Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Update & Chrome plus other problems with my PC


  • This topic is locked This topic is locked
11 replies to this topic

#1 mishasham01

mishasham01

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:16 AM

Posted 31 May 2018 - 10:58 PM

Hi all!

 

I am creating this topic because I was told to do so in my previous topic which you can find here:

 

https://www.bleepingcomputer.com/forums/t/674986/windows-update-chrome-plus-other-problems-with-my-pc/page-2

 

To avoid repeating myself and just copy/pasting, please read the first page of that topic to see the explanation of the issues affecting the PC and all my posts where I answered to questions from other members regarding the issues.

 

Thank you!

 

 

FRST log file

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.05.2018 01
Ran by emil shamilov (administrator) on EMILSHAMILOV-PC (31-05-2018 23:36:57)
Running from C:\Users\emil shamilov\Downloads
Loaded Profiles: emil shamilov (Available Profiles: emil shamilov)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Dell, Inc.) C:\Program Files (x86)\DELL\Dell Datasafe Online\NOBuAgent.exe
(Chicony) C:\Program Files (x86)\DELL\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Spotify Ltd) C:\Users\emil shamilov\AppData\Roaming\Spotify\SpotifyWebHelper.exe
() C:\Program Files (x86)\DELL\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe
(Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.10\Lightshot.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(DELL) C:\Program Files (x86)\DELL\Dell KM632 Wireless Keyboard Caps Lock Indicator\IndicatorOSD.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Sensible Vision) C:\Program Files (x86)\Sensible Vision\Fast Access\Vendor\FastAccessChatAssist.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-02] (Intel® Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "c:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2055016 2011-04-29] ()
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM-x32\...\Run: [Chicony_OSD] => C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe [53248 2011-01-12] ()
HKLM-x32\...\Run: [StickyNotesWidget] => c:\Program Files (x86)\Dell Touch Software Suite\StickyNotes\notes_startup_widgets.exe [666344 2011-03-18] ()
HKLM-x32\...\Run: [FATrayAlert] => C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe [93832 2010-11-01] (Sensible Vision )
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [885760 2011-04-29] ()
HKLM-x32\...\Run: [InstaLAN] => C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe [2015136 2011-05-27] (Affinegy, Inc.)
HKLM-x32\...\Run: [FAStartup] => [X]
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1279120 2012-09-27] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\FastAccess: C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll [2010-11-01] ()
HKU\S-1-5-21-672674941-3518348205-4107734500-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [17074688 2018-03-06] (Piriform Ltd)
HKU\S-1-5-21-672674941-3518348205-4107734500-1000\...\Run: [Spotify Web Helper] => C:\Users\emil shamilov\AppData\Roaming\Spotify\SpotifyWebHelper.exe [782736 2018-05-29] (Spotify Ltd)
Lsa: [Notification Packages] scecli FAPassSync
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424 2013-09-07] (Microsoft Corporation) ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 C:\Windows\System32\mswsock.dll [327168 2013-09-07] (Microsoft Corporation) ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{471864BF-1A6B-4956-B71C-3D9C5FCDBFAD}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{B7AC01FA-FBA3-449C-9B84-CEBD63FAFB89}: [DhcpNameServer] 192.168.2.1
 
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-672674941-3518348205-4107734500-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-672674941-3518348205-4107734500-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/en-us/?pc=U270&ocid=U270DHP
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = 
SearchScopes: HKLM -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = 
SearchScopes: HKLM-x32 -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=843&q={searchTerms}&s_it=amonetizetest1-ie&s_qt=sb&tb_uuid=AE31E4F9B18B4CC6B680ADFC71544DB4&tb_oid=15-03-2013&tb_mrud=15-03-2013
SearchScopes: HKLM-x32 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-672674941-3518348205-4107734500-1000 -> DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?FORM=U270DF&PC=U270&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-672674941-3518348205-4107734500-1000 -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=843&q={searchTerms}&s_it=amonetizetest1-ie&s_qt=sb&tb_uuid=AE31E4F9B18B4CC6B680ADFC71544DB4&tb_oid=15-03-2013&tb_mrud=15-03-2013
SearchScopes: HKU\S-1-5-21-672674941-3518348205-4107734500-1000 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?FORM=U270DF&PC=U270&q={searchTerms}&src=IE-SearchBox
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll [2014-01-24] (CANON INC.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: SSOIEAddonBHO Class -> {DA5BCE70-D057-4D63-943D-5F3927EC59F1} -> C:\Program Files (x86)\Sensible Vision\Fast Access\x64\FAIESSO.dll [2010-11-01] (Sensible Vision )
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-04-06] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: SSOIEAddonBHO Class -> {DA5BCE70-D057-4D63-943D-5F3927EC59F1} -> C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll [2010-11-01] (Sensible Vision )
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-04-06] (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll [2014-01-24] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-01-24] (CANON INC.)
 
