Hello,
for a last few days I can't connect on one site only, I keep getting this screen Server could not be found. I tried with other browser but it's the same.I noticed that my internet connection is slower as well. I checked my settings in Firefox, Firewall, I tried ro reset my IP configuration, I scanned my computer with MSE (MIcrosoft Security Essentials)...nothing helps. I also tried with System Restore, after that I'm able to reach that site sometimes. In Safe Mode everything works.
Thank you for your help.
Here are FRST logs
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-03-2017
Ran by Andro (administrator) on BESTINTHEWORLD (30-03-2017 16:32:35)
Running from C:\Users\Andro\Desktop
Loaded Profiles: Andro (Available Profiles: Andro)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Clarus, Inc.) C:\Program Files\Clarus\Samsung Drive Manager\SZDrvSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Ruiware) C:\Program Files\Ruiware\WinPatrol\WinPatrol.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1002984 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKU\S-1-5-21-1332439416-3706209176-148976923-1000\...\Run: [WinPatrol] => C:\Program Files\Ruiware\WinPatrol\winpatrol.exe [1231240 2016-11-14] (Ruiware)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 84.255.209.79 84.255.210.79
Tcpip\..\Interfaces\{887E189C-68D0-4E05-937E-50F54996951D}: [DhcpNameServer] 84.255.209.79 84.255.210.79
Internet Explorer:
==================
HKU\S-1-5-21-1332439416-3706209176-148976923-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?ocid=U221DHP&pc=U221
SearchScopes: HKU\S-1-5-21-1332439416-3706209176-148976923-1000 -> {76DEFAE6-09B2-40B2-8F8A-5A6A5D5CE4EB} URL = hxxps://search.yahoo.com/search/?toggle=1&cop=mss&ei=UTF-8&fr=vmn&type=auslog_yaapp1_ch&p={searchTerms}
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxp://www.pcpitstop.com/nirvana/controls/pcmatic.cab
FireFox:
========
FF ProfilePath: C:\Users\Andro\AppData\Roaming\Mozilla\Firefox\Profiles\3mx75r8v.default-1490621498148 [2017-03-30]
FF Extension: (Site Deployment Checker) - C:\Users\Andro\AppData\Roaming\Mozilla\Firefox\Profiles\3mx75r8v.default-1490621498148\features\{5eedba1a-f7e0-423f-a966-68e0ff0c5209}\[email protected] [2017-03-28]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-21] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3303888 2017-01-20] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [103696 2016-11-14] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280864 2016-11-14] (Microsoft Corporation)
R2 SZDrvSvc; C:\Program Files\Clarus\Samsung Drive Manager\SZDrvSvc.exe [18432 2015-08-19] (Clarus, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [59968 2017-02-24] ()
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () [File not signed]
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [161216 2017-03-30] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [95672 2017-03-30] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [39360 2017-03-30] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [219584 2017-03-30] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [64288 2017-03-30] (Malwarebytes)
R3 mdf16; C:\Program Files\Clarus\Samsung Drive Manager\mdf16.sys [18864 2012-06-21] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [252808 2016-08-25] (Microsoft Corporation)
R3 mvd23; C:\Program Files\Clarus\Samsung Drive Manager\mvd23.sys [89008 2012-06-21] ()
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [32912 2015-10-13] (NVIDIA Corporation)
S3 SPC500NC; C:\Windows\System32\DRIVERS\SPC500NC.SYS [409600 2007-06-21] (PixArt Imaging Inc.)
