints2: {99ddb68a-9e5d-11e1-977b-001e101f1053} - F:\AutoRun.exe
HKU\S-1-5-21-440912354-2210421725-969274775-1000\...\MountPoints2: {9b93e9eb-c008-11e0-b930-0026189d3c85} - F:\AutoRun.exe
HKU\S-1-5-21-440912354-2210421725-969274775-1000\...\MountPoints2: {9b93e9f0-c008-11e0-b930-0026189d3c85} - F:\AutoRun.exe
HKU\S-1-5-21-440912354-2210421725-969274775-1000\...\MountPoints2: {ad0cfd32-fcb5-11e0-a8fa-0026189d3c85} - F:\AutoRun.exe
HKU\S-1-5-21-440912354-2210421725-969274775-1000\...\MountPoints2: {ad0cfd64-fcb5-11e0-a8fa-0026189d3c85} - F:\AutoRun.exe
HKU\S-1-5-21-440912354-2210421725-969274775-1000\...\MountPoints2: {ad0cfd7b-fcb5-11e0-a8fa-0026189d3c85} - F:\AutoRun.exe
HKU\S-1-5-21-440912354-2210421725-969274775-1000\...\MountPoints2: {ad0cfd91-fcb5-11e0-a8fa-0026189d3c85} - F:\AutoRun.exe
HKU\S-1-5-21-440912354-2210421725-969274775-1000\...\MountPoints2: {ad0cfee3-fcb5-11e0-a8fa-0026189d3c85} - H:\AutoRun.exe
HKU\S-1-5-21-440912354-2210421725-969274775-1000\...\MountPoints2: {c4966918-0e9c-11e1-901f-001e101fabdd} - F:\AutoRun.exe
HKU\S-1-5-21-440912354-2210421725-969274775-1000\...\MountPoints2: {c6b6f782-015e-11e0-8ba1-fe0f6c1daa8e} - F:\Install.exe
HKU\S-1-5-21-440912354-2210421725-969274775-1000\...\MountPoints2: {f257f440-1f12-11e1-8fe9-0026189d3c85} - F:\AutoRun.exe
HKU\S-1-5-21-440912354-2210421725-969274775-1000\...\MountPoints2: {fe0fa572-85fb-11e1-937b-001e101f859f} - F:\AutoRun.exe
HKU\S-1-5-21-440912354-2210421725-969274775-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> none
URLSearchHook: HKLM - (No Name) - {098d800d-0712-45ff-a3e4-686bd68f29f8}
SearchScopes: HKU\S-1-5-21-440912354-2210421725-969274775-1000 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StOI93zwfugoWJItNRYPZ4VbE2sMC5kTdDjUEv72ckUzx8YVRqSA3sl6kayd07pcrphb2l-eFAAuE4c_C5fZDgzWpPLZK6VuLFpQjJv0Am4HObHla11nXdbZnwix7kVSSB3GsIggW3jjseMJd52mvrgo402mQLQLBPmrZsbyjPmXsjS9HYyilslk2uiw8URGKEtTptZJud&q={searchTerms}
SearchScopes: HKU\S-1-5-21-440912354-2210421725-969274775-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StOI93zwfugoWJItNRYPZ4VbE2sMC5kTdDjUEv72ckUzx8YVRqSA3sl6kayd07pcrphb2l-eFAAuE4c_C5fZDgzWpPLZK6VuLFpQjJv0Am4HObHla11nXdbZnwix7kVSSB3GsIggW3jjseMJd52mvrgo402mQLQLBPmrZsbyjPmXsjS9HYyilslk2uiw8URGKEtTptZJud&q={searchTerms}
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670}
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO: No Name -> {30F9B915-B755-4826-820B-08FBA6BD249D} -> No File
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22] (Microsoft Corporation)
BHO: No Name -> {84FF7BD6-B47F-46F8-9130-01B2696B36CB} -> No File
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKU\S-1-5-21-440912354-2210421725-969274775-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-440912354-2210421725-969274775-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\S-1-5-21-440912354-2210421725-969274775-1000 -> No Name - {098D800D-0712-45FF-A3E4-686BD68F29F8} - No File
Toolbar: HKU\S-1-5-21-440912354-2210421725-969274775-1000 -> No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
StartMenuInternet: IEXPLORE.EXE - c:\program files\internet explorer\iexplore.exe hxxp://www.delta-homes.com/?type=sc&ts=1426769146&from=wpm031932&uid=ST9500325AS_6VE1DZRTXXXX6VE1DZRT
FF ProfilePath: C:\Users\a\Desktop\Old Firefox Data [not found] <==== ATTENTION
FF Extension: (No Name) - C:\Users\a\AppData\Roaming\Mozilla\Firefox\Profiles\h94qd0e1.default-1465380852298\Extensions\d.lehr@chello.at.xpi [2017-10-05]
FF Extension: (No Name) - C:\Users\a\AppData\Roaming\Mozilla\Firefox\Profiles\h94qd0e1.default-1465380852298\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2018-01-01]
FF HKLM\...\Firefox\Extensions: [Hotbar@Hotbar.com] - C:\Program Files\Hotbar\bin\11.0.175.0\firefox\extensions 
FF HKLM\...\Firefox\Extensions: [ocr@babylon.com] - C:\Program Files\Babylon\Babylon-Pro\Utils\ocr@babylon.com
C:\Program Files\Babylon
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll
FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dl
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\dsengine.js [2018-01-01] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\dsengine.cfg [2018-01-01] <==== ATTENTION
CHR HKLM\...\Chrome\Extension: [ainbkicbloikcngphmjfpjdemblcojdd] - C:\Users\a\AppData\Local\Google\Chrome\User Data\Default\Extensions\slidebar.crx
CHR HKLM\...\Chrome\Extension: [ogfjmhfnldnajmfaofeiaepghjenbgjo] - C:\Users\a\AppData\Local\Google\Chrome\User Data\Default\Extensions\ep.crx
CHR HKLM\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\a\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx
CHR HKU\S-1-5-21-440912354-2210421725-969274775-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\a\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx
R2 HPSLPSVC; C:\Users\a\AppData\Local\Temp\7zS7532\hpslpsvc32.dll [701288 2012-08-27] (Hewlett-Packard Co.) 
S2 ASMMAP; \??\C:\Program Files\ATKGFNEX\ASMMAP.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys
S2 ghaio; \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys
S3 ipswuio; System32\DRIVERS\ipswuio.sys
S1 iSafeKrnlMon; \??\C:\Program Files\Elex-tech\YAC\iSafeKrnlMon.sys
C:\Program Files\Elex-tech
U4 secdrv; no ImagePath
S1 ttnfd; system32\drivers\ttnfd.sys
2012-07-27 14:37 - 2011-05-14 12:46 - 000800272 _____ (MyWebSearch.com) C:\Program Files\Uninstall Fun Web Products.dll
2010-07-07 18:41 - 2002-07-26 16:02 - 000153088 ____N () C:\Program Files\UNWISE.EXE
2011-04-30 12:43 - 2011-04-30 12:43 - 003002471 _____ (MyWebSearch.com) C:\Users\a\AppData\Local\mwsautSp.exe
2014-10-04 17:42 - 2014-10-04 17:41 - 000612080 _____ (ClickMeIn Limited) C:\Users\a\AppData\Local\nsw69EF.tmp
2016-11-20 15:29 - 2016-11-20 15:29 - 000020480 ____T () C:\Users\a\AppData\Local\uninstall.tmp
C:\Windows\System32\defragproxy.dll
ShellIconOverlayIdentifiers: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69}
ShellIconOverlayIdentifiers: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249}
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}
ContextMenuHandlers1: [ADSMEnDecExt] -> {8BB925EB-A385-4F4D-B463-D9CC4A4F98F5}
Task: {061C22AD-626B-459A-A742-5FBA2FFE3E54} - System32\Tasks\{75E4556E-079D-4662-9601-208483DFCDD6} => C:\Windows\system32\pcalua.exe -a "C:\Users\a\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BFNTZQPF\JavaSetup6u21[2].exe" -d C:\Users\a\Desktop
Task: {0F3251B6-6724-4E5F-851A-315D7742C259} - System32\Tasks\{C2FE96A9-14BF-42D8-907B-B34DFA47C056} => C:\Windows\system32\pcalua.exe -a E:\Setup.exe -d E:\
Task: {27366C5B-4D60-4483-AE88-2A6C24678566} - System32\Tasks\{356D2F41-59D9-4CC3-BD3E-8B4C8B4666CA} => C:\Windows\System32\java.exe
C:\Windows\System32\java.exe
Task: {29B40D77-2733-4751-96B4-3E9936A3A993} - System32\Tasks\{061916CD-94B3-4A7E-A669-3B5219426FF3} => E:\SETUP.EXE
Task: {2BC97E60-74DC-4ED2-A652-F7F990084D8F} - System32\Tasks\{2D7F485A-74FC-4E61-BCEA-A67D6EEEE31F} => C:\Windows\system32\pcalua.exe -a C:\Windows\UbiSoft\SetupUbi.exe -d C:\Windows\UbiSoft -c -play rayman2
Task: {35758669-2717-4D75-94E1-FEB951E3907B} - System32\Tasks\{2C16FE3F-0FA7-437D-A7AC-A395733FFA3C} => C:\Windows\system32\pcalua.exe -a "C:\Users\a\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DBZ9PZL3\InstallWoW[2].exe" -d C:\Users\a\Desktop
Task: {3C3393D9-17F3-4C50-A621-C9308612D369} - System32\Tasks\{EF97409C-B48A-44A0-A436-10FBD6CF7280} => C:\Windows\system32\pcalua.exe -a C:\Users\a\Documents\Henry\JavaSetup6u21.exe -d C:\Users\a\Desktop
Task: {40B6DBEE-E08C-49D6-B6F7-BDE035B4EF9D} - System32\Tasks\Advanced File Optimizer_checkupdate_startup => C:\Program Files\Advanced File Optimizer\AdvancedFileOptimizer.exe
Task: {43034970-EE92-4478-9831-988339133180} - System32\Tasks\APSnotifierPP2 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
C:\Program Files\AnyProtectEx
Task: {4D78FCE7-9279-424E-926E-CFEBAB8A035D} - System32\Tasks\{F3356251-0B03-4362-8E3B-8647F4BC5F32} => C:\Windows\system32\pcalua.exe -a C:\PROGRA~1\UNWISE.EXE -c /U C:\PROGRA~1\INSTALL.LOG
Task: {5D5D9180-0116-4DD8-B0C4-62BB0E90082A} - System32\Tasks\{512F55F3-0C39-4E89-A852-487D49E6492A} => C:\Windows\system32\pcalua.exe -a "E:\Redis\Install Flash Player 9 AX.exe" -d E:\Redis
Task: {5FB703CF-FA02-475F-8DBF-FE004E6E91E6} - System32\Tasks\{4E561AD7-65F1-4DCC-A54F-0FCB6D565628} => C:\Windows\system32\pcalua.exe -a C:\Users\a\Downloads\Oryte_Games_2.exe -d C:\Users\a\Downloads
Task: {612D9E0B-2743-4AA6-8E96-1D559BA71144} - System32\Tasks\{8BB7623A-1201-4265-A821-56757A5EBB37} => C:\Windows\System32\java.exe
Task: {6985E395-F0F7-4A75-9B03-4FE55F73DA9F} - System32\Tasks\{A345E3D7-0CEE-435E-ACD3-5B3EFBA982C2} => C:\Windows\system32\pcalua.exe -a C:\PROGRA~1\EIDOSI~1\HITMAN~1\uninstall.exe
Task: {6C990B00-0FAC-4704-9B53-42D9C5060A8A} - System32\Tasks\APSnotifierPP3 => C:\Program Files\AnyProtectEx\AnyProtect.exe
Task: {A64FDB48-55FC-4526-A2CA-BB523899809C} - System32\Tasks\{7B7A6E6D-064A-43C0-AF51-0130CD293F58} => C:\Windows\system32\pcalua.exe -a C:\Users\a\AppData\Local\Temp\Temp1_IGI2-sp_demo_updated.zip\Setup.exe
Task: {A6CFD10C-4B31-4615-B02E-53721E6F3A4E} - System32\Tasks\{C86E18E9-F93F-40DF-866F-2DEBF8945411} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriver.exe" -d C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\ -c /M{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}
Task: {A9C84D31-5AA8-4574-8153-0790DA42E00E} - System32\Tasks\{2BF75FDB-F92D-4008-A2D4-1112AF59C2A0} => C:\Windows\system32\pcalua.exe -a "C:\Users\a\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F1HAGT3X\GraboidVideoSetup-2.01b-Complete[1].exe" -d C:\Users\a\Desktop
Task: {AC34CA2B-9C12-4C53-A727-CC5EC0E700F6} - System32\Tasks\{83804A81-A90A-465F-B4DA-504C9996729E} => C:\Windows\system32\pcalua.exe -a "C:\Users\a\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DBZ9PZL3\frozen_throne_beta_pc[1].exe" -d C:\Users\a\Desktop
Task: {B550FA6D-560F-4B11-8307-5A1DFC6DDE7B} - System32\Tasks\{3B66C7E8-D615-4E48-93DF-87443C9CD9B2} => C:\Windows\system32\pcalua.exe -a "C:\Users\a\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AKMCW71Q\SetupOneCare[1].exe" -d C:\Users\a\Desktop
Task: {B62BB7E1-0336-4F8C-A088-81AD04A7DB35} - System32\Tasks\{292BCD5B-436F-4ACA-A7BB-2F351ADA9F73} => C:\Windows\system32\pcalua.exe -a "C:\Users\a\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BFNTZQPF\Oryte_Games_2[1].exe" -d C:\Users\a\Desktop
Task: {C3A69BF2-41B6-44D2-BADA-C64DDC491465} - System32\Tasks\RunAsStdUser Task for VeohWebPlayer => C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\Veoh Networks
Task: {D683DA90-E606-4D94-B9B7-C8E5838397D2} - System32\Tasks\{737EA531-9679-4F38-AC75-C5B814A23DF1} => C:\Windows\system32\pcalua.exe -a E:\autorun.exe -d E:\
Task: {D8C24839-E769-4E12-BC38-5879D607529B} - System32\Tasks\{01A78403-1947-44CC-B5C5-EE71656EA004} => C:\Windows\system32\pcalua.exe -a C:\Users\a\AppData\Local\Temp\Temp1_Warcraft3_Demo[1].zip\W3Demo.exe <==== ATTENTION
Task: {ED38C19C-B3F1-4E99-893E-3CD446D3B227} - System32\Tasks\APSnotifierPP1 => C:\Program Files\AnyProtectEx\AnyProtect.exe
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files\AnyProtectEx\AnyProtect.exe
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files\AnyProtectEx\AnyProtect.exe
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files\AnyProtectEx\AnyProtect.exe
AlternateDataStreams: C:\ProgramData\Temp:07BF512B [135]
DeleteKey: to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mbot_it_103 =>
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Running Chkdsk /r From Command Prompt with Report Using Powershell

--------------------
  • Close any open programs
  • Click Start, type Powershell, right click Windows Powershell above and select Run as administrator
  • Copy and paste the following after the Command Prompt and press Enter

cmd /c echo y|chkdsk /r c: /r | shutdown /r /t 05

  • Please allow the system to reboot on its own and run the program. This may take a bit of time
  • When completed your system will automatically reboot
  • Launch Powershell in the same manner as before
  • Copy and paste the following line after the Command Prompt and press Enter

get-winevent -FilterHashTable @{logname="Application"; id="1001"}| ?{$_.providername match "wininit"} | fl timecreated, message | out-file "C:\Users\a\Desktop\chkdsk.txt"

  • A chkdsk.txt file will be created on your Desktop
  • Copy and paste the contents of the document in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Messages?
  • AdwCleaner log
  • Fixlog
  • chkdsk.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 abruzzojohn

abruzzojohn
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 12 February 2018 - 10:57 AM

hi gary my name is john,thank you for helping,i am getting an error with the last part of the powershell part unexpected token match in expression or statement  line :1 char :91 so have no chkdsk.txt file yet, i stopped p2p and have run all the other parts as you instructed so please get back with what i should do next

thank you and rgds john



#4 abruzzojohn

abruzzojohn
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 12 February 2018 - 11:11 AM

Gary
attachedthe adw txt files and fixlog txt
# AdwCleaner 7.0.8.0 - Logfile created on Mon Feb 12 12:55:13 2018
# Updated on 2018/08/02 by Malwarebytes
# Running on Windows 7 Home Premium (X86)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\Program Files\globalUpdate
Deleted: C:\Users\a\AppData\Local\globalUpdate
Deleted: C:\Program Files\predm
Deleted: C:\Program Files\ASP
Deleted: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater
Deleted: C:\Users\a\AppData\Roaming\ProgSense
Deleted: C:\Users\a\AppData\Roaming\download Manager
Deleted: C:\Users\a\AppData\Roaming\337Games
Deleted: C:\Users\a\AppData\Roaming\ap_logs
Deleted: C:\Users\a\AppData\Roaming\awesomehp
Deleted: C:\ProgramData\blekko toolbars
Deleted: C:\ProgramData\Application Data\blekko toolbars
Deleted: C:\Users\All Users\blekko toolbars
Deleted: C:\Users\a\AppData\Local\blekkotb_031
Deleted: C:\Users\a\AppData\LocalLow\ConduitEngine
Deleted: C:\Users\a\AppData\Roaming\DriverCure
Deleted: C:\Program Files\Expat Shield
Deleted: C:\Users\a\AppData\Roaming\FIXIO PC Utilities
Deleted: C:\Users\a\AppData\Roaming\GrabPro
Deleted: C:\Users\a\AppData\Local\torch
Deleted: C:\Users\Administrator\AppData\Local\torch
Deleted: C:\Users\ASPNET\AppData\Local\torch
Deleted: C:\Users\Guest\AppData\Local\torch
Deleted: C:\Users\a\AppData\Roaming\Uniblue
Deleted: C:\ProgramData\WPM
Deleted: C:\ProgramData\Application Data\WPM
Deleted: C:\Users\All Users\WPM
Deleted: C:\Program Files\myfree codec
Deleted: C:\Users\a\AppData\Roaming\Yahoo!\Companion
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
Deleted: C:\ProgramData\ytd video downloader
Deleted: C:\ProgramData\Application Data\ytd video downloader
Deleted: C:\Users\All Users\ytd video downloader
Deleted: C:\ProgramData\Ask
Deleted: C:\ProgramData\Application Data\Ask
Deleted: C:\Users\All Users\Ask
Deleted: C:\Users\a\AppData\LocalLow\ShoppingReport
Deleted: C:\Users\a\AppData\Local\Chromatic Browser
Deleted: C:\Users\Administrator\AppData\Local\Chromatic Browser
Deleted: C:\Users\ASPNET\AppData\Local\Chromatic Browser
Deleted: C:\Users\Guest\AppData\Local\Chromatic Browser
Deleted: C:\Users\a\AppData\LocalLow\Conduit
Deleted: C:\ProgramData\HotbarSA
Deleted: C:\ProgramData\Application Data\HotbarSA
Deleted: C:\Users\All Users\HotbarSA
Deleted: C:\Users\a\AppData\Roaming\WeatherDPA
Deleted: C:\Users\a\AppData\LocalLow\MyWebSearch
Deleted: C:\Users\a\AppData\Roaming\OfferBox
Deleted: C:\Users\a\AppData\Roaming\Search Settings
Deleted: C:\Users\a\AppData\Local\BoBrowser
Deleted: C:\Users\a\AppData\Local\MalwareProtectionLive
Deleted: C:\ProgramData\SpeedyPC Software
Deleted: C:\ProgramData\Application Data\SpeedyPC Software
Deleted: C:\Users\All Users\SpeedyPC Software
Deleted: C:\ProgramData\IePluginService
Deleted: C:\ProgramData\Application Data\IePluginService
Deleted: C:\Users\All Users\IePluginService
Deleted: C:\ProgramData\apn
Deleted: C:\ProgramData\Application Data\apn
Deleted: C:\Users\All Users\apn
Deleted: C:\Users\a\AppData\Roaming\EZDownloader
Deleted: C:\Users\a\AppData\Local\OpenCandy
Deleted: C:\Users\a\AppData\Roaming\OpenCandy
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion
Deleted: C:\ProgramData\IePluginServices
Deleted: C:\ProgramData\Application Data\IePluginServices
Deleted: C:\Users\All Users\IePluginServices
Deleted: C:\Program Files\WinZipper
Deleted: C:\Program Files\DownloadManager
Deleted: C:\ProgramData\Systweak
Deleted: C:\ProgramData\Application Data\Systweak
Deleted: C:\Users\a\AppData\Roaming\Systweak
Deleted: C:\Users\All Users\Systweak
Deleted: C:\Users\a\AppData\Roaming\Auslogics
Deleted: C:\ProgramData\TheAdBlock
Deleted: C:\ProgramData\Application Data\TheAdBlock
Deleted: C:\Users\All Users\TheAdBlock
Deleted: C:\Users\a\AppData\LocalLow\ShoppingReport2
Deleted: C:\ProgramData\TheAdBlock
Deleted: C:\ProgramData\Application Data\TheAdBlock
Deleted: C:\Users\All Users\TheAdBlock
Deleted: C:\Program Files\Trellian
Deleted: C:\Users\a\AppData\Local\VirtualStore\Program Files\Trellian
Deleted: C:\Users\a\AppData\Roaming\Trellian
Deleted: C:\ProgramData\1a57431a363d4ff9


