Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Win7 Pro Laptop has HIV.... Please Help!


  • This topic is locked This topic is locked
29 replies to this topic

#1 vdesign

vdesign

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 16 May 2018 - 02:34 PM

Hi, I've been traveling and my computer has taken on just about every type of attack. I already ran the combofix before reading "do not" so here's the results any who...

 

Any advice or recommendations for getting my computer back in operation is greatly appreciated.

 

 

=========================================

 

ComboFix 18-05-11.01 - Point Presenter 05/16/2018  10:13:17.2.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8097.1084 [GMT -5:00]
Running from: c:\users\Point Presenter\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus *Disabled/Updated* {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AV: Microsoft Security Essentials *Disabled/Updated* {71A27EC9-3DA6-45FC-60A7-004F623C6189}
SP: ESET NOD32 Antivirus *Disabled/Updated* {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
SP: Microsoft Security Essentials *Disabled/Updated* {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_AdobeUpdateService
.
.
(((((((((((((((((((((((((   Files Created from 2018-04-16 to 2018-05-16  )))))))))))))))))))))))))))))))
.
.
2018-05-16 16:50 . 2018-05-16 16:50    --------    d-----w-    c:\users\Public\AppData\Local\temp
2018-05-16 16:50 . 2018-05-16 16:50    --------    d-----w-    c:\users\IUSR\AppData\Local\temp
2018-05-16 16:50 . 2018-05-16 16:50    --------    d-----w-    c:\users\DefaultAppPool\AppData\Local\temp
2018-05-16 16:50 . 2018-05-16 16:50    --------    d-----w-    c:\users\Default\AppData\Local\temp
2018-05-16 11:54 . 2018-05-16 11:54    --------    d-----w-    c:\programdata\eSignal
2018-05-15 05:01 . 2018-05-15 05:01    --------    d-----w-    c:\windows\system32\CatRoot2
2018-05-15 04:57 . 2018-05-16 17:11    253664    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2018-05-07 18:50 . 2018-05-07 18:51    --------    d-----w-    c:\users\Point Presenter\AppData\Roaming\Hoxx
2018-05-06 04:28 . 2018-05-16 15:21    895016    ----a-w-    c:\program files\Mozilla Firefox\uninstall\helper.exe
2018-05-06 04:28 . 2018-05-16 15:21    102352    ----a-w-    c:\program files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll
2018-05-01 16:32 . 2018-05-01 16:32    --------    d-----we    c:\programdata\Desktop
2018-04-29 07:37 . 2018-04-24 03:47    2781360    ----a-w-    c:\program files\Common Files\Microsoft Shared\ClickToRun\cpprestsdk.dll
2018-04-24 03:28 . 2018-04-24 03:28    211632    ----a-w-    c:\program files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
2018-04-24 03:18 . 2018-04-24 03:18    465072    ----a-w-    c:\program files (x86)\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE
2018-04-24 03:16 . 2018-04-24 03:16    29872    ----a-w-    c:\program files (x86)\Common Files\Microsoft Shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2018-05-13 07:52 . 2016-02-17 05:23    3493040    ----a-w-    c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2018-04-28 15:14 . 2018-01-19 21:32    137928    ----a-w-    c:\windows\system32\drivers\eamonm.sys
2018-04-28 15:14 . 2018-01-19 21:32    108320    ----a-w-    c:\windows\system32\drivers\epfwwfp.sys
2018-04-28 15:14 . 2018-01-19 21:31    196112    ----a-w-    c:\windows\system32\drivers\ehdrv.sys
2018-03-19 17:57 . 2018-02-02 08:09    76192    ----a-w-    c:\windows\system32\drivers\mbae64.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GUDelayStartup"="c:\program files (x86)\Glary Utilities 5\StartupManager.exe" [2018-02-02 44016]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2018-03-23 8887216]
"Endpoint Agent Tray"="c:\program files\Malwarebytes Endpoint Agent\UserAgent\Endpoint Agent Tray.exe" [2018-03-27 550176]
"Communicator"="c:\program files (x86)\PhoneDotCom\Communicator\Communicator.exe" [2017-09-26 5035888]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2017-12-01 10249048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Creative Cloud"="c:\program files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" [2018-02-14 2409936]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2018-02-10 1183256]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Endpoint Agent Tray"="c:\program files\Malwarebytes Endpoint Agent\UserAgent\Endpoint Agent Tray.exe" [2018-03-27 550176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
"MaxGPOScriptWait"= 600 (0x258)
"HideShutdownScriptsBckp"= -1 (0xffffffff)
"HideShutdownScripts"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
"SlowLinkDetectEnabled"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk * \0native.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\372032F16.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
"Panda Security URL Filtering"="c:\program files\Panda Security URL Filtering\Panda_URL_Filtering.exe"
"IseUI"="c:\program files (x86)\COMODO\Internet Security Essentials\vkise.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 A38CCID;CCID USB Smart Card Reader;c:\windows\system32\DRIVERS\a38ccid.sys;c:\windows\SYSNATIVE\DRIVERS\a38ccid.sys [x]
R3 atrfiltr;ATR Filter driver service;c:\windows\system32\DRIVERS\atrfiltr.sys;c:\windows\SYSNATIVE\DRIVERS\atrfiltr.sys [x]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
R3 dbx;dbx;c:\windows\system32\DRIVERS\dbx.sys;c:\windows\SYSNATIVE\DRIVERS\dbx.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 DDDriver;DDDriver;c:\windows\system32\drivers\DDDriver64Dcsa.sys;c:\windows\SYSNATIVE\drivers\DDDriver64Dcsa.sys [x]
R3 DellProf;DellProf;c:\windows\system32\drivers\DellProf.sys;c:\windows\SYSNATIVE\drivers\DellProf.sys [x]
R3 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 GUMHFilter;GUMHFilter;c:\windows\system32\DRIVERS\GUMHFilter.sys;c:\windows\SYSNATIVE\DRIVERS\GUMHFilter.sys [x]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys;c:\windows\SYSNATIVE\DRIVERS\netvsc60.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ST_ACCEL;STMicroelectronics Accelerometer Service;c:\windows\system32\DRIVERS\ST_ACCEL.sys;c:\windows\SYSNATIVE\DRIVERS\ST_ACCEL.sys [x]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys;c:\windows\SYSNATIVE\DRIVERS\VMBusVideoM.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R3 WirelessKeyboardFilter;Wireless Keyboard Filter Device Service;c:\windows\system32\DRIVERS\WirelessKeyboardFilter.sys;c:\windows\SYSNATIVE\DRIVERS\WirelessKeyboardFilter.sys [x]
R4 DbxSvc;DbxSvc;c:\windows\system32\DbxSvc.exe;c:\windows\SYSNATIVE\DbxSvc.exe [x]
S0 372032F16;372032F16;c:\windows\system32\drivers\372032F16.sys;c:\windows\SYSNATIVE\drivers\372032F16.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S1 GUBootStartup;GUBootStartup;c:\windows\System32\drivers\GUBootStartup.sys;c:\windows\SYSNATIVE\drivers\GUBootStartup.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AGSService;Adobe Genuine Software Integrity Service;c:\program files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe;c:\program files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [x]
S2 ClickToRunSvc;Microsoft Office Click-to-Run Service;c:\program files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe;c:\program files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Security\ekrn.exe;c:\program files\ESET\ESET Security\ekrn.exe [x]
S2 IntelHaxm;Intel HAXM Service;c:\windows\system32\DRIVERS\IntelHaxm.sys;c:\windows\SYSNATIVE\DRIVERS\IntelHaxm.sys [x]
S2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
S2 MBEndpointAgent;Malwarebytes Endpoint Agent;c:\program files\Malwarebytes Endpoint Agent\MBCloudEA.exe;c:\program files\Malwarebytes Endpoint Agent\MBCloudEA.exe [x]
S3 dcdbas;System Management Driver;c:\windows\system32\DRIVERS\dcdbas64.sys;c:\windows\SYSNATIVE\DRIVERS\dcdbas64.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\Drivers\mbamswissarmy.sys;c:\windows\SYSNATIVE\Drivers\mbamswissarmy.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation    REG_MULTI_SZ       SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
Contents of the 'Scheduled Tasks' folder
.
2018-03-05 c:\windows\Tasks\Adobe Acrobat Update Task.job
- c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-10 00:02]
.
2018-01-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-01 16:34]
.
2017-08-13 c:\windows\Tasks\AdobeAAMUpdater-1.0-PointPresenter-Point Presenter.job
- c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2016-07-01 15:06]
.
2018-02-14 c:\windows\Tasks\GlaryInitialize 5.job
- c:\program files (x86)\Glary Utilities 5\Initialize.exe [2018-02-02 06:29]
.
2017-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2896009937-3692183909-1683361069-1000Core.job
- c:\users\Point Presenter\AppData\Local\Google\Update\GoogleUpdate.exe [2016-02-17 18:29]
.
2017-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2896009937-3692183909-1683361069-1000Core1d1e918ae7be4f7.job
- c:\users\Point Presenter\AppData\Local\Google\Update\GoogleUpdate.exe [2016-02-17 18:29]
.
2017-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2896009937-3692183909-1683361069-1000UA.job
- c:\users\Point Presenter\AppData\Local\Google\Update\GoogleUpdate.exe [2016-02-17 18:29]
.
2017-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2896009937-3692183909-1683361069-1000UA1d1e918ae88b667.job
- c:\users\Point Presenter\AppData\Local\Google\Update\GoogleUpdate.exe [2016-02-17 18:29]
.
2018-02-14 c:\windows\Tasks\GU5SkipUAC.job
- c:\program files (x86)\Glary Utilities 5\Integrator.exe [2018-02-02 06:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2018-02-10 07:12    614856    ----a-w-    c:\program files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2018-02-10 07:12    614856    ----a-w-    c:\program files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2018-02-10 07:12    614856    ----a-w-    c:\program files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2013-07-08 708952]
"egui"="c:\program files\ESET\ESET Security\ecmds.exe" [2018-04-28 178496]
"AdobeGCInvoker-1.0"="c:\program files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe" [2018-01-05 315880]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
Trusted Zone: eset.com\help
TCP: Interfaces\{6806267d-cf45-438c-a727-c071ee8b7c96}: DhcpNameServer = 192.168.8.1 192.168.8.1
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - c:\program files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - c:\program files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - c:\program files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - c:\program files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
FF - ProfilePath - c:\users\Point Presenter\AppData\Roaming\Mozilla\Firefox\Profiles\qexz9ggh.default-1525579288705\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_28_0_0_137_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_28_0_0_137_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_28_0_0_137_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_28_0_0_137_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_28_0_0_137.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.28"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_28_0_0_137.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_28_0_0_137.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_28_0_0_137.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Alias]
@=""
"0"="ActionsPane Schema for Add-Ins"
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
.
**************************************************************************
.
Completion time: 2018-05-16  12:13:27 - machine was rebooted
ComboFix-quarantined-files.txt  2018-05-16 17:13
ComboFix2.txt  2018-04-08 15:12
.
Pre-Run: 97,419,264 bytes free
Post-Run: 3,236,208,640 bytes free
.
- - End Of File - - 4DE4B012E4D90C1C324F5C0217B4721B
 

 

 

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:25 AM

Posted 17 May 2018 - 06:22 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===

Please post the logs for my review.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:25 AM

Posted 23 May 2018 - 06:22 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.


