Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Removed a bunch of malware and now I can't seem to connect to the internet.


  • This topic is locked This topic is locked
98 replies to this topic

#1 sally_blue

sally_blue

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:50 PM

Posted 29 March 2018 - 08:12 PM

So I have removed a crap ton of malware from my computer. I had tried to use Kapersky that was installed on my computer already which kept getting stopped. Then even tried Panda rescue usb which also got stopped. But Malwarebytes also used the MBAR rootkit scanner. Now all scans are coming back clear. And it seems to have worked but I can't seem to get my computer to connect checked the adapters are enabled. I have tried resetting my internet options, I have checked my LAN settings in internet options. I have checked my IPv4 and IPv6 to make sure they are clicked to obtain ip address automatically.  I have tried ipconfig/release  and ipconfig/renew which says no adapter is in the state permissible for the state. I have tried to reset the WINSOCK entries and rebootedI used the Farbar Service Scanner this is what I have gotten after the scan and FRST which I will post the logs below. I'm not sure what else to do.  :unsure: 

 

Farbar Service Scanner results

 

Farbar Service Scanner Version: 27-01-2016
Ran by kkkkk (administrator) on 29-03-2018 at 20:40:44
Running from "C:\Users\kkkkk\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.
 
 
Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
There is no connection to network.
Attempt to access Google IP returned error. Other errors
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Action Center:
============
 
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****
 
 
 
 
FRST results below
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by kkkkk (administrator) on ROBERT-HP (29-03-2018 20:54:36)
Running from C:\Users\kkkkk\Desktop
Loaded Profiles: ROBERT & kkkkk &  (Available Profiles: ROBERT & kkkkk)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (All) =================
(Microsoft Corporation) C:\Windows\System32\smss.exe
(Microsoft Corporation) C:\Windows\System32\csrss.exe
(Microsoft Corporation) C:\Windows\System32\wininit.exe
(Microsoft Corporation) C:\Windows\System32\services.exe
(TOSHIBA CORPORATION) C:\Windows\System32\dtdpahisvc.exe
(Microsoft Corporation) C:\Windows\System32\lsass.exe
(Microsoft Corporation) C:\Windows\System32\lsm.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\spoolsv.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\SearchIndexer.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WmiPrvSE.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\csrss.exe
(Microsoft Corporation) C:\Windows\System32\winlogon.exe
(Microsoft Corporation) C:\Windows\System32\taskhost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\dwm.exe
(Microsoft Corporation) C:\Windows\explorer.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\taskeng.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Malwarebytes) C:\Users\ROBERT\Desktop\mbar\mbar.exe
(Farbar) C:\Users\ROBERT\Desktop\FSS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\System32\csrss.exe
(Microsoft Corporation) C:\Windows\System32\winlogon.exe
(Microsoft Corporation) C:\Windows\System32\taskhost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\dwm.exe
(Microsoft Corporation) C:\Windows\explorer.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\kkkkk\Desktop\FSS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\notepad.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Farbar) C:\Users\kkkkk\Desktop\FRST64.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6602856 2011-01-11] (Realtek Semiconductor)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [168504 2011-06-28] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [145208 2017-04-14] (Check Point Software Technologies Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [115688 2018-01-08] (VMware, Inc.)
HKLM-x32\...\Run: [chrome] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1589592 2018-03-20] (Google Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-381086932-2205462556-3811321908-1000\...\Run: [WorkForce 310(Network)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFHA.EXE [223232 2008-11-17] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-381086932-2205462556-3811321908-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-381086932-2205462556-3811321908-1000\...\MountPoints2: G - G:\autorun.exe
HKU\S-1-5-21-381086932-2205462556-3811321908-1000\...\MountPoints2: {25efc531-bf6a-11e3-95b7-806e6f6e6963} - G:\VZW_Software_upgrade_assistant_installer.exe
HKU\S-1-5-21-381086932-2205462556-3811321908-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WorkForce 310(Network)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFHA.EXE [223232 2008-11-17] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-381086932-2205462556-3811321908-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-381086932-2205462556-3811321908-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: G - G:\autorun.exe
HKU\S-1-5-21-381086932-2205462556-3811321908-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {25efc531-bf6a-11e3-95b7-806e6f6e6963} - G:\VZW_Software_upgrade_assistant_installer.exe
HKU\S-1-5-21-381086932-2205462556-3811321908-1006\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-381086932-2205462556-3811321908-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
 