***** [ Files ] *****

Deleted: C:\Windows\System32\sasnative32.exe
Deleted: C:\Windows\System32\conduitEngine.tmp
Deleted: C:\Windows\System32\roboot.exe
Deleted: C:\ProgramData\YouTube Downloader\ytd_installer.exe
Deleted: C:\ProgramData\Application Data\YouTube Downloader\ytd_installer.exe
Deleted: C:\Users\All Users\YouTube Downloader\ytd_installer.exe
Deleted: C:\Windows\System32\drivers\Msft_Kernel_webinstrNew_01009.Wdf
Deleted: C:\Users\a\AppData\Roaming\Mozilla\Firefox\Profiles\h94qd0e1.default-1465380852298\searchplugins\bing-lavasoft.xml
Deleted: C:\Program Files\\MOZILLA FIREFOX\DSENGINE.CFG
Deleted: C:\Program Files\\MOZILLA FIREFOX\DEFAULTS\PREF\DSENGINE.JS
Deleted: C:\Windows\System32\drivers\MSFT_KERNEL_WEBINSTR_01009.WDF
Deleted: C:\Windows\System32\drivers\DrvAgent32.sys
Deleted: C:\Windows\System32\drivers\DrvAgent32.sys


***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted: APSnotifierPP3
Deleted: APSnotifierPP2
Deleted: APSnotifierPP1
Deleted: ASP
Deleted: RunAsStdUser Task for VeohWebPlayer


***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Deleted: [Key] - HKU\S-1-5-21-440912354-2210421725-969274775-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Deleted: [Key] - HKLM\SOFTWARE\winzipersvc
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
Deleted: [Value] - HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command|
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Deleted: [Key] - HKU\S-1-5-21-440912354-2210421725-969274775-1000\Software\AppDataLow\Software\Settings Manager
Deleted: [Key] - HKCU\Software\AppDataLow\Software\Settings Manager
Deleted: [Key] - HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Deleted: [Key] - HKU\S-1-5-19\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Deleted: [Key] - HKU\S-1-5-20\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Deleted: [Key] - HKU\S-1-5-21-440912354-2210421725-969274775-1000\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Deleted: [Key] - HKU\S-1-5-18\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Deleted: [Key] - HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Deleted: [Key] - HKLM\SOFTWARE\Clara
Deleted: [Key] - HKU\S-1-5-21-440912354-2210421725-969274775-1000\Software\SIMPLYTECH
Deleted: [Key] - HKCU\Software\SIMPLYTECH
Deleted: [Key] - HKU\S-1-5-21-440912354-2210421725-969274775-1000\Software\ProgSense
Deleted: [Key] - HKCU\Software\ProgSense
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E8C2E2D-7F21-2CF5-0ADB-64935121ECF0}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
Deleted: [Key] - HKU\S-1-5-21-440912354-2210421725-969274775-1000\Software\Appscion
Deleted: [Key] - HKCU\Software\Appscion
Deleted: [Key] - HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Deleted: [Key] - HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Deleted: [Key] - HKU\S-1-5-21-440912354-2210421725-969274775-1000\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Deleted: [Key] - HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Deleted: [Key] - HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FDB962F0-B5B8-9460-D12F-7966E97BAA43}
Deleted: [Key] - HKU\S-1-5-21-440912354-2210421725-969274775-1000\Software\APN PIP
Deleted: [Key] - HKCU\Software\APN PIP
Deleted: [Key] - HKU\S-1-5-21-440912354-2210421725-969274775-1000\Software\FIXIO PC Utilities
Deleted: [Key] - HKCU\Software\FIXIO PC Utilities
Deleted: [Key] - HKU\S-1-5-21-440912354-2210421725-969274775-1000\Software\GlobalUpdate
Deleted: [Key] - HKCU\Software\GlobalUpdate
Deleted: [Key] - HKLM\SOFTWARE\hdcode
Deleted: [Key] - HKLM\SOFTWARE\IePlugin
Deleted: [Key] - HKLM\SOFTWARE\Offerbox
Deleted: [Key] - HKU\S-1-5-21-440912354-2210421725-969274775-1000\Software\Offerbox
Deleted: [Key] - HKCU\Software\Offerbox
Deleted: [Key] - HKLM\SOFTWARE\PIP
Deleted: [Key] - HKLM\SOFTWARE\speedypc software
Deleted: [Key] - HKU\S-1-5-21-440912354-2210421725-969274775-1000\Software\speedypc software
Deleted: [Key] - HKCU\Software\speedypc software
Deleted: [Key] - HKLM\SOFTWARE\Uniblue
Deleted: [Key] - HKU\S-1-5-21-440912354-2210421725-969274775-1000\Software\V9
Deleted: [Key] - HKCU\Software\V9
Deleted: [Key] - HKU\S-1-5-21-440912354-2210421725-969274775-1000\Software\YahooPartnerToolbar
Deleted: [Key] - HKCU\Software\YahooPartnerToolbar
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF987D06-1DCF-7B36-5B43-13BC8699C44C}
Deleted: [Key] - HKLM\SOFTWARE\Yahoo\Companion
Deleted: [Key] - HKU\S-1-5-21-440912354-2210421725-969274775-1000\Software\Yahoo\Companion
Deleted: [Key] - HKU\S-1-5-21-440912354-2210421725-969274775-1000\Software\AppDataLow\Software\Yahoo\Companion
Deleted: [Key] - HKCU\Software\Yahoo\Companion
Deleted: [Key] - HKCU\Software\AppDataLow\Software\Yahoo\Companion
Deleted: [Key] - HKU\S-1-5-21-440912354-2210421725-969274775-1000\Software\Yahoo\YFriendsBar
Deleted: [Key] - HKCU\Software\Yahoo\YFriendsBar
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21}
Deleted: [Key] - HKU\S-1-5-21-440912354-2210421725-969274775-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21}
Deleted: [Key] - HKLM\SOFTWARE\Lavasoft\Web Companion
Deleted: [Key] - HKU\S-1-5-21-440912354-2210421725-969274775-1000\Software\Lavasoft\Web Companion
Deleted: [Key] - HKCU\Software\Lavasoft\Web Companion
Deleted: [Key] - HKU\S-1-5-21-440912354-2210421725-969274775-1000\Software\simplytech
Deleted: [Key] - HKCU\Software\simplytech
Deleted: [Value] - HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{AE07101B-46D4-4A98-AF68-0333EA26E113}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Deleted: [Value] - HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{21FA44EF-376D-4D53-9B0F-8A89D3229068}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{2F9AD413-2E0B-4A85-BB2A-CF961238262A}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4F36-8D02-8C43722EE5DA}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7854F00C-DC77-477E-A10E-603F48442D3B}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{8C788AA2-7530-43BE-97B7-4D491F13BEA3}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Deleted: [Value] - HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{C55BBCD6-41AD-48AD-9953-3609C48EACC7}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48DD-9B6D-7A13A3E42127}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40FD-8DAE-FF14757F60C7}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{BAB04997-93AD-4C13-805A-0409199700BB}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{7D831388-D405-4272-9511-A07440AD2927}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
Deleted: [Key] - HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}
Deleted: [Key] - HKCU\Toolbar
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\escort.DLL
Deleted: [Key] - HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\YMERemote.DLL
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted: [Key] - HKLM\SOFTWARE\MozillaPlugins\@pandonetworks.com\PandoWebPlugin
Deleted: [Key] - HKLM\SOFTWARE\Classes\Record\{181480C8-90AC-3430-B39A-CD121E034A1A}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Record\{8F54FA54-1DF8-3B20-890C-CDD95364BC95}
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Control\iSafeKrnlBoot
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Deleted: [Key] - HKU\S-1-5-21-440912354-2210421725-969274775-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Deleted: [Key] - HKLM\SOFTWARE\ShoppingReport
Deleted: [Key] - HKU\S-1-5-21-440912354-2210421725-969274775-1000\Software\ShoppingReport
Deleted: [Key] - HKU\S-1-5-21-440912354-2210421725-969274775-1000\Software\AppDataLow\Software\ShoppingReport
Deleted: [Key] - HKCU\Software\ShoppingReport
Deleted: [Key] - HKCU\Software\AppDataLow\Software\ShoppingReport
Deleted: [Key] - HKU\S-1-5-21-440912354-2210421725-969274775-1000\Software\Softonic
Deleted: [Key] - HKCU\Software\Softonic
Deleted: [Key] - HKLM\SOFTWARE\SweetIM
Deleted: [Key] - HKU\S-1-5-21-440912354-2210421725-969274775-1000\Software\SweetIM
Deleted: [Key] - HKCU\Software\SweetIM
Deleted: [Key] - HKU\S-1-5-21-440912354-2210421725-969274775-1000\Software\AppDataLow\Software\FunWebProducts
Deleted: [Key] - HKCU\Software\AppDataLow\Software\FunWebProducts
Deleted: [Key] - HKLM\SOFTWARE\Fun Web Products
Deleted: [Key] - HKU\S-1-5-21-440912354-2210421725-969274775-1000\Software\AppDataLow\Software\Fun Web Products
Deleted: [Key] - HKCU\Software\AppDataLow\Software\Fun Web Products
Deleted: [Key] - HKU\S-1-5-21-440912354-2210421725-969274775-1000\Software\AppDataLow\Software\Hotbar
Deleted: [Key] - HKCU\Software\AppDataLow\Software\Hotbar
Deleted: [Key] - HKU\S-1-5-21-440912354-2210421725-969274775-1000\Software\hotbarsa
Deleted: [Key] - HKCU\Software\hotbarsa
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Deleted: [Key] - HKU\S-1-5-21-440912354-2210421725-969274775-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Deleted: [Key] - HKLM\SOFTWARE\Iminent
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Deleted: [Key] - HKU\S-1-5-21-440912354-2210421725-969274775-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Deleted: [Key] - HKLM\SOFTWARE\MyWebSearch
Deleted: [Key] - HKU\S-1-5-21-440912354-2210421725-969274775-1000\Software\MyWebSearch
Deleted: [Key] - HKU\S-1-5-21-440912354-2210421725-969274775-1000\Software\AppDataLow\Software\MyWebSearch
Deleted: [Key] - HKCU\Software\MyWebSearch
Deleted: [Key] - HKCU\Software\AppDataLow\Software\MyWebSearch
Deleted: [Key] - HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
Deleted: [Key] - HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
Deleted: [Key] - HKU\S-1-5-18\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
Deleted: [Key] - HKU\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
Deleted: [Key] - HKU\S-1-5-21-440912354-2210421725-969274775-1000\Software\AppDataLow\Software\Crossrider
Deleted: [Key] - HKCU\Software\AppDataLow\Software\Crossrider
Deleted: [Key] - HKU\S-1-5-21-440912354-2210421725-969274775-1000\Software\BoBrowser
Deleted: [Key] - HKCU\Software\BoBrowser
Deleted: [Key] - HKU\S-1-5-21-440912354-2210421725-969274775-1000\Software\AppDataLow\Software\BlockAndSurf
Deleted: [Key] - HKCU\Software\AppDataLow\Software\BlockAndSurf
Deleted: [Key] - HKLM\SOFTWARE\delta-homesSoftware
Deleted: [Key] - HKU\S-1-5-21-440912354-2210421725-969274775-1000\Software\AnyProtect
Deleted: [Key] - HKCU\Software\AnyProtect
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID|{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Deleted: [Key] - HKLM\SOFTWARE\Tutorials
Deleted: [Key] - HKU\S-1-5-21-440912354-2210421725-969274775-1000\Software\TutoTag
Deleted: [Key] - HKCU\Software\TutoTag
Deleted: [Key] - HKLM\SOFTWARE\Toolbar
Deleted: [Key] - HKU\S-1-5-21-440912354-2210421725-969274775-1000\Software\Toolbar
Deleted: [Key] - HKU\S-1-5-21-440912354-2210421725-969274775-1000\Software\AppDataLow\Toolbar
Deleted: [Key] - HKCU\Software\Toolbar
Deleted: [Key] - HKCU\Software\AppDataLow\Toolbar
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginService
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Deleted: [Key] - HKU\S-1-5-21-440912354-2210421725-969274775-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Deleted: [Key] - HKU\S-1-5-21-440912354-2210421725-969274775-1000\Software\AppDataLow\Software\Crossrider
Deleted: [Key] - HKCU\Software\AppDataLow\Software\Crossrider
Deleted: [Key] - HKLM\SOFTWARE\systweak
Deleted: [Key] - HKU\S-1-5-21-440912354-2210421725-969274775-1000\Software\systweak
Deleted: [Key] - HKCU\Software\systweak
Deleted: [Key] - HKLM\SOFTWARE\awesomehpSoftware
Deleted: [Key] - HKU\S-1-5-21-440912354-2210421725-969274775-1000\Software\TNT2
Deleted: [Key] - HKCU\Software\TNT2
Deleted: [Key] - HKU\S-1-5-21-440912354-2210421725-969274775-1000\Software\AppDataLow\Software\SpeedChecker
Deleted: [Key] - HKCU\Software\AppDataLow\Software\SpeedChecker
Deleted: [Key] - HKLM\SOFTWARE\REG\CLEAN\pro
Deleted: [Key] - HKU\S-1-5-21-440912354-2210421725-969274775-1000\Software\REG\CLEAN\pro
Deleted: [Key] - HKCU\Software\REG\CLEAN\pro
Deleted: [Key] - HKLM\SOFTWARE\TermTutor
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3D0F43D9-C1D7-733C-01F8-4A3001BF8CC3}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Deleted: [Key] - HKU\S-1-5-21-440912354-2210421725-969274775-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Deleted: [Key] - HKU\S-1-5-21-440912354-2210421725-969274775-1000\Software\Auslogics
Deleted: [Key] - HKCU\Software\Auslogics
Deleted: [Key] - HKU\S-1-5-21-440912354-2210421725-969274775-1000\Software\InstallCore
Deleted: [Key] - HKCU\Software\InstallCore
Deleted: [Key] - HKU\.DEFAULT\Software\AppDataLow\Software\GoHD
Deleted: [Key] - HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\GoHD
Deleted: [Key] - HKU\S-1-5-21-440912354-2210421725-969274775-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\GoHD
Deleted: [Key] - HKU\S-1-5-18\Software\AppDataLow\Software\GoHD
Deleted: [Key] - HKU\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\GoHD
Deleted: [Key] - HKU\S-1-5-21-440912354-2210421725-969274775-1000\Software\AppDataLow\Software\ShoppingReport2
Deleted: [Key] - HKCU\Software\AppDataLow\Software\ShoppingReport2
Deleted: [Key] - HKLM\SOFTWARE\Reg\Clean
Deleted: [Key] - HKU\S-1-5-21-440912354-2210421725-969274775-1000\Software\Reg\Clean
Deleted: [Key] - HKCU\Software\Reg\Clean
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
Deleted: [Key] - HKLM\SOFTWARE\Classes\Toolbar.CT2086743
Deleted: [Key] - HKLM\SOFTWARE\Classes\Toolbar.CT2452477
Deleted: [Key] - HKLM\SOFTWARE\Classes\Toolbar.CT2549263
Deleted: [Key] - HKLM\SOFTWARE\Classes\Applications\iLividSetupV1.exe
Deleted: [Key] - HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

Plugin deleted: Quick Sidebar -
Plugin deleted: Extended Protection -
Plugin deleted: Quick start -


*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/.~lock.AdwCleaner[S0].txt# - [89 B] - [2018/2/12 12:36:25]
C:/AdwCleaner/AdwCleaner[S0].txt - [32155 B] - [2018/2/12 12:31:32]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