Edited by Platypus, 23 May 2018 - 08:08 AM.
Topic unlocked and separate reply topic merged


#4 vdesign

vdesign
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 23 May 2018 - 07:55 AM

Here's the scan results you asked for...

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.05.2018 01
Ran by Point Presenter (administrator) on POINTPRESENTER (23-05-2018 05:51:53)
Running from C:\Users\Point Presenter\Desktop\fbr
Loaded Profiles: Point Presenter (Available Profiles: IUSR & Point Presenter)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(Authentec Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Malwarebytes) C:\Program Files\Malwarebytes Endpoint Agent\MBCloudEA.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(PhoneDotCom) C:\Program Files (x86)\PhoneDotCom\Communicator\Communicator.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\MemfilesService.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\x64\x64ProcessAssistSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Photoshop CC 2018\Photoshop.exe
() C:\Program Files\Adobe\Adobe Photoshop CC 2018\Required\Plug-ins\Spaces\Adobe Spaces Helper.exe
() C:\Program Files\Adobe\Adobe Photoshop CC 2018\Required\Plug-ins\Spaces\Adobe Spaces Helper.exe
() C:\Program Files\Adobe\Adobe Photoshop CC 2018\Required\Plug-ins\Spaces\Adobe Spaces Helper.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Photoshop CC 2018\Required\CEP\CEPHtmlEngine\CEPHtmlEngine.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Photoshop CC 2018\Required\CEP\CEPHtmlEngine\CEPHtmlEngine.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Photoshop CC 2018\Required\CEP\CEPHtmlEngine\CEPHtmlEngine.exe
(Node.js) C:\Program Files\Adobe\Adobe Photoshop CC 2018\node.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [708952 2013-07-08] (Alps Electric Co., Ltd.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [178496 2018-04-28] (ESET)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2409936 2018-02-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1183256 2018-02-09] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2896009937-3692183909-1683361069-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [44016 2018-02-02] (Glarysoft Ltd)
HKU\S-1-5-21-2896009937-3692183909-1683361069-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [8887216 2018-03-23] (SUPERAntiSpyware)
HKU\S-1-5-21-2896009937-3692183909-1683361069-1000\...\Run: [Endpoint Agent Tray] => C:\Program Files\Malwarebytes Endpoint Agent\UserAgent\Endpoint Agent Tray.exe [550176 2018-03-27] (Malwarebytes)
HKU\S-1-5-21-2896009937-3692183909-1683361069-1000\...\Run: [Communicator] => C:\Program Files (x86)\PhoneDotCom\Communicator\Communicator.exe [5035888 2017-09-26] (PhoneDotCom)
HKU\S-1-5-21-2896009937-3692183909-1683361069-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10249048 2017-12-01] (Piriform Ltd)
HKU\S-1-5-21-2896009937-3692183909-1683361069-1000\...\Policies\Explorer: []
HKU\S-1-5-18\...\Run: [Endpoint Agent Tray] => C:\Program Files\Malwarebytes Endpoint Agent\UserAgent\Endpoint Agent Tray.exe [550176 2018-03-27] (Malwarebytes)
BootExecute: autocheck autochk *  native.exe
GroupPolicy: Restriction - Chrome <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 37.26.146.100 8.8.8.8
Tcpip\..\Interfaces\{09E2227C-E842-4BBA-84C6-044503013384}: [DhcpNameServer] 37.26.146.100 8.8.8.8
Tcpip\..\Interfaces\{6806267d-cf45-438c-a727-c071ee8b7c96}: [DhcpNameServer] 192.168.8.1 192.168.8.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2896009937-3692183909-1683361069-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2896009937-3692183909-1683361069-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2896009937-3692183909-1683361069-1000 -> {0AA24E16-07B3-4694-8357-3C21ACC5F516} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=comodo&hsimp=yhs-com_chrome&type=19_33010001005_58.0.3029.113_u_ds_sp&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2896009937-3692183909-1683361069-1000 -> {C28366D4-AF15-45F9-8A69-AB8D72EBC1C5} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-05-13] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2017-10-23] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2018-05-13] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2018-05-13] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-05-13] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-05-13] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-05-13] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-05-13] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll [2017-12-31] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2017-12-31] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll [2017-12-31] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2017-12-31] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: qexz9ggh.default-1525579288705
FF ProfilePath: C:\Users\Point Presenter\AppData\Roaming\Mozilla\Firefox\Profiles\qexz9ggh.default-1525579288705 [2018-05-23]
FF Extension: (Usual Downloader - YouTube MP3/MP4) - C:\Users\Point Presenter\AppData\Roaming\Mozilla\Firefox\Profiles\qexz9ggh.default-1525579288705\Extensions\@3DAjJ5XR9nJr7cNc.xpi [2018-05-07]
FF Extension: (Windscribe VPN) - C:\Users\Point Presenter\AppData\Roaming\Mozilla\Firefox\Profiles\qexz9ggh.default-1525579288705\Extensions\@windscribeff.xpi [2018-05-08]
FF Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\Point Presenter\AppData\Roaming\Mozilla\Firefox\Profiles\qexz9ggh.default-1525579288705\Extensions\firefox@ghostery.com.xpi [2018-05-05]
FF Extension: (Disable WebRTC) - C:\Users\Point Presenter\AppData\Roaming\Mozilla\Firefox\Profiles\qexz9ggh.default-1525579288705\Extensions\jid1-5Fs7iTLscUaZBgwr@jetpack.xpi [2018-05-07]
FF Extension: (Print to PDF) - C:\Users\Point Presenter\AppData\Roaming\Mozilla\Firefox\Profiles\qexz9ggh.default-1525579288705\Extensions\{9ab38051-cd73-4e46-b7bd-dc147f6f6b29}.xpi [2018-05-06]
FF Extension: (WebCompat Reporter) - C:\Program Files\Mozilla Firefox\browser\features\webcompat-reporter@mozilla.org.xpi [2018-05-11] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_137.dll [2018-01-13] ()
FF Plugin: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-23] (Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-02-14] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_137.dll [2018-01-13] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-10] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-02-14] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2896009937-3692183909-1683361069-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Point Presenter\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-04-07] (Citrix Online)
FF Plugin HKU\S-1-5-21-2896009937-3692183909-1683361069-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Point Presenter\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://gmail.com/"
CHR Profile: C:\Users\Point Presenter\AppData\Local\Google\Chrome\User Data\Default [2018-05-23]
CHR Extension: (Slides) - C:\Users\Point Presenter\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-06]
CHR Extension: (Docs) - C:\Users\Point Presenter\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-06]
CHR Extension: (Google Drive) - C:\Users\Point Presenter\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-01-06]
CHR Extension: (YouTube) - C:\Users\Point Presenter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-01-06]
CHR Extension: (Sheets) - C:\Users\Point Presenter\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-06]
CHR Extension: (Google Docs Offline) - C:\Users\Point Presenter\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-01-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Point Presenter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-02]
CHR Extension: (Gmail) - C:\Users\Point Presenter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-01-06]
CHR Extension: (Chrome Media Router) - C:\Users\Point Presenter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-04-28]
CHR HKLM-x32\...\Chrome\Extension: [okmhneofinpilciglijihehjpaegledb] - <no Path/update_url>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-02-08] (SUPERAntiSpyware.com)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8566440 2018-04-23] (Microsoft Corporation)
S4 DbxSvc; C:\Windows\system32\DbxSvc.exe [42792 2016-09-12] (Windows ® Win 7 DDK provider)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2240264 2018-04-28] (ESET)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-29] (Malwarebytes)
R2 MBEndpointAgent; C:\Program Files\Malwarebytes Endpoint Agent\MBCloudEA.exe [184096 2018-03-27] (Malwarebytes)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
S3 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2011-11-16] (O2Micro International)
S3 p2psvc; C:\Windows\system32\p2psvc.dll [439296 2017-12-31] (Microsoft Corporation) [File not signed]
S3 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation)
S3 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-20] (Microsoft Corporation)
S3 wcncsvc; C:\Windows\System32\wcncsvc.dll [366592 2017-12-31] (Microsoft Corporation) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [X]
S2 Schedule; %systemroot%\system32\schedsvc.dll [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 372032F16; C:\Windows\System32\drivers\372032F16.sys [478392 2016-05-13] (Kaspersky Lab ZAO)
S3 A38CCID; C:\Windows\System32\DRIVERS\a38ccid.sys [78344 2017-09-14] (Advanced Card Systems Ltd.)
S3 atrfiltr; C:\Windows\System32\DRIVERS\atrfiltr.sys [17408 2017-09-22] (Windows ® Win 7 DDK provider)
R3 dcdbas; C:\Windows\System32\DRIVERS\dcdbas64.sys [48464 2015-06-19] (Dell Inc.)
S3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [32960 2017-07-27] (Dell Inc.)
S3 DellProf; C:\Windows\System32\drivers\DellProf.sys [32568 2017-07-27] (Dell Computer Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [137928 2018-04-28] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [196112 2018-04-28] (ESET)
R1 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [108320 2018-04-28] (ESET)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2016-02-16] (Glarysoft Ltd)
S3 GUMHFilter; C:\Windows\System32\DRIVERS\GUMHFilter.sys [20096 2016-02-18] (GlarySoft Ltd)
S3 HTTP; C:\Windows\System32\drivers\HTTP.sys [754176 2017-12-31] (Microsoft Corporation) [File not signed]
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-05-16] (Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
S3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [291328 2017-12-31] (Microsoft Corporation) [File not signed]
S3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [129536 2017-12-31] (Microsoft Corporation) [File not signed]
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [168448 2017-12-31] (Microsoft Corporation) [File not signed]
S3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [68208 2012-05-21] (STMicroelectronics)
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2013-07-31] (Microsoft Corporation) [File not signed]
S3 WirelessKeyboardFilter; C:\Windows\System32\DRIVERS\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)
U1 aswbdisk; no ImagePath
S3 bcbtums; system32\drivers\bcbtums.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 STHDA; system32\DRIVERS\stwrt64.sys [X]
U3 TrueSight; \??\C:\Windows\System32\drivers\TrueSight.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-23 05:50 - 2018-05-23 05:51 - 000000000 ____D C:\Users\Point Presenter\Desktop\fbr
2018-05-23 05:49 - 2018-05-23 05:49 - 002413056 _____ (Farbar) C:\Users\Point Presenter\Desktop\FRST64.exe
2018-05-23 01:51 - 2018-05-23 01:51 - 000000000 ____D C:\Users\Point Presenter\Downloads\themeforest-19469672-moon-shop-responsive-ecommerce-wordpress-theme-for-woocommerce
2018-05-23 01:45 - 2018-05-23 01:46 - 019139960 _____ C:\Users\Point Presenter\Downloads\themeforest-19469672-moon-shop-responsive-ecommerce-wordpress-theme-for-woocommerce.zip
2018-05-21 00:51 - 2018-05-21 00:51 - 000001696 _____ C:\Users\Point Presenter\Desktop\UPWRK.txt
2018-05-18 22:31 - 2018-05-18 22:31 - 000009420 _____ C:\Users\Point Presenter\Documents\cc_20180518_223148.reg
2018-05-18 22:20 - 2018-05-18 22:20 - 000015300 _____ C:\Users\Point Presenter\Desktop\2zQh6kFC_400x400.jpeg
2018-05-17 23:36 - 2018-05-18 08:26 - 000005069 _____ C:\Users\Point Presenter\Desktop\Harrassment-Midwife.txt