R0 speedfan; C:\Windows\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [23040 2016-04-21] (The OpenVPN Project)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-30 16:32 - 2017-03-30 16:33 - 00005981 _____ C:\Users\Andro\Desktop\FRST.txt
2017-03-30 16:30 - 2017-03-30 16:32 - 00000000 ____D C:\FRST
2017-03-30 16:29 - 2017-03-30 16:29 - 01766912 _____ (Farbar) C:\Users\Andro\Desktop\FRST.exe
2017-03-29 13:33 - 2017-03-29 13:34 - 00069314 _____ C:\Windows\ntbtlog.txt
2017-03-28 17:27 - 2017-03-28 17:27 - 00001220 _____ C:\Users\Andro\Desktop\Auslogics Disk Defrag.lnk
2017-03-28 17:27 - 2017-03-28 17:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2017-03-28 17:27 - 2017-03-28 17:27 - 00000000 ____D C:\Program Files\Auslogics
2017-03-28 17:23 - 2017-03-28 17:24 - 08449944 _____ (Auslogics Labs Pty Ltd ) C:\Users\Andro\Downloads\disk-defrag-setup.exe
2017-03-27 22:04 - 2017-03-27 22:46 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-03-27 22:00 - 2017-03-27 22:02 - 00193224 _____ C:\TDSSKiller.3.1.0.12_27.03.2017_22.00.15_log.txt
2017-03-27 21:47 - 2017-03-27 21:48 - 00000364 _____ C:\TDSSKiller.3.1.0.9_27.03.2017_21.47.25_log.txt
2017-03-27 15:27 - 2017-03-27 15:27 - 00000000 ____D C:\Users\Andro\AppData\Local\ElevatedDiagnostics
2017-03-27 02:15 - 2017-03-27 02:15 - 00287640 _____ C:\Windows\system32\FNTCACHE.DAT
2017-03-27 02:15 - 2017-03-27 02:15 - 00063152 _____ C:\Users\Andro\AppData\Local\GDIPFONTCACHEV1.DAT
2017-03-24 20:08 - 2017-03-24 20:08 - 09274608 _____ (Piriform Ltd) C:\Users\Andro\Downloads\ccsetup528.exe
2017-03-23 01:49 - 2017-03-30 14:50 - 00064288 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-03-23 01:49 - 2017-03-30 14:47 - 00161216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-03-23 01:49 - 2017-03-30 14:46 - 00219584 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-03-23 01:49 - 2017-03-30 14:46 - 00095672 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-03-23 01:49 - 2017-03-30 14:46 - 00039360 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-03-23 01:48 - 2017-03-23 01:48 - 00002020 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-03-23 01:48 - 2017-03-23 01:48 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-23 01:48 - 2017-02-24 07:23 - 00059968 _____ C:\Windows\system32\Drivers\mbae.sys
2017-03-18 18:10 - 2017-03-20 14:42 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-03-15 14:44 - 2017-03-04 18:39 - 00346320 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-03-15 14:44 - 2017-03-04 06:18 - 20281856 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-03-15 14:44 - 2017-03-04 05:28 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-03-15 14:44 - 2017-03-02 20:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-03-15 14:44 - 2017-03-02 20:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-03-15 14:44 - 2017-03-02 20:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-03-15 14:44 - 2017-03-02 20:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-03-15 14:44 - 2017-03-02 20:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-03-15 14:44 - 2017-03-02 20:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-03-15 14:44 - 2017-03-02 20:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-03-15 14:44 - 2017-03-02 19:55 - 02287104 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-03-15 14:44 - 2017-03-02 19:54 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-03-15 14:44 - 2017-03-02 19:53 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-03-15 14:44 - 2017-03-02 19:51 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-03-15 14:44 - 2017-03-02 19:50 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-03-15 14:44 - 2017-03-02 19:49 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-03-15 14:44 - 2017-03-02 19:49 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-03-15 14:44 - 2017-03-02 19:44 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-03-15 14:44 - 2017-03-02 19:41 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-03-15 14:44 - 2017-03-02 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-03-15 14:44 - 2017-03-02 19:35 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-03-15 14:44 - 2017-03-02 19:32 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-03-15 14:44 - 2017-03-02 19:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-03-15 14:44 - 2017-03-02 19:29 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-03-15 14:44 - 2017-03-02 19:28 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-03-15 14:44 - 2017-03-02 19:22 - 04604416 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-03-15 14:44 - 2017-03-02 19:21 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-03-15 14:44 - 2017-03-02 19:19 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-03-15 14:44 - 2017-03-02 19:19 - 00689664 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-03-15 14:44 - 2017-03-02 19:17 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-03-15 14:44 - 2017-03-02 19:17 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-03-15 14:44 - 2017-03-02 19:11 - 13654528 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-03-15 14:44 - 2017-03-02 18:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-03-15 14:44 - 2017-03-02 18:50 - 01312768 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-03-15 14:44 - 2017-03-02 18:50 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-03-15 14:44 - 2017-02-10 16:33 - 01251328 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-03-15 14:44 - 2017-02-10 16:33 - 00909824 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-03-15 14:44 - 2017-02-09 18:19 - 