==================== Internet (All) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)
Winsock: Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)
Winsock: Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)
Winsock: Catalog9-x64 01 C:\Windows\system32\mswsock.dll [327168 2013-09-07] (Microsoft Corporation)
Winsock: Catalog9-x64 02 C:\Windows\system32\mswsock.dll [327168 2013-09-07] (Microsoft Corporation)
Winsock: Catalog9-x64 03 C:\Windows\system32\mswsock.dll [327168 2013-09-07] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.244.2
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{44AB7E64-36AD-4CD2-B8D5-712AF6F27311}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{5AD81E4E-F903-49DD-967E-2FFEAD1C8DAC}: [DhcpNameServer] 65.32.1.65 65.32.1.70
Tcpip\..\Interfaces\{608DBC9A-2DBB-4982-A66F-A5C75B3648C9}: [DhcpNameServer] 192.168.244.2
Tcpip\..\Interfaces\{BA5186F1-DC87-424E-964E-824E86C3E602}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{DB22967D-0298-4217-B82E-C0352C4A0F7E}: [DhcpNameServer] 192.168.92.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
HKU\S-1-5-21-381086932-2205462556-3811321908-1000\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
HKU\S-1-5-21-381086932-2205462556-3811321908-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
HKU\S-1-5-21-381086932-2205462556-3811321908-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/CQNOT/1
HKU\S-1-5-21-381086932-2205462556-3811321908-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-21-381086932-2205462556-3811321908-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
HKU\S-1-5-21-381086932-2205462556-3811321908-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
HKU\S-1-5-21-381086932-2205462556-3811321908-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/CQNOT/1
HKU\S-1-5-21-381086932-2205462556-3811321908-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-21-381086932-2205462556-3811321908-1006\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
HKU\S-1-5-21-381086932-2205462556-3811321908-1006\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-21-381086932-2205462556-3811321908-1006\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKU\S-1-5-21-381086932-2205462556-3811321908-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
HKU\S-1-5-21-381086932-2205462556-3811321908-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-21-381086932-2205462556-3811321908-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
URLSearchHook: HKU\S-1-5-21-381086932-2205462556-3811321908-1000 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
URLSearchHook: HKU\S-1-5-21-381086932-2205462556-3811321908-1000 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
URLSearchHook: HKU\S-1-5-21-381086932-2205462556-3811321908-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
URLSearchHook: HKU\S-1-5-21-381086932-2205462556-3811321908-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
URLSearchHook: HKU\S-1-5-21-381086932-2205462556-3811321908-1006 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
URLSearchHook: HKU\S-1-5-21-381086932-2205462556-3811321908-1006 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
URLSearchHook: HKU\S-1-5-21-381086932-2205462556-3811321908-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
URLSearchHook: HKU\S-1-5-21-381086932-2205462556-3811321908-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM -> {F96FF742-51B6-4B8A-9BE7-04D4A90706C5} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> {F96FF742-51B6-4B8A-9BE7-04D4A90706C5} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-381086932-2205462556-3811321908-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-381086932-2205462556-3811321908-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-381086932-2205462556-3811321908-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = 
SearchScopes: HKU\S-1-5-21-381086932-2205462556-3811321908-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = 
SearchScopes: HKU\S-1-5-21-381086932-2205462556-3811321908-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
SearchScopes: HKU\S-1-5-21-381086932-2205462556-3811321908-1000 -> {F96FF742-51B6-4B8A-9BE7-04D4A90706C5} URL = 
SearchScopes: HKU\S-1-5-21-381086932-2205462556-3811321908-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-381086932-2205462556-3811321908-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-381086932-2205462556-3811321908-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = 
SearchScopes: HKU\S-1-5-21-381086932-2205462556-3811321908-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = 
SearchScopes: HKU\S-1-5-21-381086932-2205462556-3811321908-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
SearchScopes: HKU\S-1-5-21-381086932-2205462556-3811321908-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {F96FF742-51B6-4B8A-9BE7-04D4A90706C5} URL = 
SearchScopes: HKU\S-1-5-21-381086932-2205462556-3811321908-1006 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
SearchScopes: HKU\S-1-5-21-381086932-2205462556-3811321908-1006 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
SearchScopes: HKU\S-1-5-21-381086932-2205462556-3811321908-1006 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = 
SearchScopes: HKU\S-1-5-21-381086932-2205462556-3811321908-1006 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
SearchScopes: HKU\S-1-5-21-381086932-2205462556-3811321908-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
SearchScopes: HKU\S-1-5-21-381086932-2205462556-3811321908-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
SearchScopes: HKU\S-1-5-21-381086932-2205462556-3811321908-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = 
SearchScopes: HKU\S-1-5-21-381086932-2205462556-3811321908-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-12-12] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2017-12-12] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-12-12] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-16] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2017-11-10] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-02-02] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2017-12-12] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-12-12] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-02-02] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-381086932-2205462556-3811321908-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-381086932-2205462556-3811321908-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll [2016-04-23] (Microsoft Corporation)
Handler-x32: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2016-04-23] (Microsoft Corporation)
Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\system32\urlmon.dll [2016-04-22] (Microsoft Corporation)
Handler-x32: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll [2016-04-22] (Microsoft Corporation)
Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\msvidctl.dll [2010-11-20] (Microsoft Corporation)
Handler-x32: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\msvidctl.dll [2010-11-20] (Microsoft Corporation)
Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll [2016-04-22] (Microsoft Corporation)
Handler-x32: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll [2016-04-22] (Microsoft Corporation)
Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll [2016-04-22] (Microsoft Corporation)
Handler-x32: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll [2016-04-22] (Microsoft Corporation)
Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll [2016-04-22] (Microsoft Corporation)
Handler-x32: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll [2016-04-22] (Microsoft Corporation)
Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll [2016-04-22] (Microsoft Corporation)
Handler-x32: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll [2016-04-22] (Microsoft Corporation)
Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll [2009-07-13] (Microsoft Corporation)
Handler-x32: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll [2009-07-13] (Microsoft Corporation)
Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll [2016-04-23] (Microsoft Corporation)
Handler-x32: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2016-04-23] (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll [2010-11-10] (Microsoft Corporation)
Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll [2016-04-22] (Microsoft Corporation)
Handler-x32: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll [2016-04-22] (Microsoft Corporation)
Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll [2016-04-23] (Microsoft Corporation)
Handler-x32: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2016-04-23] (Microsoft Corporation)
Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\system32\inetcomm.dll [2011-05-03] (Microsoft Corporation)
Handler-x32: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll [2011-05-03] (Microsoft Corporation)
Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll [2016-04-22] (Microsoft Corporation)
Handler-x32: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll [2016-04-22] (Microsoft Corporation)
Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll [2009-07-13] (Microsoft Corporation)
Handler-x32: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll [2009-07-13] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll [2010-11-10] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-11-10] (Microsoft Corporation)
Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll [2016-04-23] (Microsoft Corporation)
Handler-x32: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2016-04-23] (Microsoft Corporation)
Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\msvidctl.dll [2010-11-20] (Microsoft Corporation)
Handler-x32: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\msvidctl.dll [2010-11-20] (Microsoft Corporation)
Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll [2016-04-23] (Microsoft Corporation)
Handler-x32: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2016-04-23] (Microsoft Corporation)
Handler-x32: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll [2010-11-10] (Microsoft Corporation)
Handler-x32: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll [2010-11-10] (Microsoft Corporation)
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-02-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-02-02] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-11-10] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-02-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
 
Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [fagakgcelolinfnkfgekcnedpaklfcok] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
CHR crx: C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\default_apps\docs.crx [2018-03-20]
CHR crx: C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\default_apps\drive.crx [2018-03-20]
CHR crx: C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\default_apps\gmail.crx [2018-03-20]
CHR crx: C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\default_apps\youtube.crx [2018-03-20]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
HKLM\SYSTEM\CurrentControlSet\Services\sxcrz <==== ATTENTION (Rootkit!)
 