FireFox:
========
FF ProfilePath: C:\Users\emil shamilov\AppData\Roaming\Mozilla\Firefox\Profiles\dzjskyzy.default-1489439937819 [2018-05-31]
FF Homepage: Mozilla\Firefox\Profiles\dzjskyzy.default-1489439937819 -> yahoo.com/
FF Extension: (Grammarly for Firefox) - C:\Users\emil shamilov\AppData\Roaming\Mozilla\Firefox\Profiles\dzjskyzy.default-1489439937819\Extensions\87677a2c52b84ad3a151a4a72f5bd3c4@jetpack.xpi [2018-05-17]
FF Extension: (Pinterest Save Button) - C:\Users\emil shamilov\AppData\Roaming\Mozilla\Firefox\Profiles\dzjskyzy.default-1489439937819\Extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi [2018-05-31]
FF Extension: (TLS 1.3 gradual roll-out fallback-limit) - C:\Users\emil shamilov\AppData\Roaming\Mozilla\Firefox\Profiles\dzjskyzy.default-1489439937819\features\{7c7b3216-6a55-42e7-bd88-568589bfec62}\tls13-version-fallback-rollout-bug1462099@mozilla.org.xpi [2018-05-31] [Legacy]
FF HKLM-x32\...\Firefox\Extensions: [fassoxpcom@sensiblevision.com] - C:\Program Files (x86)\Sensible Vision\Fast Access\xpcom_fasso
FF Extension: (FastAccess Web Login) - C:\Program Files (x86)\Sensible Vision\Fast Access\xpcom_fasso [2015-06-13] [Legacy] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_29_0_0_171.dll [2018-05-08] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_171.dll [2018-05-08] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1217157.dll [No File]
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-04-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-04-06] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-20] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.yahoo.com/
CHR Profile: C:\Users\emil shamilov\AppData\Local\Google\Chrome\User Data\Default [2018-05-31]
CHR Extension: (Docs) - C:\Users\emil shamilov\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-04-06]
CHR Extension: (Google Drive) - C:\Users\emil shamilov\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-04-06]
CHR Extension: (YouTube) - C:\Users\emil shamilov\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-04-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\emil shamilov\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-06]
CHR Extension: (Gmail) - C:\Users\emil shamilov\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-04-06]
CHR Extension: (Chrome Media Router) - C:\Users\emil shamilov\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-04-23]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2018-05-08] (Adobe Systems Incorporated) [File not signed]
R2 AffinegyService; C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe [562592 2011-05-27] (Affinegy, Inc.)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2557136 2015-02-26] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-02-26] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [232152 2015-05-20] (Dell Inc.)
R2 FAService; C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2428552 2010-11-01] (Sensible Vision ) [File not signed]
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 OSDSvc; C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe [176128 2010-12-01] (Chicony) [File not signed]
S4 RemoteAccess; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S4 RemoteAccess; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-03-04] (Dell Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11293936 2018-04-03] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [23312 2015-01-30] (Dell Computer Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S0 MBAMSwissArmy; System32\Drivers\mbamswissarmy.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-05-31 23:36 - 2018-05-31 23:39 - 000021965 _____ C:\Users\emil shamilov\Downloads\FRST.txt
2018-05-31 23:35 - 2018-05-31 23:36 - 000000000 ____D C:\FRST
2018-05-31 23:34 - 2018-05-31 23:35 - 002413056 _____ (Farbar) C:\Users\emil shamilov\Downloads\FRST64.exe
2018-05-20 17:23 - 2018-05-20 17:23 - 000002079 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2018-05-20 17:23 - 2018-05-20 17:23 - 000001945 _____ C:\Windows\epplauncher.mif
2018-05-20 17:23 - 2018-05-20 17:23 - 000000000 ____D C:\Program Files (x86)\Microsoft Security Client
2018-05-20 17:22 - 2018-05-20 17:23 - 000000000 ____D C:\Program Files\Microsoft Security Client
2018-05-20 17:21 - 2018-05-20 17:21 - 015065792 _____ (Microsoft Corporation) C:\Users\emil shamilov\Downloads\mseinstall.exe
2018-05-20 17:18 - 2018-05-20 17:20 - 012231000 _____ (Microsoft Corporation) C:\Users\emil shamilov\Downloads\mseinstall (2).exe
2018-05-18 23:06 - 2018-05-18 23:06 - 007649280 _____ C:\Program Files (x86)\GUT15DA.tmp
2018-05-18 23:06 - 2018-05-18 23:06 - 000000000 ____D C:\Program Files (x86)\GUM15D9.tmp
2018-05-03 20:03 - 2018-05-03 20:03 - 001165525 _____ C:\Users\emil shamilov\Downloads\SNAP_Recert_ApplicationSummary-2518175 (1).pdf
2018-05-03 19:51 - 2018-05-03 19:51 - 001165525 _____ C:\Users\emil shamilov\Downloads\SNAP_Recert_ApplicationSummary-2518175.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-05-31 23:39 - 2009-07-14 00:45 - 000028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-05-31 23:39 - 2009-07-14 00:45 - 000028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-05-31 23:36 - 2009-07-14 01:13 - 000783188 _____ C:\Windows\system32\PerfStringBackup.INI
2018-05-31 23:36 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
2018-05-31 23:31 - 2015-04-01 16:56 - 000000000 ____D C:\Users\emil shamilov\AppData\Local\CrashDumps
2018-05-31 23:31 - 2011-10-22 06:43 - 000000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2018-05-31 23:30 - 2017-01-16 13:52 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-05-31 23:30 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-05-31 22:34 - 2016-11-17 20:20 - 000000000 ____D C:\Users\emil shamilov\AppData\LocalLow\Mozilla
2018-05-31 22:34 - 2016-03-20 17:26 - 000000000 ____D C:\Users\emil shamilov\AppData\Roaming\Spotify
2018-05-31 22:34 - 2016-03-20 17:26 - 000000000 ____D C:\Users\emil shamilov\AppData\Local\Spotify
2018-05-31 22:34 - 2015-02-18 15:09 - 000000404 _____ C:\Windows\Tasks\update-sys.job
2018-05-31 22:34 - 2015-02-18 15:09 - 000000404 _____ C:\Windows\Tasks\update-S-1-5-21-672674941-3518348205-4107734500-1000.job
2018-05-31 22:34 - 2009-07-14 01:08 - 000032612 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-05-24 15:30 - 2014-03-08 13:50 - 000000000 ____D C:\ProgramData\CanonIJPLM
2018-05-22 21:54 - 2016-11-17 20:06 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-05-22 21:54 - 2012-05-27 22:31 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-05-20 17:13 - 2018-04-06 19:49 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-05-20 17:13 - 2018-04-06 19:49 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-05-17 16:28 - 2018-04-06 19:50 - 000002186 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-05-17 16:28 - 2018-04-06 19:50 - 000002145 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-05-17 16:28 - 2018-04-06 19:50 - 000002145 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2018-05-17 16:23 - 2014-10-01 15:33 - 000000000 ____D C:\Users\emil shamilov\Desktop\Riva's Folder
2018-05-14 16:49 - 2016-05-30 16:58 - 000000000 ____D C:\Program Files (x86)\Minecraft
2018-05-14 16:49 - 2013-03-03 09:48 - 000000000 ____D C:\Users\emil shamilov\AppData\Roaming\.minecraft
2018-05-14 14:14 - 2015-02-10 22:04 - 000000426 _____ C:\Windows\Tasks\Dell SupportAssistAgent AutoUpdate.job
2018-05-08 22:35 - 2018-03-13 15:35 - 000004492 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-05-08 22:35 - 2013-03-22 19:28 - 000804864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-05-08 22:35 - 2013-03-22 19:28 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-05-08 22:35 - 2011-12-01 21:10 - 000000000 ____D C:\Windows\system32\Macromed
2018-05-08 22:35 - 2011-10-22 06:17 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-05-08 22:35 - 2011-10-22 06:17 - 000000000 ____D C:\Windows\SysWOW64\Macromed
 
==================== Files in the root of some directories =======
 
2018-05-18 23:06 - 2018-05-18 23:06 - 007649280 _____ () C:\Program Files (x86)\GUT15DA.tmp
2012-04-28 18:28 - 2012-04-28 18:28 - 000003584 _____ () C:\Users\emil shamilov\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-04-15 05:29 - 2018-04-15 05:29 - 000007618 _____ () C:\Users\emil shamilov\AppData\Local\Resmon.ResmonCfg
2015-02-18 15:09 - 2015-02-18 15:09 - 000000003 _____ () C:\Users\emil shamilov\AppData\Local\updater.log
2015-02-18 15:09 - 2017-05-08 18:37 - 000000425 _____ () C:\Users\emil shamilov\AppData\Local\UserProducts.xml
2011-12-04 17:40 - 2011-12-04 17:58 - 000004124 ___SH () C:\Users\emil shamilov\AppData\Local\x0lf03t5uw0olr
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-05-28 23:05
 
==================== End of FRST.txt ============================
 
 
 
 
 