Fix result of Farbar Recovery Scan Tool (x86) Version: 10.02.2018 02
Ran by a (12-02-2018 16:10:46) Run:1
Running from C:\Users\a\Desktop
Loaded Profiles: a (Available Profiles: a & admin)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-440912354-2210421725-969274775-1000\...\MountPoints2: {58977655-e4fe-11df-977c-e21ef94a908b} - F:\Install.exe
HKU\S-1-5-21-440912354-2210421725-969274775-1000\...\MountPoints2: {5d82a47d-2731-11e1-942d-001e101f82a7} - F:\AutoRun.exe
HKU\S-1-5-21-440912354-2210421725-969274775-1000\...\MountPoints2: {5d82a480-2731-11e1-942d-001e101f82a7} - F:\AutoRun.exe
HKU\S-1-5-21-440912354-2210421725-969274775-1000\...\MountPoints2: {99ddb68a-9e5d-11e1-977b-001e101f1053} - F:\AutoRun.exe
HKU\S-1-5-21-440912354-2210421725-969274775-1000\...\MountPoints2: {9b93e9eb-c008-11e0-b930-0026189d3c85} - F:\AutoRun.exe
HKU\S-1-5-21-440912354-2210421725-969274775-1000\...\MountPoints2: {9b93e9f0-c008-11e0-b930-0026189d3c85} - F:\AutoRun.exe
HKU\S-1-5-21-440912354-2210421725-969274775-1000\...\MountPoints2: {ad0cfd32-fcb5-11e0-a8fa-0026189d3c85} - F:\AutoRun.exe
HKU\S-1-5-21-440912354-2210421725-969274775-1000\...\MountPoints2: {ad0cfd64-fcb5-11e0-a8fa-0026189d3c85} - F:\AutoRun.exe
HKU\S-1-5-21-440912354-2210421725-969274775-1000\...\MountPoints2: {ad0cfd7b-fcb5-11e0-a8fa-0026189d3c85} - F:\AutoRun.exe
HKU\S-1-5-21-440912354-2210421725-969274775-1000\...\MountPoints2: {ad0cfd91-fcb5-11e0-a8fa-0026189d3c85} - F:\AutoRun.exe
HKU\S-1-5-21-440912354-2210421725-969274775-1000\...\MountPoints2: {ad0cfee3-fcb5-11e0-a8fa-0026189d3c85} - H:\AutoRun.exe
HKU\S-1-5-21-440912354-2210421725-969274775-1000\...\MountPoints2: {c4966918-0e9c-11e1-901f-001e101fabdd} - F:\AutoRun.exe
HKU\S-1-5-21-440912354-2210421725-969274775-1000\...\MountPoints2: {c6b6f782-015e-11e0-8ba1-fe0f6c1daa8e} - F:\Install.exe
HKU\S-1-5-21-440912354-2210421725-969274775-1000\...\MountPoints2: {f257f440-1f12-11e1-8fe9-0026189d3c85} - F:\AutoRun.exe
HKU\S-1-5-21-440912354-2210421725-969274775-1000\...\MountPoints2: {fe0fa572-85fb-11e1-937b-001e101f859f} - F:\AutoRun.exe
HKU\S-1-5-21-440912354-2210421725-969274775-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> none
URLSearchHook: HKLM - (No Name) - {098d800d-0712-45ff-a3e4-686bd68f29f8}
SearchScopes: HKU\S-1-5-21-440912354-2210421725-969274775-1000 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StOI93zwfugoWJItNRYPZ4VbE2sMC5kTdDjUEv72ckUzx8YVRqSA3sl6kayd07pcrphb2l-eFAAuE4c_C5fZDgzWpPLZK6VuLFpQjJv0Am4HObHla11nXdbZnwix7kVSSB3GsIggW3jjseMJd52mvrgo402mQLQLBPmrZsbyjPmXsjS9HYyilslk2uiw8URGKEtTptZJud&q={searchTerms}
SearchScopes: HKU\S-1-5-21-440912354-2210421725-969274775-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StOI93zwfugoWJItNRYPZ4VbE2sMC5kTdDjUEv72ckUzx8YVRqSA3sl6kayd07pcrphb2l-eFAAuE4c_C5fZDgzWpPLZK6VuLFpQjJv0Am4HObHla11nXdbZnwix7kVSSB3GsIggW3jjseMJd52mvrgo402mQLQLBPmrZsbyjPmXsjS9HYyilslk2uiw8URGKEtTptZJud&q={searchTerms}
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670}
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO: No Name -> {30F9B915-B755-4826-820B-08FBA6BD249D} -> No File
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22] (Microsoft Corporation)
BHO: No Name -> {84FF7BD6-B47F-46F8-9130-01B2696B36CB} -> No File
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKU\S-1-5-21-440912354-2210421725-969274775-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-440912354-2210421725-969274775-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\S-1-5-21-440912354-2210421725-969274775-1000 -> No Name - {098D800D-0712-45FF-A3E4-686BD68F29F8} - No File
Toolbar: HKU\S-1-5-21-440912354-2210421725-969274775-1000 -> No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
StartMenuInternet: IEXPLORE.EXE - c:\program files\internet explorer\iexplore.exe hxxp://www.delta-homes.com/?type=sc&ts=1426769146&from=wpm031932&uid=ST9500325AS_6VE1DZRTXXXX6VE1DZRT
FF ProfilePath: C:\Users\a\Desktop\Old Firefox Data [not found] <==== ATTENTION
FF Extension: (No Name) - C:\Users\a\AppData\Roaming\Mozilla\Firefox\Profiles\h94qd0e1.default-1465380852298\Extensions\d.lehr@chello.at.xpi [2017-10-05]
FF Extension: (No Name) - C:\Users\a\AppData\Roaming\Mozilla\Firefox\Profiles\h94qd0e1.default-1465380852298\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2018-01-01]
FF HKLM\...\Firefox\Extensions: [Hotbar@Hotbar.com] - C:\Program Files\Hotbar\bin\11.0.175.0\firefox\extensions
FF HKLM\...\Firefox\Extensions: [ocr@babylon.com] - C:\Program Files\Babylon\Babylon-Pro\Utils\ocr@babylon.com
C:\Program Files\Babylon
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll
FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dl
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\dsengine.js [2018-01-01] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\dsengine.cfg [2018-01-01] <==== ATTENTION
CHR HKLM\...\Chrome\Extension: [ainbkicbloikcngphmjfpjdemblcojdd] - C:\Users\a\AppData\Local\Google\Chrome\User Data\Default\Extensions\slidebar.crx
CHR HKLM\...\Chrome\Extension: [ogfjmhfnldnajmfaofeiaepghjenbgjo] - C:\Users\a\AppData\Local\Google\Chrome\User Data\Default\Extensions\ep.crx
CHR HKLM\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\a\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx
CHR HKU\S-1-5-21-440912354-2210421725-969274775-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\a\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx
R2 HPSLPSVC; C:\Users\a\AppData\Local\Temp\7zS7532\hpslpsvc32.dll [701288 2012-08-27] (Hewlett-Packard Co.)
S2 ASMMAP; \??\C:\Program Files\ATKGFNEX\ASMMAP.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys
S2 ghaio; \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys
S3 ipswuio; System32\DRIVERS\ipswuio.sys
S1 iSafeKrnlMon; \??\C:\Program Files\Elex-tech\YAC\iSafeKrnlMon.sys
C:\Program Files\Elex-tech
U4 secdrv; no ImagePath
S1 ttnfd; system32\drivers\ttnfd.sys
2012-07-27 14:37 - 2011-05-14 12:46 - 000800272 _____ (MyWebSearch.com) C:\Program Files\Uninstall Fun Web Products.dll
2010-07-07 18:41 - 2002-07-26 16:02 - 000153088 ____N () C:\Program Files\UNWISE.EXE
2011-04-30 12:43 - 2011-04-30 12:43 - 003002471 _____ (MyWebSearch.com) C:\Users\a\AppData\Local\mwsautSp.exe
2014-10-04 17:42 - 2014-10-04 17:41 - 000612080 _____ (ClickMeIn Limited) C:\Users\a\AppData\Local\nsw69EF.tmp
2016-11-20 15:29 - 2016-11-20 15:29 - 000020480 ____T () C:\Users\a\AppData\Local\uninstall.tmp
C:\Windows\System32\defragproxy.dll
ShellIconOverlayIdentifiers: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69}
ShellIconOverlayIdentifiers: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249}
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}
ContextMenuHandlers1: [ADSMEnDecExt] -> {8BB925EB-A385-4F4D-B463-D9CC4A4F98F5}
Task: {061C22AD-626B-459A-A742-5FBA2FFE3E54} - System32\Tasks\{75E4556E-079D-4662-9601-208483DFCDD6} => C:\Windows\system32\pcalua.exe -a "C:\Users\a\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BFNTZQPF\JavaSetup6u21[2].exe" -d C:\Users\a\Desktop
Task: {0F3251B6-6724-4E5F-851A-315D7742C259} - System32\Tasks\{C2FE96A9-14BF-42D8-907B-B34DFA47C056} => C:\Windows\system32\pcalua.exe -a E:\Setup.exe -d E:\
Task: {27366C5B-4D60-4483-AE88-2A6C24678566} - System32\Tasks\{356D2F41-59D9-4CC3-BD3E-8B4C8B4666CA} => C:\Windows\System32\java.exe
C:\Windows\System32\java.exe
Task: {29B40D77-2733-4751-96B4-3E9936A3A993} - System32\Tasks\{061916CD-94B3-4A7E-A669-3B5219426FF3} => E:\SETUP.EXE
Task: {2BC97E60-74DC-4ED2-A652-F7F990084D8F} - System32\Tasks\{2D7F485A-74FC-4E61-BCEA-A67D6EEEE31F} => C:\Windows\system32\pcalua.exe -a C:\Windows\UbiSoft\SetupUbi.exe -d C:\Windows\UbiSoft -c -play rayman2
Task: {35758669-2717-4D75-94E1-FEB951E3907B} - System32\Tasks\{2C16FE3F-0FA7-437D-A7AC-A395733FFA3C} => C:\Windows\system32\pcalua.exe -a "C:\Users\a\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DBZ9PZL3\InstallWoW[2].exe" -d C:\Users\a\Desktop
Task: {3C3393D9-17F3-4C50-A621-C9308612D369} - System32\Tasks\{EF97409C-B48A-44A0-A436-10FBD6CF7280} => C:\Windows\system32\pcalua.exe -a C:\Users\a\Documents\Henry\JavaSetup6u21.exe -d C:\Users\a\Desktop
Task: {40B6DBEE-E08C-49D6-B6F7-BDE035B4EF9D} - System32\Tasks\Advanced File Optimizer_checkupdate_startup => C:\Program Files\Advanced File Optimizer\AdvancedFileOptimizer.exe
Task: {43034970-EE92-4478-9831-988339133180} - System32\Tasks\APSnotifierPP2 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
C:\Program Files\AnyProtectEx
Task: {4D78FCE7-9279-424E-926E-CFEBAB8A035D} - System32\Tasks\{F3356251-0B03-4362-8E3B-8647F4BC5F32} => C:\Windows\system32\pcalua.exe -a C:\PROGRA~1\UNWISE.EXE -c /U C:\PROGRA~1\INSTALL.LOG
Task: {5D5D9180-0116-4DD8-B0C4-62BB0E90082A} - System32\Tasks\{512F55F3-0C39-4E89-A852-487D49E6492A} => C:\Windows\system32\pcalua.exe -a "E:\Redis\Install Flash Player 9 AX.exe" -d E:\Redis
Task: {5FB703CF-FA02-475F-8DBF-FE004E6E91E6} - System32\Tasks\{4E561AD7-65F1-4DCC-A54F-0FCB6D565628} => C:\Windows\system32\pcalua.exe -a C:\Users\a\Downloads\Oryte_Games_2.exe -d C:\Users\a\Downloads
Task: {612D9E0B-2743-4AA6-8E96-1D559BA71144} - System32\Tasks\{8BB7623A-1201-4265-A821-56757A5EBB37} => C:\Windows\System32\java.exe
Task: {6985E395-F0F7-4A75-9B03-4FE55F73DA9F} - System32\Tasks\{A345E3D7-0CEE-435E-ACD3-5B3EFBA982C2} => C:\Windows\system32\pcalua.exe -a C:\PROGRA~1\EIDOSI~1\HITMAN~1\uninstall.exe
Task: {6C990B00-0FAC-4704-9B53-42D9C5060A8A} - System32\Tasks\APSnotifierPP3 => C:\Program Files\AnyProtectEx\AnyProtect.exe
Task: {A64FDB48-55FC-4526-A2CA-BB523899809C} - System32\Tasks\{7B7A6E6D-064A-43C0-AF51-0130CD293F58} => C:\Windows\system32\pcalua.exe -a C:\Users\a\AppData\Local\Temp\Temp1_IGI2-sp_demo_updated.zip\Setup.exe
Task: {A6CFD10C-4B31-4615-B02E-53721E6F3A4E} - System32\Tasks\{C86E18E9-F93F-40DF-866F-2DEBF8945411} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriver.exe" -d C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\ -c /M{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}
Task: {A9C84D31-5AA8-4574-8153-0790DA42E00E} - System32\Tasks\{2BF75FDB-F92D-4008-A2D4-1112AF59C2A0} => C:\Windows\system32\pcalua.exe -a "C:\Users\a\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F1HAGT3X\GraboidVideoSetup-2.01b-Complete[1].exe" -d C:\Users\a\Desktop
Task: {AC34CA2B-9C12-4C53-A727-CC5EC0E700F6} - System32\Tasks\{83804A81-A90A-465F-B4DA-504C9996729E} => C:\Windows\system32\pcalua.exe -a "C:\Users\a\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DBZ9PZL3\frozen_throne_beta_pc[1].exe" -d C:\Users\a\Desktop
Task: {B550FA6D-560F-4B11-8307-5A1DFC6DDE7B} - System32\Tasks\{3B66C7E8-D615-4E48-93DF-87443C9CD9B2} => C:\Windows\system32\pcalua.exe -a "C:\Users\a\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AKMCW71Q\SetupOneCare[1].exe" -d C:\Users\a\Desktop
Task: {B62BB7E1-0336-4F8C-A088-81AD04A7DB35} - System32\Tasks\{292BCD5B-436F-4ACA-A7BB-2F351ADA9F73} => C:\Windows\system32\pcalua.exe -a "C:\Users\a\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BFNTZQPF\Oryte_Games_2[1].exe" -d C:\Users\a\Desktop
Task: {C3A69BF2-41B6-44D2-BADA-C64DDC491465} - System32\Tasks\RunAsStdUser Task for VeohWebPlayer => C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\Veoh Networks
Task: {D683DA90-E606-4D94-B9B7-C8E5838397D2} - System32\Tasks\{737EA531-9679-4F38-AC75-C5B814A23DF1} => C:\Windows\system32\pcalua.exe -a E:\autorun.exe -d E:\
Task: {D8C24839-E769-4E12-BC38-5879D607529B} - System32\Tasks\{01A78403-1947-44CC-B5C5-EE71656EA004} => C:\Windows\system32\pcalua.exe -a C:\Users\a\AppData\Local\Temp\Temp1_Warcraft3_Demo[1].zip\W3Demo.exe <==== ATTENTION
Task: {ED38C19C-B3F1-4E99-893E-3CD446D3B227} - System32\Tasks\APSnotifierPP1 => C:\Program Files\AnyProtectEx\AnyProtect.exe
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files\AnyProtectEx\AnyProtect.exe
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files\AnyProtectEx\AnyProtect.exe
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files\AnyProtectEx\AnyProtect.exe
AlternateDataStreams: C:\ProgramData\Temp:07BF512B [135]
DeleteKey: to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mbot_it_103 =>