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058392 2017-12-12] (Microsoft Corporation)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-27] (Realsil Microelectronics Inc.) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6440736 2018-03-03] (Malwarebytes)
S2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [14347240 2018-01-08] ()
S2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [4107680 2017-04-14] (Check Point Software Technologies Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [114936 2016-11-01] (Check Point Software Technologies, Ltd.)
S2 ZoneAlarm ICM Service; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe [1058616 2017-04-14] (Check Point Software Technologies Ltd.)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 02219765; C:\Windows\System32\drivers\29724983.sys [85600 2018-03-28] (Kaspersky Lab ZAO)
S4 13674343; C:\Windows\System32\drivers\69541864.sys [85600 2018-03-28] (Kaspersky Lab ZAO)
S4 37079047; C:\Windows\System32\drivers\07224819.sys [85600 2018-03-28] (Kaspersky Lab ZAO)
S4 79815445; C:\Windows\System32\drivers\25380824.sys [85600 2018-03-28] (Kaspersky Lab ZAO)
S4 95217945; C:\Windows\System32\drivers\76212176.sys [85600 2018-03-28] (Kaspersky Lab ZAO)
R1 KLHK; C:\Windows\System32\DRIVERS\klhk.sys [350944 2018-01-11] (AO Kaspersky Lab)
U5 KLIF; C:\Windows\System32\Drivers\KLIF.sys [1071808 2018-03-27] (AO Kaspersky Lab)
R3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2018-03-29] (Malwarebytes)
R1 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-03-29] (Malwarebytes)
S4 rjaty; C:\Windows\System32\drivers\imofugc.sys [79064 2018-03-28] (Malwarebytes Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1866080 2012-11-28] ()
R1 vmkbd3; C:\Windows\System32\DRIVERS\vmkbd.sys [52288 2018-01-08] (VMware, Inc.)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [461240 2017-04-13] (Check Point Software Technologies Ltd.)
R0 vsock; C:\Windows\System32\DRIVERS\vsock.sys [93248 2017-09-05] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [38376 2017-05-05] (VMware, Inc.)
S3 dgknqt; system32\drivers\jnqtwa.sys [X]
S3 eeehhh; system32\drivers\xxaaae.sys [X]
R3 ilorvy; system32\drivers\orvybe.sys [X]
S3 ilosvy; system32\drivers\osvybf.sys [X]
U3 iswSvc; no ImagePath
S3 panda_url_filteringd; \??\C:\Program Files\Panda Security URL Filtering\panda_url_filteringd.sys [X]
S3 pswzcg; system32\drivers\wzcfjm.sys [X]
S4 rwphdls; System32\drivers\sidzgcpl.sys [X]
S3 vycfim; system32\drivers\cfilps.sys [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
R1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-03-29 20:48 - 2018-03-29 20:49 - 000030892 _____ C:\Users\kkkkk\Desktop\Addition.txt
2018-03-29 20:46 - 2018-03-29 20:55 - 000037756 _____ C:\Users\kkkkk\Desktop\FRST.txt
2018-03-29 20:46 - 2018-03-29 20:54 - 000000000 ____D C:\FRST
2018-03-29 20:45 - 2018-03-29 20:43 - 002403328 _____ (Farbar) C:\Users\kkkkk\Desktop\FRST64.exe
2018-03-29 20:36 - 2018-03-29 20:37 - 000003422 _____ C:\Users\ROBERT\Desktop\FSS.txt
2018-03-29 20:27 - 2018-03-29 20:27 - 000109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2018-03-29 20:25 - 2018-03-29 11:58 - 000899584 _____ (Farbar) C:\Users\ROBERT\Desktop\FSS.exe
2018-03-29 20:22 - 2018-03-29 20:22 - 000000000 ____D C:\Users\ROBERT\AppData\Local\Zemana
2018-03-29 20:21 - 2018-03-29 11:58 - 000899584 _____ (Farbar) C:\Users\kkkkk\Desktop\FSS.exe
2018-03-29 20:20 - 2018-03-29 20:20 - 000000000 ____D C:\ProgramData\HitmanPro
2018-03-29 20:18 - 2018-03-29 20:54 - 000041337 _____ C:\Windows\ZAM_Guard.krnl.trace
2018-03-29 20:18 - 2018-03-29 20:23 - 000015782 _____ C:\Windows\ZAM.krnl.trace
2018-03-29 20:18 - 2018-03-29 20:23 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2018-03-29 20:18 - 2018-03-29 20:18 - 000000000 ____D C:\Users\kkkkk\AppData\Local\Zemana
2018-03-29 20:16 - 2018-03-29 20:16 - 000117456 _____ C:\Users\kkkkk\AppData\Local\GDIPFONTCACHEV1.DAT
2018-03-29 20:16 - 2018-03-29 20:16 - 000000000 ____D C:\Users\kkkkk\AppData\Local\sidlbuk
2018-03-29 20:14 - 2018-03-29 20:15 - 000460360 _____ C:\Windows\system32\FNTCACHE.DAT
2018-03-29 20:14 - 2018-03-29 20:14 - 000142672 ____N C:\Windows\system32\Drivers\vdboruxb.sys
2018-03-29 20:12 - 2018-03-29 19:27 - 000000830 _____ C:\Windows\system32\Drivers\etc\hosts.bak
2018-03-29 20:11 - 2018-03-29 20:12 - 000000000 ____D C:\Windows\system32\CatRoot2.Old
2018-03-29 20:07 - 2018-03-29 20:07 - 000002145 _____ C:\Users\kkkkk\AppData\Roaming\Microsoft\Windows\Start Menu\Complete Internet Repair.lnk
2018-03-29 20:07 - 2018-03-29 20:07 - 000000000 ____D C:\Users\kkkkk\AppData\Roaming\Rizonesoft
2018-03-29 20:07 - 2018-03-29 20:07 - 000000000 ____D C:\Program Files\Rizonesoft
2018-03-29 20:07 - 2018-03-29 19:54 - 002063096 _____ (Rizonesoft ) C:\Users\kkkkk\Desktop\ComIntRep_2600_Setup.exe
2018-03-29 19:40 - 2018-03-29 19:45 - 000000000 ____D C:\32788R22FWJFW
2018-03-29 19:40 - 2018-03-29 13:51 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\kkkkk\Desktop\rkill.exe
2018-03-29 19:32 - 2018-03-29 19:32 - 000000000 ____D C:\Users\kkkkk\AppData\Local\wiinxrc
2018-03-29 19:11 - 2018-03-29 14:00 - 000000134 _____ C:\Users\kkkkk\Desktop\hosts-perm.bat
2018-03-29 18:33 - 2018-03-29 20:40 - 000003383 _____ C:\Users\kkkkk\Desktop\FSS.txt
2018-03-29 17:19 - 2018-03-29 17:19 - 000000000 ____D C:\Users\kkkkk\AppData\Local\wiicmot
2018-03-29 15:17 - 2018-03-29 19:42 - 000001914 _____ C:\Users\kkkkk\Desktop\Rkill.txt
2018-03-29 12:41 - 2018-03-29 12:41 - 000000000 ____D C:\Users\kkkkk\AppData\Local\snsrhau
2018-03-29 12:31 - 2018-03-29 12:31 - 000000000 ____D C:\Users\kkkkk\AppData\Local\examzrb
2018-03-29 12:22 - 2018-03-29 19:26 - 000000000 ____D C:\AdwCleaner
2018-03-29 12:22 - 2018-03-29 12:22 - 000000000 ____D C:\Users\kkkkk\AppData\Local\coouwzh
2018-03-29 11:47 - 2018-03-29 11:47 - 000000000 ____D C:\Users\kkkkk\AppData\Local\nihpews
2018-03-29 03:17 - 2018-03-29 03:17 - 000000000 ____D C:\Users\kkkkk\AppData\Local\dtnzlms
2018-03-29 03:02 - 2018-03-29 03:02 - 000003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{36B8F4D2-96E8-4F84-9FD7-4A7E1439F18B}
2018-03-29 02:15 - 2018-03-29 16:24 - 000000332 _____ C:\Windows\Tasks\HPCeeScheduleForkkkkk.job
2018-03-29 02:15 - 2018-03-29 12:44 - 000003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForkkkkk
2018-03-29 02:15 - 2018-03-29 02:15 - 000000000 ____H C:\Users\kkkkk\BIT7742.tmp
2018-03-29 01:38 - 2018-03-29 01:38 - 000000000 ____D C:\Users\kkkkk\AppData\Local\seekmra
