Hello folks
i have a win 7 64 bit device that started displaying a lot of pop ups. tried running spybot and spyware blaster but I am unable to open them as well as other antimalware exe's. I did run malwarebytes and that cleaned a lot of stuff but problems still persist
I am also unable to kill some processes.
here are my logs
from FRST
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-11-2017
Ran by any (administrator) on ANY-PC (03-12-2017 12:46:00)
Running from C:\Users\any\Desktop
Loaded Profiles: any (Available Profiles: any)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(TOSHIBA CORPORATION) C:\Windows\System32\dwezmovsvc.exe1
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
() C:\Users\any\AppData\Local\pwoivba\pwoivba.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
() C:\Users\any\AppData\Local\pwoivba\tismvhl.exe
() C:\Users\any\AppData\Local\pwoivba\tismvhl.exe
() C:\Users\any\AppData\Local\pwoivba\tismvhl.exe
() C:\Users\any\AppData\Local\pwoivba\tismvhl.exe
() C:\Users\any\AppData\Local\pwoivba\tismvhl.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [698712 2013-02-21] (Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [113656 2013-01-23] (Intel Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4174464 2017-05-23] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [104128 2015-10-18] (VMware, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1477751146-2404892005-3129194611-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10024624 2017-11-08] (Piriform Ltd)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{0C6985E1-1667-415A-B8DB-5171049BFE5E}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{11269F51-7019-4C34-A30D-7BD50404B7AF}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{5812E880-62D4-4E47-BC5A-0AD777C8A9C7}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{5812E880-62D4-4E47-BC5A-0AD777C8A9C7}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6E627F9B-B832-405D-B0AB-F2F42EDE8F7C}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{8D60680D-1169-444D-8E2D-F1A706293515}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{971C1E7E-B445-4875-93E4-AD13EC7B7628}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{AB434DF6-B1AF-42A3-B960-0CE5545B86EF}: [NameServer] 8.8.8.8
Internet Explorer:
==================
HKU\S-1-5-21-1477751146-2404892005-3129194611-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-10-05] (Oracle Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-10-05] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-26] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: h2cs3zsa.default
FF ProfilePath: C:\Users\any\AppData\Roaming\Mozilla\Firefox\Profiles\h2cs3zsa.default [2017-12-03]
FF Extension: (Adblock Plus) - C:\Users\any\AppData\Roaming\Mozilla\Firefox\Profiles\h2cs3zsa.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-12-03]
FF Extension: (Disable Media WMF NV12 format) - C:\Users\any\AppData\Roaming\Mozilla\Firefox\Profiles\h2cs3zsa.default\features\{ffa400d2-9eca-4c42-91ff-dda8aad4a55e}\[email protected] [2017-12-02] [Lagacy]
FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-10-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-10-05] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.38 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll [2012-05-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll [2012-05-21] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2017-03-21] ()
R4 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [8602992 2017-09-11] (Reimage®)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2131760 2017-05-23] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233936 2017-05-23] (Safer-Networking Ltd.)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-08-29] (TeamViewer GmbH)
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12465856 2015-10-18] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3750304 2017-03-21] (Intel® Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [119680 2017-03-08] (Future Technology Devices International Ltd.)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193464 2017-12-02] (Malwarebytes)
S3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [46008 2017-12-03] (Malwarebytes)
R1 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2017-12-02] (Malwarebytes)
R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw01.sys [11534096 2015-05-04] (Intel Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-12-03] ()
R3 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [200832 2017-11-22] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [211704 2017-11-22] (Oracle Corporation)
R2 VMparport; C:\Windows\system32\drivers\VMparport.sys [31936 2015-10-18] (VMware, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [75512 2015-10-18] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [34520 2015-07-09] (VMware, Inc.)