04000488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2017-03-15 14:44 - 2017-02-09 18:19 - 03945192 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-03-15 14:44 - 2017-02-09 18:16 - 01310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-03-15 14:44 - 2017-02-09 18:14 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-03-15 14:44 - 2017-02-09 18:14 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-03-15 14:44 - 2017-02-09 18:14 - 00261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-03-15 14:44 - 2017-02-09 18:14 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-03-15 14:44 - 2017-02-09 17:52 - 02400256 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-03-15 14:43 - 2017-02-11 17:50 - 00313856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-03-15 14:43 - 2017-02-11 17:50 - 00311808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-03-15 14:43 - 2017-02-11 17:50 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-03-15 14:43 - 2017-02-10 18:17 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-03-15 14:43 - 2017-02-10 18:17 - 00306688 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-03-15 14:43 - 2017-02-09 18:19 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-03-15 14:43 - 2017-02-09 18:19 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-03-15 14:43 - 2017-02-09 18:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-03-15 14:43 - 2017-02-09 18:14 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-03-15 14:43 - 2017-02-09 18:14 - 00644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-03-15 14:43 - 2017-02-09 18:14 - 00481792 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2017-03-15 14:43 - 2017-02-09 18:14 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-03-15 14:43 - 2017-02-09 18:14 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-03-15 14:43 - 2017-02-09 18:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2017-03-15 14:43 - 2017-02-09 18:14 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-03-15 14:43 - 2017-02-09 18:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-03-15 14:43 - 2017-02-09 18:14 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-03-15 14:43 - 2017-02-09 18:14 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-03-15 14:43 - 2017-02-09 18:14 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-03-15 14:43 - 2017-02-09 18:14 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-03-15 14:43 - 2017-02-09 18:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-03-15 14:43 - 2017-02-09 18:14 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-03-15 14:43 - 2017-02-09 18:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-03-15 14:43 - 2017-02-09 18:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-03-15 14:43 - 2017-02-09 18:14 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-03-15 14:43 - 2017-02-09 18:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-03-15 14:43 - 2017-02-09 18:14 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-03-15 14:43 - 2017-02-09 18:14 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-03-15 14:43 - 2017-02-09 17:53 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-03-15 14:43 - 2017-02-09 17:53 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-03-15 14:43 - 2017-02-09 17:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-03-15 14:43 - 2017-02-09 17:53 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-03-15 14:43 - 2017-02-09 17:53 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-03-15 14:43 - 2017-02-09 17:51 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-03-15 14:43 - 2017-02-09 17:51 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
2017-03-15 14:43 - 2017-02-09 17:49 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-03-15 14:43 - 2017-02-09 17:49 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-03-15 14:43 - 2017-02-09 17:49 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-03-15 14:43 - 2017-02-09 17:49 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-03-15 14:43 - 2017-02-09 17:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-03-15 14:43 - 2017-02-09 17:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-03-15 14:43 - 2017-02-09 17:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-03-15 14:43 - 2017-02-06 18:03 - 00497152 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-03-15 14:43 - 2017-01-13 19:45 - 00741888 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-03-15 14:43 - 2017-01-13 19:45 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2017-03-15 14:43 - 2017-01-11 19:43 - 01241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-03-15 14:43 - 2017-01-11 19:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2017-03-15 14:43 - 2017-01-06 19:44 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-03-15 14:42 - 2017-02-23 01:29 - 00071400 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-03-15 14:42 - 2017-02-23 01:24 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-03-15 14:42 - 2017-02-18 16:05 - 01331200 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-03-15 14:42 - 2017-02-18 16:05 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-03-15 14:42 - 2016-12-31 17:36 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-03-15 14:42 - 2016-12-31 17:36 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-03-15 14:42 - 2016-12-31 17:36 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-03-15 14:42 - 2016-12-31 17:36 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-03-15 14:42 - 2016-12-31 17:36 - 00104960 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-03-03 01:39 - 2017-03-03 01:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-03-03 01:38 - 2017-03-03 01:38 - 00000000 ____D C:\Program Files\Common Files\Skype