2018-05-17 02:11 - 2018-05-17 02:11 - 007911088 _____ (Tim Kosse) C:\Users\Point Presenter\Downloads\FileZilla_3.33.0_win64-setup.exe
2018-05-17 02:10 - 2018-05-17 02:10 - 007924192 _____ (Tim Kosse) C:\Users\Point Presenter\Downloads\FileZilla_3.32.0_win64-setup.exe
2018-05-17 02:05 - 2018-05-17 02:05 - 005071169 _____ C:\Users\Point Presenter\Downloads\codecanyon-242431-visual-composer-page-builder-for-wordpress.zip
2018-05-17 02:05 - 2018-05-17 02:05 - 000000000 ____D C:\Users\Point Presenter\Downloads\codecanyon-242431-visual-composer-page-builder-for-wordpress
2018-05-16 12:13 - 2018-05-16 12:13 - 000022580 _____ C:\ComboFix.txt
2018-05-16 12:06 - 2018-05-17 10:18 - 000000284 _____ C:\Users\Point Presenter\Desktop\22dooo.txt
2018-05-16 10:11 - 2011-06-26 01:45 - 000256000 _____ C:\Windows\PEV.exe
2018-05-16 10:11 - 2010-11-07 12:20 - 000208896 _____ C:\Windows\MBR.exe
2018-05-16 10:11 - 2009-04-19 23:56 - 000060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2018-05-16 10:11 - 2000-08-30 19:00 - 000518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2018-05-16 10:11 - 2000-08-30 19:00 - 000406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2018-05-16 10:11 - 2000-08-30 19:00 - 000098816 _____ C:\Windows\sed.exe
2018-05-16 10:11 - 2000-08-30 19:00 - 000080412 _____ C:\Windows\grep.exe
2018-05-16 10:11 - 2000-08-30 19:00 - 000068096 _____ C:\Windows\zip.exe
2018-05-16 08:48 - 2018-05-16 10:10 - 005659922 ____R (Swearware) C:\Users\Point Presenter\Downloads\ComboFix.exe
2018-05-16 08:37 - 2018-05-16 08:37 - 000005018 _____ C:\Users\Point Presenter\Documents\cc_20180516_083730.reg
2018-05-16 08:35 - 2018-05-16 08:35 - 000027306 _____ C:\Users\Point Presenter\Documents\cc_20180516_083530.reg
2018-05-16 08:15 - 2018-05-16 08:28 - 434748104 _____ (BlueStack Systems Inc.) C:\Users\Point Presenter\Downloads\BlueStacks-Installer_BS3_native_10ac64651e38257504962246f7f5651f.exe
2018-05-16 06:54 - 2018-05-16 06:55 - 000000010 _____ C:\Windows\WinSig.ini
2018-05-16 06:54 - 2018-05-16 06:54 - 000000000 ____D C:\ProgramData\eSignal
2018-05-16 06:50 - 2018-05-16 06:53 - 035361048 _____ (eSignal) C:\Users\Point Presenter\Downloads\eSignal_10.6.exe
2018-05-15 06:55 - 2018-05-15 06:57 - 017194232 _____ (Microsoft Corporation) C:\Users\Point Presenter\Downloads\ndp47-kb4096237-x64_82cc4f1587e4b87a57c96028f9be4fe9aeb02d82.exe
2018-05-15 06:54 - 2018-05-15 06:56 - 015605472 _____ (Microsoft Corporation) C:\Users\Point Presenter\Downloads\ndp45-kb4095519-x64_e239b7eb13f24ef5c88bcc1c1a6de58b46751309.exe
2018-05-15 06:54 - 2018-05-15 06:54 - 000173608 _____ (Microsoft Corporation) C:\Users\Point Presenter\Downloads\msipatchregfix-amd64_5011cb29b096fb674a4795ee8fc2f7fdad33863a.exe
2018-05-15 05:24 - 2018-05-15 05:28 - 000000000 ____D C:\Users\Point Presenter\Desktop\Trade
2018-05-15 03:26 - 2018-05-16 12:06 - 000001261 _____ C:\Users\Point Presenter\Desktop\Trade.txt
2018-05-15 01:36 - 2018-05-15 01:38 - 000000000 ____D C:\Users\Point Presenter\Desktop\Israel
2018-05-15 00:02 - 2018-05-15 00:03 - 000006514 _____ C:\Users\Point Presenter\Documents\cc_20180515_000258.reg
2018-05-14 23:57 - 2018-05-16 12:11 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-05-14 23:35 - 2018-05-20 00:04 - 000000000 ____D C:\Users\Public\Documents\AdobeGC
2018-05-14 06:21 - 2018-05-16 03:07 - 000000000 ____D C:\Users\Point Presenter\Desktop\Nikki Clothes Ideas
2018-05-13 10:48 - 2018-05-18 08:27 - 000000000 ____D C:\Users\Point Presenter\Desktop\JTrip
2018-05-12 01:46 - 2018-05-12 01:49 - 000214890 _____ C:\TDSSKiller.3.1.0.17_12.05.2018_01.46.11_log.txt
2018-05-12 01:45 - 2018-05-12 01:45 - 000000366 _____ C:\TDSSKiller.3.1.0.15_12.05.2018_01.45.33_log.txt
2018-05-12 01:23 - 2018-05-12 01:23 - 000010410 _____ C:\Users\Point Presenter\Documents\cc_20180512_012308.reg
2018-05-12 01:23 - 2018-05-12 01:23 - 000005100 _____ C:\Users\Point Presenter\Documents\cc_20180512_012319.reg
2018-05-11 02:06 - 2018-05-12 02:42 - 000000566 _____ C:\Users\Point Presenter\Desktop\2d.txt
2018-05-07 15:37 - 2018-05-07 15:38 - 000000000 ____D C:\Users\Point Presenter\Desktop\Adventures
2018-05-07 13:50 - 2018-05-07 13:51 - 000000000 ____D C:\Users\Point Presenter\AppData\Roaming\Hoxx
2018-05-07 13:04 - 2018-05-07 13:11 - 119890376 _____ (VPN1 LLC, USA) C:\Users\Point Presenter\Downloads\Hoxx Setup 0.4.0.exe
2018-05-06 12:07 - 2018-05-06 12:07 - 000103922 _____ C:\Users\Point Presenter\Desktop\Receipt for Tallinn.pdf
2018-05-06 12:06 - 2018-05-06 12:06 - 000160174 _____ C:\Users\Point Presenter\Desktop\Itinerary- Tallinn.pdf
2018-05-06 12:05 - 2018-05-06 12:05 - 000105855 _____ C:\Users\Point Presenter\Desktop\itinerary-page.pdf
2018-05-06 12:02 - 2018-05-06 12:02 - 000055254 _____ C:\Users\Point Presenter\Desktop\Itinerary  Tallinn.htm
2018-05-06 12:02 - 2018-05-06 12:02 - 000000000 ____D C:\Users\Point Presenter\Desktop\Itinerary  Tallinn_files
2018-05-06 12:01 - 2018-05-06 12:01 - 000087049 _____ C:\Users\Point Presenter\Downloads\www_expedia_com_itinerary_print_tripid_7d799516_9779_4a25_80.pdf
2018-05-05 23:25 - 2018-05-05 23:25 - 000313504 _____ (Mozilla) C:\Users\Point Presenter\Downloads\Firefox Installer.exe
2018-05-05 22:53 - 2018-05-05 22:53 - 000005018 _____ C:\Users\Point Presenter\Documents\cc_20180505_225315.reg
2018-05-05 22:53 - 2018-05-05 22:53 - 000005018 _____ C:\Users\Point Presenter\Documents\cc_20180505_225301.reg
2018-05-05 22:52 - 2018-05-05 22:52 - 000063712 _____ C:\Users\Point Presenter\Documents\cc_20180505_225217.reg
2018-05-05 22:52 - 2018-05-05 22:52 - 000005912 _____ C:\Users\Point Presenter\Documents\cc_20180505_225229.reg
2018-05-05 22:52 - 2018-05-05 22:52 - 000005314 _____ C:\Users\Point Presenter\Documents\cc_20180505_225244.reg
2018-05-05 07:52 - 2018-05-05 07:52 - 000662203 _____ C:\Users\Point Presenter\Desktop\St_Joseph_20052013.pdf
2018-05-04 10:31 - 2018-05-04 10:31 - 000075617 _____ C:\Users\Point Presenter\Downloads\Playlist-Font (2).zip
2018-05-04 10:31 - 2018-05-04 10:31 - 000000000 ____D C:\Users\Point Presenter\Downloads\Playlist-Font
2018-05-04 10:30 - 2018-05-04 10:31 - 000075617 _____ C:\Users\Point Presenter\Downloads\Playlist-Font (1).zip
2018-05-04 10:30 - 2018-05-04 10:30 - 000075617 _____ C:\Users\Point Presenter\Downloads\Playlist-Font.zip
2018-05-04 08:03 - 2018-05-04 08:03 - 001155032 _____ C:\Users\Point Presenter\Desktop\NON-DISCLOSURE AGREEMENT VOORE DESIGN N.pdf
2018-05-04 08:00 - 2018-05-04 08:00 - 000066692 _____ C:\Users\Point Presenter\Desktop\NON-DISCLOSURE AGREEMENT VOORE DESIGN.pdf
2018-05-04 01:11 - 2018-05-04 12:42 - 000000610 _____ C:\Users\Point Presenter\Desktop\5418.txt
2018-05-03 03:52 - 2018-05-04 07:52 - 000000000 ____D C:\Users\Point Presenter\Desktop\EMMA
2018-05-02 03:53 - 2018-05-02 03:53 - 000140630 _____ C:\Users\Point Presenter\Documents\64731a3cf8839d54af266c56c7f23dcf31c16421.jpeg
2018-05-01 11:28 - 2018-05-01 11:28 - 000215420 _____ C:\TDSSKiller.3.1.0.15_01.05.2018_11.28.07_log.txt
2018-04-29 03:39 - 2018-04-29 03:40 - 013326080 _____ C:\Users\Point Presenter\Documents\Booklet3sm.pdf
2018-04-29 03:28 - 2018-04-29 03:28 - 000000078 _____ C:\Users\Point Presenter\AppData\Roaming\JO.dat
2018-04-29 03:28 - 2018-04-29 03:28 - 000000000 ____D C:\Users\Point Presenter\Downloads\JiNaOCR_Setup
2018-04-29 03:24 - 2018-04-29 03:28 - 047848576 _____ C:\Users\Point Presenter\Downloads\JiNaOCR_Setup.zip
2018-04-29 03:09 - 2018-04-29 03:09 - 019167320 _____ C:\Users\Point Presenter\Desktop\Booklet3.pdf
2018-04-29 03:05 - 2018-04-29 03:06 - 000627331 _____ C:\Users\Point Presenter\Desktop\booklet-layer29-pg4.pdf
2018-04-29 02:52 - 2018-04-29 02:52 - 002163482 _____ C:\Users\Point Presenter\Desktop\booklet2_0025_Layer 1.pdf
2018-04-29 02:52 - 2018-04-29 02:52 - 002039452 _____ C:\Users\Point Presenter\Desktop\booklet2_0020_Layer 8.pdf
2018-04-29 02:52 - 2018-04-29 02:52 - 002004449 _____ C:\Users\Point Presenter\Desktop\booklet2_0019_Layer 9.pdf
2018-04-29 02:52 - 2018-04-29 02:52 - 001944568 _____ C:\Users\Point Presenter\Desktop\booklet2_0018_Layer 10.pdf
2018-04-29 02:52 - 2018-04-29 02:52 - 001924667 _____ C:\Users\Point Presenter\Desktop\booklet2_0024_Layer 4.pdf
2018-04-29 02:52 - 2018-04-29 02:52 - 001834487 _____ C:\Users\Point Presenter\Desktop\booklet2_0023_Layer 5.pdf
2018-04-29 02:52 - 2018-04-29 02:52 - 001702953 _____ C:\Users\Point Presenter\Desktop\booklet2_0017_Layer 11.pdf
2018-04-29 02:52 - 2018-04-29 02:52 - 001671197 _____ C:\Users\Point Presenter\Desktop\booklet2_0013_Layer 15.pdf
2018-04-29 02:52 - 2018-04-29 02:52 - 001608325 _____ C:\Users\Point Presenter\Desktop\booklet2_0026_Layer 2.pdf
2018-04-29 02:52 - 2018-04-29 02:52 - 001536660 _____ C:\Users\Point Presenter\Desktop\booklet2_0009_Layer 19.pdf
2018-04-29 02:52 - 2018-04-29 02:52 - 001505166 _____ C:\Users\Point Presenter\Desktop\booklet2_0010_Layer 18.pdf
2018-04-29 02:52 - 2018-04-29 02:52 - 001499926 _____ C:\Users\Point Presenter\Desktop\booklet2_0012_Layer 16.pdf
2018-04-29 02:52 - 2018-04-29 02:52 - 001490871 _____ C:\Users\Point Presenter\Desktop\booklet2_0016_Layer 12.pdf
2018-04-29 02:52 - 2018-04-29 02:52 - 001436718 _____ C:\Users\Point Presenter\Desktop\booklet2_0011_Layer 17.pdf
2018-04-29 02:52 - 2018-04-29 02:52 - 001420533 _____ C:\Users\Point Presenter\Desktop\booklet2_0022_Layer 6.pdf
2018-04-29 02:52 - 2018-04-29 02:52 - 001401570 _____ C:\Users\Point Presenter\Desktop\booklet2_0014_Layer 14.pdf
2018-04-29 02:52 - 2018-04-29 02:52 - 001373418 _____ C:\Users\Point Presenter\Desktop\booklet2_0006_Layer 24.pdf
2018-04-29 02:52 - 2018-04-29 02:52 - 001372575 _____ C:\Users\Point Presenter\Desktop\booklet2_0007_Layer 23.pdf
2018-04-29 02:52 - 2018-04-29 02:52 - 001366932 _____ C:\Users\Point Presenter\Desktop\booklet2_0015_Layer 13.pdf
2018-04-29 02:52 - 2018-04-29 02:52 - 001346462 _____ C:\Users\Point Presenter\Desktop\booklet2_0005_Layer 25.pdf
2018-04-29 02:52 - 2018-04-29 02:52 - 001312490 _____ C:\Users\Point Presenter\Desktop\booklet2_0003_Layer 27.pdf
2018-04-29 02:52 - 2018-04-29 02:52 - 001289563 _____ C:\Users\Point Presenter\Desktop\booklet2_0008_Layer 20.pdf
2018-04-29 02:52 - 2018-04-29 02:52 - 001260855 _____ C:\Users\Point Presenter\Desktop\booklet2_0004_Layer 26.pdf
2018-04-29 02:52 - 2018-04-29 02:52 - 001256541 _____ C:\Users\Point Presenter\Desktop\booklet2_0021_Layer 7.pdf
2018-04-29 02:52 - 2018-04-29 02:52 - 001214898 _____ C:\Users\Point Presenter\Desktop\booklet2_0002_Layer 28.pdf
2018-04-29 02:52 - 2018-04-29 02:52 - 000867828 _____ C:\Users\Point Presenter\Desktop\booklet2_0000_Layer 22.pdf
2018-04-29 02:52 - 2018-04-29 02:52 - 000628953 _____ C:\Users\Point Presenter\Desktop\booklet2_0001_Layer 21.pdf
2018-04-29 02:52 - 2018-04-29 02:52 - 000482898 _____ C:\Users\Point Presenter\Desktop\booklet2_0027_Layer 3.pdf
2018-04-27 04:55 - 2018-04-29 03:04 - 036376310 _____ C:\Users\Point Presenter\Desktop\booklet.psd
2018-04-23 09:57 - 2018-04-23 09:57 - 000094143 _____ C:\Users\Point Presenter\Desktop\FSR-20170101-20171231.pdf
2018-04-23 09:39 - 2018-04-23 09:39 - 000009772 _____ C:\Users\Point Presenter\Desktop\TransactionReport2017Guru.pdf
2018-04-23 09:36 - 2018-04-23 09:36 - 000079931 _____ C:\Users\Point Presenter\Desktop\1099Report.pdf
2018-04-23 09:32 - 2018-04-23 09:32 - 000001718 _____ C:\Users\Point Presenter\Desktop\1099Report2017.pdf
2018-04-23 08:51 - 2018-04-23 08:51 - 001090168 _____ (ESET) C:\Users\Point Presenter\Desktop\ESETUninstaller.exe
2018-04-23 08:45 - 2018-04-23 08:45 - 000735888 _____ (Sysinternals - www.sysinternals.com) C:\Users\Point Presenter\Desktop\autoruns.exe
2018-04-23 08:43 - 2018-04-23 08:43 - 000371282 _____ C:\Users\Point Presenter\Desktop\gmer.zip
2018-04-23 08:43 - 2018-04-23 08:43 - 000000000 ____D C:\Users\Point Presenter\Desktop\gmer
2018-04-23 08:41 - 2018-04-23 08:41 - 000000000 _____ C:\Users\Point Presenter\Desktop\vba32arkit.zip
2018-04-23 08:18 - 2018-05-12 01:46 - 000000000 ____D C:\Users\Point Presenter\Desktop\tdsskiller
2018-04-23 08:18 - 2018-04-23 08:30 - 000430788 _____ C:\TDSSKiller.3.1.0.17_23.04.2018_08.18.46_log.txt
2018-04-23 08:17 - 2018-05-12 01:45 - 004858305 _____ C:\Users\Point Presenter\Desktop\tdsskiller.zip
2018-04-23 08:17 - 2018-04-23 08:17 - 000000366 _____ C:\TDSSKiller.3.1.0.15_23.04.2018_08.17.29_log.txt
2018-04-23 07:25 - 2018-04-23 07:25 - 000143756 _____ C:\Users\Point Presenter\Desktop\2017-FinancialSummary.pdf
2018-04-23 07:19 - 2018-04-23 07:19 - 000020934 _____ C:\Users\Point Presenter\Desktop\payments2017.csv