 
Addition log file

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01
Ran by emil shamilov (31-05-2018 23:40:04)
Running from C:\Users\emil shamilov\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2011-12-01 23:22:34)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-672674941-3518348205-4107734500-500 - Administrator - Disabled)
emil shamilov (S-1-5-21-672674941-3518348205-4107734500-1000 - Administrator - Enabled) => C:\Users\emil shamilov
Guest (S-1-5-21-672674941-3518348205-4107734500-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Disabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Disabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-zip v9.20 (HKLM-x32\...\7-zip) (Version: v9.20 - TUGUU SL) <==== ATTENTION
Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe Flash Player 29 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 29.0.0.171 - Adobe Systems Incorporated)
Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.171 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.9.149 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
Belkin Setup and Router Monitor (HKLM-x32\...\Belkin Setup and Router Monitor_is1) (Version:  - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.4.1.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.2.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)
Canon MX920 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX920_series) (Version: 1.00 - Canon Inc.)
Canon MX920 series On-screen Manual (HKLM-x32\...\Canon MX920 series On-screen Manual) (Version: 7.6.0 - Canon Inc.)
Canon MX920 series User Registration (HKLM-x32\...\Canon MX920 series User Registration) (Version:  - ‭Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.1.2 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.1 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.1.0 - Canon Inc.)
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: 1.3.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.41 - Piriform)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
CyberLink YouPaint (HKLM-x32\...\InstallShield_{72BF1DA0-2B00-4794-9173-159722019B74}) (Version: 1.2.2124 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Data Vault (HKLM\...\{2E55EEFD-2162-4A7D-9158-EDB0305603A6}) (Version: 4.2.2.0 - Dell Inc.) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell Inc.)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Digital Delivery (HKLM-x32\...\{98CB551E-EDB1-4535-82A6-E3258597F64E}) (Version: 2.7.1000.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell KM632 Wireless Keyboard Caps Lock Indicator (HKLM-x32\...\{55586382-6704-4237-AAA7-85FF9C055022}) (Version: 2.1.9.0401 - Dell)
Dell MusicStage (HKLM-x32\...\{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}) (Version: 1.5.201.0 - Fingertapps)
Dell Stage (HKLM-x32\...\{E2EBA7C0-8072-447F-856D-FFEE8D15B23B}) (Version: 1.5.201.0 - Fingertapps)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.0.2.57295 - Dell)
Dell Touch Software Suite Games (HKLM-x32\...\{6FB3428E-23AA-4CA1-BA9D-E6D5F3F692E4}) (Version: 1.5.133.0 - Fingertapps)
Dell Update (HKLM-x32\...\{3FB000F3-7444-41C1-A0A6-53E8FD0B7D9C}) (Version: 1.6.1007.0 - Dell Inc.)
Dell VideoStage  (HKLM-x32\...\{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.) Hidden
Dell VideoStage  (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd)
DoWnLouwApop (HKLM-x32\...\{15BFA1EF-4B89-F075-6B00-0B4EAD6EFA43}) (Version: 2.2.0.1811 - DoWWnLowApp) <==== ATTENTION
Face Recognition (HKLM\...\{2C5BEF49-4219-4751-9106-39604462939D}) (Version: 3.0.85.1 - Sensible Vision)
FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version:  - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version:  - Image-Line)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 66.0.3359.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
Intel PROSet Wireless (HKLM-x32\...\ProInst) (Version:  - ) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2401 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® 3.0 + High Speed (HKLM\...\{A0E106D2-4815-4B7A-BAA7-7E21B530CFB4}) (Version: 1.1.0.0157 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{006B5C65-3938-4246-B182-994A7E415EDE}) (Version: 1.1.0.0537 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)
Intel® WiDi (HKLM-x32\...\{0DD706AF-B542-438C-999E-B30C7F625C8D}) (Version: 2.1.39.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lightshot-5.4.0.10 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.10 - Skillbrains)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Touch Pack for Windows 7 (HKLM-x32\...\{8FF90DB8-6DED-44A3-B182-244FEC09012F}) (Version: 1.0.40517.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710F4C1C-CC18-4C49-8CBF-51240C89A1A2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 60.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 60.0.1 (x64 en-US)) (Version: 60.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 60.0.1.6710 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.31 - Piriform)
Spotify (HKU\S-1-5-21-672674941-3518348205-4107734500-1000\...\Spotify) (Version: 1.0.80.474.gef6b503e - Spotify AB)
StickyNotes (HKLM-x32\...\{B0789AE7-70D4-454A-90D1-5BA5728E254A}) (Version: 1.5.135.0 - Dell)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.1.3629 - TeamViewer)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers1: [BTMSentToExt] -> {0A7D34C2-E9DA-48A1-9E34-0CDFC2DE3B44} => c:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [2011-03-30] (Intel Corporation)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-05-21] (Intel Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0BBAFEA1-E644-4BDB-B4C3-7C37914E4420} - System32\Tasks\{18350C0A-CEBC-4A5A-9183-2DB84AB49FBA} => C:\Program Files\iTunes\iTunes.exe
Task: {0D3EC6D8-0249-4E8A-A46C-41F07C174A53} - System32\Tasks\{FD0B7E1F-5EF6-4F80-94DC-A53D75B9878C} => C:\Windows\system32\pcalua.exe -a C:\Users\EMILSH~1\AppData\Local\Temp\{5BCBDAD9-5476-4E3C-8E69-2F4068639149}\setup.exe -d "C:\Program Files (x86)\Mozilla Firefox" <==== ATTENTION
Task: {1A1BAFA4-BC50-4BA7-8E51-4CD09A282E3B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-04-06] (Google Inc.)
Task: {1CC8E9D2-8080-4D63-BFD5-1B61A7041AFD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-03-06] (Piriform Ltd)
Task: {29713191-2D5A-4586-B600-F0907DAF6B3C} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {2A5ECE1E-20AA-455E-9141-5ABC4DA6E33F} - System32\Tasks\StickyNotes Updater => c:\Program Files (x86)\Dell Touch Software Suite\StickyNotes\updater.exe [2011-03-18] (Caphyon LTD)
Task: {391FFF37-1486-45E8-B2A6-0C6A8B4C7CE7} - System32\Tasks\{E4D52C2C-6B5B-4E86-A5C4-45B1A916A10C} => C:\Program Files\iTunes\iTunes.exe
Task: {505653C7-490C-498C-A794-550B3C5D5FE6} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-03-06] (Piriform Ltd)
Task: {525DAB2C-C022-4599-998F-CB33FF92C2AA} - System32\Tasks\Games Updater => c:\Program Files (x86)\Dell Touch Software Suite\Games\updater.exe [2011-03-18] (Caphyon LTD)
Task: {689171D3-491E-4ED4-85F3-6E6575C629AF} - System32\Tasks\{9506F92E-E62E-444E-84A1-7A709515DD45} => C:\Program Files\iTunes\iTunes.exe
Task: {719803A0-BC3E-4EB8-B888-79BF0FF27118} - System32\Tasks\{085DDEAC-6F67-4FBF-B6D7-7249DE9C379F} => C:\Program Files\iTunes\iTunes.exe
Task: {796CC904-333D-4A80-B8A2-814766D0FF1D} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-03-04] (Dell Inc.)
Task: {7CC24DAE-F9C4-456C-BEA9-EBCDD0CE331D} - System32\Tasks\{4080FE84-5D97-40D5-9F56-D8E45A3FC8C1} => C:\Program Files\iTunes\iTunes.exe
Task: {85FA6D19-91C2-48A1-92E5-6BD880FB1FB2} - System32\Tasks\{97A564D7-9189-4FC1-B3C3-C1574EC4FE04} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/7.21.85.100/en/abandoninstall?page=tsProgressBar
Task: {88D6BC41-704D-448D-A70D-C6B9434DBDD8} - System32\Tasks\RunAsStdUser Task => C:\Users\emil shamilov\AppData\Local\teeveewatchSA\bin\1.0.10.0\TeeveeWatchSA.exe
Task: {8CE90F6C-5EA1-4474-8418-C7769EA57C57} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy
Task: {97EEDAAB-8CEC-4E98-9AA1-9AFBD045CBF4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {AA72BBCC-88E3-4551-9DEC-BB11F69E22B6} - System32\Tasks\{B6F22AD4-A3F3-485E-BEEF-89E7888E7868} => C:\Program Files\iTunes\iTunes.exe
Task: {AEF02885-531C-46EC-BE3A-7DB74CB6A305} - System32\Tasks\{32C79137-3CC7-4C00-8EB8-E71307B966B5} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/7.21.85.100/en/abandoninstall?page=tsProgressBar
Task: {B1D759AB-A020-4DD3-B43F-CD6DD31819E5} - System32\Tasks\{AD180EFC-F780-42D3-958D-9CEFB3643232} => C:\Program Files\iTunes\iTunes.exe
Task: {B5446092-86A9-475E-80BA-9F33ECC72B52} - System32\Tasks\{BCFA0506-0626-4834-8003-E3ADA395567A} => C:\Program Files\iTunes\iTunes.exe
Task: {BD984E6F-E100-483D-9959-D35365F6B23A} - System32\Tasks\{86D98E12-A774-4D20-AD86-CA98E22CF179} => C:\Program Files\iTunes\iTunes.exe
Task: {BEC37E09-5B0F-49AB-8562-49D9658BD76B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-05-08] (Adobe Systems Incorporated)
Task: {E0B724BA-9BD4-47ED-BC51-A135AB49599A} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_171_Plugin.exe [2018-05-08] (Adobe Systems Incorporated)
Task: {E441221A-39CC-4D88-AC26-D92B9DF60267} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-11-28] ()
Task: {F7531223-182A-4768-B5B1-7A74667DCB25} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-04-06] (Google Inc.)
Task: {FF03EE52-7895-448A-9999-F7260D2245A7} - System32\Tasks\update-S-1-5-21-672674941-3518348205-4107734500-1000 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-11-28] ()
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Dell SupportAssistAgent AutoUpdate.job => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe
Task: C:\Windows\Tasks\update-S-1-5-21-672674941-3518348205-4107734500-1000.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2010-11-01 23:40 - 2010-11-01 23:40 - 000092808 _____ () C:\Windows\system32\FAIEExtension.DLL
2011-05-02 14:41 - 2011-05-02 14:41 - 001501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2014-03-16 13:43 - 2012-03-28 08:49 - 000140456 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2011-10-22 07:49 - 2011-05-21 16:32 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-10-22 06:38 - 2011-01-12 20:17 - 000053248 _____ () C:\Program Files (x86)\DELL\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe
2011-04-29 19:18 - 2011-04-29 19:18 - 000885760 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
2011-10-22 06:43 - 2011-08-18 12:05 - 002751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2018-05-17 16:28 - 2018-05-14 23:13 - 004443992 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181\libglesv2.dll
2018-05-17 16:28 - 2018-05-14 23:13 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181\libegl.dll
2011-04-29 19:13 - 2011-04-29 19:13 - 007938048 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll
2011-04-29 19:13 - 2011-04-29 19:13 - 002225664 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll
2011-10-22 06:38 - 2011-03-11 12:09 - 000028672 _____ () C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\INDICATOR_OSD.DLL
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\S-1-5-21-672674941-3518348205-4107734500-1000\Software\Classes\regfile: regedit.exe "%1" <==== ATTENTION
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2015-06-13 17:46 - 000000027 _____ C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-672674941-3518348205-4107734500-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\emil shamilov\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupreg: Spotify => C:\Users\emil shamilov\AppData\Roaming\Spotify\Spotify.exe --autostart
MSCONFIG\startupreg: Spotify Web Helper => C:\Users\emil shamilov\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{3A5EF752-5947-43B6-9975-1F1B76A33207}C:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe] => (Allow) C:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe
FirewallRules: [UDP Query User{F2B75C61-0CEE-4172-B3AB-963D26F21AB8}C:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe] => (Allow) C:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe
FirewallRules: [TCP Query User{D5A5116F-ED1A-4C98-A1D0-6CD5EBC0BCDA}C:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe] => (Block) C:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe
FirewallRules: [UDP Query User{2019E18C-A3DC-4AF2-8A00-866DFEE5D703}C:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe] => (Block) C:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe
FirewallRules: [{AE3E9E36-DDB8-48D7-A669-98FAB7F81152}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{22F2A540-E72C-418D-AADB-262D7574B29F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D679DDCB-D2C1-41A6-8B4C-BD388CADDB54}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AA2CD411-C4A9-4D6D-91D7-3112EFAB4C45}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5A5D15F2-16C7-41BD-B9E0-E7C3C4FBC779}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{687E339E-79BC-4140-A513-4125D99015B0}C:\users\emil shamilov\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\emil shamilov\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{96FEE38B-39E6-4194-BCC1-45AE6E82D99E}C:\users\emil shamilov\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\emil shamilov\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{FF51443C-25F9-42F9-BE96-6F785E1C7305}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{22EAAE59-D909-4919-B598-928188AE68A8}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{C4741BD2-D34A-4504-A00C-38002B85C372}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{A9EDC75D-8CD9-48BB-A62D-B60841101F4E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{5F66C170-0249-47CF-A43E-3189AF7A16E8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{D773ED9B-35A0-49D6-B1F1-FDC44CD52A46}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B378766C-8D09-431E-BF5D-AD4A4FA48B2F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{D4E8D7E1-5743-483E-9BC6-C39A26CBECD8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{FD1FF57D-B9BA-447F-AD4B-E397F7DD6E75}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
07-05-2018 21:12:49 Scheduled Checkpoint
17-05-2018 17:02:16 Scheduled Checkpoint
20-05-2018 17:24:14 Windows Update
24-05-2018 15:38:45 Windows Update
27-05-2018 22:34:48 Windows Update
31-05-2018 22:44:43 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: Intel® Centrino® Advanced-N 6230
Description: Intel® Centrino® Advanced-N 6230
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: NETwNs64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HID-compliant mouse
Description: HID-compliant mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: mouhid
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: facap, FastAccess Video Capture
Description: facap, FastAccess Video Capture
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Sensible Vision
Service: FACAP
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/31/2018 11:40:41 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.
 