2018-03-29 01:37 - 2018-03-29 01:37 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-03-29 01:35 - 2018-03-29 01:35 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-03-29 01:35 - 2018-03-29 01:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-03-29 01:32 - 2018-03-29 01:32 - 000000000 ____D C:\Users\kkkkk\AppData\Local\mshgpxi
2018-03-29 01:20 - 2018-01-18 09:03 - 000076200 _____ C:\Windows\system32\Drivers\mbae64.sys
2018-03-29 01:17 - 2018-03-29 01:17 - 000000000 ____D C:\Users\ROBERT\AppData\Local\usnmrho
2018-03-29 01:14 - 2018-03-29 20:14 - 002888704 _____ (TOSHIBA CORPORATION) C:\Windows\system32\dtdpahisvc.exe
2018-03-29 00:50 - 2018-03-29 00:50 - 000001022 _____ C:\Users\ROBERT\Desktop\Install Kaspersky Free version 18.0.0.405.lnk
2018-03-29 00:34 - 2018-03-29 00:34 - 000000000 ____D C:\Users\kkkkk\AppData\Roaming\Hewlett-Packard
2018-03-29 00:34 - 2018-03-29 00:34 - 000000000 ____D C:\Users\kkkkk\AppData\Local\Hewlett-Packard
2018-03-29 00:27 - 2018-03-29 00:27 - 000000000 ____D C:\Users\kkkkk\AppData\Local\tirkseu
2018-03-29 00:17 - 2018-03-29 00:17 - 000000000 ____D C:\Users\kkkkk\AppData\Roaming\OpenOffice
2018-03-29 00:15 - 2018-03-29 00:15 - 000000000 ____D C:\Users\kkkkk\AppData\Local\vdmkasz
2018-03-29 00:15 - 2018-03-29 00:15 - 000000000 ____D C:\Users\kkkkk\AppData\Local\lsduzpc
2018-03-29 00:14 - 2018-03-29 00:14 - 000002255 _____ C:\Users\kkkkk\Desktop\Google Chrome.lnk
2018-03-29 00:14 - 2018-03-29 00:14 - 000001413 _____ C:\Users\kkkkk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-03-29 00:14 - 2018-03-29 00:14 - 000000000 ____D C:\Users\kkkkk\AppData\Roaming\Intel Corporation
2018-03-29 00:14 - 2018-03-29 00:14 - 000000000 ____D C:\Users\kkkkk\AppData\Roaming\hpqLog
2018-03-29 00:14 - 2018-03-29 00:14 - 000000000 ____D C:\Users\kkkkk\AppData\Roaming\Adobe
2018-03-29 00:14 - 2018-03-29 00:14 - 000000000 ____D C:\Users\kkkkk\AppData\Local\VirtualStore
2018-03-29 00:14 - 2018-03-29 00:14 - 000000000 ____D C:\Users\kkkkk\AppData\Local\Google
2018-03-29 00:13 - 2018-03-29 16:23 - 000000008 __RSH C:\Users\kkkkk\ntuser.pol
2018-03-28 23:50 - 2018-03-29 16:23 - 000000000 ____D C:\Users\kkkkk
2018-03-28 23:50 - 2018-03-28 23:50 - 000000020 ___SH C:\Users\kkkkk\ntuser.ini
2018-03-28 23:50 - 2012-05-08 05:58 - 000000000 ____D C:\Users\kkkkk\AppData\Roaming\Media Center Programs
2018-03-28 23:47 - 2018-03-28 23:47 - 000000000 ____D C:\Users\ROBERT\Desktop\mbam-chameleon-3.1.33.0
2018-03-28 23:47 - 2018-03-28 23:47 - 000000000 ____D C:\Users\ROBERT\AppData\Local\wdnopte
2018-03-28 21:30 - 2018-03-28 21:30 - 000478392 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\27954760.sys
2018-03-28 20:48 - 2018-03-28 20:48 - 000000000 ____D C:\Users\ROBERT\AppData\Local\dwmupga
2018-03-28 20:41 - 2018-03-28 20:41 - 000000000 ____D C:\Users\ROBERT\AppData\Local\vsbdoeh
2018-03-28 20:32 - 2018-03-28 20:32 - 000000000 ____D C:\Users\ROBERT\AppData\Local\pwexibl
2018-03-28 20:27 - 2018-03-28 19:28 - 002645240 _____ (Panda Security S.L.) C:\Users\ROBERT\Desktop\PandaCloudCleanerUSB.exe
2018-03-28 20:23 - 2018-03-28 20:23 - 000000000 ____D C:\Users\ROBERT\AppData\Local\widvzut
2018-03-28 19:55 - 2018-03-28 19:55 - 000000000 ____H C:\Users\ROBERT\BITEAEB.tmp
2018-03-28 19:45 - 2018-03-28 19:45 - 000000000 ____D C:\Users\ROBERT\AppData\Local\dtrwesa
2018-03-28 19:40 - 2018-03-28 19:40 - 000085600 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\07224819.sys
2018-03-28 17:29 - 2018-03-28 17:29 - 000192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\43C27DEF.sys
2018-03-28 17:28 - 2018-03-28 17:28 - 000109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\56247D97.sys
2018-03-28 17:22 - 2018-03-28 17:22 - 000000000 ____D C:\Users\ROBERT\AppData\Local\vdibonu
2018-03-28 17:18 - 2018-03-28 17:18 - 000085600 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\76212176.sys
2018-03-28 14:31 - 2018-03-28 14:31 - 000079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\imofugc.sys
2018-03-28 14:31 - 2018-03-28 14:31 - 000000586 _____ C:\Windows\SysWOW64\qurcl
2018-03-28 13:42 - 2018-03-29 01:13 - 000000000 ____D C:\Users\ROBERT\Desktop\mbar
2018-03-28 13:38 - 2018-03-28 13:38 - 000000000 ____D C:\Users\ROBERT\AppData\Local\cgovhew
2018-03-28 13:34 - 2018-03-28 13:34 - 000085600 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\29724983.sys
2018-03-28 11:24 - 2018-03-28 11:24 - 000000000 ____D C:\Users\ROBERT\AppData\Local\scrnhdp
2018-03-28 11:20 - 2018-03-28 11:20 - 000085600 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\69541864.sys
2018-03-28 02:53 - 2018-03-28 02:55 - 000019918 _____ C:\TDSSKiller.3.1.0.15_28.03.2018_02.53.41_log.txt
2018-03-28 00:30 - 2018-03-28 00:30 - 000000000 ____D C:\Users\ROBERT\AppData\Local\dtsukln
2018-03-28 00:26 - 2018-03-28 00:26 - 000085600 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\25380824.sys
2018-03-27 22:54 - 2018-03-27 22:54 - 000000000 ____D C:\Users\ROBERT\AppData\Local\ElevatedDiagnostics
2018-03-27 22:23 - 2018-03-27 22:28 - 000031206 _____ C:\TDSSKiller.3.1.0.15_27.03.2018_22.23.35_log.txt
2018-03-27 22:17 - 2018-03-27 22:17 - 000000000 ____D C:\Users\ROBERT\AppData\Local\lsachbk
2018-03-27 19:49 - 2018-03-27 19:49 - 000000000 _____ C:\Windows\system32\Drivers\OLD1BE2.tmp
2018-03-27 19:49 - 2018-03-27 19:49 - 000000000 _____ C:\Windows\system32\Drivers\OLD1BD2.tmp
2018-03-27 19:48 - 2018-03-27 19:48 - 001071808 ____N (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2018-03-27 19:48 - 2018-03-27 19:48 - 000206040 ____N (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2018-03-27 19:37 - 2018-03-27 19:37 - 002475568 _____ (Kaspersky Lab) C:\Users\ROBERT\Documents\kts18.0.0.405aben_es_fr_13118.exe
2018-03-27 19:29 - 2018-03-27 19:29 - 142528296 _____ (Kaspersky Lab ZAO) C:\Users\ROBERT\Documents\KVRT.exe
2018-03-27 19:15 - 2018-03-27 20:18 - 000000000 ____D C:\Users\ROBERT\AppData\Local\lmmvpoa
2018-03-27 19:15 - 2018-03-27 19:16 - 000000000 ____D C:\Users\ROBERT\AppData\Local\wmcagent
2018-03-27 19:13 - 2018-03-29 01:29 - 000002187 _____ C:\Users\ROBERT\Desktop\Google Chrome.lnk
2018-03-27 19:12 - 2018-03-28 23:47 - 000000000 ____D C:\Users\ROBERT\AppData\Local\sbogrnc
2018-03-27 19:12 - 2018-03-27 19:12 - 000000000 ____D C:\Users\ROBERT\AppData\Local\pcarmgs
2018-03-27 19:11 - 2018-03-29 00:25 - 002888704 _____ C:\Users\ROBERT\Desktop\dtdpahisvc.exe
2018-03-27 19:10 - 2018-03-29 00:26 - 000000034 _____ C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
2018-03-27 19:10 - 2018-03-27 19:10 - 000000000 ____D C:\Windows\SysWOW64\usspxvr
2018-03-27 19:10 - 2018-03-27 19:10 - 000000000 ____D C:\Windows\system32\usspxvr