2017-03-03 01:37 - 2017-03-03 01:37 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-01 17:42 - 2017-03-04 17:53 - 00000000 ____D C:\Users\Andro\AppData\Roaming\ImgBurn
2017-03-01 17:39 - 2017-03-01 17:54 - 00000000 ____D C:\Program Files\ImgBurn
2017-03-01 17:39 - 2017-03-01 17:39 - 00001811 _____ C:\Users\Andro\Desktop\ImgBurn.lnk
2017-03-01 17:36 - 2017-03-01 17:36 - 03101913 _____ (LIGHTNING UK!) C:\Users\Andro\Downloads\SetupImgBurn_2.5.8.0.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-30 16:28 - 2009-07-14 06:34 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-30 16:28 - 2009-07-14 06:34 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-30 14:52 - 2010-11-20 23:01 - 00781782 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-30 14:52 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\inf
2017-03-30 14:48 - 2016-11-16 16:51 - 00000000 ____D C:\Users\Andro\AppData\LocalLow\Mozilla
2017-03-30 14:45 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-29 21:48 - 2014-10-16 18:53 - 00000000 ____D C:\Users\Andro\AppData\Roaming\Skype
2017-03-29 16:28 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF
2017-03-29 00:40 - 2014-10-16 18:07 - 00000000 ____D C:\Users\Andro\AppData\Roaming\vlc
2017-03-27 22:04 - 2014-10-16 18:20 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-27 21:48 - 2016-02-08 17:03 - 04656523 _____ C:\Users\Andro\Downloads\tdsskiller.zip
2017-03-27 16:01 - 2014-10-18 01:04 - 00000000 ____D C:\Program Files\Common Files\SPC500NC
2017-03-27 16:01 - 2014-10-16 23:38 - 00000000 ____D C:\Program Files\CCleaner
2017-03-27 16:01 - 2014-10-16 15:59 - 00000000 ____D C:\Users\Andro
2017-03-27 16:01 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration
2017-03-27 15:45 - 2009-07-14 06:53 - 00032618 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-03-26 14:10 - 2014-10-25 20:44 - 00000000 ____D C:\Users\Andro\AppData\Roaming\BitTorrent
2017-03-24 20:11 - 2014-10-16 23:38 - 00000965 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-03-21 19:20 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2017-03-21 14:53 - 2014-10-16 23:16 - 00000000 ____D C:\Users\Andro\AppData\Local\Adobe
2017-03-21 14:52 - 2014-10-16 23:17 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-03-21 14:52 - 2014-10-16 23:17 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-03-21 14:52 - 2014-10-16 23:17 - 00000000 ____D C:\Windows\system32\Macromed
2017-03-20 14:42 - 2014-10-16 16:11 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-03-19 01:25 - 2014-10-16 18:53 - 00000000 ____D C:\ProgramData\Skype
2017-03-16 14:45 - 2014-12-11 14:41 - 00000000 ____D C:\Windows\system32\appraiser
2017-03-16 14:45 - 2014-10-17 12:29 - 00000000 ___SD C:\Windows\system32\CompatTel
2017-03-16 14:45 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\DVD Maker
2017-03-16 01:24 - 2014-10-31 02:22 - 00000000 ____D C:\Windows\system32\MRT
2017-03-16 01:21 - 2014-12-09 16:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-03-16 01:21 - 2014-10-31 02:22 - 135706696 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-03-16 01:20 - 2014-12-09 16:41 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-03-03 01:39 - 2015-12-11 17:02 - 00000000 ___RD C:\Program Files\Skype
==================== Files in the root of some directories =======
2016-01-25 17:18 - 2016-01-28 19:37 - 0007597 _____ () C:\Users\Andro\AppData\Local\Resmon.ResmonCfg
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-03-24 22:04
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-03-2017
Ran by Andro (30-03-2017 16:33:48)
Running from C:\Users\Andro\Desktop
Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2014-10-16 13:59:41)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1332439416-3706209176-148976923-500 - Administrator - Disabled)
Andro (S-1-5-21-1332439416-3706209176-148976923-1000 - Administrator - Enabled) => C:\Users\Andro
Guest (S-1-5-21-1332439416-3706209176-148976923-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1332439416-3706209176-148976923-1002 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 4.62 (HKLM\...\7-Zip) (Version: - )
Adobe Flash Player 25 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Auslogics Disk Defrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 7.1.2.0 - Auslogics Labs Pty Ltd)
BitTorrent (HKU\S-1-5-21-1332439416-3706209176-148976923-1000\...\BitTorrent) (Version: 7.9.9.43296 - BitTorrent Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CPUID HWMonitor 1.28 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
Geeks3D FurMark 1.17.0.0 (HKLM\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version: - Geeks3D)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel Processor Diagnostic Tool (HKLM\...\{C53C4130-CC50-40F3-9457-A7D4A2B980BC}) (Version: 2.11.0.0 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Malwarebytes različica 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50905.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 52.0.1 (x86 sl) (HKLM\...\Mozilla Firefox 52.0.1 (x86 sl)) (Version: 52.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.0.1.6284 - Mozilla)
NVIDIA Graphics Driver 341.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.92 - NVIDIA Corporation)
OCCT 4.4.1 (HKLM\...\OCCT) (Version: 4.4.1 - Ocbase.com)
Philips SPC500NC Webcam (HKLM\...\{895C10ED-9276-49E7-87C4-8C03A1B08EDB}) (Version: - )
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung Drive Manager (HKLM\...\{9F1A6A24-4901-42F6-A355-5DD2B82E62AE}) (Version: 1.0.174 - Clarus, Inc.)