Error: (05/31/2018 11:40:40 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.
 
Error: (05/31/2018 11:39:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.
 
Error: (05/31/2018 11:38:36 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.
 
Error: (05/31/2018 11:38:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.
 
Error: (05/31/2018 11:38:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.
 
Error: (05/31/2018 11:38:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TrustedInstaller.exe, version: 6.1.7601.17514, time stamp: 0x4ce7989b
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x000000000003076a
Faulting process id: 0x834
Faulting application start time: 0x01d3f959f2189612
Faulting application path: C:\Windows\servicing\TrustedInstaller.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 30f9e490-654d-11e8-aa41-88532e502499
 
Error: (05/31/2018 11:36:10 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
 
Details:
The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)
 
 
System errors:
=============
Error: (05/31/2018 11:38:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 3 time(s).
 
Error: (05/31/2018 11:36:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 14 time(s).
 
Error: (05/31/2018 11:36:10 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-2147218170.
 
Error: (05/31/2018 11:36:10 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} did not register with DCOM within the required timeout.
 
Error: (05/31/2018 11:35:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 13 time(s).
 
Error: (05/31/2018 11:35:40 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-2147218170.
 
Error: (05/31/2018 11:35:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 12 time(s).
 
Error: (05/31/2018 11:35:34 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-2147218170.
 
 
CodeIntegrity:
===================================
 
Date: 2015-06-13 17:46:31.001
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2015-06-13 17:46:30.923
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2015-06-13 17:46:30.845
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2015-06-13 17:46:30.767
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-2120 CPU @ 3.30GHz
Percentage of memory in use: 53%
Total physical RAM: 4001.09 MB
Available physical RAM: 1873.59 MB
Total Virtual: 8000.37 MB
Available Virtual: 5542.95 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:916.66 GB) (Free:794.49 GB) NTFS
 
\\?\Volume{c2daba44-fca6-11e0-b559-806e6f6e6963}\ (RECOVERY) (Fixed) (Total:14.81 GB) (Free:4.73 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 464F5E36)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=916.7 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

Edited by mishasham01, 31 May 2018 - 11:01 PM.


BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:16 AM

Posted 01 June 2018 - 08:21 AM

Hi

Welcome :)

I'll be helping you with your computer.

Please read this post completely before beginning. If there's anything that you do not understand, please don't hesitate to ask before proceeding.

Please take note of the guidelines for this fix:
  • Please note that I am a volunteer. I do have a family, a career, and other endeavors that may prevent immediate responses that meet your schedule. Do note that the differences in time zones could present a problem as well. Your patience and understanding will be greatly appreciated.
  • First of all, the procedures we are about to perform are specific to your problem and should only be used on this specific computer.
  • Do not make any changes to your computer that include installing/uninstalling programs, deleting files, modifying the registry, nor running scanners or tools of any kind unless specifically requested by me.
  • Please read ALL instructions carefully and perform the steps fully and in the order they are written.
  • If things appear to be better, let me know. Just because the symptoms no longer exist as before, does not mean that you are clean.
  • Continue to read and follow my instructions until I tell you that your machine is clean.
  • If you have any questions at all, please do not hesitate to ask before performing the task that I ask of you, and please wait for my reply before you proceed.
  • Scanning with programs and reading the logs do take a fair amount of time. Again, your patience will be necessary. :)
Let's begin... :)
  • Highlight the entire content of the quote box below.

Start::
HKLM-x32\...\Run: [FAStartup] => [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S0 MBAMSwissArmy; System32\Drivers\mbamswissarmy.sys [X]
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424 2013-09-07] (Microsoft Corporation) ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 C:\Windows\System32\mswsock.dll [327168 2013-09-07] (Microsoft Corporation) ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
S4 RemoteAccess; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S4 RemoteAccess; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
Task: {0D3EC6D8-0249-4E8A-A46C-41F07C174A53} - System32\Tasks\{FD0B7E1F-5EF6-4F80-94DC-A53D75B9878C} => C:\Windows\system32\pcalua.exe -a C:\Users\EMILSH~1\AppData\Local\Temp\{5BCBDAD9-5476-4E3C-8E69-2F4068639149}\setup.exe -d "C:\Program Files (x86)\Mozilla Firefox" <==== ATTENTION
HKU\S-1-5-21-672674941-3518348205-4107734500-1000\Software\Classes\regfile: regedit.exe "%1" <==== ATTENTION
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ [No File]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1217157.dll [No File]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
2011-12-04 17:40 - 2011-12-04 17:58 - 000004124 ___SH () C:\Users\emil shamilov\AppData\Local\x0lf03t5uw0olr
Task: {0D3EC6D8-0249-4E8A-A46C-41F07C174A53} - System32\Tasks\{FD0B7E1F-5EF6-4F80-94DC-A53D75B9878C} => C:\Windows\system32\pcalua.exe -a C:\Users\EMILSH~1\AppData\Local\Temp\{5BCBDAD9-5476-4E3C-8E69-2F4068639149}\setup.exe -d "C:\Program Files (x86)\Mozilla Firefox" <==== ATTENTION
Task: {0D3EC6D8-0249-4E8A-A46C-41F07C174A53} - System32\Tasks\{FD0B7E1F-5EF6-4F80-94DC-A53D75B9878C} => C:\Windows\system32\pcalua.exe -a C:\Users\EMILSH~1\AppData\Local\Temp\{5BCBDAD9-5476-4E3C-8E69-2F4068639149}\setup.exe -d "C:\Program Files (x86)\Mozilla Firefox" <==== ATTENTION
2018-05-18 23:06 - 2018-05-18 23:06 - 007649280 _____ C:\Program Files (x86)\GUT15DA.tmp
2018-05-18 23:06 - 2018-05-18 23:06 - 000000000 ____D C:\Program Files (x86)\GUM15D9.tmp
2018-05-18 23:06 - 2018-05-18 23:06 - 007649280 _____ () C:\Program Files (x86)\GUT15DA.tmp
EMPTYTEMP:
Reboot:
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.
Please copy and paste its contents in your next reply.