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-23 05:51 - 2017-08-23 13:58 - 000000000 ____D C:\FRST
2018-05-23 01:33 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2018-05-22 22:08 - 2009-07-13 23:45 - 000021312 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-05-22 22:08 - 2009-07-13 23:45 - 000021312 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-05-22 22:03 - 2018-02-02 02:25 - 000000000 ____D C:\Program Files\Malwarebytes Endpoint Agent
2018-05-22 11:03 - 2017-09-07 08:41 - 000001456 _____ C:\Users\Point Presenter\AppData\Local\Adobe Save for Web 13.0 Prefs
2018-05-21 21:47 - 2017-02-28 11:07 - 000000000 ____D C:\Users\Point Presenter\AppData\LocalLow\Mozilla
2018-05-20 07:29 - 2009-07-14 00:13 - 000752782 _____ C:\Windows\system32\PerfStringBackup.INI
2018-05-20 07:29 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\system32\NDF
2018-05-19 07:36 - 2017-06-30 15:49 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-05-19 07:36 - 2017-03-19 07:33 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-05-18 22:31 - 2017-03-28 13:21 - 000000000 ____D C:\Users\Point Presenter\AppData\Local\CrashDumps
2018-05-18 01:55 - 2018-01-10 14:00 - 000000930 _____ C:\Users\Public\Desktop\Firefox.lnk
2018-05-17 09:16 - 2018-03-05 12:31 - 000000606 _____ C:\Windows\Tasks\Adobe Acrobat Update Task.job
2018-05-17 09:15 - 2017-09-05 22:38 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-05-17 03:58 - 2016-05-03 17:40 - 000000000 ____D C:\Users\Point Presenter\AppData\Roaming\FileZilla
2018-05-16 22:16 - 2016-02-16 22:32 - 000000000 ____D C:\Program Files (x86)\Glary Utilities 5
2018-05-16 12:16 - 2018-02-02 02:25 - 000000000 ____D C:\ProgramData\Malwarebytes Endpoint Agent
2018-05-16 12:15 - 2011-02-10 09:33 - 000750592 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-05-16 12:13 - 2018-04-08 09:02 - 000000000 ____D C:\Qoobox
2018-05-16 12:11 - 2009-07-13 21:34 - 000000215 _____ C:\Windows\system.ini
2018-05-16 12:07 - 2009-07-13 21:34 - 108789760 _____ C:\Windows\system32\config\software.bak
2018-05-16 12:07 - 2009-07-13 21:34 - 059158528 _____ C:\Windows\system32\config\system.bak
2018-05-16 12:07 - 2009-07-13 21:34 - 004186112 _____ C:\Windows\system32\config\default.bak
2018-05-16 12:07 - 2009-07-13 21:34 - 000061440 _____ C:\Windows\system32\config\sam.bak
2018-05-16 12:07 - 2009-07-13 21:34 - 000032768 _____ C:\Windows\system32\config\security.bak
2018-05-16 12:06 - 2017-09-06 16:54 - 000000000 ____D C:\Users\Point Presenter\AppData\Local\Adobe
2018-05-16 12:06 - 2009-07-13 21:34 - 041418752 _____ C:\Windows\system32\config\components.bak
2018-05-16 11:50 - 2018-04-08 09:02 - 000000000 ____D C:\Windows\erdnt
2018-05-16 11:42 - 2016-04-07 13:21 - 000000000 ____D C:\ProgramData\TEMP
2018-05-16 08:29 - 2016-10-31 18:51 - 000000000 ____D C:\Users\Point Presenter\AppData\Local\Bluestacks
2018-05-16 08:10 - 2018-01-30 09:24 - 000000000 ____D C:\Program Files\Autodesk
2018-05-16 08:10 - 2018-01-30 09:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2018-05-15 15:14 - 2018-01-06 12:27 - 000002188 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-05-15 15:14 - 2018-01-06 12:27 - 000002147 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-05-15 03:47 - 2016-03-04 19:57 - 000007598 _____ C:\Users\Point Presenter\AppData\Local\Resmon.ResmonCfg
2018-05-15 00:03 - 2017-12-23 09:15 - 000002650 _____ C:\Users\Point Presenter\Desktop\unhide.txt
2018-05-15 00:02 - 2017-12-23 11:18 - 000006732 _____ C:\Users\Point Presenter\Desktop\Rkill.txt
2018-05-14 23:57 - 2017-03-21 23:40 - 000000000 ____D C:\Users\PCPitstopSVC
2018-05-14 23:57 - 2016-02-16 20:53 - 000000000 ____D C:\Windows\CSC
2018-05-14 23:52 - 2009-07-13 21:34 - 000000439 _____ C:\Windows\win.ini
2018-05-14 23:15 - 2013-07-31 20:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-05-14 23:15 - 2013-07-31 20:36 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-05-13 22:35 - 2016-02-17 13:20 - 000000000 ____D C:\Users\Point Presenter\Documents\VENTURES
2018-05-09 07:36 - 2016-12-14 07:45 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2018-05-07 05:32 - 2018-01-08 15:42 - 000002334 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2018-05-05 23:28 - 2017-10-02 13:43 - 000000898 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-05-05 23:01 - 2017-12-23 13:49 - 000000000 ____D C:\Users\Point Presenter\Desktop\Old Firefox Data
2018-05-01 11:37 - 2016-06-17 08:45 - 000000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_365
2018-05-01 11:27 - 2018-01-10 06:48 - 000000000 ____D C:\AdwCleaner
2018-04-28 10:14 - 2018-01-19 16:32 - 000137928 _____ (ESET) C:\Windows\system32\Drivers\eamonm.sys
2018-04-28 10:14 - 2018-01-19 16:32 - 000108320 _____ (ESET) C:\Windows\system32\Drivers\epfwwfp.sys
2018-04-28 10:14 - 2018-01-19 16:31 - 000196112 _____ (ESET) C:\Windows\system32\Drivers\ehdrv.sys
2018-04-25 03:02 - 2016-08-12 01:29 - 000000000 ____D C:\Program Files (x86)\Autodesk
2018-04-25 02:50 - 2016-02-19 20:13 - 000000000 ___RD C:\Program Files (x86)\Skype
2018-04-25 02:50 - 2016-02-19 20:13 - 000000000 ____D C:\ProgramData\Skype
2018-04-25 02:45 - 2017-02-28 11:05 - 000000000 ____D C:\Users\Point Presenter\AppData\Local\Deployment
2018-04-25 02:45 - 2016-12-24 18:55 - 000000000 ____D C:\Users\Point Presenter\AppData\Local\Apps\2.0
2018-04-24 03:27 - 2016-08-12 01:38 - 000000000 ____D C:\Users\Point Presenter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Autodesk
2018-04-23 08:29 - 2016-12-24 18:57 - 000000000 ____D C:\Users\Point Presenter\AppData\Roaming\Sidekick
2018-04-23 08:29 - 2016-02-27 11:39 - 000000000 ____D C:\SUPERDelete
2018-04-23 08:25 - 2018-01-12 06:51 - 000000000 ____D C:\Users\Point Presenter\AppData\Roaming\CoffeeCup Software
2018-04-23 07:14 - 2017-10-26 15:33 - 000000000 ___RD C:\Users\Point Presenter\Creative Cloud Files