2018-03-27 19:10 - 2018-03-27 19:10 - 000000000 ____D C:\Users\ROBERT\AppData\Roaming\et
2018-03-27 19:09 - 2018-03-27 22:19 - 000000000 ____D C:\Users\ROBERT\AppData\Roaming\AGData
2018-03-27 19:09 - 2018-03-27 19:09 - 000000003 _____ C:\Users\ROBERT\AppData\Local\wbem.ini
2018-03-27 18:36 - 2018-03-27 18:36 - 000000000 ____D C:\Users\ROBERT\Documents\Virtual Machines
2018-03-27 18:29 - 2018-03-27 19:10 - 000000000 ____D C:\Users\ROBERT\AppData\Roaming\VMware
2018-03-27 18:29 - 2018-03-27 19:10 - 000000000 ____D C:\Users\ROBERT\AppData\Local\VMware
2018-03-27 18:06 - 2018-03-27 18:27 - 1877738716 _____ C:\Users\ROBERT\Documents\SO - Export.zip
2018-03-27 17:29 - 2017-09-05 04:54 - 000093248 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vsock.sys
2018-03-27 17:29 - 2017-09-05 04:54 - 000069104 _____ (VMware, Inc.) C:\Windows\system32\vsocklib.dll
2018-03-27 17:29 - 2017-09-05 04:54 - 000065008 _____ (VMware, Inc.) C:\Windows\SysWOW64\vsocklib.dll
2018-03-27 17:28 - 2018-01-08 02:02 - 000096176 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmx86.sys
2018-03-27 17:28 - 2018-01-08 02:02 - 000052288 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmkbd.sys
2018-03-27 17:27 - 2018-01-08 02:15 - 001134056 _____ (VMware, Inc.) C:\Windows\system32\vnetlib64.dll
2018-03-27 17:27 - 2018-01-08 02:14 - 000402408 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
2018-03-27 17:27 - 2018-01-08 02:14 - 000367080 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
2018-03-27 17:27 - 2018-01-08 02:14 - 000134104 _____ (VMware, Inc.) C:\Windows\system32\vnetinst.dll
2018-03-27 17:27 - 2018-01-08 02:14 - 000046040 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnet.sys
2018-03-27 17:27 - 2018-01-08 02:14 - 000043992 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetuserif.sys
2018-03-27 17:27 - 2017-11-07 12:11 - 000082896 _____ (VMware, Inc.) C:\Windows\system32\Drivers\hcmon.sys
2018-03-27 17:26 - 2018-03-27 17:26 - 000001203 _____ C:\Users\Public\Desktop\VMware Workstation Pro.lnk
2018-03-27 17:26 - 2018-03-27 17:26 - 000001024 _____ C:\Windows\SysWOW64\%TMP%
2018-03-27 17:26 - 2018-03-27 17:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2018-03-27 17:25 - 2018-03-29 20:15 - 000000000 ____D C:\ProgramData\VMware
2018-03-27 17:25 - 2018-03-27 17:25 - 000000000 ____D C:\Users\Public\Documents\Shared Virtual Machines
2018-03-27 17:25 - 2018-03-27 17:25 - 000000000 ____D C:\Program Files\Common Files\VMware
2018-03-27 17:25 - 2018-03-27 17:25 - 000000000 ____D C:\Program Files (x86)\VMware
2018-03-27 17:08 - 2018-03-27 17:10 - 000000000 ____D C:\ProgramData\Package Cache
2018-03-27 05:17 - 2018-03-27 05:17 - 000047247 _____ C:\Windows\uninstaller.dat
2018-03-25 21:06 - 2018-03-28 02:46 - 000000000 ____D C:\Users\ROBERT\Documents\Incidents and Response
2018-03-05 20:42 - 2018-03-05 20:42 - 000000000 ____D C:\Users\ROBERT\AppData\Local\TempTaskUpdateDetectionB12FDAEE-94AC-49AF-AD82-19DC5A636792
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-03-29 20:55 - 2017-10-23 15:31 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-03-29 20:49 - 2009-07-13 22:34 - 015990784 _____ C:\Windows\system32\config\HARDWARE
2018-03-29 20:45 - 2009-07-14 00:45 - 000032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-03-29 20:45 - 2009-07-14 00:45 - 000032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-03-29 20:22 - 2017-10-10 22:42 - 000000008 __RSH C:\Users\ROBERT\ntuser.pol
2018-03-29 20:22 - 2012-08-12 17:04 - 000000000 ____D C:\Users\ROBERT
2018-03-29 20:15 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-03-29 20:12 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
2018-03-29 19:34 - 2011-07-12 23:33 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2018-03-29 19:34 - 2009-07-14 01:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2018-03-29 19:33 - 2015-02-04 23:28 - 000002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2018-03-29 19:08 - 2009-07-14 01:13 - 000786742 _____ C:\Windows\system32\PerfStringBackup.INI
2018-03-29 16:23 - 2017-10-10 22:40 - 000000008 __RSH C:\ProgramData\ntuser.pol
2018-03-29 01:34 - 2018-01-07 20:15 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-03-29 01:29 - 2018-01-08 20:01 - 000002234 _____ C:\Users\ROBERT\Desktop\Cisco Packet Tracer Player for NetSpace.lnk
2018-03-29 01:29 - 2017-10-10 22:09 - 000000000 ___HD C:\Program Files (x86)\unscathed
2018-03-29 01:19 - 2017-10-10 23:30 - 000000000 ____D C:\Program Files\Malwarebytes
2018-03-29 00:50 - 2018-01-11 19:47 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2018-03-29 00:13 - 2009-07-14 01:08 - 000032558 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-03-28 23:37 - 2018-01-11 20:18 - 000000000 ____D C:\KVRT_Data
2018-03-28 20:21 - 2017-10-27 18:20 - 000000336 _____ C:\Windows\Tasks\HPCeeScheduleForROBERT.job
2018-03-28 19:55 - 2017-10-27 18:20 - 000003192 _____ C:\Windows\System32\Tasks\HPCeeScheduleForROBERT
2018-03-28 13:41 - 2014-04-08 21:38 - 000000000 ____D C:\Users\ROBERT\AppData\Local\CrashDumps
2018-03-28 02:57 - 2011-07-12 23:30 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2018-03-28 00:24 - 2014-04-08 20:36 - 000000000 ____D C:\Users\ROBERT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2018-03-28 00:24 - 2014-04-08 20:36 - 000000000 ____D C:\Users\ROBERT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2018-03-27 22:10 - 2016-01-29 21:02 - 000000000 ____D C:\Users\ROBERT\AppData\Roaming\uTorrent
2018-03-27 22:03 - 2012-08-12 17:18 - 000003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{1F954BC5-79BF-4FA4-83CD-9A2539091F57}
2018-03-27 19:47 - 2012-08-20 18:04 - 000000000 ____D C:\Users\ROBERT\AppData\Roaming\Macromedia
2018-03-27 19:10 - 2012-05-08 05:32 - 000000000 ____D C:\ProgramData\Intel
2018-03-27 19:09 - 2017-10-15 15:29 - 000000000 ____D C:\Users\ROBERT\Desktop\Tor Browser
2018-03-27 19:07 - 2016-02-09 21:51 - 000000000 ____D C:\Users\ROBERT\AppData\LocalLow\uTorrent
2018-03-27 17:26 - 2014-04-09 11:31 - 000800096 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-03-27 17:17 - 2017-10-22 23:46 - 000000000 ____D C:\Users\ROBERT\Documents\New folder
2018-03-25 21:31 - 2013-08-30 21:08 - 000002224 ____H C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-19 18:27 - 2018-02-20 05:04 - 000000000 ____D C:\Users\ROBERT\Documents\CCNET
2018-02-28 21:44 - 2018-01-08 20:49 - 000000000 ____D C:\Users\ROBERT\Cisco Packet Tracer 7.0
2018-02-28 18:45 - 2018-01-08 20:49 - 000000170 _____ C:\Users\ROBERT\.packettracer
 