*****************

Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-440912354-2210421725-969274775-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{58977655-e4fe-11df-977c-e21ef94a908b}" => removed successfully.
HKLM\Software\Classes\CLSID\{58977655-e4fe-11df-977c-e21ef94a908b} => not found
"HKU\S-1-5-21-440912354-2210421725-969274775-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5d82a47d-2731-11e1-942d-001e101f82a7}" => removed successfully.
HKLM\Software\Classes\CLSID\{5d82a47d-2731-11e1-942d-001e101f82a7} => not found
"HKU\S-1-5-21-440912354-2210421725-969274775-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5d82a480-2731-11e1-942d-001e101f82a7}" => removed successfully.
HKLM\Software\Classes\CLSID\{5d82a480-2731-11e1-942d-001e101f82a7} => not found
"HKU\S-1-5-21-440912354-2210421725-969274775-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{99ddb68a-9e5d-11e1-977b-001e101f1053}" => removed successfully.
HKLM\Software\Classes\CLSID\{99ddb68a-9e5d-11e1-977b-001e101f1053} => not found
"HKU\S-1-5-21-440912354-2210421725-969274775-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9b93e9eb-c008-11e0-b930-0026189d3c85}" => removed successfully.
HKLM\Software\Classes\CLSID\{9b93e9eb-c008-11e0-b930-0026189d3c85} => not found
"HKU\S-1-5-21-440912354-2210421725-969274775-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9b93e9f0-c008-11e0-b930-0026189d3c85}" => removed successfully.
HKLM\Software\Classes\CLSID\{9b93e9f0-c008-11e0-b930-0026189d3c85} => not found
"HKU\S-1-5-21-440912354-2210421725-969274775-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad0cfd32-fcb5-11e0-a8fa-0026189d3c85}" => removed successfully.
HKLM\Software\Classes\CLSID\{ad0cfd32-fcb5-11e0-a8fa-0026189d3c85} => not found
"HKU\S-1-5-21-440912354-2210421725-969274775-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad0cfd64-fcb5-11e0-a8fa-0026189d3c85}" => removed successfully.
HKLM\Software\Classes\CLSID\{ad0cfd64-fcb5-11e0-a8fa-0026189d3c85} => not found
"HKU\S-1-5-21-440912354-2210421725-969274775-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad0cfd7b-fcb5-11e0-a8fa-0026189d3c85}" => removed successfully.
HKLM\Software\Classes\CLSID\{ad0cfd7b-fcb5-11e0-a8fa-0026189d3c85} => not found
"HKU\S-1-5-21-440912354-2210421725-969274775-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad0cfd91-fcb5-11e0-a8fa-0026189d3c85}" => removed successfully.
HKLM\Software\Classes\CLSID\{ad0cfd91-fcb5-11e0-a8fa-0026189d3c85} => not found
"HKU\S-1-5-21-440912354-2210421725-969274775-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad0cfee3-fcb5-11e0-a8fa-0026189d3c85}" => removed successfully.
HKLM\Software\Classes\CLSID\{ad0cfee3-fcb5-11e0-a8fa-0026189d3c85} => not found
"HKU\S-1-5-21-440912354-2210421725-969274775-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c4966918-0e9c-11e1-901f-001e101fabdd}" => removed successfully.
HKLM\Software\Classes\CLSID\{c4966918-0e9c-11e1-901f-001e101fabdd} => not found
"HKU\S-1-5-21-440912354-2210421725-969274775-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c6b6f782-015e-11e0-8ba1-fe0f6c1daa8e}" => removed successfully.
HKLM\Software\Classes\CLSID\{c6b6f782-015e-11e0-8ba1-fe0f6c1daa8e} => not found
"HKU\S-1-5-21-440912354-2210421725-969274775-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f257f440-1f12-11e1-8fe9-0026189d3c85}" => removed successfully.
HKLM\Software\Classes\CLSID\{f257f440-1f12-11e1-8fe9-0026189d3c85} => not found
"HKU\S-1-5-21-440912354-2210421725-969274775-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe0fa572-85fb-11e1-937b-001e101f859f}" => removed successfully.
HKLM\Software\Classes\CLSID\{fe0fa572-85fb-11e1-937b-001e101f859f} => not found
"HKU\S-1-5-21-440912354-2210421725-969274775-1000\Control Panel\Desktop\\SCRNSAVE.EXE" => removed successfully.
"HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks\\URLSearchHook: HKLM - (No Name) - {098d800d-0712-45ff-a3e4-686bd68f29f8}" => not found
"HKU\S-1-5-21-440912354-2210421725-969274775-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully.
"HKU\S-1-5-21-440912354-2210421725-969274775-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}" => removed successfully.
HKLM\Software\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => not found
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} => not found
HKLM\Software\Classes\CLSID\BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}" => removed successfully.
"HKLM\Software\Classes\CLSID\{0347C33E-8762-4905-BF09-768834316C61}" => removed successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D} => not found
HKLM\Software\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D} => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}" => removed successfully.
"HKLM\Software\Classes\CLSID\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}" => removed successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB} => not found
HKLM\Software\Classes\CLSID\{84FF7BD6-B47F-46F8-9130-01B2696B36CB} => not found
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113}" => not found
HKLM\Software\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} => not found
"HKU\S-1-5-21-440912354-2210421725-969274775-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068}" => not found
HKLM\Software\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => not found
"HKU\S-1-5-21-440912354-2210421725-969274775-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440}" => not found
HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => not found
"HKU\S-1-5-21-440912354-2210421725-969274775-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{098D800D-0712-45FF-A3E4-686BD68F29F8}" => removed successfully.
HKLM\Software\Classes\CLSID\{098D800D-0712-45FF-A3E4-686BD68F29F8} => not found
"HKU\S-1-5-21-440912354-2210421725-969274775-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}" => not found
HKLM\Software\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} => not found
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => value restored successfully
C:\Users\a\Desktop\Old Firefox Data => path removed successfully.
C:\Users\a\AppData\Roaming\Mozilla\Firefox\Profiles\h94qd0e1.default-1465380852298\Extensions\d.lehr@chello.at.xpi => moved successfully
C:\Users\a\AppData\Roaming\Mozilla\Firefox\Profiles\h94qd0e1.default-1465380852298\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi => moved successfully
"HKLM\Software\Mozilla\Firefox\Extensions\\Hotbar@Hotbar.com" => removed successfully.
"HKLM\Software\Mozilla\Firefox\Extensions\\ocr@babylon.com" => removed successfully.
"C:\Program Files\Babylon" => not found
"HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0" => removed successfully.
"FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll" => not found
"HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3" => removed successfully.
"FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll" => not found
"HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5" => removed successfully.
"FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll" => not found
HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin => not found
"FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dl" => not found
"C:\Program Files\mozilla firefox\defaults\pref\dsengine.js" => not found
"C:\Program Files\mozilla firefox\dsengine.cfg" => not found
"HKLM\SOFTWARE\Google\Chrome\Extensions\ainbkicbloikcngphmjfpjdemblcojdd" => removed successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\ogfjmhfnldnajmfaofeiaepghjenbgjo" => removed successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma" => removed successfully.
"HKU\S-1-5-21-440912354-2210421725-969274775-1000\SOFTWARE\Google\Chrome\Extensions\apdfllckaahabafndbhieahigkjlhalf" => removed successfully.
HPSLPSVC => Service stopped successfully.
"HKLM\System\CurrentControlSet\Services\HPSLPSVC" => removed successfully.
HPSLPSVC => service removed successfully.
"HKLM\System\CurrentControlSet\Services\ASMMAP" => removed successfully.
ASMMAP => service removed successfully.
"HKLM\System\CurrentControlSet\Services\dbx" => removed successfully.
dbx => service removed successfully.
"HKLM\System\CurrentControlSet\Services\ewusbnet" => removed successfully.
ewusbnet => service removed successfully.
"HKLM\System\CurrentControlSet\Services\ew_hwusbdev" => removed successfully.
ew_hwusbdev => service removed successfully.
"HKLM\System\CurrentControlSet\Services\ghaio" => removed successfully.
ghaio => service removed successfully.
"HKLM\System\CurrentControlSet\Services\huawei_enumerator" => removed successfully.
huawei_enumerator => service removed successfully.
"HKLM\System\CurrentControlSet\Services\hwdatacard" => removed successfully.
hwdatacard => service removed successfully.
"HKLM\System\CurrentControlSet\Services\ipswuio" => removed successfully.
ipswuio => service removed successfully.
"HKLM\System\CurrentControlSet\Services\iSafeKrnlMon" => removed successfully.
iSafeKrnlMon => service removed successfully.
"C:\Program Files\Elex-tech" => not found
"HKLM\System\CurrentControlSet\Services\secdrv" => removed successfully.
secdrv => service removed successfully.
"HKLM\System\CurrentControlSet\Services\ttnfd" => removed successfully.
ttnfd => service removed successfully.
C:\Program Files\Uninstall Fun Web Products.dll => moved successfully
C:\Program Files\UNWISE.EXE => moved successfully
C:\Users\a\AppData\Local\mwsautSp.exe => moved successfully
C:\Users\a\AppData\Local\nsw69EF.tmp => moved successfully
C:\Users\a\AppData\Local\uninstall.tmp => moved successfully
C:\Windows\System32\defragproxy.dll => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => not found
HKLM\Software\Classes\CLSID\ShellIconOverlayIdentifiers: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => not found
HKLM\Software\Classes\CLSID\ShellIconOverlayIdentifiers: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => not found
HKLM\Software\Classes\CLSID\ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ContextMenuHandlers1: [ADSMEnDecExt] -> {8BB925EB-A385-4F4D-B463-D9CC4A4F98F5} => not found
HKLM\Software\Classes\CLSID\ContextMenuHandlers1: [ADSMEnDecExt] -> {8BB925EB-A385-4F4D-B463-D9CC4A4F98F5} => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{061C22AD-626B-459A-A742-5FBA2FFE3E54} => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{061C22AD-626B-459A-A742-5FBA2FFE3E54} => could not remove. ErrorCode1: 0x00000002
C:\Windows\System32\Tasks\{75E4556E-079D-4662-9601-208483DFCDD6} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{75E4556E-079D-4662-9601-208483DFCDD6} => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0F3251B6-6724-4E5F-851A-315D7742C259} => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0F3251B6-6724-4E5F-851A-315D7742C259} => could not remove. ErrorCode1: 0x00000002
C:\Windows\System32\Tasks\{C2FE96A9-14BF-42D8-907B-B34DFA47C056} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C2FE96A9-14BF-42D8-907B-B34DFA47C056} => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{27366C5B-4D60-4483-AE88-2A6C24678566} => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{27366C5B-4D60-4483-AE88-2A6C24678566} => could not remove. ErrorCode1: 0x00000002
C:\Windows\System32\Tasks\{356D2F41-59D9-4CC3-BD3E-8B4C8B4666CA} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{356D2F41-59D9-4CC3-BD3E-8B4C8B4666CA} => could not remove. ErrorCode1: 0x00000002
"C:\Windows\System32\java.exe" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{29B40D77-2733-4751-96B4-3E9936A3A993} => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{29B40D77-2733-4751-96B4-3E9936A3A993} => could not remove. ErrorCode1: 0x00000002
C:\Windows\System32\Tasks\{061916CD-94B3-4A7E-A669-3B5219426FF3} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{061916CD-94B3-4A7E-A669-3B5219426FF3} => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2BC97E60-74DC-4ED2-A652-F7F990084D8F} => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2BC97E60-74DC-4ED2-A652-F7F990084D8F} => could not remove. ErrorCode1: 0x00000002
C:\Windows\System32\Tasks\{2D7F485A-74FC-4E61-BCEA-A67D6EEEE31F} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2D7F485A-74FC-4E61-BCEA-A67D6EEEE31F} => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{35758669-2717-4D75-94E1-FEB951E3907B} => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{35758669-2717-4D75-94E1-FEB951E3907B} => could not remove. ErrorCode1: 0x00000002
C:\Windows\System32\Tasks\{2C16FE3F-0FA7-437D-A7AC-A395733FFA3C} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2C16FE3F-0FA7-437D-A7AC-A395733FFA3C} => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3C3393D9-17F3-4C50-A621-C9308612D369} => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C3393D9-17F3-4C50-A621-C9308612D369} => could not remove. ErrorCode1: 0x00000002
C:\Windows\System32\Tasks\{EF97409C-B48A-44A0-A436-10FBD6CF7280} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EF97409C-B48A-44A0-A436-10FBD6CF7280} => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{40B6DBEE-E08C-49D6-B6F7-BDE035B4EF9D} => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{40B6DBEE-E08C-49D6-B6F7-BDE035B4EF9D} => could not remove. ErrorCode1: 0x00000002
C:\Windows\System32\Tasks\Advanced File Optimizer_checkupdate_startup => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced File Optimizer_checkupdate_startup => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{43034970-EE92-4478-9831-988339133180} => not found
"C:\Windows\System32\Tasks\APSnotifierPP2" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP2 => not found
"C:\Program Files\AnyProtectEx" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4D78FCE7-9279-424E-926E-CFEBAB8A035D} => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D78FCE7-9279-424E-926E-CFEBAB8A035D} => could not remove. ErrorCode1: 0x00000002
C:\Windows\System32\Tasks\{F3356251-0B03-4362-8E3B-8647F4BC5F32} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F3356251-0B03-4362-8E3B-8647F4BC5F32} => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5D5D9180-0116-4DD8-B0C4-62BB0E90082A} => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D5D9180-0116-4DD8-B0C4-62BB0E90082A} => could not remove. ErrorCode1: 0x00000002
C:\Windows\System32\Tasks\{512F55F3-0C39-4E89-A852-487D49E6492A} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{512F55F3-0C39-4E89-A852-487D49E6492A} => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5FB703CF-FA02-475F-8DBF-FE004E6E91E6} => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5FB703CF-FA02-475F-8DBF-FE004E6E91E6} => could not remove. ErrorCode1: 0x00000002
C:\Windows\System32\Tasks\{4E561AD7-65F1-4DCC-A54F-0FCB6D565628} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4E561AD7-65F1-4DCC-A54F-0FCB6D565628} => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{612D9E0B-2743-4AA6-8E96-1D559BA71144} => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{612D9E0B-2743-4AA6-8E96-1D559BA71144} => could not remove. ErrorCode1: 0x00000002
C:\Windows\System32\Tasks\{8BB7623A-1201-4265-A821-56757A5EBB37} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8BB7623A-1201-4265-A821-56757A5EBB37} => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6985E395-F0F7-4A75-9B03-4FE55F73DA9F} => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6985E395-F0F7-4A75-9B03-4FE55F73DA9F} => could not remove. ErrorCode1: 0x00000002
C:\Windows\System32\Tasks\{A345E3D7-0CEE-435E-ACD3-5B3EFBA982C2} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A345E3D7-0CEE-435E-ACD3-5B3EFBA982C2} => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C990B00-0FAC-4704-9B53-42D9C5060A8A} => not found
"C:\Windows\System32\Tasks\APSnotifierPP3" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP3 => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A64FDB48-55FC-4526-A2CA-BB523899809C} => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A64FDB48-55FC-4526-A2CA-BB523899809C} => could not remove. ErrorCode1: 0x00000002
C:\Windows\System32\Tasks\{7B7A6E6D-064A-43C0-AF51-0130CD293F58} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7B7A6E6D-064A-43C0-AF51-0130CD293F58} => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A6CFD10C-4B31-4615-B02E-53721E6F3A4E} => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A6CFD10C-4B31-4615-B02E-53721E6F3A4E} => could not remove. ErrorCode1: 0x00000002
C:\Windows\System32\Tasks\{C86E18E9-F93F-40DF-866F-2DEBF8945411} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C86E18E9-F93F-40DF-866F-2DEBF8945411} => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A9C84D31-5AA8-4574-8153-0790DA42E00E} => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A9C84D31-5AA8-4574-8153-0790DA42E00E} => could not remove. ErrorCode1: 0x00000002
C:\Windows\System32\Tasks\{2BF75FDB-F92D-4008-A2D4-1112AF59C2A0} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2BF75FDB-F92D-4008-A2D4-1112AF59C2A0} => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC34CA2B-9C12-4C53-A727-CC5EC0E700F6} => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC34CA2B-9C12-4C53-A727-CC5EC0E700F6} => could not remove. ErrorCode1: 0x00000002
C:\Windows\System32\Tasks\{83804A81-A90A-465F-B4DA-504C9996729E} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{83804A81-A90A-465F-B4DA-504C9996729E} => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B550FA6D-560F-4B11-8307-5A1DFC6DDE7B} => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B550FA6D-560F-4B11-8307-5A1DFC6DDE7B} => could not remove. ErrorCode1: 0x00000002
C:\Windows\System32\Tasks\{3B66C7E8-D615-4E48-93DF-87443C9CD9B2} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3B66C7E8-D615-4E48-93DF-87443C9CD9B2} => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B62BB7E1-0336-4F8C-A088-81AD04A7DB35} => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B62BB7E1-0336-4F8C-A088-81AD04A7DB35} => could not remove. ErrorCode1: 0x00000002
C:\Windows\System32\Tasks\{292BCD5B-436F-4ACA-A7BB-2F351ADA9F73} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{292BCD5B-436F-4ACA-A7BB-2F351ADA9F73} => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C3A69BF2-41B6-44D2-BADA-C64DDC491465} => not found
"C:\Windows\System32\Tasks\RunAsStdUser Task for VeohWebPlayer" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RunAsStdUser Task for VeohWebPlayer => not found
C:\Program Files\Veoh Networks => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D683DA90-E606-4D94-B9B7-C8E5838397D2} => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D683DA90-E606-4D94-B9B7-C8E5838397D2} => could not remove. ErrorCode1: 0x00000002
C:\Windows\System32\Tasks\{737EA531-9679-4F38-AC75-C5B814A23DF1} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{737EA531-9679-4F38-AC75-C5B814A23DF1} => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D8C24839-E769-4E12-BC38-5879D607529B} => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8C24839-E769-4E12-BC38-5879D607529B} => could not remove. ErrorCode1: 0x00000002
C:\Windows\System32\Tasks\{01A78403-1947-44CC-B5C5-EE71656EA004} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{01A78403-1947-44CC-B5C5-EE71656EA004} => could not remove. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ED38C19C-B3F1-4E99-893E-3CD446D3B227} => not found
"C:\Windows\System32\Tasks\APSnotifierPP1" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP1 => not found
"C:\Windows\Tasks\APSnotifierPP1.job" => not found
"C:\Windows\Tasks\APSnotifierPP2.job" => not found
"C:\Windows\Tasks\APSnotifierPP3.job" => not found
C:\ProgramData\Temp => ":07BF512B" ADS removed successfully.
to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mbot_it_103 => => could not remove. ErrorCode1: 0xC000003A


The system needed a reboot.

==== End of Fixlog 16:17:21 ====
John

Attached Files


Edited by Oh My!, 12 February 2018 - 08:24 PM.


#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,785 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:29 AM

Posted 12 February 2018 - 08:30 PM

Hi John.

Thank you for the information.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
cmd: chkdsk
cmd: sfc /scannow
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 abruzzojohn

abruzzojohn
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 13 February 2018 - 03:47 AM

Gary

here is the result of the fixlog txt file pasted as requested

 

thanks john

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 12.02.2018
Ran by a (13-02-2018 09:08:50) Run:2
Running from C:\Users\a\Desktop
Loaded Profiles: a (Available Profiles: a & admin)
Boot Mode: Normal

==============================================

fixlist content:
*****************
cmd: chkdsk
cmd: sfc /scannow

*****************


========= chkdsk =========

The type of the file system is NTFS.
Volume label is VistaOS.

WARNING!  F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
 0 percent complete. (0 of 401664 file records processed)     
 0 percent complete. (88 of 401664 file records processed)     
Attribute list for file 705 is corrupt.
Attribute list for file 705 is corrupt.
 0 percent complete. (8442 of 401664 file records processed)     
 0 percent complete. (27133 of 401664 file records processed)     
Attribute record (128, "") from file record segment 27188
is corrupt.
Attribute record (128, "") from file record segment 27234
is corrupt.
 1 percent complete. (40167 of 401664 file records processed)     
 1 percent complete. (58980 of 401664 file records processed)     
 1 percent complete. (73474 of 401664 file records processed)     
 2 percent complete. (80333 of 401664 file records processed)     
 2 percent complete. (94088 of 401664 file records processed)     
 2 percent complete. (110126 of 401664 file records processed)     
 3 percent complete. (120500 of 401664 file records processed)     
 3 percent complete. (132704 of 401664 file records processed)     
 3 percent complete. (148415 of 401664 file records processed)     
 4 percent complete. (160666 of 401664 file records processed)     
Attribute record (128, "") from file record segment 166177
is corrupt.
 4 percent complete. (178675 of 401664 file records processed)     
 4 percent complete. (196486 of 401664 file records processed)     
Attribute record (128, "") from file record segment 198753
is corrupt.
 5 percent complete. (200832 of 401664 file records processed)     
Deleted corrupt attribute list entry
with type code 128 in file 207591.
Attribute record (128, "") from file record segment 206725
is corrupt.
Attribute record (128, "") from file record segment 207366
is corrupt.
Attribute record (128, "") from file record segment 207557
is corrupt.
Attribute record (128, "") from file record segment 208168
is corrupt.
Attribute record (128, "") from file record segment 210321
is corrupt.
Attribute record (128, "") from file record segment 210386
is corrupt.
Attribute record (128, "") from file record segment 215905
is corrupt.
Attribute record (128, "") from file record segment 216753
is corrupt.
Attribute record (128, "") from file record segment 217316
is corrupt.
Attribute record (128, "") from file record segment 217498
is corrupt.
Attribute record (128, "") from file record segment 217505
is corrupt.
Attribute record (128, "") from file record segment 217609
is corrupt.
Attribute record (128, "") from file record segment 217611
is corrupt.
Attribute record (128, "") from file record segment 217612
is corrupt.
Attribute record (128, "") from file record segment 219052
is corrupt.
Attribute record (128, "") from file record segment 220523
is corrupt.
Attribute record (128, "") from file record segment 220739
is corrupt.
Attribute record (128, "") from file record segment 220753
is corrupt.
Attribute record (128, "") from file record segment 240696
is corrupt.
Attribute record (128, "") from file record segment 240882
is corrupt.
Attribute record (128, "") from file record segment 241269
is corrupt.
Attribute record (128, "") from file record segment 241684
is corrupt.
Attribute record (128, "") from file record segment 242614
is corrupt.
Attribute record (128, "") from file record segment 242744
is corrupt.
Attribute record (128, "") from file record segment 242852
is corrupt.
Attribute record (128, "") from file record segment 243480
is corrupt.
Attribute record (128, "") from file record segment 243531
is corrupt.
Attribute record (128, "") from file record segment 243614
is corrupt.
Attribute record (128, "") from file record segment 243818
is corrupt.
Attribute record (128, "") from file record segment 243844
is corrupt.
Attribute record (128, "") from file record segment 244297
is corrupt.
Attribute record (128, "") from file record segment 244650
is corrupt.
Attribute record (128, "") from file record segment 245049
is corrupt.
Attribute record (128, "") from file record segment 245186
is corrupt.
Attribute record (128, "") from file record segment 245336
is corrupt.
Attribute record (128, "") from file record segment 245482
is corrupt.
Attribute record (128, "") from file record segment 245496
is corrupt.
Attribute record (128, "") from file record segment 245498
is corrupt.
Attribute record (128, "") from file record segment 246082
is corrupt.
Attribute record (128, "") from file record segment 246264
is corrupt.
Attribute record (128, "") from file record segment 246397
is corrupt.
Attribute record (128, "") from file record segment 246424
is corrupt.
Attribute record (128, "") from file record segment 246640
is corrupt.
Attribute record (128, "") from file record segment 246756
is corrupt.
Attribute record (128, "") from file record segment 246845
is corrupt.
Attribute record (128, "") from file record segment 246916
is corrupt.
Attribute record (128, "") from file record segment 246924
is corrupt.
Attribute record (128, "") from file record segment 246925
is corrupt.
Attribute record (128, "") from file record segment 246930
is corrupt.
Attribute record (128, "") from file record segment 246932
is corrupt.
Attribute record (128, "") from file record segment 246943
is corrupt.
Attribute record (128, "") from file record segment 246984
is corrupt.
Attribute record (128, "") from file record segment 247052
is corrupt.
Attribute record (128, "") from file record segment 247167
is corrupt.
Attribute record (128, "") from file record segment 247226
is corrupt.
Attribute record (128, "") from file record segment 247235
is corrupt.
Attribute record (128, "") from file record segment 247457
is corrupt.
Attribute record (128, "") from file record segment 247514
is corrupt.
Attribute record (128, "") from file record segment 247553
is corrupt.
Attribute record (128, "") from file record segment 247933
is corrupt.
Attribute record (128, "") from file record segment 248218
is corrupt.
Attribute record (128, "") from file record segment 248375
is corrupt.
Attribute record (128, "") from file record segment 248634
is corrupt.
Attribute record (128, "") from file record segment 248700
is corrupt.
Attribute record (128, "") from file record segment 248786
is corrupt.
Attribute record (128, "") from file record segment 248818
is corrupt.
Attribute record (128, "") from file record segment 248823
is corrupt.
Attribute record (128, "") from file record segment 248827
is corrupt.
Attribute record (128, "") from file record segment 248828
is corrupt.
Attribute record (128, "") from file record segment 248829
is corrupt.
Attribute record (128, "") from file record segment 248830
is corrupt.
Attribute record (128, "") from file record segment 248842
is corrupt.
Attribute record (128, "") from file record segment 248919
is corrupt.
Attribute record (128, "") from file record segment 248987
is corrupt.
Attribute record (128, "") from file record segment 249303
is corrupt.
Attribute record (128, "") from file record segment 249394
is corrupt.
Attribute record (128, "") from file record segment 249558
is corrupt.
 5 percent complete. (207592 of 401664 file records processed)     
Attribute record (128, "") from file record segment 217386
is corrupt.
 5 percent complete. (217476 of 401664 file records processed)     
Attribute record (128, "") from file record segment 217784
is corrupt.
 5 percent complete. (230355 of 401664 file records processed)     
Attribute record (128, "") from file record segment 231086
is corrupt.
Deleted corrupt attribute list entry
with type code 128 in file 232185.
Attribute record (128, "") from file record segment 261250
is corrupt.
Deleted corrupt attribute list entry
with type code 128 in file 232756.
Attribute record (128, "") from file record segment 254907
is corrupt.
Attribute record (128, "") from file record segment 259998
is corrupt.
Attribute record (128, "") from file record segment 240837
is corrupt.
 5 percent complete. (240985 of 401664 file records processed)     
 6 percent complete. (240999 of 401664 file records processed)     
Attribute record (128, "") from file record segment 246000
is corrupt.
Deleted corrupt attribute list entry
with type code 128 in file 252623.
Attribute record (128, "") from file record segment 288511
is corrupt.
 6 percent complete. (253117 of 401664 file records processed)     
Attribute record (128, "") from file record segment 259479
is corrupt.
 6 percent complete. (259722 of 401664 file records processed)     
 6 percent complete. (264032 of 401664 file records processed)     
Deleted corrupt attribute list entry
with type code 128 in file 266601.
Attribute record (128, "") from file record segment 255735
is corrupt.
Attribute record (128, "") from file record segment 256307
is corrupt.
 6 percent complete. (274964 of 401664 file records processed)     
Deleted corrupt attribute list entry
with type code 128 in file 278547.
Attribute record (128, "") from file record segment 4571
is corrupt.
Attribute record (128, "") from file record segment 4746
is corrupt.
Attribute record (128, "") from file record segment 14553
is corrupt.
Attribute record (128, "") from file record segment 107154
is corrupt.
Attribute record (128, "") from file record segment 134047
is corrupt.
Attribute record (128, "") from file record segment 141066
is corrupt.
Attribute record (128, "") from file record segment 149335
is corrupt.
Attribute record (128, "") from file record segment 152015
is corrupt.
Attribute record (128, "") from file record segment 155822
is corrupt.
Attribute record (128, "") from file record segment 157056
is corrupt.
Attribute record (128, "") from file record segment 163637
is corrupt.
Attribute record (128, "") from file record segment 183918
is corrupt.
Attribute record (128, "") from file record segment 184572
is corrupt.
Attribute record (128, "") from file record segment 189129
is corrupt.
Attribute record (128, "") from file record segment 190881
is corrupt.
Attribute record (128, "") from file record segment 190885
is corrupt.
Attribute record (128, "") from file record segment 190913
is corrupt.
Attribute record (128, "") from file record segment 191363
is corrupt.
Attribute record (128, "") from file record segment 208997
is corrupt.
Attribute record (128, "") from file record segment 216037
is corrupt.
Attribute record (128, "") from file record segment 217094
is corrupt.
Attribute record (128, "") from file record segment 217099
is corrupt.
Attribute record (128, "") from file record segment 218136
is corrupt.
Attribute record (128, "") from file record segment 218428
is corrupt.
Attribute record (128, "") from file record segment 223333
is corrupt.
Attribute record (128, "") from file record segment 226049
is corrupt.
Attribute record (128, "") from file record segment 226204
is corrupt.
Attribute record (128, "") from file record segment 230506
is corrupt.
Attribute record (128, "") from file record segment 231150
is corrupt.
Attribute record (128, "") from file record segment 231152
is corrupt.
Attribute record (128, "") from file record segment 232102
is corrupt.
Attribute record (128, "") from file record segment 232106
is corrupt.
Attribute record (128, "") from file record segment 232581
is corrupt.
Attribute record (128, "") from file record segment 232794
is corrupt.
Attribute record (128, "") from file record segment 233155
is corrupt.
Attribute record (128, "") from file record segment 233187
is corrupt.
Attribute record (128, "") from file record segment 233193
is corrupt.
Attribute record (128, "") from file record segment 233194
is corrupt.
Attribute record (128, "") from file record segment 233234
is corrupt.
Attribute record (128, "") from file record segment 233278
is corrupt.
Attribute record (128, "") from file record segment 233737
is corrupt.
Attribute record (128, "") from file record segment 243008
is corrupt.
Attribute record (128, "") from file record segment 245775
is corrupt.
Attribute record (128, "") from file record segment 246057
is corrupt.
Attribute record (128, "") from file record segment 246078
is corrupt.
Attribute record (128, "") from file record segment 246079
is corrupt.
Attribute record (128, "") from file record segment 247281
is corrupt.
Attribute record (128, "") from file record segment 247358
is corrupt.
Attribute record (128, "") from file record segment 247371
is corrupt.
Attribute record (128, "") from file record segment 247385
is corrupt.
Attribute record (128, "") from file record segment 247786
is corrupt.
Attribute record (128, "") from file record segment 247879
is corrupt.
Attribute record (128, "") from file record segment 248044
is corrupt.
Attribute record (128, "") from file record segment 248049
is corrupt.
Attribute record (128, "") from file record segment 248051
is corrupt.
Attribute record (128, "") from file record segment 248056
is corrupt.
Attribute record (128, "") from file record segment 248079
is corrupt.
Attribute record (128, "") from file record segment 248096
is corrupt.
Attribute record (128, "") from file record segment 248103
is corrupt.
Attribute record (128, "") from file record segment 248125
is corrupt.
Attribute record (128, "") from file record segment 248145
is corrupt.
Attribute record (128, "") from file record segment 248148
is corrupt.
Attribute record (128, "") from file record segment 248641
is corrupt.
Attribute record (128, "") from file record segment 248662
is corrupt.
Attribute record (128, "") from file record segment 248666
is corrupt.
Attribute record (128, "") from file record segment 248733
is corrupt.
Attribute record (128, "") from file record segment 248843
is corrupt.
Attribute record (128, "") from file record segment 248998
is corrupt.
Attribute record (128, "") from file record segment 249002
is corrupt.
Attribute record (128, "") from file record segment 249013
is corrupt.
Attribute record (128, "") from file record segment 249062
is corrupt.
Attribute record (128, "") from file record segment 249091
is corrupt.
Attribute record (128, "") from file record segment 249312
is corrupt.
Attribute record (128, "") from file record segment 249391
is corrupt.
Attribute record (128, "") from file record segment 249415
is corrupt.
Attribute record (128, "") from file record segment 249727
is corrupt.
Attribute record (128, "") from file record segment 249811
is corrupt.
Attribute record (128, "") from file record segment 249813
is corrupt.
Attribute record (128, "") from file record segment 249816
is corrupt.
Attribute record (128, "") from file record segment 249824
is corrupt.
Attribute record (128, "") from file record segment 249831
is corrupt.
Attribute record (128, "") from file record segment 249856
is corrupt.
Attribute record (128, "") from file record segment 249864
is corrupt.
Attribute record (128, "") from file record segment 250043
is corrupt.
Attribute record (128, "") from file record segment 253011
is corrupt.
Attribute record (128, "") from file record segment 253067
is corrupt.
Attribute record (128, "") from file record segment 253270
is corrupt.
Attribute record (128, "") from file record segment 253281
is corrupt.
Attribute record (128, "") from file record segment 253282
is corrupt.
Attribute record (128, "") from file record segment 253286
is corrupt.
Attribute record (128, "") from file record segment 253295
is corrupt.
Attribute record (128, "") from file record segment 253364
is corrupt.
Attribute record (128, "") from file record segment 253426
is corrupt.
Attribute record (128, "") from file record segment 253482
is corrupt.
Attribute record (128, "") from file record segment 253490
is corrupt.
Attribute record (128, "") from file record segment 253492
is corrupt.
Attribute record (128, "") from file record segment 258002
is corrupt.
Attribute record (128, "") from file record segment 273938
is corrupt.
Attribute record (128, "") from file record segment 274992
is corrupt.
Attribute record (128, "") from file record segment 277922
is corrupt.
Attribute record (128, "") from file record segment 278031
is corrupt.
Attribute record (128, "") from file record segment 278111
is corrupt.
Attribute record (128, "") from file record segment 278117
is corrupt.
Attribute record (128, "") from file record segment 278125
is corrupt.
Attribute record (128, "") from file record segment 278140
is corrupt.
Attribute record (128, "") from file record segment 278143
is corrupt.
Attribute record (128, "") from file record segment 278164
is corrupt.
Attribute record (128, "") from file record segment 278528
is corrupt.
Attribute record (128, "") from file record segment 278595
is corrupt.
Attribute record (128, "") from file record segment 278682
is corrupt.
Attribute record (128, "") from file record segment 278684
is corrupt.
Attribute record (128, "") from file record segment 278843
is corrupt.
Attribute record (128, "") from file record segment 279059
is corrupt.
Attribute record (128, "") from file record segment 279072
is corrupt.
Attribute record (128, "") from file record segment 279168
is corrupt.
Attribute record (128, "") from file record segment 279172
is corrupt.
Attribute record (128, "") from file record segment 279268
is corrupt.
Attribute record (128, "") from file record segment 279275
is corrupt.
Attribute record (128, "") from file record segment 279383
is corrupt.
Attribute record (128, "") from file record segment 279394
is corrupt.
Attribute record (128, "") from file record segment 279427
is corrupt.
Attribute record (128, "") from file record segment 279431
is corrupt.
Attribute record (128, "") from file record segment 279438
is corrupt.
Attribute record (128, "") from file record segment 279439
is corrupt.
Attribute record (128, "") from file record segment 279448
is corrupt.
Attribute record (128, "") from file record segment 279449
is corrupt.
Attribute record (128, "") from file record segment 279520
is corrupt.
Attribute record (128, "") from file record segment 279553
is corrupt.
Attribute record (128, "") from file record segment 279554
is corrupt.
Attribute record (128, "") from file record segment 279560
is corrupt.
Attribute record (128, "") from file record segment 279563
is corrupt.
Attribute record (128, "") from file record segment 279565
is corrupt.
Attribute record (128, "") from file record segment 279578
is corrupt.
Attribute record (128, "") from file record segment 279579
is corrupt.
Attribute record (128, "") from file record segment 279588
is corrupt.
Attribute record (128, "") from file record segment 279607
is corrupt.
Attribute record (128, "") from file record segment 279620
is corrupt.
Attribute record (128, "") from file record segment 279707
is corrupt.
Attribute record (128, "") from file record segment 279836
is corrupt.
Attribute record (128, "") from file record segment 279838
is corrupt.
Attribute record (128, "") from file record segment 279900
is corrupt.
Attribute record (128, "") from file record segment 280037
is corrupt.
Attribute record (128, "") from file record segment 280046
is corrupt.
Attribute record (128, "") from file record segment 280261
is corrupt.
Attribute record (128, "") from file record segment 280268
is corrupt.
Attribute record (128, "") from file record segment 280274
is corrupt.
Attribute record (128, "") from file record segment 280482
is corrupt.
Attribute record (128, "") from file record segment 280493
is corrupt.
Attribute record (128, "") from file record segment 280500
is corrupt.
Deleted corrupt attribute list entry
with type code 128 in file 279309.
Attribute record (128, "") from file record segment 264534
is corrupt.
 7 percent complete. (281165 of 401664 file records processed)     
Attribute record (128, "") from file record segment 287643
is corrupt.
Attribute record (128, "") from file record segment 291124
is corrupt.
 7 percent complete. (291211 of 401664 file records processed)     
Attribute record (160, $I30) from file record segment 298919
is corrupt.
Attribute record (128, "") from file record segment 300238
is corrupt.
 7 percent complete. (300545 of 401664 file records processed)     
Attribute record (128, "") from file record segment 300775
is corrupt.
Attribute record (128, "") from file record segment 300912
is corrupt.
Attribute record (128, "") from file record segment 306216
is corrupt.
Attribute record (128, "") from file record segment 306866
is corrupt.
Attribute record (128, "") from file record segment 307091
is corrupt.
 8 percent complete. (321332 of 401664 file records processed)     
 9 percent complete. (361498 of 401664 file records processed)     
  401664 file records processed.                                         