Samsung_MonSetup (HKLM\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
Skype™ 7.33 (HKLM\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version: - )
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.0 - Krzysztof Kowalczyk)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WhoCrashed 5.51 (HKLM\...\WhoCrashed_is1) (Version: - Resplendence Software Projects Sp.)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 34.11.2016.27 - Ruiware)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1332439416-3706209176-148976923-1000_Classes\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1332439416-3706209176-148976923-1000_Classes\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1332439416-3706209176-148976923-1000_Classes\CLSID\{08244EE6-92F0-47F2-9FC9-929BAA2E7235}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1332439416-3706209176-148976923-1000_Classes\CLSID\{0E5AAE11-A475-4C5B-AB00-C66DE400274E}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1332439416-3706209176-148976923-1000_Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1332439416-3706209176-148976923-1000_Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1332439416-3706209176-148976923-1000_Classes\CLSID\{4E77131D-3629-431C-9818-C5679DC83E81}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1332439416-3706209176-148976923-1000_Classes\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1332439416-3706209176-148976923-1000_Classes\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1332439416-3706209176-148976923-1000_Classes\CLSID\{807C1E6C-1D00-453F-B920-B61BB7CDD997}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1332439416-3706209176-148976923-1000_Classes\CLSID\{82C588E7-E54B-408C-9F8C-6AF9ADF6F1E9}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1332439416-3706209176-148976923-1000_Classes\CLSID\{AE054212-3535-4430-83ED-D501AA6680E6}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1332439416-3706209176-148976923-1000_Classes\CLSID\{B8967F85-58AE-4F46-9FB2-5D7904798F4B}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1332439416-3706209176-148976923-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1332439416-3706209176-148976923-1000_Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1332439416-3706209176-148976923-1000_Classes\CLSID\{EDB5F444-CB8D-445A-A523-EC5AB6EA33C7}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1332439416-3706209176-148976923-1000_Classes\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\InprocServer32 -> no filepath
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {271D1963-3389-4347-9809-4E2E79562F15} - System32\Tasks\{703C5CCE-87F6-46CC-9B52-14EBAB1FB4B2} => pcalua.exe -a "C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" -d "C:\Program Files\VS Revo Group\Revo Uninstaller"
Task: {579EE44F-ED3F-46EC-B1F0-2A878229B5FF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-03-03] (Piriform Ltd)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2017-03-23 01:48 - 2017-02-24 07:23 - 01732896 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-03-23 01:48 - 2017-02-24 07:23 - 01725392 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
HKU\S-1-5-21-1332439416-3706209176-148976923-1000\Software\Classes\.exe: => <===== ATTENTION
HKU\S-1-5-21-1332439416-3706209176-148976923-1000\Software\Classes\.scr: => <===== ATTENTION
HKU\S-1-5-21-1332439416-3706209176-148976923-1000\Software\Classes\.bat: => <===== ATTENTION
HKU\S-1-5-21-1332439416-3706209176-148976923-1000\Software\Classes\.com: => <===== ATTENTION
HKU\S-1-5-21-1332439416-3706209176-148976923-1000\Software\Classes\.cmd: => <===== ATTENTION
HKU\S-1-5-21-1332439416-3706209176-148976923-1000\Software\Classes\.reg: => <===== ATTENTION
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:04 - 2017-03-28 01:58 - 00000762 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1332439416-3706209176-148976923-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Andro\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 84.255.209.79 - 84.255.210.79
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Samsung Drive Manager Real-Time.lnk => C:\Windows\pss\Samsung Drive Manager Real-Time.lnk.CommonStartup
MSCONFIG\startupreg: BtcMaestro => "C:\Program Files\KMaestro\KMaestro.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: Clarus Drive Manager => C:\Program Files\Clarus\Samsung Drive Manager\Drive Manager.exe -Hide
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: InstallShieldSetup => C:\PROGRA~1\INSTAL~1\{9F1A6~1\setup.exe -rebootC:\PROGRA~1\INSTAL~1\{9F1A6~1\reboot.ini