==================== Files in the root of some directories =======

2016-03-17 17:42 - 2017-11-16 11:46 - 000000033 _____ () C:\Users\Point Presenter\AppData\Roaming\AdobeWLCMCache.dat
2016-07-28 13:48 - 2016-07-28 13:48 - 000009357 _____ () C:\Users\Point Presenter\AppData\Roaming\Comma Separated Values.EML
2018-04-29 03:28 - 2018-04-29 03:28 - 000000078 _____ () C:\Users\Point Presenter\AppData\Roaming\JO.dat
2016-07-06 12:06 - 2016-07-06 12:28 - 000000600 _____ () C:\Users\Point Presenter\AppData\Roaming\PUTTY.RND
2017-09-07 08:41 - 2018-05-22 11:03 - 000001456 _____ () C:\Users\Point Presenter\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-09-05 10:22 - 2016-09-05 10:22 - 000000239 _____ () C:\Users\Point Presenter\AppData\Local\poetsch.bat
2016-07-06 12:06 - 2018-02-22 19:06 - 000000600 _____ () C:\Users\Point Presenter\AppData\Local\PUTTY.RND
2016-03-04 19:57 - 2018-05-15 03:47 - 000007598 _____ () C:\Users\Point Presenter\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-12-29 10:57

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01
Ran by Point Presenter (23-05-2018 05:52:16)
Running from C:\Users\Point Presenter\Desktop\fbr
Windows 7 Professional Service Pack 1 (X64) (2016-02-17 01:55:28)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2896009937-3692183909-1683361069-500 - Administrator - Disabled)
Guest (S-1-5-21-2896009937-3692183909-1683361069-501 - Limited - Disabled)
Point Presenter (S-1-5-21-2896009937-3692183909-1683361069-1000 - Administrator - Enabled) => C:\Users\Point Presenter