File verification completed.
File record segment 1141 is an orphan.
File record segment 3339 is an orphan.
File record segment 3520 is an orphan.
File record segment 4024 is an orphan.
File record segment 4184 is an orphan.
File record segment 4571 is an orphan.
File record segment 4746 is an orphan.
File record segment 5034 is an orphan.
File record segment 5904 is an orphan.
File record segment 7487 is an orphan.
File record segment 7988 is an orphan.
File record segment 8951 is an orphan.
File record segment 9531 is an orphan.
File record segment 9580 is an orphan.
File record segment 9621 is an orphan.
File record segment 9625 is an orphan.
File record segment 9645 is an orphan.
File record segment 11366 is an orphan.
File record segment 12258 is an orphan.
File record segment 12386 is an orphan.
File record segment 12517 is an orphan.
File record segment 12698 is an orphan.
File record segment 13171 is an orphan.
File record segment 13252 is an orphan.
File record segment 13332 is an orphan.
File record segment 13343 is an orphan.
File record segment 13485 is an orphan.
File record segment 13506 is an orphan.
File record segment 14553 is an orphan.
File record segment 15502 is an orphan.
File record segment 18016 is an orphan.
File record segment 19895 is an orphan.
File record segment 20558 is an orphan.
File record segment 21471 is an orphan.
File record segment 21846 is an orphan.
File record segment 24102 is an orphan.
File record segment 24470 is an orphan.
File record segment 37272 is an orphan.
File record segment 37478 is an orphan.
File record segment 37559 is an orphan.
File record segment 72458 is an orphan.
File record segment 72462 is an orphan.
File record segment 72481 is an orphan.
File record segment 72519 is an orphan.
File record segment 72528 is an orphan.
File record segment 77121 is an orphan.
File record segment 77652 is an orphan.
File record segment 96080 is an orphan.
File record segment 96084 is an orphan.
File record segment 98237 is an orphan.
File record segment 107154 is an orphan.
File record segment 108655 is an orphan.
File record segment 108656 is an orphan.
File record segment 108710 is an orphan.
File record segment 108715 is an orphan.
File record segment 134047 is an orphan.
File record segment 141066 is an orphan.
File record segment 141789 is an orphan.
File record segment 142587 is an orphan.
File record segment 149335 is an orphan.
File record segment 152015 is an orphan.
File record segment 155822 is an orphan.
File record segment 157056 is an orphan.
File record segment 163637 is an orphan.
File record segment 183918 is an orphan.
File record segment 184572 is an orphan.
File record segment 189129 is an orphan.
File record segment 190881 is an orphan.
File record segment 190885 is an orphan.
File record segment 190913 is an orphan.
File record segment 191363 is an orphan.
File record segment 206725 is an orphan.
File record segment 207366 is an orphan.
File record segment 207557 is an orphan.
File record segment 208168 is an orphan.
File record segment 208997 is an orphan.
File record segment 210321 is an orphan.
File record segment 210386 is an orphan.
File record segment 215905 is an orphan.
File record segment 216037 is an orphan.
File record segment 216753 is an orphan.
File record segment 217094 is an orphan.
File record segment 217099 is an orphan.
File record segment 217316 is an orphan.
File record segment 217498 is an orphan.
File record segment 217505 is an orphan.
File record segment 217609 is an orphan.
File record segment 217611 is an orphan.
File record segment 217612 is an orphan.
File record segment 218136 is an orphan.
File record segment 218428 is an orphan.
File record segment 219052 is an orphan.
File record segment 220523 is an orphan.
File record segment 220739 is an orphan.
File record segment 220753 is an orphan.
File record segment 223333 is an orphan.
File record segment 226049 is an orphan.
File record segment 226204 is an orphan.
File record segment 230506 is an orphan.
File record segment 231150 is an orphan.
File record segment 231152 is an orphan.
File record segment 232102 is an orphan.
File record segment 232106 is an orphan.
File record segment 232581 is an orphan.
File record segment 232794 is an orphan.
File record segment 233155 is an orphan.
File record segment 233187 is an orphan.
File record segment 233193 is an orphan.
File record segment 233194 is an orphan.
File record segment 233234 is an orphan.
File record segment 233278 is an orphan.
File record segment 233737 is an orphan.
File record segment 240696 is an orphan.
File record segment 240882 is an orphan.
File record segment 241269 is an orphan.
File record segment 241684 is an orphan.
File record segment 242614 is an orphan.
File record segment 242744 is an orphan.
File record segment 242852 is an orphan.
File record segment 243008 is an orphan.
File record segment 243480 is an orphan.
File record segment 243531 is an orphan.
File record segment 243614 is an orphan.
File record segment 243818 is an orphan.
File record segment 243844 is an orphan.
File record segment 244297 is an orphan.
File record segment 244650 is an orphan.
File record segment 245049 is an orphan.
File record segment 245186 is an orphan.
File record segment 245336 is an orphan.
File record segment 245482 is an orphan.
File record segment 245496 is an orphan.
File record segment 245498 is an orphan.
File record segment 245775 is an orphan.
File record segment 246057 is an orphan.
File record segment 246078 is an orphan.
File record segment 246079 is an orphan.
File record segment 246082 is an orphan.
File record segment 246264 is an orphan.
File record segment 246397 is an orphan.
File record segment 246424 is an orphan.
File record segment 246640 is an orphan.
File record segment 246756 is an orphan.
File record segment 246845 is an orphan.
File record segment 246916 is an orphan.
File record segment 246924 is an orphan.
File record segment 246925 is an orphan.
File record segment 246930 is an orphan.
File record segment 246932 is an orphan.
File record segment 246943 is an orphan.
File record segment 246984 is an orphan.
File record segment 247052 is an orphan.
File record segment 247167 is an orphan.
File record segment 247226 is an orphan.
File record segment 247235 is an orphan.
File record segment 247281 is an orphan.
File record segment 247358 is an orphan.
File record segment 247371 is an orphan.
File record segment 247385 is an orphan.
File record segment 247457 is an orphan.
File record segment 247514 is an orphan.
File record segment 247553 is an orphan.
File record segment 247786 is an orphan.
File record segment 247879 is an orphan.
File record segment 247933 is an orphan.
File record segment 248044 is an orphan.
File record segment 248049 is an orphan.
File record segment 248051 is an orphan.
File record segment 248056 is an orphan.
File record segment 248079 is an orphan.
File record segment 248096 is an orphan.
File record segment 248103 is an orphan.
File record segment 248125 is an orphan.
File record segment 248145 is an orphan.
File record segment 248148 is an orphan.
File record segment 248218 is an orphan.
File record segment 248375 is an orphan.
File record segment 248634 is an orphan.
File record segment 248641 is an orphan.
File record segment 248662 is an orphan.
File record segment 248666 is an orphan.
File record segment 248700 is an orphan.
File record segment 248733 is an orphan.
File record segment 248786 is an orphan.
File record segment 248818 is an orphan.
File record segment 248823 is an orphan.
File record segment 248827 is an orphan.
File record segment 248828 is an orphan.
File record segment 248829 is an orphan.
File record segment 248830 is an orphan.
File record segment 248842 is an orphan.
File record segment 248843 is an orphan.
File record segment 248919 is an orphan.
File record segment 248987 is an orphan.
File record segment 248998 is an orphan.
File record segment 249002 is an orphan.
File record segment 249013 is an orphan.
File record segment 249062 is an orphan.
File record segment 249091 is an orphan.
File record segment 249303 is an orphan.
File record segment 249312 is an orphan.
File record segment 249391 is an orphan.
File record segment 249394 is an orphan.
File record segment 249415 is an orphan.
File record segment 249558 is an orphan.
File record segment 249727 is an orphan.
File record segment 249811 is an orphan.
File record segment 249813 is an orphan.
File record segment 249816 is an orphan.
File record segment 249824 is an orphan.
File record segment 249831 is an orphan.
File record segment 249856 is an orphan.
File record segment 249864 is an orphan.
File record segment 250043 is an orphan.
File record segment 253011 is an orphan.
File record segment 253067 is an orphan.
File record segment 253270 is an orphan.
File record segment 253281 is an orphan.
File record segment 253282 is an orphan.
File record segment 253286 is an orphan.
File record segment 253295 is an orphan.
File record segment 253364 is an orphan.
File record segment 253426 is an orphan.
File record segment 253482 is an orphan.
File record segment 253490 is an orphan.
File record segment 253492 is an orphan.
File record segment 254907 is an orphan.
File record segment 255735 is an orphan.
File record segment 256307 is an orphan.
File record segment 258002 is an orphan.
File record segment 259998 is an orphan.
File record segment 261250 is an orphan.
File record segment 264534 is an orphan.
File record segment 273938 is an orphan.
File record segment 274992 is an orphan.
File record segment 277922 is an orphan.
File record segment 278031 is an orphan.
File record segment 278111 is an orphan.
File record segment 278117 is an orphan.
File record segment 278125 is an orphan.
File record segment 278140 is an orphan.
File record segment 278143 is an orphan.
File record segment 278164 is an orphan.
File record segment 278528 is an orphan.
File record segment 278595 is an orphan.
File record segment 278682 is an orphan.
File record segment 278684 is an orphan.
File record segment 278843 is an orphan.
File record segment 279059 is an orphan.
File record segment 279072 is an orphan.
File record segment 279168 is an orphan.
File record segment 279172 is an orphan.
File record segment 279268 is an orphan.
File record segment 279275 is an orphan.
File record segment 279383 is an orphan.
File record segment 279394 is an orphan.
File record segment 279427 is an orphan.
File record segment 279431 is an orphan.
File record segment 279438 is an orphan.
File record segment 279439 is an orphan.
File record segment 279448 is an orphan.
File record segment 279449 is an orphan.
File record segment 279520 is an orphan.
File record segment 279553 is an orphan.
File record segment 279554 is an orphan.
File record segment 279560 is an orphan.
File record segment 279563 is an orphan.
File record segment 279565 is an orphan.
File record segment 279578 is an orphan.
File record segment 279579 is an orphan.
File record segment 279588 is an orphan.
File record segment 279607 is an orphan.
File record segment 279620 is an orphan.
File record segment 279707 is an orphan.
File record segment 279836 is an orphan.
File record segment 279838 is an orphan.
File record segment 279900 is an orphan.
File record segment 280037 is an orphan.
File record segment 280046 is an orphan.
File record segment 280261 is an orphan.
File record segment 280268 is an orphan.
File record segment 280274 is an orphan.
File record segment 280482 is an orphan.
File record segment 280493 is an orphan.
File record segment 280500 is an orphan.
File record segment 288511 is an orphan.
  8281 large file records processed.                                   


Errors found.  CHKDSK cannot continue in read-only mode.

========= End of CMD: =========


========= sfc /scannow =========



Beginning system scan.  This process will take some time.



Beginning verification phase of system scan.

Verification 0% complete.Verification 1% complete.Verification 2% complete.Verification 3% complete.Verification 4% complete.Verification 5% complete.Verification 6% complete.Verification 7% complete.Verification 8% complete.Verification 9% complete.Verification 9% complete.Verification 10% complete.Verification 11% complete.Verification 12% complete.Verification 13% complete.Verification 14% complete.Verification 15% complete.Verification 16% complete.Verification 17% complete.Verification 18% complete.Verification 19% complete.Verification 19% complete.Verification 20% complete.Verification 21% complete.Verification 22% complete.Verification 23% complete.Verification 24% complete.Verification 25% complete.Verification 26% complete.Verification 27% complete.Verification 28% complete.Verification 29% complete.Verification 29% complete.Verification 30% complete.Verification 31% complete.Verification 32% complete.Verification 33% complete.Verification 34% complete.Verification 35% complete.Verification 36% complete.Verification 37% complete.Verification 38% complete.Verification 38% complete.Verification 39% complete.Verification 40% complete.Verification 41% complete.Verification 42% complete.Verification 43% complete.Verification 44% complete.Verification 45% complete.Verification 46% complete.Verification 47% complete.Verification 48% complete.Verification 48% complete.Verification 49% complete.Verification 50% complete.Verification 51% complete.Verification 52% complete.Verification 53% complete.Verification 54% complete.Verification 55% complete.Verification 56% complete.Verification 57% complete.Verification 58% complete.Verification 58% complete.Verification 59% complete.Verification 60% complete.Verification 61% complete.Verification 62% complete.Verification 63% complete.Verification 64% complete.Verification 65% complete.Verification 66% complete.Verification 67% complete.Verification 68% complete.Verification 68% complete.Verification 69% complete.Verification 70% complete.Verification 71% complete.Verification 72% complete.Verification 73% complete.Verification 74% complete.Verification 75% complete.Verification 76% complete.Verification 77% complete.Verification 77% complete.Verification 78% complete.Verification 79% complete.Verification 80% complete.Verification 81% complete.Verification 82% complete.Verification 83% complete.Verification 84% complete.Verification 85% complete.Verification 86% complete.Verification 87% complete.Verification 87% complete.Verification 88% complete.Verification 89% complete.Verification 90% complete.Verification 91% complete.Verification 92% complete.Verification 93% complete.Verification 94% complete.Verification 95% complete.Verification 96% complete.Verification 97% complete.Verification 97% complete.Verification 98% complete.Verification 99% complete.Verification 100% complete.
Windows Resource Protection found corrupt files but was unable to fix some of them.

Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For example

C:\Windows\Logs\CBS\CBS.log


========= End of CMD: =========


==== End of Fixlog 09:36:39 ====



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,785 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:29 AM

Posted 13 February 2018 - 09:48 AM

Thank you.

We need follow up on corruptions to your system.

Please do these things.

===================================================

Running Chkdsk /r From Command Prompt with Report

--------------------
  • Close any open programs
  • Click Start, Programs, Accessories
  • Right click on Command Prompt and select Run as Administrator
  • Copy and paste the following after the command prompt and press Enter

CMD /C ECHO Y|CHKDSK C: /R /X | SHUTDOWN /R /T 05

  • Please allow the system to reboot on its own and run the program. This may take a long time
  • When completed copy and paste the following after the command prompt and press Enter

CMD /C ECHO Y|CHKDSK C: /R | SHUTDOWN /R /T 05 |find /v "percent" >> "%userprofile%\desktop\chkdskreport.txt"

  • Please allow the system to reboot on its own and run the program. This may take a bit of time
  • When completed copy and paste the contents of the chkdskreport.txt document that will be on your Desktop
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
Zip: C:\Windows\Logs\CBS\CBS.log
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • The tool will also create a zip file on your Desktop with today's date and time, example 05.12.2016_13.04.06.zip. Please attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • chkdsk report
  • Attached zip file

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 abruzzojohn

abruzzojohn
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 13 February 2018 - 11:10 AM

gary

 

the chkdsk report showed 0 bytes and is empty so have not pasted it as there is nothing

 

have attached the zip file but everything ran in five minutes after the first cmdpront entry which took a while so am not sure anything has worked

 

john

Attached Files



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,785 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:29 AM

Posted 13 February 2018 - 04:34 PM

Hi John,

Please do this.

===================================================

Disk Cleanup of System Files

----------
  • Press the Windows Key + R at the same time
  • Type cleanmgr and hit Enter
  • Select the C: drive and click OK
  • Click Clean up system files
  • Select the C: drive and click OK
  • Place a check mark in Files discarded by Windows upgrade
  • Click OK
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
cmd: chkdsk
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Copy/paste the following in the Search: box
defragproxy.dll;loadfix.com;autochk.exe
  • Click Search File(s) button
  • When completed click OK and a Search.txt document will open on your desktop
  • Copy and paste the contents of that document your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Disk Cleanup run?
  • Fixlog
  • Search.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 abruzzojohn

abruzzojohn
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 14 February 2018 - 03:21 AM

gary an he disk cleanup but there was no entry "files discarded by windows upgrade" i clicked ok anyway

 

john

 

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 12.02.2018
Ran by a (14-02-2018 09:08:13) Run:5
Running from C:\Users\a\Desktop
Loaded Profiles: a (Available Profiles: a & admin)
Boot Mode: Normal

==============================================

fixlist content:
*****************
cmd: chkdsk

*****************


========= chkdsk =========

The type of the file system is NTFS.
Volume label is VistaOS.

WARNING!  F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
 0 percent complete. (0 of 401664 file records processed)     
 0 percent complete. (88 of 401664 file records processed)     
Attribute list for file 705 is corrupt.
Attribute list for file 705 is corrupt.
 0 percent complete. (8909 of 401664 file records processed)     
 0 percent complete. (27133 of 401664 file records processed)     
Attribute record (128, "") from file record segment 27188
is corrupt.
 1 percent complete. (40167 of 401664 file records processed)     
 1 percent complete. (60001 of 401664 file records processed)     
 1 percent complete. (73482 of 401664 file records processed)     
 2 percent complete. (80333 of 401664 file records processed)     
 2 percent complete. (91393 of 401664 file records processed)     
 2 percent complete. (98700 of 401664 file records processed)     
 2 percent complete. (112070 of 401664 file records processed)     
 3 percent complete. (120500 of 401664 file records processed)     
 3 percent complete. (138053 of 401664 file records processed)     
 3 percent complete. (150167 of 401664 file records processed)     
Attribute record (128, "") from file record segment 151733
is corrupt.
 4 percent complete. (160666 of 401664 file records processed)     
Attribute record (128, "") from file record segment 166177
is corrupt.
 4 percent complete. (176410 of 401664 file records processed)     
 4 percent complete. (195757 of 401664 file records processed)     
Attribute record (128, "") from file record segment 198753
is corrupt.
 5 percent complete. (200832 of 401664 file records processed)     
Deleted corrupt attribute list entry
with type code 128 in file 207591.
Attribute record (128, "") from file record segment 206725
is corrupt.
Attribute record (128, "") from file record segment 207366
is corrupt.
Attribute record (128, "") from file record segment 207557
is corrupt.
Attribute record (128, "") from file record segment 208168
is corrupt.
Attribute record (128, "") from file record segment 210321
is corrupt.
Attribute record (128, "") from file record segment 210386
is corrupt.
Attribute record (128, "") from file record segment 215905
is corrupt.
Attribute record (128, "") from file record segment 216753
is corrupt.
Attribute record (128, "") from file record segment 217316
is corrupt.
Attribute record (128, "") from file record segment 217498
is corrupt.
Attribute record (128, "") from file record segment 217505
is corrupt.
Attribute record (128, "") from file record segment 217609
is corrupt.
Attribute record (128, "") from file record segment 217611
is corrupt.
Attribute record (128, "") from file record segment 217612
is corrupt.
Attribute record (128, "") from file record segment 219052
is corrupt.
Attribute record (128, "") from file record segment 220523
is corrupt.
Attribute record (128, "") from file record segment 220739
is corrupt.
Attribute record (128, "") from file record segment 220753
is corrupt.
Attribute record (128, "") from file record segment 240696
is corrupt.
Attribute record (128, "") from file record segment 240882
is corrupt.
Attribute record (128, "") from file record segment 241269
is corrupt.
Attribute record (128, "") from file record segment 241684
is corrupt.
Attribute record (128, "") from file record segment 242614
is corrupt.
Attribute record (128, "") from file record segment 242744
is corrupt.
Attribute record (128, "") from file record segment 242852
is corrupt.
Attribute record (128, "") from file record segment 243480
is corrupt.
Attribute record (128, "") from file record segment 243531
is corrupt.
Attribute record (128, "") from file record segment 243614
is corrupt.
Attribute record (128, "") from file record segment 243818
is corrupt.
Attribute record (128, "") from file record segment 243844
is corrupt.
Attribute record (128, "") from file record segment 244297
is corrupt.
Attribute record (128, "") from file record segment 244650
is corrupt.
Attribute record (128, "") from file record segment 245049
is corrupt.
Attribute record (128, "") from file record segment 245186
is corrupt.
Attribute record (128, "") from file record segment 245336
is corrupt.
Attribute record (128, "") from file record segment 245482
is corrupt.
Attribute record (128, "") from file record segment 245496
is corrupt.
Attribute record (128, "") from file record segment 245498
is corrupt.
Attribute record (128, "") from file record segment 246082
is corrupt.
Attribute record (128, "") from file record segment 246264
is corrupt.
Attribute record (128, "") from file record segment 246397
is corrupt.
Attribute record (128, "") from file record segment 246424
is corrupt.
Attribute record (128, "") from file record segment 246640
is corrupt.
Attribute record (128, "") from file record segment 246756
is corrupt.
Attribute record (128, "") from file record segment 246845
is corrupt.
Attribute record (128, "") from file record segment 246916
is corrupt.
Attribute record (128, "") from file record segment 246924
is corrupt.
Attribute record (128, "") from file record segment 246925
is corrupt.
Attribute record (128, "") from file record segment 246930
is corrupt.
Attribute record (128, "") from file record segment 246932
is corrupt.
Attribute record (128, "") from file record segment 246943
is corrupt.
Attribute record (128, "") from file record segment 246984
is corrupt.
Attribute record (128, "") from file record segment 247052
is corrupt.
Attribute record (128, "") from file record segment 247167
is corrupt.
Attribute record (128, "") from file record segment 247226
is corrupt.
Attribute record (128, "") from file record segment 247235
is corrupt.
Attribute record (128, "") from file record segment 247457
is corrupt.
Attribute record (128, "") from file record segment 247514
is corrupt.
Attribute record (128, "") from file record segment 247553
is corrupt.
Attribute record (128, "") from file record segment 247933
is corrupt.
Attribute record (128, "") from file record segment 248218
is corrupt.
Attribute record (128, "") from file record segment 248375
is corrupt.
Attribute record (128, "") from file record segment 248634
is corrupt.
Attribute record (128, "") from file record segment 248700
is corrupt.
Attribute record (128, "") from file record segment 248786
is corrupt.
Attribute record (128, "") from file record segment 248818
is corrupt.
Attribute record (128, "") from file record segment 248823
is corrupt.
Attribute record (128, "") from file record segment 248827
is corrupt.
Attribute record (128, "") from file record segment 248828
is corrupt.
Attribute record (128, "") from file record segment 248829
is corrupt.
Attribute record (128, "") from file record segment 248830
is corrupt.
Attribute record (128, "") from file record segment 248842
is corrupt.
Attribute record (128, "") from file record segment 248919
is corrupt.
Attribute record (128, "") from file record segment 248987
is corrupt.
Attribute record (128, "") from file record segment 249303
is corrupt.
Attribute record (128, "") from file record segment 249394
is corrupt.
Attribute record (128, "") from file record segment 249558
is corrupt.
 5 percent complete. (207592 of 401664 file records processed)     
Attribute record (128, "") from file record segment 217386
is corrupt.
 5 percent complete. (217538 of 401664 file records processed)     
Attribute record (128, "") from file record segment 217784
is corrupt.
 5 percent complete. (230036 of 401664 file records processed)     
Attribute record (128, "") from file record segment 231086
is corrupt.
Deleted corrupt attribute list entry
with type code 128 in file 232185.
Attribute record (128, "") from file record segment 261250
is corrupt.
Deleted corrupt attribute list entry
with type code 128 in file 232756.
Attribute record (128, "") from file record segment 254907
is corrupt.
Attribute record (128, "") from file record segment 259998
is corrupt.
Attribute record (128, "") from file record segment 233890
is corrupt.
 5 percent complete. (237825 of 401664 file records processed)     
Attribute record (128, "") from file record segment 240837
is corrupt.
 6 percent complete. (240999 of 401664 file records processed)     
Attribute record (128, "") from file record segment 246000
is corrupt.
Deleted corrupt attribute list entry
with type code 128 in file 252623.
Attribute record (128, "") from file record segment 288511
is corrupt.
 6 percent complete. (253117 of 401664 file records processed)     
Attribute record (128, "") from file record segment 259479
is corrupt.
 6 percent complete. (259722 of 401664 file records processed)     
 6 percent complete. (263702 of 401664 file records processed)     
Deleted corrupt attribute list entry
with type code 128 in file 266601.
Attribute record (128, "") from file record segment 255735
is corrupt.
Attribute record (128, "") from file record segment 256307
is corrupt.
 6 percent complete. (274177 of 401664 file records processed)     
Deleted corrupt attribute list entry
with type code 128 in file 278547.
Attribute record (128, "") from file record segment 4571
is corrupt.
Attribute record (128, "") from file record segment 4746
is corrupt.
Attribute record (128, "") from file record segment 14553
is corrupt.
Attribute record (128, "") from file record segment 107154
is corrupt.
Attribute record (128, "") from file record segment 134047
is corrupt.
Attribute record (128, "") from file record segment 141066
is corrupt.
Attribute record (128, "") from file record segment 149335
is corrupt.
Attribute record (128, "") from file record segment 152015
is corrupt.
Attribute record (128, "") from file record segment 155822
is corrupt.
Attribute record (128, "") from file record segment 157056
is corrupt.
Attribute record (128, "") from file record segment 163637
is corrupt.
Attribute record (128, "") from file record segment 183918
is corrupt.
Attribute record (128, "") from file record segment 184572
is corrupt.
Attribute record (128, "") from file record segment 189129
is corrupt.
Attribute record (128, "") from file record segment 190881
is corrupt.
Attribute record (128, "") from file record segment 190885
is corrupt.
Attribute record (128, "") from file record segment 190913
is corrupt.
Attribute record (128, "") from file record segment 191363
is corrupt.
Attribute record (128, "") from file record segment 208997
is corrupt.
Attribute record (128, "") from file record segment 216037
is corrupt.
Attribute record (128, "") from file record segment 217094
is corrupt.
Attribute record (128, "") from file record segment 217099
is corrupt.
Attribute record (128, "") from file record segment 218136
is corrupt.
Attribute record (128, "") from file record segment 218428
is corrupt.
Attribute record (128, "") from file record segment 223333
is corrupt.
Attribute record (128, "") from file record segment 226049
is corrupt.
Attribute record (128, "") from file record segment 226204
is corrupt.
Attribute record (128, "") from file record segment 230506
is corrupt.
Attribute record (128, "") from file record segment 231150
is corrupt.
Attribute record (128, "") from file record segment 231152
is corrupt.
Attribute record (128, "") from file record segment 232102
is corrupt.
Attribute record (128, "") from file record segment 232106
is corrupt.
Attribute record (128, "") from file record segment 232581
is corrupt.
Attribute record (128, "") from file record segment 232794
is corrupt.
Attribute record (128, "") from file record segment 233155
is corrupt.
Attribute record (128, "") from file record segment 233187
is corrupt.
Attribute record (128, "") from file record segment 233193
is corrupt.
Attribute record (128, "") from file record segment 233194
is corrupt.
Attribute record (128, "") from file record segment 233234
is corrupt.
Attribute record (128, "") from file record segment 233278
is corrupt.
Attribute record (128, "") from file record segment 233737
is corrupt.
Attribute record (128, "") from file record segment 243008
is corrupt.
Attribute record (128, "") from file record segment 245775
is corrupt.
Attribute record (128, "") from file record segment 246057
is corrupt.
Attribute record (128, "") from file record segment 246078
is corrupt.
Attribute record (128, "") from file record segment 246079
is corrupt.
Attribute record (128, "") from file record segment 247281
is corrupt.
Attribute record (128, "") from file record segment 247358
is corrupt.
Attribute record (128, "") from file record segment 247371
is corrupt.
Attribute record (128, "") from file record segment 247385
is corrupt.
Attribute record (128, "") from file record segment 247786
is corrupt.
Attribute record (128, "") from file record segment 247879
is corrupt.
Attribute record (128, "") from file record segment 248044
is corrupt.
Attribute record (128, "") from file record segment 248049
is corrupt.
Attribute record (128, "") from file record segment 248051
is corrupt.
Attribute record (128, "") from file record segment 248056
is corrupt.
Attribute record (128, "") from file record segment 248079
is corrupt.
Attribute record (128, "") from file record segment 248096
is corrupt.
Attribute record (128, "") from file record segment 248103
is corrupt.
Attribute record (128, "") from file record segment 248125
is corrupt.
Attribute record (128, "") from file record segment 248145
is corrupt.
Attribute record (128, "") from file record segment 248148
is corrupt.
Attribute record (128, "") from file record segment 248641
is corrupt.
Attribute record (128, "") from file record segment 248662
is corrupt.
Attribute record (128, "") from file record segment 248666
is corrupt.
Attribute record (128, "") from file record segment 248733
is corrupt.
Attribute record (128, "") from file record segment 248843
is corrupt.
Attribute record (128, "") from file record segment 248998
is corrupt.
Attribute record (128, "") from file record segment 249002
is corrupt.
Attribute record (128, "") from file record segment 249013
is corrupt.
Attribute record (128, "") from file record segment 249062
is corrupt.
Attribute record (128, "") from file record segment 249091
is corrupt.
Attribute record (128, "") from file record segment 249312
is corrupt.
Attribute record (128, "") from file record segment 249391
is corrupt.
Attribute record (128, "") from file record segment 249415
is corrupt.
Attribute record (128, "") from file record segment 249727
is corrupt.
Attribute record (128, "") from file record segment 249811
is corrupt.
Attribute record (128, "") from file record segment 249813
is corrupt.
Attribute record (128, "") from file record segment 249816
is corrupt.
Attribute record (128, "") from file record segment 249824
is corrupt.
Attribute record (128, "") from file record segment 249831
is corrupt.
Attribute record (128, "") from file record segment 249856
is corrupt.
Attribute record (128, "") from file record segment 249864
is corrupt.
Attribute record (128, "") from file record segment 250043
is corrupt.
Attribute record (128, "") from file record segment 253011
is corrupt.
Attribute record (128, "") from file record segment 253067
is corrupt.
Attribute record (128, "") from file record segment 253270
is corrupt.
Attribute record (128, "") from file record segment 253281
is corrupt.
Attribute record (128, "") from file record segment 253282
is corrupt.
Attribute record (128, "") from file record segment 253286
is corrupt.
Attribute record (128, "") from file record segment 253295
is corrupt.
Attribute record (128, "") from file record segment 253364
is corrupt.
Attribute record (128, "") from file record segment 253426
is corrupt.
Attribute record (128, "") from file record segment 253482
is corrupt.
Attribute record (128, "") from file record segment 253490
is corrupt.
Attribute record (128, "") from file record segment 253492
is corrupt.
Attribute record (128, "") from file record segment 258002
is corrupt.
Attribute record (128, "") from file record segment 273938
is corrupt.
Attribute record (128, "") from file record segment 274992
is corrupt.
Attribute record (128, "") from file record segment 277922
is corrupt.
Attribute record (128, "") from file record segment 278031
is corrupt.
Attribute record (128, "") from file record segment 278111
is corrupt.
Attribute record (128, "") from file record segment 278117
is corrupt.
Attribute record (128, "") from file record segment 278125
is corrupt.
Attribute record (128, "") from file record segment 278140
is corrupt.
Attribute record (128, "") from file record segment 278143
is corrupt.
Attribute record (128, "") from file record segment 278164
is corrupt.
Attribute record (128, "") from file record segment 278528
is corrupt.
Attribute record (128, "") from file record segment 278595
is corrupt.
Attribute record (128, "") from file record segment 278682
is corrupt.
Attribute record (128, "") from file record segment 278684
is corrupt.
Attribute record (128, "") from file record segment 278843
is corrupt.
Attribute record (128, "") from file record segment 279059
is corrupt.
Attribute record (128, "") from file record segment 279072
is corrupt.
Attribute record (128, "") from file record segment 279168
is corrupt.
Attribute record (128, "") from file record segment 279172
is corrupt.
Attribute record (128, "") from file record segment 279268
is corrupt.
Attribute record (128, "") from file record segment 279275
is corrupt.
Attribute record (128, "") from file record segment 279383
is corrupt.
Attribute record (128, "") from file record segment 279394
is corrupt.
Attribute record (128, "") from file record segment 279427
is corrupt.
Attribute record (128, "") from file record segment 279431
is corrupt.
Attribute record (128, "") from file record segment 279438
is corrupt.
Attribute record (128, "") from file record segment 279439
is corrupt.
Attribute record (128, "") from file record segment 279448
is corrupt.
Attribute record (128, "") from file record segment 279449
is corrupt.
Attribute record (128, "") from file record segment 279520
is corrupt.
Attribute record (128, "") from file record segment 279553
is corrupt.
Attribute record (128, "") from file record segment 279554
is corrupt.
Attribute record (128, "") from file record segment 279560
is corrupt.
Attribute record (128, "") from file record segment 279563
is corrupt.
Attribute record (128, "") from file record segment 279565
is corrupt.
Attribute record (128, "") from file record segment 279578
is corrupt.
Attribute record (128, "") from file record segment 279579
is corrupt.
Attribute record (128, "") from file record segment 279588
is corrupt.
Attribute record (128, "") from file record segment 279607
is corrupt.
Attribute record (128, "") from file record segment 279620
is corrupt.
Attribute record (128, "") from file record segment 279707
is corrupt.
Attribute record (128, "") from file record segment 279836
is corrupt.
Attribute record (128, "") from file record segment 279838
is corrupt.
Attribute record (128, "") from file record segment 279900
is corrupt.
Attribute record (128, "") from file record segment 280037
is corrupt.
Attribute record (128, "") from file record segment 280046
is corrupt.
Attribute record (128, "") from file record segment 280261
is corrupt.
Attribute record (128, "") from file record segment 280268
is corrupt.
Attribute record (128, "") from file record segment 280274
is corrupt.
Attribute record (128, "") from file record segment 280482
is corrupt.
Attribute record (128, "") from file record segment 280493
is corrupt.
Attribute record (128, "") from file record segment 280500
is corrupt.
Deleted corrupt attribute list entry
with type code 128 in file 279309.
Attribute record (128, "") from file record segment 264534
is corrupt.
 7 percent complete. (281165 of 401664 file records processed)     
Attribute record (128, "") from file record segment 291124
is corrupt.
 7 percent complete. (291321 of 401664 file records processed)     
Attribute record (160, $I30) from file record segment 298919
is corrupt.
Attribute record (128, "") from file record segment 300775
is corrupt.
Attribute record (128, "") from file record segment 300912
is corrupt.
 7 percent complete. (302603 of 401664 file records processed)     
Attribute record (128, "") from file record segment 306216
is corrupt.
 8 percent complete. (321332 of 401664 file records processed)     
 9 percent complete. (361498 of 401664 file records processed)     
  401664 file records processed.                                         