MSCONFIG\startupreg: Malwarebytes TrayApp => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
MSCONFIG\startupreg: NvBackend => "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: SPC500NC_Monitor => C:\Windows\Philips\SPC500NC\Monitor.exe
MSCONFIG\startupreg: Viber => C:\Users\Andro\AppData\Local\Viber\Viber.exe StartMinimized
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{CB74CD53-CE8A-4599-8263-95957A09D2E8}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{D413EE5C-2A98-4321-9FB2-D96068A51E0A}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [{022B0FFE-133C-44F5-B11D-E51E685D07AB}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{54430DC2-9362-4942-AA2B-98BB1F5CC541}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{6CF1F130-422E-4CED-82F8-75821C259B52}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [{1EA22CD2-5AA3-4F47-801F-BDD4CA3732C8}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{BEEC3625-2800-4625-9F6B-6911CFF495FE}] => (Allow) C:\Users\Andro\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{F9ECE0CA-3820-4935-A5D7-27BB3BD407AA}] => (Allow) C:\Users\Andro\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [TCP Query User{1CBB4880-12CD-45C4-8152-770E562B8D5C}C:\users\andro\desktop\multicasttv.thj.v1.0.4.21\multicasttv.exe] => (Allow) C:\users\andro\desktop\multicasttv.thj.v1.0.4.21\multicasttv.exe
FirewallRules: [UDP Query User{8BFF58F0-4C90-4800-ACF2-3712C5A0F6EE}C:\users\andro\desktop\multicasttv.thj.v1.0.4.21\multicasttv.exe] => (Allow) C:\users\andro\desktop\multicasttv.thj.v1.0.4.21\multicasttv.exe
FirewallRules: [{1CC208F4-1F00-41BF-BF12-E290AFE37579}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{A6A8799F-62DC-4F45-B62B-66821B96C8A5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{0F434DA2-E977-4B86-B6D7-66FDDE11F099}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{6107AC85-04F3-4828-BFF0-A7FEE6995F58}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Restore Points =========================
30-03-2017 14:58:50 Windows Update
==================== Faulty Device Manager Devices =============
Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/30/2017 02:46:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (03/29/2017 01:48:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (03/29/2017 01:35:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (03/28/2017 08:31:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (03/28/2017 05:38:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (03/28/2017 03:02:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (03/27/2017 06:09:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (03/27/2017 04:03:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (03/27/2017 04:03:05 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Windows Update). Additional information: 0x80070005.
Error: (03/27/2017 03:53:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
System errors:
=============
Error: (03/29/2017 01:43:38 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server:
{D3DCB472-7261-43CE-924B-0704BD730D5F}
Error: (03/29/2017 01:43:38 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server:
{145B4335-FE2A-4927-A040-7C35AD3180EF}
Error: (03/29/2017 01:42:49 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1068" attempting to start the service stisvc with arguments "" in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error: (03/29/2017 01:40:13 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}
Error: (03/29/2017 01:34:48 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.
Error: (03/29/2017 01:34:48 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.
Error: (03/29/2017 01:34:48 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.
Error: (03/29/2017 01:34:38 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
The dependency service or group failed to start.
Error: (03/29/2017 01:34:38 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.
Error: (03/29/2017 01:34:38 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.
==================== Memory info ===========================
Processor: Intel® Pentium® Dual CPU E2160 @ 1.80GHz
Percentage of memory in use: 53%
Total physical RAM: 3326.49 MB
Available physical RAM: 1537.72 MB
Total Virtual: 6651.3 MB
Available Virtual: 4438.77 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:232.79 GB) (Free:165.75 GB) NTFS ==>[drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 69658486)
Partition 1: (Active) - (Size=232.8 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================