==================== Files in the root of some directories =======
 
2017-10-21 15:56 - 2017-10-21 15:56 - 016563352 _____ (Malwarebytes Corp.) C:\Users\ROBERT\mbar-1.09.3.1001.exe
 
Some files in TEMP:
====================
2018-03-27 19:09 - 2018-03-27 19:09 - 001535432 _____ (BANANA SUMMER LIMITED) C:\Users\ROBERT\AppData\Local\Temp\1522192165U1Qtmp.exe
2018-03-27 19:09 - 2018-03-27 19:09 - 002134016 _____ () C:\Users\ROBERT\AppData\Local\Temp\installer_mi.exe
2018-03-25 20:54 - 2018-03-25 20:54 - 000000000 _____ () C:\Users\ROBERT\AppData\Local\Temp\kuelvhtk.dll
2018-03-27 19:09 - 2018-03-27 19:09 - 001288909 _____ (CompanySmartApp                                             ) C:\Users\ROBERT\AppData\Local\Temp\PQwick.exe
2018-03-27 22:19 - 2018-03-27 19:09 - 000099888 _____ () C:\Users\ROBERT\AppData\Local\Temp\Uninstall.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
C:\Windows\system32\drivers\vdboruxb.sys -> Access Denied <======= ATTENTION
 