File verification completed.
File record segment 1141 is an orphan.
File record segment 3339 is an orphan.
File record segment 3520 is an orphan.
File record segment 4024 is an orphan.
File record segment 4184 is an orphan.
File record segment 4571 is an orphan.
File record segment 4746 is an orphan.
File record segment 5034 is an orphan.
File record segment 5904 is an orphan.
File record segment 7487 is an orphan.
File record segment 7988 is an orphan.
File record segment 8951 is an orphan.
File record segment 9531 is an orphan.
File record segment 9580 is an orphan.
File record segment 9621 is an orphan.
File record segment 9625 is an orphan.
File record segment 9645 is an orphan.
File record segment 11366 is an orphan.
File record segment 12258 is an orphan.
File record segment 12386 is an orphan.
File record segment 12517 is an orphan.
File record segment 12698 is an orphan.
File record segment 13171 is an orphan.
File record segment 13252 is an orphan.
File record segment 13332 is an orphan.
File record segment 13343 is an orphan.
File record segment 13485 is an orphan.
File record segment 13506 is an orphan.
File record segment 14553 is an orphan.
File record segment 15502 is an orphan.
File record segment 18016 is an orphan.
File record segment 19895 is an orphan.
File record segment 20558 is an orphan.
File record segment 21471 is an orphan.
File record segment 21846 is an orphan.
File record segment 24102 is an orphan.
File record segment 24470 is an orphan.
File record segment 37272 is an orphan.
File record segment 37478 is an orphan.
File record segment 37559 is an orphan.
File record segment 72458 is an orphan.
File record segment 72462 is an orphan.
File record segment 72481 is an orphan.
File record segment 72519 is an orphan.
File record segment 72528 is an orphan.
File record segment 77121 is an orphan.
File record segment 77652 is an orphan.
File record segment 96080 is an orphan.
File record segment 96084 is an orphan.
File record segment 98237 is an orphan.
File record segment 107154 is an orphan.
File record segment 108655 is an orphan.
File record segment 108656 is an orphan.
File record segment 108710 is an orphan.
File record segment 108715 is an orphan.
File record segment 134047 is an orphan.
File record segment 141066 is an orphan.
File record segment 141789 is an orphan.
File record segment 142587 is an orphan.
File record segment 149335 is an orphan.
File record segment 152015 is an orphan.
File record segment 155822 is an orphan.
File record segment 157056 is an orphan.
File record segment 163637 is an orphan.
File record segment 183918 is an orphan.
File record segment 184572 is an orphan.
File record segment 189129 is an orphan.
File record segment 190881 is an orphan.
File record segment 190885 is an orphan.
File record segment 190913 is an orphan.
File record segment 191363 is an orphan.
File record segment 206725 is an orphan.
File record segment 207366 is an orphan.
File record segment 207557 is an orphan.
File record segment 208168 is an orphan.
File record segment 208997 is an orphan.
File record segment 210321 is an orphan.
File record segment 210386 is an orphan.
File record segment 215905 is an orphan.
File record segment 216037 is an orphan.
File record segment 216753 is an orphan.
File record segment 217094 is an orphan.
File record segment 217099 is an orphan.
File record segment 217316 is an orphan.
File record segment 217498 is an orphan.
File record segment 217505 is an orphan.
File record segment 217609 is an orphan.
File record segment 217611 is an orphan.
File record segment 217612 is an orphan.
File record segment 218136 is an orphan.
File record segment 218428 is an orphan.
File record segment 219052 is an orphan.
File record segment 220523 is an orphan.
File record segment 220739 is an orphan.
File record segment 220753 is an orphan.
File record segment 223333 is an orphan.
File record segment 226049 is an orphan.
File record segment 226204 is an orphan.
File record segment 230506 is an orphan.
File record segment 231150 is an orphan.
File record segment 231152 is an orphan.
File record segment 232102 is an orphan.
File record segment 232106 is an orphan.
File record segment 232581 is an orphan.
File record segment 232794 is an orphan.
File record segment 233155 is an orphan.
File record segment 233187 is an orphan.
File record segment 233193 is an orphan.
File record segment 233194 is an orphan.
File record segment 233234 is an orphan.
File record segment 233278 is an orphan.
File record segment 233737 is an orphan.
File record segment 240696 is an orphan.
File record segment 240882 is an orphan.
File record segment 241269 is an orphan.
File record segment 241684 is an orphan.
File record segment 242614 is an orphan.
File record segment 242744 is an orphan.
File record segment 242852 is an orphan.
File record segment 243008 is an orphan.
File record segment 243480 is an orphan.
File record segment 243531 is an orphan.
File record segment 243614 is an orphan.
File record segment 243818 is an orphan.
File record segment 243844 is an orphan.
File record segment 244297 is an orphan.
File record segment 244650 is an orphan.
File record segment 245049 is an orphan.
File record segment 245186 is an orphan.
File record segment 245336 is an orphan.
File record segment 245482 is an orphan.
File record segment 245496 is an orphan.
File record segment 245498 is an orphan.
File record segment 245775 is an orphan.
File record segment 246057 is an orphan.
File record segment 246078 is an orphan.
File record segment 246079 is an orphan.
File record segment 246082 is an orphan.
File record segment 246264 is an orphan.
File record segment 246397 is an orphan.
File record segment 246424 is an orphan.
File record segment 246640 is an orphan.
File record segment 246756 is an orphan.
File record segment 246845 is an orphan.
File record segment 246916 is an orphan.
File record segment 246924 is an orphan.
File record segment 246925 is an orphan.
File record segment 246930 is an orphan.
File record segment 246932 is an orphan.
File record segment 246943 is an orphan.
File record segment 246984 is an orphan.
File record segment 247052 is an orphan.
File record segment 247167 is an orphan.
File record segment 247226 is an orphan.
File record segment 247235 is an orphan.
File record segment 247281 is an orphan.
File record segment 247358 is an orphan.
File record segment 247371 is an orphan.
File record segment 247385 is an orphan.
File record segment 247457 is an orphan.
File record segment 247514 is an orphan.
File record segment 247553 is an orphan.
File record segment 247786 is an orphan.
File record segment 247879 is an orphan.
File record segment 247933 is an orphan.
File record segment 248044 is an orphan.
File record segment 248049 is an orphan.
File record segment 248051 is an orphan.
File record segment 248056 is an orphan.
File record segment 248079 is an orphan.
File record segment 248096 is an orphan.
File record segment 248103 is an orphan.
File record segment 248125 is an orphan.
File record segment 248145 is an orphan.
File record segment 248148 is an orphan.
File record segment 248218 is an orphan.
File record segment 248375 is an orphan.
File record segment 248634 is an orphan.
File record segment 248641 is an orphan.
File record segment 248662 is an orphan.
File record segment 248666 is an orphan.
File record segment 248700 is an orphan.
File record segment 248733 is an orphan.
File record segment 248786 is an orphan.
File record segment 248818 is an orphan.
File record segment 248823 is an orphan.
File record segment 248827 is an orphan.
File record segment 248828 is an orphan.
File record segment 248829 is an orphan.
File record segment 248830 is an orphan.
File record segment 248842 is an orphan.
File record segment 248843 is an orphan.
File record segment 248919 is an orphan.
File record segment 248987 is an orphan.
File record segment 248998 is an orphan.
File record segment 249002 is an orphan.
File record segment 249013 is an orphan.
File record segment 249062 is an orphan.
File record segment 249091 is an orphan.
File record segment 249303 is an orphan.
File record segment 249312 is an orphan.
File record segment 249391 is an orphan.
File record segment 249394 is an orphan.
File record segment 249415 is an orphan.
File record segment 249558 is an orphan.
File record segment 249727 is an orphan.
File record segment 249811 is an orphan.
File record segment 249813 is an orphan.
File record segment 249816 is an orphan.
File record segment 249824 is an orphan.
File record segment 249831 is an orphan.
File record segment 249856 is an orphan.
File record segment 249864 is an orphan.
File record segment 250043 is an orphan.
File record segment 253011 is an orphan.
File record segment 253067 is an orphan.
File record segment 253270 is an orphan.
File record segment 253281 is an orphan.
File record segment 253282 is an orphan.
File record segment 253286 is an orphan.
File record segment 253295 is an orphan.
File record segment 253364 is an orphan.
File record segment 253426 is an orphan.
File record segment 253482 is an orphan.
File record segment 253490 is an orphan.
File record segment 253492 is an orphan.
File record segment 254907 is an orphan.
File record segment 255735 is an orphan.
File record segment 256307 is an orphan.
File record segment 258002 is an orphan.
File record segment 259998 is an orphan.
File record segment 261250 is an orphan.
File record segment 264534 is an orphan.
File record segment 273938 is an orphan.
File record segment 274992 is an orphan.
File record segment 277922 is an orphan.
File record segment 278031 is an orphan.
File record segment 278111 is an orphan.
File record segment 278117 is an orphan.
File record segment 278125 is an orphan.
File record segment 278140 is an orphan.
File record segment 278143 is an orphan.
File record segment 278164 is an orphan.
File record segment 278528 is an orphan.
File record segment 278595 is an orphan.
File record segment 278682 is an orphan.
File record segment 278684 is an orphan.
File record segment 278843 is an orphan.
File record segment 279059 is an orphan.
File record segment 279072 is an orphan.
File record segment 279168 is an orphan.
File record segment 279172 is an orphan.
File record segment 279268 is an orphan.
File record segment 279275 is an orphan.
File record segment 279383 is an orphan.
File record segment 279394 is an orphan.
File record segment 279427 is an orphan.
File record segment 279431 is an orphan.
File record segment 279438 is an orphan.
File record segment 279439 is an orphan.
File record segment 279448 is an orphan.
File record segment 279449 is an orphan.
File record segment 279520 is an orphan.
File record segment 279553 is an orphan.
File record segment 279554 is an orphan.
File record segment 279560 is an orphan.
File record segment 279563 is an orphan.
File record segment 279565 is an orphan.
File record segment 279578 is an orphan.
File record segment 279579 is an orphan.
File record segment 279588 is an orphan.
File record segment 279607 is an orphan.
File record segment 279620 is an orphan.
File record segment 279707 is an orphan.
File record segment 279836 is an orphan.
File record segment 279838 is an orphan.
File record segment 279900 is an orphan.
File record segment 280037 is an orphan.
File record segment 280046 is an orphan.
File record segment 280261 is an orphan.
File record segment 280268 is an orphan.
File record segment 280274 is an orphan.
File record segment 280482 is an orphan.
File record segment 280493 is an orphan.
File record segment 280500 is an orphan.
File record segment 288511 is an orphan.
  8217 large file records processed.                                   


Errors found.  CHKDSK cannot continue in read-only mode.

========= End of CMD: =========


==== End of Fixlog 09:08:50 ====

 

Farbar Recovery Scan Tool (x86) Version: 12.02.2018
Ran by a (14-02-2018 09:11:38)
Running from C:\Users\a\Desktop
Boot Mode: Normal

================== Search Files: "defragproxy.dll;loadfix.com;autochk.exe
" =============

C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7601.17514_none_0014e305d0cff0a7\LOADFIX.COM
[2009-07-13 22:40][2009-07-13 22:40] 000000000 _____ () D41D8CD98F00B204E9800998ECF8427E [File is digitally signed]

C:\Windows\winsxs\x86_microsoft-windows-defrag-core_31bf3856ad364e35_6.1.7600.16385_none_1834bea91960309a\defragproxy.dll
[2009-07-14 00:23][2009-07-14 02:15] 000000000 _____ () D41D8CD98F00B204E9800998ECF8427E [File is digitally signed]

C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe
[2011-06-21 09:16][2010-11-20 13:16] 000668160 _____ () 99A44CB59B5FDAD30296C3EB365149F7 [File not signed]

C:\Windows\System32\autochk.exe
[2011-06-21 09:16][2010-11-20 13:16] 000668160 _____ () 99A44CB59B5FDAD30296C3EB365149F7 [File not signed]

C:\Windows\System32\LOADFIX.COM
[2009-07-13 22:40][2009-07-13 22:40] 000000000 _____ () D41D8CD98F00B204E9800998ECF8427E [File is digitally signed]


====== End of Search ======



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,785 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:29 AM

Posted 14 February 2018 - 11:12 AM

Thank you for the information.

Please do this.

===================================================

CheckDiskGUI

--------------------
  • Download CheckDiskGUI and save it to your desktop
  • Double click the icon and select Run
  • Under the DirtyBit column please let me know if there is any indication of a Dirty Bit
  • Place a check mark in the C: drive box
  • Click Read Only
  • Once completed click File, then Save
  • Save the file to your desktop as CheckDiskGUI (should be default name)
  • Copy and paste the contents of the report in your reply
===================================================

Virustotal Online Virus Scanner

--------------------
  • Please go to Virustotal
  • Select Upload and scan file
  • Navigate to the following file (if multiple files then one at a time), and double click on it to start the scan

C:\Windows\System32\autochk.exe

  • Once completed, highlight the information in the address bar and copy then paste the link in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • CheckDiskGUI report
  • Virustotal link

Edited by Oh My!, 14 February 2018 - 11:15 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 abruzzojohn

abruzzojohn
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 14 February 2018 - 11:42 AM

gary

 

dirtybit column was empty

Checkdisk of C: (Read only mode) started !