RQKuhw1.pngRogueKiller
  • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
  • Once done, move the executable file to your Desktop, right-click on it and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
  • Wait for the scan to complete
  • On completion, the results will be displayed
  • Check every single entry (threat found), and click on the Remove Selected button
  • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
  • This will open the report in Notepad. Copy/paste its content in your next reply
zcMPezJ.pngAdwCleaner - Fix Mode
  • Download AdwCleaner and move it to your Desktop
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
    5ace519a6ff4a_Dashboard-firstrun.png.567
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 mishasham01

mishasham01
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:16 AM

Posted 02 June 2018 - 07:59 PM

Hi JSntgRvr! Thank you very much for your quick response!!

 

Below are the logs...

 

 

FRST log

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 02.06.2018
Ran by emil shamilov (02-06-2018 17:55:51) Run:1
Running from C:\Users\emil shamilov\Downloads
Loaded Profiles: emil shamilov (Available Profiles: emil shamilov)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
HKLM-x32\...\Run: [FAStartup] => [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S0 MBAMSwissArmy; System32\Drivers\mbamswissarmy.sys [X]
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424 2013-09-07] (Microsoft Corporation) ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 C:\Windows\System32\mswsock.dll [327168 2013-09-07] (Microsoft Corporation) ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
S4 RemoteAccess; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S4 RemoteAccess; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
Task: {0D3EC6D8-0249-4E8A-A46C-41F07C174A53} - System32\Tasks\{FD0B7E1F-5EF6-4F80-94DC-A53D75B9878C} => C:\Windows\system32\pcalua.exe -a C:\Users\EMILSH~1\AppData\Local\Temp\{5BCBDAD9-5476-4E3C-8E69-2F4068639149}\setup.exe -d "C:\Program Files (x86)\Mozilla Firefox" <==== ATTENTION
HKU\S-1-5-21-672674941-3518348205-4107734500-1000\Software\Classes\regfile: regedit.exe "%1" <==== ATTENTION
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ [No File]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1217157.dll [No File]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
2011-12-04 17:40 - 2011-12-04 17:58 - 000004124 ___SH () C:\Users\emil shamilov\AppData\Local\x0lf03t5uw0olr
Task: {0D3EC6D8-0249-4E8A-A46C-41F07C174A53} - System32\Tasks\{FD0B7E1F-5EF6-4F80-94DC-A53D75B9878C} => C:\Windows\system32\pcalua.exe -a C:\Users\EMILSH~1\AppData\Local\Temp\{5BCBDAD9-5476-4E3C-8E69-2F4068639149}\setup.exe -d "C:\Program Files (x86)\Mozilla Firefox" <==== ATTENTION
Task: {0D3EC6D8-0249-4E8A-A46C-41F07C174A53} - System32\Tasks\{FD0B7E1F-5EF6-4F80-94DC-A53D75B9878C} => C:\Windows\system32\pcalua.exe -a C:\Users\EMILSH~1\AppData\Local\Temp\{5BCBDAD9-5476-4E3C-8E69-2F4068639149}\setup.exe -d "C:\Program Files (x86)\Mozilla Firefox" <==== ATTENTION
2018-05-18 23:06 - 2018-05-18 23:06 - 007649280 _____ C:\Program Files (x86)\GUT15DA.tmp
2018-05-18 23:06 - 2018-05-18 23:06 - 000000000 ____D C:\Program Files (x86)\GUM15D9.tmp
2018-05-18 23:06 - 2018-05-18 23:06 - 007649280 _____ () C:\Program Files (x86)\GUT15DA.tmp
EMPTYTEMP:
Reboot:
 
*****************
 
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\FAStartup" => removed successfully
"HKLM\System\CurrentControlSet\Services\catchme" => removed successfully
catchme => service removed successfully
"HKLM\System\CurrentControlSet\Services\IntcAzAudAddService" => removed successfully
IntcAzAudAddService => service removed successfully
"HKLM\System\CurrentControlSet\Services\MBAMSwissArmy" => removed successfully
MBAMSwissArmy => service removed successfully
Winsock: Catalog5 000000000001\\LibraryPath => restored successfully (%SystemRoot%\system32\NLAapi.dll)
Winsock: Catalog5-x64 000000000001\\LibraryPath => restored successfully (%SystemRoot%\system32\NLAapi.dll)
"HKLM\System\CurrentControlSet\Services\RemoteAccess" => removed successfully
RemoteAccess => service removed successfully
RemoteAccess => service not found.
"HKLM\System\CurrentControlSet\Services\AppMgmt" => removed successfully
AppMgmt => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0D3EC6D8-0249-4E8A-A46C-41F07C174A53}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D3EC6D8-0249-4E8A-A46C-41F07C174A53}" => removed successfully
C:\Windows\System32\Tasks\{FD0B7E1F-5EF6-4F80-94DC-A53D75B9878C} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FD0B7E1F-5EF6-4F80-94DC-A53D75B9878C}" => removed successfully
"HKU\S-1-5-21-672674941-3518348205-4107734500-1000\Software\Classes\regfile" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => removed successfully
HKLM\Software\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => not found
"HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => removed successfully
C:\Users\emil shamilov\AppData\Local\x0lf03t5uw0olr => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D3EC6D8-0249-4E8A-A46C-41F07C174A53} => not found
"C:\Windows\System32\Tasks\{FD0B7E1F-5EF6-4F80-94DC-A53D75B9878C}" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FD0B7E1F-5EF6-4F80-94DC-A53D75B9878C} => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D3EC6D8-0249-4E8A-A46C-41F07C174A53} => not found
"C:\Windows\System32\Tasks\{FD0B7E1F-5EF6-4F80-94DC-A53D75B9878C}" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FD0B7E1F-5EF6-4F80-94DC-A53D75B9878C} => not found
C:\Program Files (x86)\GUT15DA.tmp => moved successfully
C:\Program Files (x86)\GUM15D9.tmp => moved successfully
"C:\Program Files (x86)\GUT15DA.tmp" => not found
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6642628 B
Java, Flash, Steam htmlcache => 23529405 B
Windows/system/drivers => 208946 B
Edge => 0 B
Chrome => 202212535 B
Firefox => 435665479 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 59208292 B
systemprofile32 => 2825999312 B
LocalService => 49632 B
NetworkService => 4316 B
emil shamilov => 3896489 B
 
RecycleBin => 161952634 B
EmptyTemp: => 3.5 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 18:12:44 ====
 
 
ROGUE SCAN log 
 
RogueKiller V12.12.19.0 (x64) [May 28 2018] (Free) by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : emil shamilov [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 06/02/2018 18:31:30 (Duration : 01:27:34)
 
¤¤¤ Processes : 1 ¤¤¤
[VT.Unknown] DSUpd.exe(3664) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[7] -> Killed [TermProc]
 
¤¤¤ Registry : 9 ¤¤¤
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\FirstSearch -> Deleted
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\SP Global -> Deleted
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\SProtector -> Deleted
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} -> Deleted
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-672674941-3518348205-4107734500-1000\Software\IM -> Deleted
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-672674941-3518348205-4107734500-1000\Software\usyndication.com -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-672674941-3518348205-4107734500-1000\Software\IM -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-672674941-3518348205-4107734500-1000\Software\usyndication.com -> Deleted
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1 -> Deleted
 