 
nointegritychecks: ==> "IntegrityChecks" is disabled. <==== ATTENTION
 
LastRegBack: 2018-03-29 07:30
 
==================== End of FRST.txt ============================
 
Addition from FRST
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by kkkkk (29-03-2018 20:55:33)
Running from C:\Users\kkkkk\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-08-12 21:04:04)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-381086932-2205462556-3811321908-500 - Administrator - Disabled)
Guest (S-1-5-21-381086932-2205462556-3811321908-501 - Limited - Disabled)
kkkkk (S-1-5-21-381086932-2205462556-3811321908-1006 - Administrator - Enabled) => C:\Users\kkkkk
ROBERT (S-1-5-21-381086932-2205462556-3811321908-1000 - Limited - Enabled) => C:\Users\ROBERT
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-381086932-2205462556-3811321908-1000\...\uTorrent) (Version: 3.4.5.41712 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-381086932-2205462556-3811321908-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\uTorrent) (Version: 3.4.5.41712 - BitTorrent Inc.)
Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
Cake Mania (HKLM-x32\...\WTA-657aa79f-4740-4ffd-9d42-7443fee74ca9) (Version: 2.2.0.95 - WildTangent) Hidden
calibre (HKLM-x32\...\{60C18701-A823-4165-8E58-C083673F90DC}) (Version: 1.14.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco Packet Tracer 7.0 64Bit (HKLM\...\Cisco Packet Tracer 7.0 64Bit_is1) (Version:  - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Compaq Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13476.3753 - Hewlett-Packard Company)
Complete Internet Repair 2600 (HKLM\...\Complete Internet Repair_is1) (Version: 2600 - Rizonesoft)
Cradle of Rome 2 (HKLM-x32\...\WTA-227c80a2-21c7-4185-a0b0-a747053828d1) (Version: 2.2.0.95 - WildTangent) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.4119 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
EarthLink Common Authentication (HKLM-x32\...\{C057F6D0-0E4C-4B18-B645-9D0804FCFAFD}) (Version: 1.0.87.0 - ) Hidden
EPSON WorkForce 310 Series Printer Uninstall (HKLM\...\EPSON WorkForce 310 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
EpsonNet Setup (HKLM-x32\...\{FFFAE01B-466F-4C07-9821-A94FD753BDDA}) (Version: 3.1c - SEIKO EPSON CORPORATION)
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
Farm Frenzy (HKLM-x32\...\WTA-07dd4a15-af59-4f9b-87b4-19ce85e0b66c) (Version: 2.2.0.95 - WildTangent) Hidden
FATE (HKLM-x32\...\WTA-bee71dbf-9875-4bd0-9f51-2863426d06d3) (Version: 2.2.0.97 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (HKLM-x32\...\WTA-28c40a23-2cb0-4857-93ac-3ae881416080) (Version: 2.2.0.95 - WildTangent) Hidden
HP Documentation (HKLM-x32\...\{68A55875-B6DD-41E8-8CF6-F193D9C47051}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Launch Box (HKLM\...\{9CAB2212-0732-4827-8EC4-61D8EF0AA65B}) (Version: 1.0.11 - Hewlett-Packard Company)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{7E799992-5DA0-4A1A-9443-B1836B063FEC}) (Version: 1.4.8 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{8B52057C-15DB-433E-957C-E279BC7D07E3}) (Version: 3.1.0.9742 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{5036764A-435D-40C9-869C-31085A3D741D}) (Version: 8.7.4751.3798 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{28FE073B-1230-4BF6-830C-7434FD0C0069}) (Version: 4.1.13.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Jewel Quest: The Sleepless Star - Collector's Edition (HKLM-x32\...\WTA-fe6c4247-8a9d-46b0-a840-2b2f416b3657) (Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Mah Jong Medley (HKLM-x32\...\WTA-887c9daf-c718-423e-9d37-2bf81aae537f) (Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes version 3.4.4.2398 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.4.2398 - Malwarebytes)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4997.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Namco All-Stars: PAC-MAN (HKLM-x32\...\WTA-40436781-0771-43e9-90f1-f0b21871e7c7) (Version: 2.2.0.95 - WildTangent) Hidden
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.1 - Notepad++ Team)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4997.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4997.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4997.1000 - Microsoft Corporation) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Panda Safe Web (HKLM-x32\...\pandasecuritytb) (Version: 4.3.1.25 - Panda Security and Visicom Media Inc.)
Penguins! (HKLM-x32\...\WTA-9c483297-2c0b-4e52-8714-3b478983a0f6) (Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-89c8791f-2f2c-4afe-aa76-918bcf703b33) (Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.42.304.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6287 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.77 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.11.0706 - REALTEK Semiconductor Corp.)
Recovery Manager (HKLM-x32\...\{DBCD5E64-7379-4648-9444-8A6558DCB614}) (Version: 2.0.0 - Hewlett-Packard) Hidden
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.9.0 - SAMSUNG Electronics Co., Ltd.)
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{B7C5C35E-E750-4D09-BD2E-381D10124CBB}) (Version: 2.14.0305 - Samsung Electronics Co., Ltd.)
VMware Workstation (HKLM\...\{ADC3121A-3EBA-4016-AF64-00B8FE017080}) (Version: 14.1.1 - VMware, Inc.)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
ZoneAlarm Firewall (HKLM-x32\...\{3B214EF2-9413-4300-96DB-165ECA1ED736}) (Version: 15.1.504.17269 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 15.1.504.17269 - Check Point)
ZoneAlarm Security (HKLM-x32\...\{A51FEF33-C7A2-492E-840B-35A85D1F007E}) (Version: 15.1.504.17269 - Check Point Software Technologies Ltd.) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2017-08-28] ()
ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Workstation\vmdkShellExt.dll [2018-01-08] (VMware, Inc.)
ContextMenuHandlers2-x32: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Workstation\x64\vmdkShellExt64.dll [2018-01-08] (VMware, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2014-01-29] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {093961AA-AF73-4ED2-829F-F26125C5FFEA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-12] (Google Inc.)
Task: {0A64D1FA-ABF5-453F-B2EB-850ADCBC5274} - System32\Tasks\{3610322F-D43E-4670-90EC-73EABE40FED0} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/7.1.0.105/en/go/help.faq.installer?source=lightinstaller&LastError=1618
Task: {0C0D1214-8E9C-4001-B3D9-007A9B9A20CD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: {1B535E5D-A66B-4A7B-8E0D-4D0B76E71ABF} - System32\Tasks\{16F3C71E-2876-46E1-A7B9-0EB7E42FE860} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/7.1.0.105/en/go/help.faq.installer?source=lightinstaller&LastError=1618
Task: {3214708B-9F90-4CD5-91D9-FA52979F00C5} - System32\Tasks\{568DC344-C2C4-4684-BA2E-E9E42FC0DDFE} => C:\Windows\system32\pcalua.exe -a G:\VZW_Software_upgrade_assistant_installer.exe -d G:\
Task: {3B4F5FBF-7A3C-46ED-96AE-75AB93071B5D} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {3B4F5FBF-7A3C-46ED-96AE-75AB93071B5D} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {3B4F5FBF-7A3C-46ED-96AE-75AB93071B5D} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\Windows\system32\GWX\GWXDetector.exe [2016-04-24] (Microsoft Corporation)
Task: {40190773-8AD2-4859-9237-1DE5805ADBCD} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {40190773-8AD2-4859-9237-1DE5805ADBCD} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2016-04-24] (Microsoft Corporation)
Task: {42052E7F-9084-41BD-88C6-11619911B63A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {49CC2872-9397-4254-8DEF-B244D08559AE} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2017-12-12] (Microsoft Corporation)
Task: {63A5D917-F67C-47DD-A218-D2F03F9C1A95} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {63A5D917-F67C-47DD-A218-D2F03F9C1A95} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2016-04-24] (Microsoft Corporation)
Task: {6A133D20-9F0D-4145-A535-77B093C0FBA7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {6DB67BEA-5285-4056-A210-F22CC934B56A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-12-12] (Microsoft Corporation)
Task: {7260C4DC-5EBB-4729-B8FB-1946E8F96771} - System32\Tasks\{7D552AC0-A82B-46FF-9AD4-9C95763B60C6} => C:\Windows\system32\pcalua.exe -a G:\VZW_Software_upgrade_assistant_installer.exe -d G:\
Task: {729171AB-EF43-4928-A676-FB380DC29DC7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2017-11-10] (Microsoft Corporation)
Task: {743CD25F-DC44-4B2B-990B-954BF97D9C2F} - System32\Tasks\HPCeeScheduleForROBERT => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {92735096-7A16-4DD7-9616-41B198495B60} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(1): %windir%\system32\GWX\GWXUXWorker.exe -> /ScheduleUpgradeReminderTime
Task: {92735096-7A16-4DD7-9616-41B198495B60} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2016-04-24] (Microsoft Corporation)
Task: {997663D2-DF15-4BCD-AF44-BF19AA586E91} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-12] (Google Inc.)
Task: {B709E786-7584-4420-8B43-3ED63EDDB0E1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {BCABB4FA-F697-484B-A8F1-67E4818A1267} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-06-15] (CyberLink)
Task: {C4A8CD61-718B-4F45-9B45-306FD3919948} - System32\Tasks\HPCeeScheduleForkkkkk => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {C8FC13D3-FE68-4626-B4A4-7E5F3B9A5F24} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-12-12] (Microsoft Corporation)
Task: {D25C0949-7B3A-4CC8-A570-7A60AECBFEDE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2017-11-10] (Microsoft Corporation)
Task: {E66F1151-EF02-4B9E-83D1-2E0A158C3D83} - System32\Tasks\{8D4CEB9F-DF79-477D-95DC-FD959C1637DB} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\WildGames\Uninstall.exe"
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\HPCeeScheduleForkkkkk.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForROBERT.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-02-01 19:20 - 2017-01-17 04:25 - 000117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2018-03-29 01:20 - 2018-02-05 15:44 - 002299168 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2015-10-30 04:47 - 2017-11-10 22:28 - 008909512 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2017-08-28 20:43 - 2017-08-28 20:43 - 000230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2018-03-25 21:31 - 2018-03-20 02:00 - 002683224 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\swiftshader\libglesv2.dll
2018-03-25 21:31 - 2018-03-20 02:00 - 000127832 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\swiftshader\libegl.dll
2018-01-09 01:07 - 2018-01-09 01:07 - 000169984 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\3884a8a63e3e744d3668fa93e80b056f\IsdiInterop.ni.dll
2012-05-08 05:06 - 2010-09-13 21:28 - 000058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2018-01-08 02:05 - 2018-01-08 02:05 - 000087016 _____ () C:\Program Files (x86)\VMware\VMware Workstation\zlib1.dll
2018-01-08 02:02 - 2018-01-08 02:02 - 000360424 _____ () C:\Program Files (x86)\VMware\VMware Workstation\pcre.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\01718307.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\02219765.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\13674343.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\279547606.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\37079047.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\79815445.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\80284116.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\88025639.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\95217945.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\01718307.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\02219765.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\13674343.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\279547606.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\37079047.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\79815445.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\80284116.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\88025639.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\95217945.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2018-03-29 14:02 - 2018-03-29 20:12 - 000000836 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-381086932-2205462556-3811321908-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\ROBERT\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-381086932-2205462556-3811321908-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\ROBERT\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-381086932-2205462556-3811321908-1006\Control Panel\Desktop\\Wallpaper -> C:\Users\kkkkk\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-381086932-2205462556-3811321908-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\kkkkk\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
Name: VMware Virtual Ethernet Adapter for VMnet1
Description: VMware Virtual Ethernet Adapter for VMnet1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: VMware Virtual Ethernet Adapter for VMnet8
Description: VMware Virtual Ethernet Adapter for VMnet8
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/29/2018 08:15:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (03/29/2018 08:15:23 PM) (Source: vmauthd) (EventID: 1000) (User: )
Description: Failed to create event for listen socket: An address incompatible with the requested protocol was used (10047)
 
Error: (03/29/2018 08:15:23 PM) (Source: vmauthd) (EventID: 1000) (User: )
Description: Call to socket failed with error 10047.
 
Error: (03/29/2018 07:31:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (03/29/2018 07:30:49 PM) (Source: vmauthd) (EventID: 1000) (User: )
Description: Failed to create event for listen socket: An address incompatible with the requested protocol was used (10047)
 
Error: (03/29/2018 07:30:49 PM) (Source: vmauthd) (EventID: 1000) (User: )
Description: Call to socket failed with error 10047.
 
Error: (03/29/2018 04:26:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (03/29/2018 04:25:02 PM) (Source: vmauthd) (EventID: 1000) (User: )
Description: Failed to create event for listen socket: An address incompatible with the requested protocol was used (10047)
 
 
System errors:
=============
Error: (03/29/2018 08:41:51 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (03/29/2018 08:41:51 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (03/29/2018 08:41:51 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (03/29/2018 08:41:51 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (03/29/2018 08:41:51 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (03/29/2018 08:41:51 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (03/29/2018 08:41:51 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (03/29/2018 08:41:51 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU B800 @ 1.50GHz
Percentage of memory in use: 70%
Total physical RAM: 1899.86 MB
Available physical RAM: 551.67 MB
Total Virtual: 3799.72 MB
Available Virtual: 1826.46 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:279.47 GB) (Free:223.94 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery) (Fixed) (Total:14.46 GB) (Free:1.61 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.08 GB) FAT32
Drive g: (HP v165w) (Removable) (Total:15.22 GB) (Free:3.66 GB) FAT32
 
\\?\Volume{e1d66144-e4f1-11e1-b550-806e6f6e6963}\ (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: E9B0A126)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=279.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)
 
========================================================
Disk: 1 (Size: 15.2 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=15.2 GB) - (Type=0C)
 
==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,583 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:50 PM

Posted 29 March 2018 - 08:40 PM

Hi

Welcome :)

I'll be helping you with your computer.