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AV: ESET NOD32 Antivirus (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET NOD32 Antivirus (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Microsoft Security Essentials (Disabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ACA & MEP 2018 Object Enabler (HKLM\...\{28B89EEF-1004-0000-5102-CF3F3A09B77D}) (Version: 8.0.40.0 - Autodesk) Hidden
ACAD Private (HKLM\...\{28B89EEF-1001-0000-3102-CF3F3A09B77D}) (Version: 22.0.49.0 - Autodesk) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.4.1.298 - Adobe Systems Incorporated)
Adobe Flash Player 28 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Adobe Photoshop CC 2018 (HKLM-x32\...\PHSP_19_1) (Version: 19.1 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-2896009937-3692183909-1683361069-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
AutoCAD 2018 - English (HKLM\...\{28B89EEF-1001-0409-2102-CF3F3A09B77D}) (Version: 22.0.49.0 - Autodesk) Hidden
AutoCAD 2018 (HKLM\...\{28B89EEF-1001-0000-0102-CF3F3A09B77D}) (Version: 22.0.154.0 - Autodesk) Hidden
AutoCAD 2018 Language Pack - English (HKLM\...\{28B89EEF-1001-0409-1102-CF3F3A09B77D}) (Version: 22.0.154.0 - Autodesk) Hidden
Autodesk App Manager 2016-2018 (HKLM-x32\...\{20EC0CA2-346E-4660-9903-51B278DF15F6}) (Version: 2.4.0 - Autodesk)
Autodesk AutoCAD 2018.1.1 (HKLM-x32\...\{b501e2dd-1001-0000-0102-2d66c6a91544}) (Version: 22.0.154.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool 1.2.8 (HKLM-x32\...\{214D3370-746E-4886-8EAA-5769EB87D044}) (Version: 1.2.8.0 - Autodesk)
Autodesk License Service (x64) - 5.1.4 (HKLM\...\{3609A8D9-FC0C-4C9B-9F58-0B1D1A4FE556}) (Version: 5.1.4.0 - Autodesk)
Autodesk ReCap (HKLM\...\{6ED27C84-0000-1033-0102-D4DAEFFC23C2}) (Version: 4.0.0.28 - Autodesk) Hidden
Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{0C518F4B-8D5A-47A6-A1E2-B3F371486118}) (Version: 15.2.1.3 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.38 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Communicator (HKLM-x32\...\{E51C5F83-639B-4EAA-88FE-68C10EB97C8B}) (Version: 50.8.7880 - PhoneDotCom)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.134 - ALPS ELECTRIC CO., LTD.)
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 6.30.223.215 - Dell Inc.)
ESET Security (HKLM\...\{3EB22EED-2263-4174-9F36-09BD15A7AEF8}) (Version: 11.0.159.5 - ESET, spol. s r.o.)
EstEID Minidriver (HKLM\...\{C8FD6A29-41A0-49CB-AB5B-96598235E4FD}) (Version: 3.12.0.77 - RIA) Hidden
FF Token Signing Uninstaller (HKLM-x32\...\{F9A7D3E6-F64A-42F4-91FC-2D20639D1AFD}) (Version: 17.11.0.1762 - RIA) Hidden
FileZilla Client 3.31.0 (HKU\S-1-5-21-2896009937-3692183909-1683361069-1000\...\FileZilla Client) (Version: 3.31.0 - Tim Kosse)
GemPcCCID (HKLM\...\{7567A068-2F02-40D1-A34C-16D79ECD35A6}) (Version: 2.0.1 - Gemalto) Hidden
Glary Utilities 5.92 (HKLM-x32\...\Glary Utilities 5) (Version: 5.92.0.114 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 66.0.3359.181 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Intel® Hardware Accelerated Execution Manager (HKLM\...\{557D160E-2085-4D38-BDA3-1D5D3F74A3A4}) (Version: 6.0.4 - Intel Corporation)
Java 8 Update 151 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Malwarebytes Endpoint Agent (HKLM\...\{949D1792-E377-4348-8BC4-6D643EF49B21}) (Version: 1.1.1.0 - Malwarebytes) Hidden
Malwarebytes Endpoint Agent (HKLM-x32\...\{578e536a-d60d-4c80-89ed-a7dadbd43bd7}) (Version: 1.1.1.0 - Malwarebytes)
Malwarebytes version 3.4.5.2470 (HKLM\...\{680231FF-ABC9-40A2-A1E3-1AFD6FE45C8D}_is1) (Version: 3.4.5.2470 - Malwarebytes)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.9226.2114 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{5BABDA39-61CF-41EE-992D-4054B6649A9B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 61.0 (x64 en-US) (HKLM\...\Mozilla Firefox 61.0 (x64 en-US)) (Version: 61.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
O2Micro OZ776 SCR Driver (HKLM\...\{9F9DF365-C354-468F-A174-82660FB13C5C}) (Version: 2.1.4.223GS - O2Micro) Hidden
O2Micro OZ776 SCR Driver (HKLM-x32\...\InstallShield_{9F9DF365-C354-468F-A174-82660FB13C5C}) (Version: 2.1.4.223GS - O2Micro) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9226.2114 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9226.2114 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9226.2114 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.9226.2114 - Microsoft Corporation) Hidden
Open-EID Metapackage (HKLM-x32\...\{42D681FE-6B57-4BF0-A294-272B082D3BAD}) (Version: 17.11.0.1762 - RIA) Hidden
Open-EID QtConf Uninstaller (HKLM-x32\...\{B6FAD86F-8850-49C0-B0AA-35B66268AC13}) (Version: 17.11.0.1762 - RIA) Hidden
Open-EID Uninstaller (HKLM-x32\...\{29967171-87C3-4990-A8BC-BEAFCBC4D0BD}) (Version: 17.11.0.1762 - RIA) Hidden
SPBA (WBF) 5.9 (HKLM\...\{DD317AA5-F0EF-480F-9501-507712B5E0B6}) (Version: 5.9.7.7232 - Authentec Inc.) Hidden
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1230 - SUPERAntiSpyware.com)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.0.4 - Tweaking.com)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2896009937-3692183909-1683361069-1000_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Point Presenter\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2896009937-3692183909-1683361069-1000_Classes\CLSID\{9AAF0EB6-42D8-46C1-A2EF-679511B37A0D}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2018\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2896009937-3692183909-1683361069-1000_Classes\CLSID\{B6EB585B-B467-4E46-A9C7-48D7D6FD26CB}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2018\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2896009937-3692183909-1683361069-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2018\en-US\acadficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2896009937-3692183909-1683361069-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
CustomCLSID: HKU\S-1-5-21-2896009937-3692183909-1683361069-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Point Presenter\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] ()
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] ()
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] ()
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] ()
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2017-02-02] (Autodesk)
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2018-04-28] (ESET)
ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2015-12-21] (Glarysoft Ltd)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2018-04-28] (ESET)
ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2015-12-21] (Glarysoft Ltd)
ContextMenuHandlers4: [MSSE] -> {0365FE2C-F183-4091-AC82-BFC39FB75C49} =>  -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-03-26] (Intel Corporation)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2016-06-02] (Intel Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] ()
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2018-04-28] (ESET)
ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2015-12-21] (Glarysoft Ltd)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {054CF029-2365-472D-A242-79EC156BBD9F} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-05-13] (Microsoft Corporation)
Task: {086B495F-1EA7-4FF0-B4CC-259C0421BECB} - System32\Tasks\MySQL\Installer\ManifestUpdate => C:\Program Files (x86)\MySQL\MySQL Installer for Windows\MySQLInstallerConsole.exe
Task: {091AA51C-3AFF-4657-80E3-AB05A749324A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {0CAD5A5E-09AE-47ED-9F93-EB3E93CC6E6F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2896009937-3692183909-1683361069-1000UA1d257ed790e30c8 => C:\Users\Point Presenter\AppData\Local\Google\Update\GoogleUpdate.exe [2016-02-17] (Google Inc.)
Task: {3C44DDB9-7821-4256-8957-4A57875C04F5} - System32\Tasks\{64FFD49B-D84E-4DC2-B4AF-CC56E2FAC7E3} => C:\Windows\system32\pcalua.exe -a "C:\Users\Point Presenter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HT1UCT9D\supportassistlauncher.exe" -d "C:\Users\Point Presenter\Desktop"
Task: {480FA584-AA07-4451-993A-46653B20DF2F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2896009937-3692183909-1683361069-1000Core1d257ed790a3919 => C:\Users\Point Presenter\AppData\Local\Google\Update\GoogleUpdate.exe [2016-02-17] (Google Inc.)
Task: {4F26011D-2C6F-4300-A987-3085DE7529FD} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe
Task: {5B7E561E-940F-400D-9AB7-4B60E9AD029A} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-05-13] (Microsoft Corporation)
Task: {6969ABB0-A399-415C-94FE-E4D9A57AA9C6} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe
Task: {6B78B1CA-FBCC-424A-B711-5BA957B64416} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2017-05-02] (Tweaking.com)
Task: {831D68C2-A203-4E40-96A1-FFDA4F26CAEB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-01-13] (Adobe Systems Incorporated)
Task: {982F38EF-715E-4F6F-895C-D969EEAF19A3} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe
Task: {9DC33DDC-6915-46AE-9AD6-C79BC52FE21B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2896009937-3692183909-1683361069-1000UA1d1e918ae88b667 => C:\Users\Point Presenter\AppData\Local\Google\Update\GoogleUpdate.exe [2016-02-17] (Google Inc.)
Task: {A46716D9-6534-4BF1-9387-3CB3FAEA5040} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-05-13] (Microsoft Corporation)
Task: {AF9E0ABD-721E-4DD6-B66F-578ACC742810} - System32\Tasks\{A3F94CC4-4CE1-4FC3-A690-E5D13C769758} => C:\Windows\system32\pcalua.exe -a "C:\Users\Point Presenter\Downloads\intel_r_hd_graphics_4000_10.18.10.3958.exe" -d "C:\Users\Point Presenter\Downloads"
Task: {B8F59528-D79C-41CD-910B-1D83C365EE8F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2896009937-3692183909-1683361069-1000UA => C:\Users\Point Presenter\AppData\Local\Google\Update\GoogleUpdate.exe [2016-02-17] (Google Inc.)
Task: {BF4A3EE8-3FA3-4692-B1B2-323212D2AE14} - System32\Tasks\id updater task => C:\Program Files (x86)\Open-EID\ID-updater.exe
Task: {C36A8354-09ED-4BF4-9BB1-903D6ED55FF0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2896009937-3692183909-1683361069-1000Core1d1e918ae7be4f7 => C:\Users\Point Presenter\AppData\Local\Google\Update\GoogleUpdate.exe [2016-02-17] (Google Inc.)
Task: {C51E4944-F840-4A9D-8583-134F4D1D539A} - System32\Tasks\AdobeAAMUpdater-1.0-PointPresenter-Point Presenter => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {CA3288EA-FA3F-4713-856A-2A84D8CD3984} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2018-02-02] (Glarysoft Ltd)
Task: {CF963106-1DF3-40A3-92BA-3AD251A7F0C7} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {D2905FC9-8998-4C65-B5DC-38D5B1FEBA19} - System32\Tasks\Opera scheduled Autoupdate 1508682371 => C:\Users\Point Presenter\AppData\Local\Programs\Opera\launcher.exe
Task: {D84F4201-581B-401D-A9E1-5F5F7266AFDD} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe
Task: {E04E0F93-F7A8-45E5-86B0-51DA3A1DE901} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {E053DEAC-C7D8-4CCC-AEDE-7F2CAE91A131} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2896009937-3692183909-1683361069-1000Core => C:\Users\Point Presenter\AppData\Local\Google\Update\GoogleUpdate.exe [2016-02-17] (Google Inc.)
Task: {E7850A62-4AF0-426C-BFBA-B8098B8DF286} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-12-01] (Piriform Ltd)
Task: {F1DAD465-A6B4-4D60-BC19-8D4851346FB8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-12-01] (Piriform Ltd)
Task: {F7DC3C8B-6682-45A9-B494-0FFB61232094} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe
Task: {FA27DD72-B818-4F2A-86D8-23830C07ED5F} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2018-02-02] (Glarysoft Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Acrobat Update Task.job => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AdobeAAMUpdater-1.0-PointPresenter-Point Presenter.job => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
Task: C:\Windows\Tasks\GlaryInitialize 5.job => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2896009937-3692183909-1683361069-1000Core.job => C:\Users\Point Presenter\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2896009937-3692183909-1683361069-1000Core1d1e918ae7be4f7.job => C:\Users\Point Presenter\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2896009937-3692183909-1683361069-1000UA.job => C:\Users\Point Presenter\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2896009937-3692183909-1683361069-1000UA1d1e918ae88b667.job => C:\Users\Point Presenter\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GU5SkipUAC.job => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-02-02 03:09 - 2018-03-12 15:09 - 002300192 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-02-10 02:12 - 2018-02-10 02:12 - 000614856 _____ () C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll
2018-01-16 02:06 - 2018-01-16 02:06 - 000935440 _____ () C:\Program Files\Adobe\Adobe Photoshop CC 2018\opencv_calib3d249.dll
2018-01-16 02:06 - 2018-01-16 02:06 - 002544656 _____ () C:\Program Files\Adobe\Adobe Photoshop CC 2018\opencv_core249.dll
2018-01-16 02:06 - 2018-01-16 02:06 - 000659472 _____ () C:\Program Files\Adobe\Adobe Photoshop CC 2018\opencv_flann249.dll
2018-01-16 02:06 - 2018-01-16 02:06 - 002200080 _____ () C:\Program Files\Adobe\Adobe Photoshop CC 2018\opencv_imgproc249.dll
2018-01-16 02:06 - 2018-01-16 02:06 - 000867344 _____ () C:\Program Files\Adobe\Adobe Photoshop CC 2018\opencv_features2d249.dll
2018-01-16 02:06 - 2018-01-16 02:06 - 000438288 _____ () C:\Program Files\Adobe\Adobe Photoshop CC 2018\opencv_video249.dll
2018-01-16 02:06 - 2018-01-16 02:06 - 000551952 _____ () C:\Program Files\Adobe\Adobe Photoshop CC 2018\manta.dll
2018-01-16 02:06 - 2018-01-16 02:06 - 001864208 _____ () C:\Program Files\Adobe\Adobe Photoshop CC 2018\aif.dll
2013-07-31 22:06 - 2012-03-26 23:08 - 017226240 _____ () C:\Windows\system32\ig7icd64.dll
2018-01-16 02:07 - 2018-01-16 02:07 - 098352144 _____ () C:\Program Files\Adobe\Adobe Photoshop CC 2018\Required\Plug-Ins\Spaces\libcef.dll
2018-02-23 04:44 - 2018-02-23 04:44 - 000076456 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2018-01-16 02:07 - 2018-01-16 02:07 - 001186320 _____ () C:\Program Files\Adobe\Adobe Photoshop CC 2018\Required\Plug-Ins\Spaces\Adobe Spaces Helper.exe
2018-01-16 02:07 - 2018-01-16 02:07 - 003930128 _____ () C:\Program Files\Adobe\Adobe Photoshop CC 2018\Required\Plug-Ins\Spaces\libglesv2.dll
2018-01-16 02:07 - 2018-01-16 02:07 - 000100368 _____ () C:\Program Files\Adobe\Adobe Photoshop CC 2018\Required\Plug-Ins\Spaces\libegl.dll
2018-01-16 02:07 - 2018-01-16 02:07 - 094554128 _____ () C:\Program Files\Adobe\Adobe Photoshop CC 2018\Required\CEP\cephtmlengine\libcef.dll
2018-01-16 02:07 - 2018-01-16 02:07 - 002991632 _____ () C:\Program Files\Adobe\Adobe Photoshop CC 2018\Required\CEP\cephtmlengine\libglesv2.dll
2018-01-16 02:07 - 2018-01-16 02:07 - 000100368 _____ () C:\Program Files\Adobe\Adobe Photoshop CC 2018\Required\CEP\cephtmlengine\libegl.dll
2018-01-16 02:07 - 2018-01-16 02:07 - 005841424 _____ () C:\Program Files\Adobe\Adobe Photoshop CC 2018\Required\CEP\cephtmlengine\node.dll
2018-05-15 15:14 - 2018-05-14 22:13 - 004443992 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181\libglesv2.dll
2018-05-15 15:14 - 2018-05-14 22:13 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181\libegl.dll
2017-08-22 20:28 - 2018-05-13 02:55 - 001018032 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\ADDINS\UmOutlookAddin.dll
2017-08-15 05:14 - 2017-12-01 07:08 - 001452728 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\ClientTelemetry.dll
2017-08-22 20:40 - 2018-05-13 02:56 - 000558760 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\msfad.dll
2017-08-22 20:28 - 2018-03-10 14:38 - 000142000 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLCTL.DLL
2017-09-26 08:03 - 2017-09-26 08:03 - 018902384 _____ () C:\Program Files (x86)\PhoneDotCom\Communicator\CPCLR.dll
2016-09-28 11:12 - 2016-09-28 11:12 - 000046592 _____ () C:\Program Files (x86)\PhoneDotCom\Communicator\boost_signals-vc120-mt-1_61.dll
2016-09-28 11:12 - 2016-09-28 11:12 - 000016896 _____ () C:\Program Files (x86)\PhoneDotCom\Communicator\boost_system-vc120-mt-1_61.dll
2017-09-26 07:43 - 2017-09-26 07:43 - 010674120 _____ () C:\Program Files (x86)\PhoneDotCom\Communicator\CPCAPI2_SharedLibrary.dll
2016-09-28 11:12 - 2016-09-28 11:12 - 000082944 _____ () C:\Program Files (x86)\PhoneDotCom\Communicator\boost_thread-vc120-mt-1_61.dll
2016-09-28 11:12 - 2016-09-28 11:12 - 000025600 _____ () C:\Program Files (x86)\PhoneDotCom\Communicator\boost_chrono-vc120-mt-1_61.dll
2016-09-28 11:12 - 2016-09-28 11:12 - 000654336 _____ () C:\Program Files (x86)\PhoneDotCom\Communicator\boost_regex-vc120-mt-1_61.dll
2016-09-28 11:12 - 2016-09-28 11:12 - 000107520 _____ () C:\Program Files (x86)\PhoneDotCom\Communicator\boost_filesystem-vc120-mt-1_61.dll
2016-09-28 11:12 - 2016-09-28 11:12 - 000040960 _____ () C:\Program Files (x86)\PhoneDotCom\Communicator\boost_date_time-vc120-mt-1_61.dll
2017-02-14 16:56 - 2017-02-14 16:56 - 001240576 _____ () C:\Program Files (x86)\PhoneDotCom\Communicator\CefSharp.Core.dll
2017-02-14 16:56 - 2017-02-14 16:56 - 066165760 _____ () C:\Program Files (x86)\PhoneDotCom\Communicator\libcef.dll
2018-02-02 01:30 - 2018-02-02 01:30 - 000087032 _____ () C:\Program Files (x86)\Glary Utilities 5\zlib1.dll
2018-02-23 04:44 - 2018-02-23 04:44 - 000073384 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2018-01-30 09:38 - 2018-01-30 09:38 - 000118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2018-01-30 09:39 - 2018-01-30 09:39 - 000214528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2018-01-30 09:38 - 2018-01-30 09:38 - 000117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2018-01-30 09:38 - 2018-01-30 09:38 - 000125952 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2018-02-14 06:26 - 2018-02-14 06:26 - 000111056 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin7.dll
2018-01-30 09:38 - 2018-01-30 09:38 - 000086528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\372032F16.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\372032F16.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-2896009937-3692183909-1683361069-1000\Software\Classes\.scr: scrfile =>  <==== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\dell.com -> dell.com
IE restricted site: HKU\S-1-5-21-2896009937-3692183909-1683361069-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2896009937-3692183909-1683361069-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2896009937-3692183909-1683361069-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2896009937-3692183909-1683361069-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2896009937-3692183909-1683361069-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2896009937-3692183909-1683361069-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2896009937-3692183909-1683361069-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-2896009937-3692183909-1683361069-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-2896009937-3692183909-1683361069-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2896009937-3692183909-1683361069-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-2896009937-3692183909-1683361069-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2896009937-3692183909-1683361069-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2896009937-3692183909-1683361069-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2896009937-3692183909-1683361069-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2896009937-3692183909-1683361069-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2896009937-3692183909-1683361069-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2896009937-3692183909-1683361069-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2896009937-3692183909-1683361069-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2896009937-3692183909-1683361069-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2896009937-3692183909-1683361069-1000\...\1001movie.com -> 1001movie.com