¤¤¤ Tasks : 3 ¤¤¤
[Suspicious.Path] \RunAsStdUser Task -- "C:\Users\emil shamilov\AppData\Local\teeveewatchSA\bin\1.0.10.0\TeeveeWatchSA.exe" -> Deleted
[Hj.Shortcut] \{32C79137-3CC7-4C00-8EB8-E71307B966B5} -- "c:\program files (x86)\google\chrome\application\chrome.exe" (http://ui.skype.com/ui/0/7.21.85.100/en/abandoninstall?page=tsProgressBar) -> Deleted
[Hj.Shortcut] \{97A564D7-9189-4FC1-B3C3-C1574EC4FE04} -- "c:\program files (x86)\google\chrome\application\chrome.exe" (http://ui.skype.com/ui/0/7.21.85.100/en/abandoninstall?page=tsProgressBar) -> Deleted
 
¤¤¤ Files : 11 ¤¤¤
[PUP.Gen1][Folder] C:\ProgramData\Babylon -> Deleted
[PUP.Gen1][Folder] C:\ProgramData\BetterSoft -> Deleted
[PUP.Gen0|PUP.Gen1][Folder] C:\ProgramData\BitGuard -> Deleted
[PUP.Gen1][Folder] C:\ProgramData\StarApp -> Deleted
[PUP.Gen1][Folder] C:\ProgramData\StarApp\Setup -> Deleted
[PUP.Gen1][Folder] C:\Users\emil shamilov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard -> Deleted
[PUP.Gen1][Folder] C:\Users\emil shamilov\AppData\Local\PackageAware -> Deleted
[PUP.Gen1][Folder] C:\ProgramData\Babylon -> ERROR [3]
[PUP.Gen1][Folder] C:\ProgramData\BetterSoft -> ERROR [3]
[PUP.Gen0|PUP.Gen1][Folder] C:\ProgramData\BitGuard -> ERROR [3]
[PUP.Gen1][Folder] C:\ProgramData\StarApp -> ERROR [3]
[PUP.Gen1][Folder] C:\Users\emil shamilov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard -> ERROR [3]
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST31000524AS +++++
--- User ---
[MBR] bcac376de47a4ec9f9313eb0960d0549
[BSP] 149c6ae0cd46788aad1ea3cf6c85cde5 : HP|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 81920 | Size: 15166 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 31141888 | Size: 938662 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
 
AdwCleaner scan log
 
# -------------------------------
# Malwarebytes AdwCleaner 7.1.1.0
# -------------------------------
# Build:    04-27-2018
# Database: 2018-06-01.1
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    06-02-2018
# Duration: 00:00:08
# OS:       Windows 7 Home Premium
# Cleaned:  33
# Failed:   2
 
 
***** [ Services ] *****
 
No malicious services cleaned.
 
***** [ Folders ] *****
 
No malicious folders cleaned.
 
***** [ Files ] *****
 
No malicious files cleaned.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks cleaned.
 
***** [ Registry ] *****
 
Deleted       HKCU\SOFTWARE\524dcdfbc3beb42
Deleted       HKLM\Software\Wow6432Node\524dcdfbc3beb42
Deleted       HKCU\Software\Microsoft\Internet Explorer\TabbedBrowsing|bProtectShowTabsWelcome
Deleted       HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-672674941-3518348205-4107734500-1000\Software\DataMngr
Deleted       HKCU\Software\Yahoo\YFriendsBar
Deleted       HKCU\Software\AppDataLow\Software\Yahoo\Companion
Deleted       HKCU\Software\Yahoo\Companion
Deleted       HKLM\Software\Wow6432Node\Yahoo\Companion
Deleted       HKLM\Software\Wow6432Node\Classes\AppID\PropertySync.EXE
Deleted       HKLM\SOFTWARE\Classes\AppID\PropertySync.EXE
Deleted       HKLM\Software\Wow6432Node\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}
Deleted       HKLM\Software\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}
Deleted       HKLM\Software\Wow6432Node\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD}
Deleted       HKLM\Software\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD}
Deleted       HKLM\Software\Wow6432Node\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF}
Deleted       HKLM\Software\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF}
Deleted       HKLM\Software\Wow6432Node\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957}
Deleted       HKLM\Software\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957}
Deleted       HKLM\Software\Wow6432Node\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902}
Deleted       HKLM\Software\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}
Deleted       HKLM\Software\Wow6432Node\Classes\Interface\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}
Deleted       HKLM\Software\Classes\Interface\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}
Deleted       HKLM\Software\Wow6432Node\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Deleted       HKLM\Software\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Deleted       HKLM\Software\Wow6432Node\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Deleted       HKLM\Software\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Deleted       HKLM\Software\Wow6432Node\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
Deleted       HKLM\Software\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
Deleted       HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Deleted       HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Deleted       HKLM\Software\Classes\Prod.cap
Deleted       HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-672674941-3518348205-4107734500-1000\Software\SweetIM
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries cleaned.
 
***** [ Chromium URLs ] *****
 
Not Deleted   Ask
Not Deleted   AOL
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries cleaned.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs cleaned.
 
 
*************************
 
[+] Delete Tracing Keys
[+] Reset Winsock
 
*************************
 
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########


#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:16 AM

Posted 02 June 2018 - 08:12 PM

How is the computer doing?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 mishasham01

mishasham01
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:16 AM

Posted 06 June 2018 - 06:16 PM

Hi JS!  Thanks a lot for your prompt response!

 

The computer is still giving the same issues - the same issue with websites being "not private" and not loading, and I can't bypass the security certificate issue.  Just recently, Google.com became blocked due to the same issue.  I don't know why or what caused google.com become blocked, it stopped being loaded two weeks ago, long after I posted this topic about these issues.

 

All of the other original issues are still present, such as Windows Update still doesn't work, giving the same error as before (please see one of the attached screenshots at the bottom of the first page on the previous topic I created about this PC's issues); Defender still not able to be turned on; etc.

 

I'd really appreciate any further help to help resolve these issues, JS!

 

Thank you very much for your time and effort!  Please know your time and efforts won't be left without gratitude if you can help me successfully resolve these issues.  I thank you once again!



#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:16 AM

Posted 06 June 2018 - 07:03 PM

Perform a Clean boot to troubleshoot these problems.

 

Troubleshoot Windows throughout a Clean boot. Clean boot is the process of disabling and removing some programs and drivers from the Windows startup process. This is done to identify and troubleshoot issues occurring within Windows.
 

  • Log on to the computer by using an account that has administrator rights.
  • Click Start, type msconfig.exe in the Start Search box, and then press Enter to start the System Configuration utility.
  • Note If you are prompted for an administrator password or for confirmation, you should type the password or provide confirmation.
  • On the General tab, click the Selective startup option, and then click to clear the Load startup items check box. (The Use Original Boot.ini check box is unavailable.)
  • On the Services tab, click to select the Hide all Microsoft services check box, and then click Disable all.

    Note : This step lets Microsoft services continue to run. These services include Networking, Plug and Play, Event Logging, Error Reporting, and other services. If you disable these services, you may permanently delete all restore points. Do not do this if you want to use the System Restore utility together with existing restore points.
  • Click OK, and then click Restart.

Test the computer. If the issue is gone, then it must be a service or program running in the background. To identify this, you must run msconfig.exe again. Put a check mark on Load Startup Items. Click OK, then restart.

Test the computer. If the issue still gone, then it must be a service. To identify this, you must run msconfig.exe again. Select the Services tab; click to select the Hide all Microsoft services check box and put a check mark on two or more Services. Click OK, then restart.

Test the computer.

Continue with this process until you have identify the entry within the Startup items and services causing this issue. I must say that Norton is a resources hog, and most users experience this issue with this application.

Also, go to My Computer and right click on it. Select properties. Make sure the amount of memory shown is close to the amount installed.

If you go throughout the Clean Boot process and are able to identify the entry causing this issue, post that information on your next reply.

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 mishasham01

mishasham01
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:16 AM

Posted 08 June 2018 - 07:54 PM

Hi JS,

 

I disabled all the non-Microsoft services and cleared the Load startup items checkbox, but the "Your connection is not private" issue still persists with Google, Wikipedia and others as before.  Same issue with WIndows Update.  Also I forgot to say, that when the computer gets turned on and Windows is loading, the computer tries to configure updates, but says that it failed and that it is reverting the changes.  That happens every time the computer is turned on. I just noticed that because I am accessing this PC through TeamViewer and just saw that happen when TeamViewer prompted to log in again after the restart, and I remembered that the "reverting changes" started happening a couple years ago when all these issues with Windows Update and User Permissions problems started happening.