Please read this post completely before beginning. If there's anything that you do not understand, please don't hesitate to ask before proceeding.

Please take note of the guidelines for this fix:

  • Please note that I am a volunteer. I do have a family, a career, and other endeavors that may prevent immediate responses that meet your schedule. Do note that the differences in time zones could present a problem as well. Your patience and understanding will be greatly appreciated.
  • First of all, the procedures we are about to perform are specific to your problem and should only be used on this specific computer.
  • Do not make any changes to your computer that include installing/uninstalling programs, deleting files, modifying the registry, nor running scanners or tools of any kind unless specifically requested by me.
  • Please read ALL instructions carefully and perform the steps fully and in the order they are written.
  • If things appear to be better, let me know. Just because the symptoms no longer exist as before, does not mean that you are clean.
  • Continue to read and follow my instructions until I tell you that your machine is clean.
  • If you have any questions at all, please do not hesitate to ask before performing the task that I ask of you, and please wait for my reply before you proceed.
  • Scanning with programs and reading the logs do take a fair amount of time. Again, your patience will be necessary. :)
  • Let's begin... :)

    The computer is infected with a variant of the SmarService Rootkit. Very difficult to remove, but with the right protocol we may be able to do so.

    You will need another computer to download FRST64 to a USB drive, run FRST64 in the Recovery Environment, then back in Normal Mode.

    Please download Farbar Recovery Scan Tool in an uninfected computer and save it to a flash drive (Pen Drive).

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. In your case is FRST64.exe

    Please also download the attached file and save it in the same location the FRST64 is saved in the flash drive.

    Boot in the Recovery Environment
  • Plug your USB Flash Drive in the infected computer
  • To enter the Recovery Environment with Windows Vista and Windows 7, follow the instructions below:
  • Restart the computer
  • Once you've seen your BIOS splashscreen (the computer manufacturer logo), tap the F8 key repeatedly until the Advanced Boot Options menu appears
  • Use the arrow keys to select Repair your computer, and press on Enter
  • Select your keyboard layout (US, French, etc.) and click on Next
  • Click on Command Prompt to open the command prompt
    Note: If you can't access the Recovery Environment using the F8 method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on SevenForums.

 

Once in the Command Prompt:

 

  • Insert the USB drive containing FRST64 and the Fixlist
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64 and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • First press the Scan button. That will deactivate the rootkit, once the scan is finished, press the Fix button.
  • These actions will make two logs, a Fixlog.txt and a FRST.txt logs in the flash drive. Please copy and paste them in your reply.
  • Once finished in the Recovery Environment, restart the computer in Normal Mode.

    Please download Farbar Recovery Scan Tool and save it to your desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. In your case is FRST64.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also produce another log (Addition.txt ). Please attach this to your reply.
  • I will expect the following reports:

    Frst.txt produced in the Recovery Console
    Fixlog.txt produced in the Recovery Console
    Frst.txt produced in Normal Mode
    Addition.txt produced in Normal Mode

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 sally_blue

sally_blue
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:50 PM

Posted 29 March 2018 - 09:27 PM

Thank you very much for your quick reply. I have to get a blank disc to create the repair media since it is not showing up in my advanced boot options. I am in the Windows Error Recovery screen only options I have is Safe Mode, Safe mode with Networking, Safe Mode with Command Prompt And Last known good configuration configuration. I will update after I get the disc and create and follow the next steps.



#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,583 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:50 PM

Posted 30 March 2018 - 11:00 AM

Very well. :)


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 sally_blue

sally_blue
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:50 PM

Posted 30 March 2018 - 02:47 PM

So I tried to click the repair computer. The command prompt when I clicked to type in it closed and then this happened first attached image and then it said was unable to repair then it routed me here. I'm not sure where I messed up. :( (Thank you again for the help and patience first time really dealing with such a nasty rootkit. (Edit as of just now) I was able to go back into the recovery mode again but still only options Startup Repair and HP recovery Manager. And no command line.

 

Attached Files


Edited by sally_blue, 30 March 2018 - 03:17 PM.


#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,583 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:50 PM

Posted 30 March 2018 - 07:27 PM

It is Custom HP Recovery.

 

Check the second picture. There is an option for Computer Check-up. Select that option. It should give you three options:
 

  1. Launch CheckDisk for the Windows Partition
  2. Launch CheckDisk for the WinRE Partition
  3. Open a Command Prompt

Open a Command prompt and follow the instructions above to run FRST.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 sally_blue

sally_blue
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:50 PM

Posted 30 March 2018 - 08:24 PM

Thank you! Alrighty so I got the logs from recovery mode now it won't actually boot even in safe mode to windows 7.

Attached Files



#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,583 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:50 PM

Posted 30 March 2018 - 09:49 PM

Download the enclosed file and save it next to FRST in the flash drive. Boot to the Recovery Environment Command prompt as you did before and open FRST. This time around click on the Fix button first, then, once finished, on the Scan button.

 

Please post the new FRST.txt and Fixlog.txt produced.


Edited by JSntgRvr, 30 March 2018 - 09:50 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 sally_blue

sally_blue
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:50 PM

Posted 30 March 2018 - 10:07 PM

Alrighty here are the results attached below. Thank you again so much for your fairly quick help and patience. 

Attached Files



#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,583 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:50 PM

Posted 30 March 2018 - 10:24 PM

I would like to see the Boot Manager entries.
 
Download the enclosed file and save it next to FRST in the flash drive. Boot to the Recovery Environment Command prompt as you did before and open FRST. This time around click on the Fix button. Please post the Fixlog.txt produced.

Edited by JSntgRvr, 30 March 2018 - 10:24 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 sally_blue

sally_blue
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:50 PM

Posted 30 March 2018 - 10:30 PM

Alrighty here is the fixlog.

Attached Files


Edited by sally_blue, 30 March 2018 - 10:33 PM.


#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,583 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:50 PM

Posted 30 March 2018 - 11:15 PM

Don't find any problems there. If you attempt to boot in Normal Mode, the same error occurs? Does it indicates "Boot Manager" on Top? Don't fix anything yet.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 sally_blue

sally_blue
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:50 PM

Posted 30 March 2018 - 11:35 PM

If I try to boot windows normally it displays the same message
And yes it indicates boot manager at the top
And yes it indicates boot manager at the top

#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,583 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:50 PM

Posted 30 March 2018 - 11:40 PM

Lets try this fix:

Boot the computer to the Recovery Environment Command prompt. At the prompt type the following and press Enter:

chkdsk /r "\\?\Volume{44a68c15-76a4-4e64-9024-2a02f876c5aa}"

Once finished, type the following and press Enter:

BCDEDIT |Find "osdevice"

Note the Partition letter above, then type:

CHKDSK /r E:

 

Replace the E with the Partition letter resulted above.

 

Once finished, attempt to boot in Normal Mode and let me know the outcome..


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,583 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:50 PM

Posted 30 March 2018 - 11:42 PM

That will take a considerable amount of time. I will logout now and will check on you later in the day.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users