There are 6091 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-06-17 08:45 - 2018-05-16 12:11 - 000000027 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2896009937-3692183909-1683361069-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Point Presenter\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 37.26.146.100 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: Autodesk Desktop App => "C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe" -tray
MSCONFIG\startupreg: CyberGhost =>
MSCONFIG\startupreg: DellSystemDetect => C:\Users\Point Presenter\AppData\Local\Apps\2.0\0RZ0G2C2.RZ4\DWZJ1V9P.12H\dell..tion_831211ca63b981c5_0008.000b_165622fff4cd0fc1\DellSystemDetect.exe 4zZn5oeQk9WMM5ZBt7fsYA==
MSCONFIG\startupreg: Dropbox =>
MSCONFIG\startupreg: HotKeysCmds =>
MSCONFIG\startupreg: MSC =>
MSCONFIG\startupreg: Persistence =>
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SNMP-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-In-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{3E4427F3-620F-45B6-AB4A-7C06A2B0BD2A}C:\program files (x86)\phonedotcom\communicator\communicator.exe] => (Allow) C:\program files (x86)\phonedotcom\communicator\communicator.exe
FirewallRules: [UDP Query User{C8F92CED-B0E4-4D1F-AC5C-5CE5E82FB312}C:\program files (x86)\phonedotcom\communicator\communicator.exe] => (Allow) C:\program files (x86)\phonedotcom\communicator\communicator.exe
FirewallRules: [TCP Query User{87DAFB5C-A7EC-42A2-BAC5-D318733A316B}C:\users\point presenter\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\point presenter\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{731779E1-429B-4AA7-B5ED-90F951854DCA}C:\users\point presenter\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\point presenter\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{CDE5F23A-7D3A-430C-B32C-DD75E9084E59}C:\program files (x86)\phonedotcom\communicator\communicator.exe] => (Allow) C:\program files (x86)\phonedotcom\communicator\communicator.exe
FirewallRules: [UDP Query User{A33E0B29-1824-4F95-8F25-FE83254D25FF}C:\program files (x86)\phonedotcom\communicator\communicator.exe] => (Allow) C:\program files (x86)\phonedotcom\communicator\communicator.exe
FirewallRules: [{AF938002-831B-429F-9E96-0FB59AB74287}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{E9DCBA76-F106-49AE-8A1B-D3699E28EECF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{683BCFA7-4E74-4228-8AF1-4076AD2FE814}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{F12FBBB9-D5F1-436D-8137-628A4AEA6F65}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: DW380 Bluetooth Module
Description: DW380 Bluetooth Module
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HTTP
Description: HTTP
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: HTTP
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Integrated Webcam
Description: USB Video Device
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: Microsoft ACPI-Compliant Control Method Battery
Description: Microsoft ACPI-Compliant Control Method Battery
Class Guid: {72631e54-78a4-11d0-bcf7-00aa00b7b32a}
Manufacturer: Microsoft
Service: CmBatt
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (05/23/2018 05:52:15 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Server service depends on the Server SMB 1.xxx Driver service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (05/23/2018 05:52:15 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Server SMB 1.xxx Driver service depends on the Server SMB 2.xxx Driver service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (05/23/2018 05:52:15 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (05/23/2018 05:52:15 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Server SMB 2.xxx Driver service depends on the srvnet service which failed to start because of the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (05/23/2018 05:52:15 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Workstation service depends on the SMB 2.0 MiniRedirector service which failed to start because of the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (05/23/2018 05:52:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The srvnet service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (05/23/2018 05:52:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SMB 2.0 MiniRedirector service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (05/23/2018 05:52:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SMB 1.x MiniRedirector service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


CodeIntegrity:
===================================

Date: 2018-05-23 05:52:15.367
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\srvnet.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-05-23 05:52:15.338
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\srvnet.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-05-23 05:52:15.306
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mrxsmb20.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-05-23 05:52:15.277
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mrxsmb20.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-05-23 05:52:15.247
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mrxsmb10.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-05-23 05:52:15.215
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mrxsmb10.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-05-23 05:52:15.184
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\srvnet.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-05-23 05:52:15.152
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\srvnet.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Core™ i7-3540M CPU @ 3.00GHz
Percentage of memory in use: 80%
Total physical RAM: 8096.77 MB
Available physical RAM: 1609.65 MB
Total Virtual: 16191.71 MB
Available Virtual: 6928.1 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:104.02 GB) (Free:1.19 GB) NTFS

\\?\Volume{af9e7644-fa58-11e2-9231-806e6f6e6963}\ (RECOVERY) (Fixed) (Total:15.18 GB) (Free:8.24 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 119.2 GB) (Disk ID: 2EEB539A)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=15.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=104 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


Edited by vdesign, 23 May 2018 - 07:59 AM.


#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:25 AM

Posted 23 May 2018 - 10:35 AM


Hi,

Check this provider 37.26.146.100
Tcpip\Parameters: [DhcpNameServer] 37.26.146.100 8.8.8.8
Is this from your Internet Provider or some IP you used while traveling?
https://www.ip-tracker.org/locator/ip-lookup.php?ip=37.26.146.100

===
Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

GroupPolicy: Restriction - Chrome <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
FF Plugin HKU\S-1-5-21-2896009937-3692183909-1683361069-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Point Presenter\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
CHR HKLM-x32\...\Chrome\Extension: [okmhneofinpilciglijihehjpaegledb] - <no Path/update_url>
S3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [X]
S2 Schedule; %systemroot%\system32\schedsvc.dll [X]
S3 bcbtums; system32\drivers\bcbtums.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 STHDA; system32\DRIVERS\stwrt64.sys [X]
U3 TrueSight; \??\C:\Windows\System32\drivers\TrueSight.sys [X]
R0 372032F16; C:\Windows\System32\drivers\372032F16.sys
C:\Windows\System32\drivers\372032F16.sys

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers4: [MSSE] -> {0365FE2C-F183-4091-AC82-BFC39FB75C49} =>  -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]
HKU\S-1-5-21-2896009937-3692183909-1683361069-1000\Software\Classes\.scr: scrfile =>  <==== ATTENTION

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.