Edited by mishasham01, 08 June 2018 - 08:11 PM.


#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:16 AM

Posted 09 June 2018 - 12:12 AM

Lets try resetting Windows updates.

  • Highlight the entire content of the quote box below.

Start::  
StartBatch:

TaskKill /F /IM "%ALLUSERSPROFILE%\Application Data\Microsoft\Network\Downloader\qmgr*.dat" /T
del /s /q /f "%ALLUSERSPROFILE%\Application Data\Microsoft\Network\Downloader\qmgr*.dat"
del /s /q /f "%ALLUSERSPROFILE%\Microsoft\Network\Downloader\qmgr*.dat"

cd /d %SYSTEMROOT%
if exist "%SYSTEMROOT%\winsxs\pending.xml.bak"  del /s /q /f "%SYSTEMROOT%\winsxs\pending.xml.bak"

if exist "%SYSTEMROOT%\SoftwareDistribution.bak" rmdir /s /q "%SYSTEMROOT%\SoftwareDistribution.bak"
if exist "%SYSTEMROOT%\system32\Catroot2.bak" rmdir /s /q "%SYSTEMROOT%\system32\Catroot2.bak"
if exist "%SYSTEMROOT%\WindowsUpdate.log.bak" del /s /q /f "%SYSTEMROOT%\WindowsUpdate.log.bak"
if exist "%SYSTEMROOT%\winsxs\pending.xml" (
        takeown /f "%SYSTEMROOT%\winsxs\pending.xml"
        attrib -r -s -h /s /d "%SYSTEMROOT%\winsxs\pending.xml"
        ren "%SYSTEMROOT%\winsxs\pending.xml" pending.xml.bak
    )
    if exist "%SYSTEMROOT%\SoftwareDistribution" (
        attrib -r -s -h /s /d "%SYSTEMROOT%\SoftwareDistribution"
        ren "%SYSTEMROOT%\SoftwareDistribution" SoftwareDistribution.bak
        )
net stop bits
net stop wuauserv
net stop appidsvc
net stop cryptsvc
Del "%ALLUSERSPROFILE%\Application Data\Microsoft\Network\Downloader\qmgr*.dat"
Move /y %systemroot%\SoftwareDistribution\DataStore DataStore.bak
Move /y %systemroot%\SoftwareDistribution\Download Download.bak
Move /y %systemroot%\system32\catroot2 Catroot.bak
sc.exe sdset bits D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)
sc.exe sdset wuauserv D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)
regsvr32.exe /s %windir%\system32\atl.dll
regsvr32.exe /s %windir%\system32\urlmon.dll
regsvr32.exe /s %windir%\system32\mshtml.dll
regsvr32.exe /s %windir%\system32\shdocvw.dll
regsvr32.exe /s %windir%\system32\browseui.dll
regsvr32.exe /s %windir%\system32\jscript.dll
regsvr32.exe /s %windir%\system32\vbscript.dll
regsvr32.exe /s %windir%\system32\scrrun.dll
regsvr32.exe /s %windir%\system32\msxml.dll
regsvr32.exe /s %windir%\system32\msxml3.dll
regsvr32.exe /s %windir%\system32\msxml6.dll
regsvr32.exe /s %windir%\system32\actxprxy.dll
regsvr32.exe /s %windir%\system32\softpub.dll
regsvr32.exe /s %windir%\system32\wintrust.dll
regsvr32.exe /s %windir%\system32\dssenh.dll
regsvr32.exe /s %windir%\system32\rsaenh.dll
regsvr32.exe /s %windir%\system32\gpkcsp.dll
regsvr32.exe /s %windir%\system32\sccbase.dll
regsvr32.exe /s %windir%\system32\slbcsp.dll
regsvr32.exe /s %windir%\system32\cryptdlg.dll
regsvr32.exe /s %windir%\system32\oleaut32.dll
regsvr32.exe /s %windir%\system32\ole32.dll
regsvr32.exe /s %windir%\system32\shell32.dll
regsvr32.exe /s %windir%\system32\initpki.dll
regsvr32.exe /s %windir%\system32\wuapi.dll
regsvr32.exe /s %windir%\system32\wuaueng.dll
regsvr32.exe /s %windir%\system32\wuaueng1.dll
regsvr32.exe /s %windir%\system32\wucltui.dll
regsvr32.exe /s %windir%\system32\wups.dll
regsvr32.exe /s %windir%\system32\wups2.dll
regsvr32.exe /s %windir%\system32\wuweb.dll
regsvr32.exe /s %windir%\system32\qmgr.dll
regsvr32.exe /s %windir%\system32\qmgrprxy.dll
regsvr32.exe /s %windir%\system32\wucltux.dll
regsvr32.exe /s %windir%\system32\muweb.dll
regsvr32.exe /s %windir%\system32\wuwebv.dll
netsh reset winsock
netsh winhttp reset proxy
sc.exe config wuauserv start= auto
sc.exe config bits start= delayed-auto
sc.exe config cryptsvc start= auto
sc.exe config TrustedInstaller start= demand
sc.exe config DcomLaunch start= auto
net start bits
net start wuauserv
net start appidsvc
net start cryptsvc
bitsadmin.exe /reset /allusers
EndBatch:
EMPTYTEMP:
Reboot:
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply. After the restart, try to recreate the issue and let me know the outcome


Edited by JSntgRvr, 09 June 2018 - 12:14 AM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:16 AM

Posted 09 June 2018 - 09:42 PM

Any progress?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#10 mishasham01

mishasham01
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:16 AM

Posted 10 June 2018 - 10:39 PM

Hi JS,

 

As you told me to do, like last time, when opening FRST as an Admin, I went straight to clicking on the Fix button, without the code you asked me to copy, above, pasted anywhere.  Did I do it right? Just making sure. Thank you!!

 

One more thing, I remember either on AdwCleaner or Rogue, when I first ran them as you asked above, I forgot to tell you that while watching the scans complete, I remember seeing that some of the entries that were being processed by one of the programs, could not be removed, and it said something like "failed to remove".  I was going to mention that in my reply, but I figured all of that would be included in the logs you asked me to post and you'd see that, and I forgot to mention that just to be sure.  Casually looking back through the logs now, I didn't find anything on them that mentioned that either program failed to removed some entries.  When either program fails to remove some entries/results, are the logs supposed to include information that says that the program failed to remove some of the entries it found after the scan?

 

Regarding Windows Update, I checked to see if it works after running FRST and restarting the PC, but it gave the same error as before!

 

Here are the results of the scan... 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01
Ran by emil shamilov (10-06-2018 23:13:36) Run:2
Running from C:\Users\emil shamilov\Downloads
Loaded Profiles: emil shamilov (Available Profiles: emil shamilov)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
  