Started on : 2018/02/14 17:21:56

The type of the file system is NTFS.
Volume label is VistaOS.
WARNING! F parameter not specified.
Running CHKDSK in read-only mode.
CHKDSK is verifying files (stage 1 of 3)...
Attribute list for file 705 is corrupt.
Attribute list for file 705 is corrupt.
Attribute record (128, "") from file record segment 27188
is corrupt.
Attribute record (128, "") from file record segment 97111
is corrupt.
Attribute record (128, "") from file record segment 160632
is corrupt.
Attribute record (128, "") from file record segment 160863
is corrupt.
Attribute record (128, "") from file record segment 166177
is corrupt.
Attribute record (128, "") from file record segment 198753
is corrupt.
Deleted corrupt attribute list entry
with type code 128 in file 207591.
Attribute record (128, "") from file record segment 206725
is corrupt.
Attribute record (128, "") from file record segment 207366
is corrupt.
Attribute record (128, "") from file record segment 207557
is corrupt.
Attribute record (128, "") from file record segment 208168
is corrupt.
Attribute record (128, "") from file record segment 210321
is corrupt.
Attribute record (128, "") from file record segment 210386
is corrupt.
Attribute record (128, "") from file record segment 215905
is corrupt.
Attribute record (128, "") from file record segment 216753
is corrupt.
Attribute record (128, "") from file record segment 217316
is corrupt.
Attribute record (128, "") from file record segment 217498
is corrupt.
Attribute record (128, "") from file record segment 217505
is corrupt.
Attribute record (128, "") from file record segment 217609
is corrupt.
Attribute record (128, "") from file record segment 217611
is corrupt.
Attribute record (128, "") from file record segment 217612
is corrupt.
Attribute record (128, "") from file record segment 219052
is corrupt.
Attribute record (128, "") from file record segment 220523
is corrupt.
Attribute record (128, "") from file record segment 220739
is corrupt.
Attribute record (128, "") from file record segment 220753
is corrupt.
Attribute record (128, "") from file record segment 240696
is corrupt.
Attribute record (128, "") from file record segment 240882
is corrupt.
Attribute record (128, "") from file record segment 241269
is corrupt.
Attribute record (128, "") from file record segment 241684
is corrupt.
Attribute record (128, "") from file record segment 242614
is corrupt.
Attribute record (128, "") from file record segment 242744
is corrupt.
Attribute record (128, "") from file record segment 242852
is corrupt.
Attribute record (128, "") from file record segment 243480
is corrupt.
Attribute record (128, "") from file record segment 243531
is corrupt.
Attribute record (128, "") from file record segment 243614
is corrupt.
Attribute record (128, "") from file record segment 243818
is corrupt.
Attribute record (128, "") from file record segment 243844
is corrupt.
Attribute record (128, "") from file record segment 244297
is corrupt.
Attribute record (128, "") from file record segment 244650
is corrupt.
Attribute record (128, "") from file record segment 245049
is corrupt.
Attribute record (128, "") from file record segment 245186
is corrupt.
Attribute record (128, "") from file record segment 245336
is corrupt.
Attribute record (128, "") from file record segment 245482
is corrupt.
Attribute record (128, "") from file record segment 245496
is corrupt.
Attribute record (128, "") from file record segment 245498
is corrupt.
Attribute record (128, "") from file record segment 246082
is corrupt.
Attribute record (128, "") from file record segment 246264
is corrupt.
Attribute record (128, "") from file record segment 246397
is corrupt.
Attribute record (128, "") from file record segment 246424
is corrupt.
Attribute record (128, "") from file record segment 246640
is corrupt.
Attribute record (128, "") from file record segment 246756
is corrupt.
Attribute record (128, "") from file record segment 246845
is corrupt.
Attribute record (128, "") from file record segment 246916
is corrupt.
Attribute record (128, "") from file record segment 246924
is corrupt.
Attribute record (128, "") from file record segment 246925
is corrupt.
Attribute record (128, "") from file record segment 246930
is corrupt.
Attribute record (128, "") from file record segment 246932
is corrupt.
Attribute record (128, "") from file record segment 246943
is corrupt.
Attribute record (128, "") from file record segment 246984
is corrupt.
Attribute record (128, "") from file record segment 247052
is corrupt.
Attribute record (128, "") from file record segment 247167
is corrupt.
Attribute record (128, "") from file record segment 247226
is corrupt.
Attribute record (128, "") from file record segment 247235
is corrupt.
Attribute record (128, "") from file record segment 247457
is corrupt.
Attribute record (128, "") from file record segment 247514
is corrupt.
Attribute record (128, "") from file record segment 247553
is corrupt.
Attribute record (128, "") from file record segment 247933
is corrupt.
Attribute record (128, "") from file record segment 248218
is corrupt.
Attribute record (128, "") from file record segment 248375
is corrupt.
Attribute record (128, "") from file record segment 248634
is corrupt.
Attribute record (128, "") from file record segment 248700
is corrupt.
Attribute record (128, "") from file record segment 248786
is corrupt.
Attribute record (128, "") from file record segment 248818
is corrupt.
Attribute record (128, "") from file record segment 248823
is corrupt.
Attribute record (128, "") from file record segment 248827
is corrupt.
Attribute record (128, "") from file record segment 248828
is corrupt.
Attribute record (128, "") from file record segment 248829
is corrupt.
Attribute record (128, "") from file record segment 248830
is corrupt.
Attribute record (128, "") from file record segment 248842
is corrupt.
Attribute record (128, "") from file record segment 248919
is corrupt.
Attribute record (128, "") from file record segment 248987
is corrupt.
Attribute record (128, "") from file record segment 249303
is corrupt.
Attribute record (128, "") from file record segment 249394
is corrupt.
Attribute record (128, "") from file record segment 249558
is corrupt.
Attribute record (128, "") from file record segment 231086
is corrupt.
Deleted corrupt attribute list entry
with type code 128 in file 232185.
Attribute record (128, "") from file record segment 261250
is corrupt.
Deleted corrupt attribute list entry
with type code 128 in file 232756.
Attribute record (128, "") from file record segment 254907
is corrupt.
Attribute record (128, "") from file record segment 259998
is corrupt.
Attribute record (128, "") from file record segment 246000
is corrupt.
Deleted corrupt attribute list entry
with type code 128 in file 252623.
Attribute record (128, "") from file record segment 288511
is corrupt.
Attribute record (128, "") from file record segment 259479
is corrupt.
Deleted corrupt attribute list entry
with type code 128 in file 266601.
Attribute record (128, "") from file record segment 255735
is corrupt.
Attribute record (128, "") from file record segment 256307
is corrupt.
Deleted corrupt attribute list entry
with type code 128 in file 278547.
Attribute record (128, "") from file record segment 4571
is corrupt.
Attribute record (128, "") from file record segment 4746
is corrupt.
Attribute record (128, "") from file record segment 14553
is corrupt.
Attribute record (128, "") from file record segment 107154
is corrupt.
Attribute record (128, "") from file record segment 134047
is corrupt.
Attribute record (128, "") from file record segment 141066
is corrupt.
Attribute record (128, "") from file record segment 149335
is corrupt.
Attribute record (128, "") from file record segment 152015
is corrupt.
Attribute record (128, "") from file record segment 155822
is corrupt.
Attribute record (128, "") from file record segment 157056
is corrupt.
Attribute record (128, "") from file record segment 163637
is corrupt.
Attribute record (128, "") from file record segment 183918
is corrupt.
Attribute record (128, "") from file record segment 184572
is corrupt.
Attribute record (128, "") from file record segment 189129
is corrupt.
Attribute record (128, "") from file record segment 190881
is corrupt.
Attribute record (128, "") from file record segment 190885
is corrupt.
Attribute record (128, "") from file record segment 190913
is corrupt.
Attribute record (128, "") from file record segment 191363
is corrupt.
Attribute record (128, "") from file record segment 208997
is corrupt.
Attribute record (128, "") from file record segment 216037
is corrupt.
Attribute record (128, "") from file record segment 217094
is corrupt.
Attribute record (128, "") from file record segment 217099
is corrupt.
Attribute record (128, "") from file record segment 218136
is corrupt.
Attribute record (128, "") from file record segment 218428
is corrupt.
Attribute record (128, "") from file record segment 223333
is corrupt.
Attribute record (128, "") from file record segment 226049
is corrupt.
Attribute record (128, "") from file record segment 226204
is corrupt.
Attribute record (128, "") from file record segment 230506
is corrupt.
Attribute record (128, "") from file record segment 231150
is corrupt.
Attribute record (128, "") from file record segment 231152
is corrupt.
Attribute record (128, "") from file record segment 232102
is corrupt.
Attribute record (128, "") from file record segment 232106
is corrupt.
Attribute record (128, "") from file record segment 232581
is corrupt.
Attribute record (128, "") from file record segment 232794
is corrupt.
Attribute record (128, "") from file record segment 233155
is corrupt.
Attribute record (128, "") from file record segment 233187
is corrupt.
Attribute record (128, "") from file record segment 233193
is corrupt.
Attribute record (128, "") from file record segment 233194
is corrupt.
Attribute record (128, "") from file record segment 233234
is corrupt.
Attribute record (128, "") from file record segment 233278
is corrupt.
Attribute record (128, "") from file record segment 233737
is corrupt.
Attribute record (128, "") from file record segment 243008
is corrupt.
Attribute record (128, "") from file record segment 245775
is corrupt.
Attribute record (128, "") from file record segment 246057
is corrupt.
Attribute record (128, "") from file record segment 246078
is corrupt.
Attribute record (128, "") from file record segment 246079
is corrupt.
Attribute record (128, "") from file record segment 247281
is corrupt.
Attribute record (128, "") from file record segment 247358
is corrupt.
Attribute record (128, "") from file record segment 247371
is corrupt.
Attribute record (128, "") from file record segment 247385
is corrupt.
Attribute record (128, "") from file record segment 247786
is corrupt.
Attribute record (128, "") from file record segment 247879
is corrupt.
Attribute record (128, "") from file record segment 248044
is corrupt.
Attribute record (128, "") from file record segment 248049
is corrupt.
Attribute record (128, "") from file record segment 248051
is corrupt.
Attribute record (128, "") from file record segment 248056
is corrupt.
Attribute record (128, "") from file record segment 248079
is corrupt.
Attribute record (128, "") from file record segment 248096
is corrupt.
Attribute record (128, "") from file record segment 248103
is corrupt.
Attribute record (128, "") from file record segment 248125
is corrupt.
Attribute record (128, "") from file record segment 248145
is corrupt.
Attribute record (128, "") from file record segment 248148
is corrupt.
Attribute record (128, "") from file record segment 248641
is corrupt.
Attribute record (128, "") from file record segment 248662
is corrupt.
Attribute record (128, "") from file record segment 248666
is corrupt.
Attribute record (128, "") from file record segment 248733
is corrupt.
Attribute record (128, "") from file record segment 248843
is corrupt.
Attribute record (128, "") from file record segment 248998
is corrupt.
Attribute record (128, "") from file record segment 249002
is corrupt.
Attribute record (128, "") from file record segment 249013
is corrupt.
Attribute record (128, "") from file record segment 249062
is corrupt.
Attribute record (128, "") from file record segment 249091
is corrupt.
Attribute record (128, "") from file record segment 249312
is corrupt.
Attribute record (128, "") from file record segment 249391
is corrupt.
Attribute record (128, "") from file record segment 249415
is corrupt.
Attribute record (128, "") from file record segment 249727
is corrupt.
Attribute record (128, "") from file record segment 249811
is corrupt.
Attribute record (128, "") from file record segment 249813
is corrupt.
Attribute record (128, "") from file record segment 249816
is corrupt.
Attribute record (128, "") from file record segment 249824
is corrupt.
Attribute record (128, "") from file record segment 249831
is corrupt.
Attribute record (128, "") from file record segment 249856
is corrupt.
Attribute record (128, "") from file record segment 249864
is corrupt.
Attribute record (128, "") from file record segment 250043
is corrupt.
Attribute record (128, "") from file record segment 253011
is corrupt.
Attribute record (128, "") from file record segment 253067
is corrupt.
Attribute record (128, "") from file record segment 253270
is corrupt.
Attribute record (128, "") from file record segment 253281
is corrupt.
Attribute record (128, "") from file record segment 253282
is corrupt.
Attribute record (128, "") from file record segment 253286
is corrupt.
Attribute record (128, "") from file record segment 253295
is corrupt.
Attribute record (128, "") from file record segment 253364
is corrupt.
Attribute record (128, "") from file record segment 253426
is corrupt.
Attribute record (128, "") from file record segment 253482
is corrupt.
Attribute record (128, "") from file record segment 253490
is corrupt.
Attribute record (128, "") from file record segment 253492
is corrupt.
Attribute record (128, "") from file record segment 258002
is corrupt.
Attribute record (128, "") from file record segment 273938
is corrupt.
Attribute record (128, "") from file record segment 274992
is corrupt.
Attribute record (128, "") from file record segment 277922
is corrupt.
Attribute record (128, "") from file record segment 278031
is corrupt.
Attribute record (128, "") from file record segment 278111
is corrupt.
Attribute record (128, "") from file record segment 278117
is corrupt.
Attribute record (128, "") from file record segment 278125
is corrupt.
Attribute record (128, "") from file record segment 278140
is corrupt.
Attribute record (128, "") from file record segment 278143
is corrupt.
Attribute record (128, "") from file record segment 278164
is corrupt.
Attribute record (128, "") from file record segment 278528
is corrupt.
Attribute record (128, "") from file record segment 278595
is corrupt.
Attribute record (128, "") from file record segment 278682
is corrupt.
Attribute record (128, "") from file record segment 278684
is corrupt.
Attribute record (128, "") from file record segment 278843
is corrupt.
Attribute record (128, "") from file record segment 279059
is corrupt.
Attribute record (128, "") from file record segment 279072
is corrupt.
Attribute record (128, "") from file record segment 279168
is corrupt.
Attribute record (128, "") from file record segment 279172
is corrupt.
Attribute record (128, "") from file record segment 279268
is corrupt.
Attribute record (128, "") from file record segment 279275
is corrupt.
Attribute record (128, "") from file record segment 279383
is corrupt.
Attribute record (128, "") from file record segment 279394
is corrupt.
Attribute record (128, "") from file record segment 279427
is corrupt.
Attribute record (128, "") from file record segment 279431
is corrupt.
Attribute record (128, "") from file record segment 279438
is corrupt.
Attribute record (128, "") from file record segment 279439
is corrupt.
Attribute record (128, "") from file record segment 279448
is corrupt.
Attribute record (128, "") from file record segment 279449
is corrupt.
Attribute record (128, "") from file record segment 279520
is corrupt.
Attribute record (128, "") from file record segment 279553
is corrupt.
Attribute record (128, "") from file record segment 279554
is corrupt.
Attribute record (128, "") from file record segment 279560
is corrupt.
Attribute record (128, "") from file record segment 279563
is corrupt.
Attribute record (128, "") from file record segment 279565
is corrupt.
Attribute record (128, "") from file record segment 279578
is corrupt.
Attribute record (128, "") from file record segment 279579
is corrupt.
Attribute record (128, "") from file record segment 279588
is corrupt.
Attribute record (128, "") from file record segment 279607
is corrupt.
Attribute record (128, "") from file record segment 279620
is corrupt.
Attribute record (128, "") from file record segment 279707
is corrupt.
Attribute record (128, "") from file record segment 279836
is corrupt.
Attribute record (128, "") from file record segment 279838
is corrupt.
Attribute record (128, "") from file record segment 279900
is corrupt.
Attribute record (128, "") from file record segment 280037
is corrupt.
Attribute record (128, "") from file record segment 280046
is corrupt.
Attribute record (128, "") from file record segment 280261
is corrupt.
Attribute record (128, "") from file record segment 280268
is corrupt.
Attribute record (128, "") from file record segment 280274
is corrupt.
Attribute record (128, "") from file record segment 280482
is corrupt.
Attribute record (128, "") from file record segment 280493
is corrupt.
Attribute record (128, "") from file record segment 280500
is corrupt.
Deleted corrupt attribute list entry
with type code 128 in file 279309.
Attribute record (128, "") from file record segment 264534
is corrupt.
Attribute record (128, "") from file record segment 291124
is corrupt.
Attribute record (160, $I30) from file record segment 298919
is corrupt.
Attribute record (128, "") from file record segment 300775
is corrupt.
Attribute record (128, "") from file record segment 300912
is corrupt.
Attribute record (128, "") from file record segment 306216
is corrupt.
  401664 file records processed. 
File verification completed.
File record segment 1141 is an orphan.
File record segment 3339 is an orphan.
File record segment 3520 is an orphan.
File record segment 4024 is an orphan.
File record segment 4184 is an orphan.
File record segment 4571 is an orphan.
File record segment 4746 is an orphan.
File record segment 5034 is an orphan.
File record segment 5904 is an orphan.
File record segment 7487 is an orphan.
File record segment 7988 is an orphan.
File record segment 8951 is an orphan.
File record segment 9531 is an orphan.
File record segment 9580 is an orphan.
File record segment 9621 is an orphan.
File record segment 9625 is an orphan.
File record segment 9645 is an orphan.
File record segment 11366 is an orphan.
File record segment 12258 is an orphan.
File record segment 12386 is an orphan.
File record segment 12517 is an orphan.
File record segment 12698 is an orphan.
File record segment 13171 is an orphan.
File record segment 13252 is an orphan.
File record segment 13332 is an orphan.
File record segment 13343 is an orphan.
File record segment 13485 is an orphan.
File record segment 13506 is an orphan.
File record segment 14553 is an orphan.
File record segment 15502 is an orphan.
File record segment 18016 is an orphan.
File record segment 19895 is an orphan.
File record segment 20558 is an orphan.
File record segment 21471 is an orphan.
File record segment 21846 is an orphan.
File record segment 24102 is an orphan.
File record segment 24470 is an orphan.
File record segment 37272 is an orphan.
File record segment 37478 is an orphan.
File record segment 37559 is an orphan.
File record segment 72458 is an orphan.
File record segment 72462 is an orphan.
File record segment 72481 is an orphan.
File record segment 72519 is an orphan.
File record segment 72528 is an orphan.
File record segment 77121 is an orphan.
File record segment 77652 is an orphan.
File record segment 96080 is an orphan.
File record segment 96084 is an orphan.
File record segment 98237 is an orphan.
File record segment 107154 is an orphan.
File record segment 108655 is an orphan.
File record segment 108656 is an orphan.
File record segment 108710 is an orphan.
File record segment 108715 is an orphan.
File record segment 134047 is an orphan.
File record segment 141066 is an orphan.
File record segment 141789 is an orphan.
File record segment 142587 is an orphan.
File record segment 149335 is an orphan.
File record segment 152015 is an orphan.
File record segment 155822 is an orphan.
File record segment 157056 is an orphan.
File record segment 163637 is an orphan.
File record segment 183918 is an orphan.
File record segment 184572 is an orphan.
File record segment 189129 is an orphan.
File record segment 190881 is an orphan.
File record segment 190885 is an orphan.
File record segment 190913 is an orphan.
File record segment 191363 is an orphan.
File record segment 206725 is an orphan.
File record segment 207366 is an orphan.
File record segment 207557 is an orphan.
File record segment 208168 is an orphan.
File record segment 208997 is an orphan.
File record segment 210321 is an orphan.
File record segment 210386 is an orphan.
File record segment 215905 is an orphan.
File record segment 216037 is an orphan.
File record segment 216753 is an orphan.
File record segment 217094 is an orphan.
File record segment 217099 is an orphan.
File record segment 217316 is an orphan.
File record segment 217498 is an orphan.
File record segment 217505 is an orphan.
File record segment 217609 is an orphan.
File record segment 217611 is an orphan.
File record segment 217612 is an orphan.
File record segment 218136 is an orphan.
File record segment 218428 is an orphan.
File record segment 219052 is an orphan.
File record segment 220523 is an orphan.
File record segment 220739 is an orphan.
File record segment 220753 is an orphan.
File record segment 223333 is an orphan.
File record segment 226049 is an orphan.
File record segment 226204 is an orphan.
File record segment 230506 is an orphan.
File record segment 231150 is an orphan.
File record segment 231152 is an orphan.
File record segment 232102 is an orphan.
File record segment 232106 is an orphan.
File record segment 232581 is an orphan.
File record segment 232794 is an orphan.
File record segment 233155 is an orphan.
File record segment 233187 is an orphan.
File record segment 233193 is an orphan.
File record segment 233194 is an orphan.
File record segment 233234 is an orphan.
File record segment 233278 is an orphan.
File record segment 233737 is an orphan.
File record segment 240696 is an orphan.
File record segment 240882 is an orphan.
File record segment 241269 is an orphan.
File record segment 241684 is an orphan.
File record segment 242614 is an orphan.
File record segment 242744 is an orphan.
File record segment 242852 is an orphan.
File record segment 243008 is an orphan.
File record segment 243480 is an orphan.
File record segment 243531 is an orphan.
File record segment 243614 is an orphan.
File record segment 243818 is an orphan.
File record segment 243844 is an orphan.
File record segment 244297 is an orphan.
File record segment 244650 is an orphan.
File record segment 245049 is an orphan.
File record segment 245186 is an orphan.
File record segment 245336 is an orphan.
File record segment 245482 is an orphan.
File record segment 245496 is an orphan.
File record segment 245498 is an orphan.
File record segment 245775 is an orphan.
File record segment 246057 is an orphan.
File record segment 246078 is an orphan.
File record segment 246079 is an orphan.
File record segment 246082 is an orphan.
File record segment 246264 is an orphan.
File record segment 246397 is an orphan.
File record segment 246424 is an orphan.
File record segment 246640 is an orphan.
File record segment 246756 is an orphan.
File record segment 246845 is an orphan.
File record segment 246916 is an orphan.
File record segment 246924 is an orphan.
File record segment 246925 is an orphan.
File record segment 246930 is an orphan.
File record segment 246932 is an orphan.
File record segment 246943 is an orphan.
File record segment 246984 is an orphan.
File record segment 247052 is an orphan.
File record segment 247167 is an orphan.
File record segment 247226 is an orphan.
File record segment 247235 is an orphan.
File record segment 247281 is an orphan.
File record segment 247358 is an orphan.
File record segment 247371 is an orphan.
File record segment 247385 is an orphan.
File record segment 247457 is an orphan.
File record segment 247514 is an orphan.
File record segment 247553 is an orphan.
File record segment 247786 is an orphan.
File record segment 247879 is an orphan.
File record segment 247933 is an orphan.
File record segment 248044 is an orphan.
File record segment 248049 is an orphan.
File record segment 248051 is an orphan.
File record segment 248056 is an orphan.
File record segment 248079 is an orphan.
File record segment 248096 is an orphan.
File record segment 248103 is an orphan.
File record segment 248125 is an orphan.
File record segment 248145 is an orphan.
File record segment 248148 is an orphan.
File record segment 248218 is an orphan.
File record segment 248375 is an orphan.
File record segment 248634 is an orphan.
File record segment 248641 is an orphan.
File record segment 248662 is an orphan.
File record segment 248666 is an orphan.
File record segment 248700 is an orphan.
File record segment 248733 is an orphan.
File record segment 248786 is an orphan.
File record segment 248818 is an orphan.
File record segment 248823 is an orphan.
File record segment 248827 is an orphan.
File record segment 248828 is an orphan.
File record segment 248829 is an orphan.
File record segment 248830 is an orphan.
File record segment 248842 is an orphan.
File record segment 248843 is an orphan.
File record segment 248919 is an orphan.
File record segment 248987 is an orphan.
File record segment 248998 is an orphan.
File record segment 249002 is an orphan.
File record segment 249013 is an orphan.
File record segment 249062 is an orphan.
File record segment 249091 is an orphan.
File record segment 249303 is an orphan.
File record segment 249312 is an orphan.
File record segment 249391 is an orphan.
File record segment 249394 is an orphan.
File record segment 249415 is an orphan.
File record segment 249558 is an orphan.
File record segment 249727 is an orphan.
File record segment 249811 is an orphan.
File record segment 249813 is an orphan.
File record segment 249816 is an orphan.
File record segment 249824 is an orphan.
File record segment 249831 is an orphan.
File record segment 249856 is an orphan.
File record segment 249864 is an orphan.
File record segment 250043 is an orphan.
File record segment 253011 is an orphan.
File record segment 253067 is an orphan.
File record segment 253270 is an orphan.
File record segment 253281 is an orphan.
File record segment 253282 is an orphan.
File record segment 253286 is an orphan.
File record segment 253295 is an orphan.
File record segment 253364 is an orphan.
File record segment 253426 is an orphan.
File record segment 253482 is an orphan.
File record segment 253490 is an orphan.
File record segment 253492 is an orphan.
File record segment 254907 is an orphan.
File record segment 255735 is an orphan.
File record segment 256307 is an orphan.
File record segment 258002 is an orphan.
File record segment 259998 is an orphan.
File record segment 261250 is an orphan.
File record segment 264534 is an orphan.
File record segment 273938 is an orphan.
File record segment 274992 is an orphan.
File record segment 277922 is an orphan.
File record segment 278031 is an orphan.
File record segment 278111 is an orphan.
File record segment 278117 is an orphan.
File record segment 278125 is an orphan.
File record segment 278140 is an orphan.
File record segment 278143 is an orphan.
File record segment 278164 is an orphan.
File record segment 278528 is an orphan.
File record segment 278595 is an orphan.
File record segment 278682 is an orphan.
File record segment 278684 is an orphan.
File record segment 278843 is an orphan.
File record segment 279059 is an orphan.
File record segment 279072 is an orphan.
File record segment 279168 is an orphan.
File record segment 279172 is an orphan.
File record segment 279268 is an orphan.
File record segment 279275 is an orphan.
File record segment 279383 is an orphan.
File record segment 279394 is an orphan.
File record segment 279427 is an orphan.
File record segment 279431 is an orphan.
File record segment 279438 is an orphan.
File record segment 279439 is an orphan.
File record segment 279448 is an orphan.
File record segment 279449 is an orphan.
File record segment 279520 is an orphan.
File record segment 279553 is an orphan.
File record segment 27955

https://www.virustotal.com/#/file/1a74e9e986cee2cec92f951021c91df187fc20faa4bab123706b16f2c2404a62/detection



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,785 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:29 AM

Posted 14 February 2018 - 11:45 AM

Thank you John.

Now please do this.

===================================================

CheckDiskGUI Fix and Recover

--------------------
  • Launch CheckDiskGUI
  • Place a check mark in the C: drive box
  • Click Fix and Recover
  • Check Yes to schedule the volume to be checked on the next system restart and allow the computer to reboot. The process may take a long time to complete
  • Once completed your computer will automatically restart
  • A message should briefly appear during boot up indicating whether or not the disk is clean
  • Report the results in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ChkDiskGUI results

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 abruzzojohn

abruzzojohn
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 14 February 2018 - 11:59 AM

Gary

 

i saw no msg from chkdiskgui whilst the computer was restarting at all ,it was all over very quickly after the fix and recover was entered

 

john



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,785 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:29 AM

Posted 14 February 2018 - 12:07 PM

We seem to be having some problems trying to clean your file system. Run the program again like you did the first time.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users