#6 vdesign

vdesign
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 23 May 2018 - 11:01 AM

Thanks for the help. I do use a vpn sometimes, but never seen that ip address before...

 

The computer had to restart, here's the info...

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01
Ran by Point Presenter (23-05-2018 08:55:08) Run:1
Running from C:\Users\Point Presenter\Desktop\fbr
Loaded Profiles: Point Presenter (Available Profiles: IUSR & Point Presenter)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

GroupPolicy: Restriction - Chrome <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
FF Plugin HKU\S-1-5-21-2896009937-3692183909-1683361069-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Point Presenter\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
CHR HKLM-x32\...\Chrome\Extension: [okmhneofinpilciglijihehjpaegledb] - <no Path/update_url>
S3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [X]
S2 Schedule; %systemroot%\system32\schedsvc.dll [X]
S3 bcbtums; system32\drivers\bcbtums.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 STHDA; system32\DRIVERS\stwrt64.sys [X]
U3 TrueSight; \??\C:\Windows\System32\drivers\TrueSight.sys [X]
R0 372032F16; C:\Windows\System32\drivers\372032F16.sys
C:\Windows\System32\drivers\372032F16.sys

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers4: [MSSE] -> {0365FE2C-F183-4091-AC82-BFC39FB75C49} =>  -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]
HKU\S-1-5-21-2896009937-3692183909-1683361069-1000\Software\Classes\.scr: scrfile =>  <==== ATTENTION

End
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => removed successfully
"HKU\S-1-5-21-2896009937-3692183909-1683361069-1000\Software\MozillaPlugins\@tools.google.com/Google Update;version=9" => removed successfully
"C:\Users\Point Presenter\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll" => not found
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\okmhneofinpilciglijihehjpaegledb" => removed successfully
HKLM\System\CurrentControlSet\Services\NisSrv => could not remove, key could be protected
"HKLM\System\CurrentControlSet\Services\Schedule" => removed successfully
Schedule => service removed successfully
"HKLM\System\CurrentControlSet\Services\bcbtums" => removed successfully
bcbtums => service removed successfully
"HKLM\System\CurrentControlSet\Services\dbx" => removed successfully
dbx => service removed successfully
"HKLM\System\CurrentControlSet\Services\STHDA" => removed successfully
STHDA => service removed successfully
"HKLM\System\CurrentControlSet\Services\TrueSight" => removed successfully
TrueSight => service removed successfully
372032F16 => Unable to stop service.
"HKLM\System\CurrentControlSet\Services\372032F16" => removed successfully
372032F16 => service removed successfully
C:\Windows\System32\drivers\372032F16.sys => moved successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw" => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\MSSE" => removed successfully
HKLM\Software\Classes\CLSID\{0365FE2C-F183-4091-AC82-BFC39FB75C49} => not found
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\Gadgets" => removed successfully
HKLM\Software\Classes\CLSID\{6B9228DA-9C15-419e-856C-19E768A13BDC} => not found
C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`27hfm" ADS removed successfully
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully
"HKU\S-1-5-21-2896009937-3692183909-1683361069-1000\Software\Classes\.scr" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 16777216 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 2072812 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 397995 B
Edge => 0 B
Chrome => 108052221 B
Firefox => 277976535 B
Opera => 239084 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 33058 B
Public => 0 B
ProgramData => 0 B
IUSR => 0 B
systemprofile => 85781 B
systemprofile32 => 66356 B
LocalService => 33326 B
NetworkService => 0 B
Point Presenter => 56081267 B
PCPitstopSVC => 0 B
DefaultAppPool => 0 B

RecycleBin => 0 B
EmptyTemp: => 440.4 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 23-05-2018 08:58:31)


Result of scheduled keys to remove after reboot:

HKLM\System\CurrentControlSet\Services\NisSrv => could not remove, key could be protected

==== End of Fixlog 08:58:31 ====



#7 vdesign

vdesign
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 23 May 2018 - 11:09 AM

Strange, Google is in a different language when accessing the web...

 

Tried to attach a file/screenshot of Google displaying from "Türkiye" but I get a error and unable to load basic uploader. Also, the ssl is showing with an unsecure error.

 

 


Edited by vdesign, 23 May 2018 - 11:16 AM.


#8 vdesign

vdesign
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 23 May 2018 - 11:30 AM

Loading mixed (insecure) display content http://deeprybka.trojaner-board.de/eset/eng/attachlogs.png on a secure page[Learn More] index.php
Loading mixed (insecure) display content https://deeprybka.trojaner-board.de/eset/eng/attachlogs.png on a secure page[Learn More] index.php
Error: Script terminated by timeout at:
_uploadSuccess@https://www.bleepingcomputer.com/forums/public/js/ips.attach.js:124:8
SWFUpload.prototype.queueEvent/<@https://www.bleepingcomputer.com/forums/public/js/3rd_party/swfupload/swfupload.js:21:98
SWFUpload.prototype.executeNextEvent@https://www.bleepingcomputer.com/forums/public/js/3rd_party/swfupload/swfupload.js:21:448
SWFUpload.prototype.queueEvent/<@https://www.bleepingcomputer.com/forums/public/js/3rd_party/swfupload/swfupload.js:21:176
ips.attach.js:124:8
unreachable code after return statement[Learn More] ips.textEditor.bbcode.js:446:2
unreachable code after return statement[Learn More] ips.post.js:14:13
 


Edited by vdesign, 23 May 2018 - 11:32 AM.


#9 vdesign

vdesign
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 23 May 2018 - 11:33 AM

A form was submitted in the windows-1252 encoding which cannot encode all Unicode characters, so user input may get corrupted. To avoid this problem, the page should be changed so that the form is submitted in the UTF-8 encoding either by changing the encoding of the page itself to UTF-8 or by specifying accept-charset=utf-8 on the form element.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:25 AM

Posted 24 May 2018 - 07:02 AM

Hi,
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
CloseProcesses:

Tcpip\Parameters: [DhcpNameServer] 37.26.146.100 8.8.8.8
Tcpip\..\Interfaces\{09E2227C-E842-4BBA-84C6-044503013384}: [DhcpNameServer] 37.26.146.100 8.8.8.8

cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew

Restart:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Strange, Google is in a different language when accessing the web...

Tried to attach a file/screenshot of Google displaying from "Türkiye" but I get a error and unable to load basic uploader. Also, the ssl is showing with an unsecure error.


It's SSL Connection Errors read about it.
https://www.instantssl.com/ssl-faqs/ssl-certificate-errors.html

Which browser are were you using when you got the error.
Is the browser up to date?

p.s.
What is the reason I see many .reg files in your log?
Example:
C:\Users\Point Presenter\Documents\cc_20180505_225315.reg

A .reg file is used to modify the Registry.
Whalt were you trying to do?

DO NOT RUN THESE FILES AS IT WILL EDIT YOUR REGISTRY.

#11 vdesign

vdesign
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 24 May 2018 - 07:38 AM

Hi, thanks! The reg files I think were from CCleaner backups. I kept getting a message popping up when the computer restarted asking permission for ccleaner to make changes so I just uninstalled the entire program. Here's the log...

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01
Ran by Point Presenter (24-05-2018 05:27:21) Run:2
Running from C:\Users\Point Presenter\Desktop\fbr
Loaded Profiles: Point Presenter (Available Profiles: IUSR & Point Presenter)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
CloseProcesses:

Tcpip\Parameters: [DhcpNameServer] 37.26.146.100 8.8.8.8
Tcpip\..\Interfaces\{09E2227C-E842-4BBA-84C6-044503013384}: [DhcpNameServer] 37.26.146.100 8.8.8.8

cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew

Restart:

End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer" => removed successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{09E2227C-E842-4BBA-84C6-044503013384}\\DhcpNameServer" => removed successfully

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= IPCONFIG /release =========


Windows IP Configuration

No operation can be performed on Local Area Connection while it has its media disconnected.

Wireless LAN adapter Wireless Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::817:a099:35d:492d%12
   Default Gateway . . . . . . . . . :

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.{09E2227C-E842-4BBA-84C6-044503013384}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.{015AAAB5-B988-4865-A815-3ACE2F79CE73}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.{A288E7A0-7B69-4525-B533-BDC1DDB3C526}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

========= End of CMD: =========


========= IPCONFIG /renew =========


Windows IP Configuration

No operation can be performed on Wireless Network Connection 2 while it has its media disconnected.
No operation can be performed on Local Area Connection while it has its media disconnected.

Wireless LAN adapter Wireless Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::817:a099:35d:492d%12
   IPv4 Address. . . . . . . . . . . : 172.20.10.3
   Subnet Mask . . . . . . . . . . . : 255.255.255.240
   Default Gateway . . . . . . . . . : 172.20.10.1

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.{09E2227C-E842-4BBA-84C6-044503013384}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.{015AAAB5-B988-4865-A815-3ACE2F79CE73}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.{A288E7A0-7B69-4525-B533-BDC1DDB3C526}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

========= End of CMD: =========

Restart: => Error: No automatic fix found for this entry.


The system needed a reboot.

==== End of Fixlog 05:27:31 ====



#12 vdesign

vdesign
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 25 May 2018 - 01:56 AM

Hi, my online experience is strange, lots of timed out page loads, connection drops, page reloads, slower speeds as well. Even as I'm writing this message, my connection disappeared for a few minutes. I tried attaching files to a post the other day and was unable to use your upload feature. My browser is current and has been refreshed numerous times. I found a few articles of similar issues with "DhcpNameServer" and a recurring virus that seems hard to remove.

 

Anyway, let me know if I need to run any other scans.

 

Thanks!



#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:25 AM

Posted 25 May 2018 - 06:25 AM


Hi,

Reset your router. It may becompromised.

How to Reset a Router Back to the Factory Default Settings
http://www.ehow.com/how_2110924_reset-back-factory-default-settings.html

Then, please reconfigure it back to your preferred setting.. Below is the list of default username and password, should you don't know it ;)

http://www.routerpasswords.com/
http://www.phenoelit-us.org/dpl/dpl.html
===

Reset for Linksys, Netgear, D-Link and Belkin Routers
http://www.techsupportforum.com/2763-reset-for-linksys-netgear-d-link-and-belkin-routers/

====
How to tell if my Wireless is secure.
http://www.ehow.com/how_6775466_tell-wireless-secure_.html

Keep me posted.

#14 vdesign

vdesign
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 25 May 2018 - 11:11 AM

Hi, so is that it? My computer is now virus free?

 

Thanks.



#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:25 AM

Posted 25 May 2018 - 12:31 PM

Hi,

As far as I can see.

Any remaining issues?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users