StartBatch:
TaskKill /F /IM "%ALLUSERSPROFILE%\Application Data\Microsoft\Network\Downloader\qmgr*.dat" /T
del /s /q /f "%ALLUSERSPROFILE%\Application Data\Microsoft\Network\Downloader\qmgr*.dat"
del /s /q /f "%ALLUSERSPROFILE%\Microsoft\Network\Downloader\qmgr*.dat"
cd /d %SYSTEMROOT%
if exist "%SYSTEMROOT%\winsxs\pending.xml.bak"  del /s /q /f "%SYSTEMROOT%\winsxs\pending.xml.bak"
if exist "%SYSTEMROOT%\SoftwareDistribution.bak" rmdir /s /q "%SYSTEMROOT%\SoftwareDistribution.bak"
if exist "%SYSTEMROOT%\system32\Catroot2.bak" rmdir /s /q "%SYSTEMROOT%\system32\Catroot2.bak"
if exist "%SYSTEMROOT%\WindowsUpdate.log.bak" del /s /q /f "%SYSTEMROOT%\WindowsUpdate.log.bak"
if exist "%SYSTEMROOT%\winsxs\pending.xml" (
        takeown /f "%SYSTEMROOT%\winsxs\pending.xml"
        attrib -r -s -h /s /d "%SYSTEMROOT%\winsxs\pending.xml"
        ren "%SYSTEMROOT%\winsxs\pending.xml" pending.xml.bak
    )
    if exist "%SYSTEMROOT%\SoftwareDistribution" (
        attrib -r -s -h /s /d "%SYSTEMROOT%\SoftwareDistribution"
        ren "%SYSTEMROOT%\SoftwareDistribution" SoftwareDistribution.bak
        )
net stop bits
net stop wuauserv
net stop appidsvc
net stop cryptsvc
Del "%ALLUSERSPROFILE%\Application Data\Microsoft\Network\Downloader\qmgr*.dat"
Move /y %systemroot%\SoftwareDistribution\DataStore DataStore.bak
Move /y %systemroot%\SoftwareDistribution\Download Download.bak
Move /y %systemroot%\system32\catroot2 Catroot.bak
sc.exe sdset bits D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)
sc.exe sdset wuauserv D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)
regsvr32.exe /s %windir%\system32\atl.dll
regsvr32.exe /s %windir%\system32\urlmon.dll
regsvr32.exe /s %windir%\system32\mshtml.dll
regsvr32.exe /s %windir%\system32\shdocvw.dll
regsvr32.exe /s %windir%\system32\browseui.dll
regsvr32.exe /s %windir%\system32\jscript.dll
regsvr32.exe /s %windir%\system32\vbscript.dll
regsvr32.exe /s %windir%\system32\scrrun.dll
regsvr32.exe /s %windir%\system32\msxml.dll
regsvr32.exe /s %windir%\system32\msxml3.dll
regsvr32.exe /s %windir%\system32\msxml6.dll
regsvr32.exe /s %windir%\system32\actxprxy.dll
regsvr32.exe /s %windir%\system32\softpub.dll
regsvr32.exe /s %windir%\system32\wintrust.dll
regsvr32.exe /s %windir%\system32\dssenh.dll
regsvr32.exe /s %windir%\system32\rsaenh.dll
regsvr32.exe /s %windir%\system32\gpkcsp.dll
regsvr32.exe /s %windir%\system32\sccbase.dll
regsvr32.exe /s %windir%\system32\slbcsp.dll
regsvr32.exe /s %windir%\system32\cryptdlg.dll
regsvr32.exe /s %windir%\system32\oleaut32.dll
regsvr32.exe /s %windir%\system32\ole32.dll
regsvr32.exe /s %windir%\system32\shell32.dll
regsvr32.exe /s %windir%\system32\initpki.dll
regsvr32.exe /s %windir%\system32\wuapi.dll
regsvr32.exe /s %windir%\system32\wuaueng.dll
regsvr32.exe /s %windir%\system32\wuaueng1.dll
regsvr32.exe /s %windir%\system32\wucltui.dll
regsvr32.exe /s %windir%\system32\wups.dll
regsvr32.exe /s %windir%\system32\wups2.dll
regsvr32.exe /s %windir%\system32\wuweb.dll
regsvr32.exe /s %windir%\system32\qmgr.dll
regsvr32.exe /s %windir%\system32\qmgrprxy.dll
regsvr32.exe /s %windir%\system32\wucltux.dll
regsvr32.exe /s %windir%\system32\muweb.dll
regsvr32.exe /s %windir%\system32\wuwebv.dll
netsh reset winsock
netsh winhttp reset proxy
sc.exe config wuauserv start= auto
sc.exe config bits start= delayed-auto
sc.exe config cryptsvc start= auto
sc.exe config TrustedInstaller start= demand
sc.exe config DcomLaunch start= auto
net start bits
net start wuauserv
net start appidsvc
net start cryptsvc
bitsadmin.exe /reset /allusers
EndBatch:
EMPTYTEMP:
Reboot:
 
*****************
 
 
========= Batch: =========
ERROR: The process "C:\ProgramData\Application Data\Microsoft\Network\Downloader\qmgr*.dat" not found.
C:\ProgramData\Application Data\Microsoft\Network\Downloader\qmgr0.dat
The process cannot access the file because it is being used by another process.
C:\ProgramData\Application Data\Microsoft\Network\Downloader\qmgr1.dat
The process cannot access the file because it is being used by another process.
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
The process cannot access the file because it is being used by another process.
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
The process cannot access the file because it is being used by another process.
 
SUCCESS: The file (or folder): "C:\Windows\winsxs\pending.xml" now owned by user "emilshamilov-PC\emil shamilov".
Access denied - C:\Windows\winsxs\pending.xml
Access is denied.
Access is denied.
The Background Intelligent Transfer Service service is stopping..
The Background Intelligent Transfer Service service was stopped successfully.
 
The Windows Update service is stopping.............
The Windows Update service was stopped successfully.
 
The Application Identity service is not started.
 
More help is available by typing NET HELPMSG 3521.
 
The Cryptographic Services service is stopping..
The Cryptographic Services service was stopped successfully.
 
        1 dir(s) moved.
        1 dir(s) moved.
        1 dir(s) moved.
[SC] SetServiceObjectSecurity SUCCESS
[SC] SetServiceObjectSecurity SUCCESS
The following command was not found: reset winsock.
 
Current WinHTTP proxy settings:
 
    Direct access (no proxy server).
 
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] OpenService FAILED 5:
 
Access is denied.
 
The Background Intelligent Transfer Service service is starting.
The Background Intelligent Transfer Service service was started successfully.
 
The Windows Update service is starting...
The Windows Update service was started successfully.
 
The Application Identity service is starting.
The Application Identity service was started successfully.
 
The requested service has already been started.
 
More help is available by typing NET HELPMSG 2182.
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of Batch: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9810152 B
Java, Flash, Steam htmlcache => 1088 B
Windows/system/drivers => 163314 B
Edge => 0 B
Chrome => 322669921 B
Firefox => 391862241 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 47156 B
emil shamilov => 4418630 B
 
RecycleBin => 0 B
EmptyTemp: => 703.2 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 23:21:13 ====

Edited by mishasham01, 10 June 2018 - 10:53 PM.


#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:16 AM

Posted 11 June 2018 - 12:39 PM

When files are either protected by a service, or in use, an access denied is returned. Lets remove those files and folders in the Recovery Environment:

 

You will need  to download FRST64 to a USB drive flshdrive/

Please download Farbar Recovery Scan Tool in an uninfected computer and save it to a flash drive (Pen Drive).

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. In your case is FRST64.exe

Please also download the attached file [attachment=205009:Fixlist.txt] and save it in the same location the FRST64 is saved in the flash drive.

Boot to the Recovery Console's Command prompt in the infected computer.

Boot in the Recovery Environment

  • Plug your USB Flash Drive in the infected computer
  • To enter the Recovery Environment with Windows Vista and Windows 7, follow the instructions below:
  • Restart the computer
  • Once you've seen your BIOS splashscreen (the computer manufacturer logo), tap the F8 key repeatedly until the Advanced Boot Options menu appears
  • Use the arrow keys to select Repair your computer, and press on Enter
  • Select your keyboard layout (US, French, etc.) and click on Next
  • Click on Command Prompt to open the command prompt
    Note: If you can't access the Recovery Environment using the F8 method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on SevenForums.
    • To enter the Recovery Environment with Windows 8 or Windows 8.1, follow the instructions in this tutorial on EightForums
    • Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial.
      • To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums
      • Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on TenForums
        • After any of these actions is performed, all user sessions are signed off and the Boot Options menu is displayed. The PC will restart into the WinRE and the selected feature is launched.
        • On the boot options, select Troubleshooting > Advanced Options > Command prompt.

Once in the command prompt
 

  • In the command prompt, type notepad and press on Enter
  • Notepad will open. Click on the File menu and select Open
  • Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad
  • In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe and press on Enter
  • Note: Replace the letter e with the drive letter of your USB Flash Drive
  • FRST will open
  • Click on Yes to accept the disclaimer
  • First press the Fix button.
  • These actions will make a log, Fixlog.txt in the flash drive. Please copy and paste its contents in your reply

Once finished in the Recovery Environment, restart the computer in Normal Mode.
 

Let me know if Windows Updates engage.

 

I will expect the following reports:

Fixlog.txt produced in the Recovery Console


Edited by JSntgRvr, 11 June 2018 - 12:58 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:16 AM

Posted 16 June 2018 - 12:44 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users