S1 5ec7dc23dedda4bd1c85308a0d1b524a; \??\C:\Windows\system32\drivers\5ec7dc23dedda4bd1c85308a0d1b524a.sys [X]
R3 udiskMgr; system32\drivers\fjmpsw.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-12-03 12:45 - 2017-05-01 06:25 - 001458856 _____ (Sysinternals - www.sysinternals.com) C:\Users\any\Desktop\procexp64.exe
2017-12-03 12:41 - 2017-12-03 12:46 - 000010338 _____ C:\Users\any\Desktop\FRST.txt
2017-12-03 12:41 - 2017-12-03 12:46 - 000000000 ____D C:\FRST
2017-12-03 12:41 - 2017-12-03 12:41 - 002391552 _____ (Farbar) C:\Users\any\Desktop\FRST64.exe
2017-12-03 12:20 - 2017-12-03 12:20 - 000004266 _____ C:\Windows\System32\Tasks\ReimageUpdater
2017-12-03 12:20 - 2017-12-03 12:20 - 000000000 ____D C:\ProgramData\Reimage Protector
2017-12-03 12:20 - 2017-12-03 12:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
2017-12-03 12:20 - 2017-12-03 12:20 - 000000000 ____D C:\Program Files\Reimage
2017-12-03 12:19 - 2017-12-03 12:21 - 000000150 _____ C:\Windows\Reimage.ini
2017-12-03 12:19 - 2017-12-03 12:21 - 000000000 ____D C:\rei
2017-12-03 12:19 - 2017-12-03 12:19 - 000605424 _____ (Reimage) C:\Users\any\Downloads\ReimageRepair.exe
2017-12-03 12:09 - 2017-12-03 12:45 - 000003325 _____ C:\Users\any\Desktop\Processes.txt
2017-12-03 12:08 - 2017-12-03 12:09 - 000000674 _____ C:\Users\any\Desktop\processname.vbs
2017-12-03 12:06 - 2017-12-03 12:06 - 000532480 _____ (Trend Micro Incorporated) C:\Users\any\Downloads\cwshredder.exe
2017-12-03 12:02 - 2017-12-03 12:02 - 004291320 _____ (BrightFort LLC ) C:\Users\any\Downloads\spywareblastersetup55(2).exe
2017-12-03 12:02 - 2017-12-03 12:02 - 004291320 _____ (BrightFort LLC ) C:\Users\any\Downloads\spywareblastersetup55(1).exe
2017-12-03 12:01 - 2017-12-03 12:01 - 000000000 ____D C:\Users\any\AppData\Local\CrashDumps
2017-12-03 11:56 - 2017-12-03 11:56 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-12-03 11:56 - 2017-12-03 11:56 - 000000858 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-12-03 11:56 - 2017-12-03 11:56 - 000000000 ____D C:\ProgramData\RogueKiller
2017-12-03 11:56 - 2017-12-03 11:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-12-03 11:55 - 2017-12-03 11:56 - 000000000 ____D C:\Program Files\RogueKiller
2017-12-03 11:55 - 2017-12-03 11:55 - 036146872 _____ (Adlice Software ) C:\Users\any\Downloads\setup.exe
2017-12-03 11:25 - 2017-12-03 11:26 - 482629632 _____ C:\Users\any\Desktop\naugatx8620160902.iso
2017-12-03 11:17 - 2017-12-03 11:17 - 000030404 _____ C:\ProgramData\agent.uninstall.1512321414.bdinstall.bin
2017-12-03 00:07 - 2017-12-03 07:48 - 000000000 ____D C:\Users\any\Downloads\Android 4.0.1 Ice Cream Sandwich Virtual Machine
2017-12-03 00:06 - 2017-12-03 00:13 - 477644890 _____ C:\Users\any\Downloads\naugatx8620160902.iso.bz2
2017-12-02 23:45 - 2017-12-02 23:45 - 000000000 ____D C:\Users\any\Documents\Virtual Machines
2017-12-02 23:40 - 2017-12-03 11:53 - 000000000 ____D C:\Users\any\AppData\LocalLow\Mozilla
2017-12-02 23:40 - 2017-12-02 23:40 - 000000000 ____D C:\Users\any\AppData\Roaming\Mozilla
2017-12-02 23:39 - 2017-12-02 23:44 - 000000000 ____D C:\Users\any\AppData\Local\Mozilla
2017-12-02 23:39 - 2017-12-02 23:39 - 000311256 _____ (Mozilla) C:\Users\any\Downloads\Firefox Installer.exe
2017-12-02 23:39 - 2017-12-02 23:39 - 000000936 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-12-02 23:39 - 2017-12-02 23:39 - 000000924 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-12-02 23:39 - 2017-12-02 23:39 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-12-02 23:39 - 2017-12-02 23:39 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-12-02 23:35 - 2017-12-03 12:01 - 000000000 ____D C:\Users\any\AppData\Roaming\VMware
2017-12-02 23:35 - 2017-12-03 12:01 - 000000000 ____D C:\Users\any\AppData\Local\VMware
2017-12-02 23:28 - 2017-12-02 23:28 - 000142136 ____N C:\Windows\system32\Drivers\exkxadgk.sys
2017-12-02 23:23 - 2015-10-18 18:33 - 000066752 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmx86.sys
2017-12-02 23:23 - 2015-10-18 18:33 - 000031936 _____ (VMware, Inc.) C:\Windows\system32\Drivers\VMparport.sys
2017-12-02 23:23 - 2015-10-18 17:53 - 000075512 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vsock.sys
2017-12-02 23:23 - 2015-10-18 17:53 - 000068288 _____ (VMware, Inc.) C:\Windows\system32\vsocklib.dll
2017-12-02 23:23 - 2015-10-18 17:53 - 000064192 _____ (VMware, Inc.) C:\Windows\SysWOW64\vsocklib.dll
2017-12-02 23:21 - 2015-10-18 18:33 - 000934080 _____ (VMware, Inc.) C:\Windows\system32\vnetlib64.dll
2017-12-02 23:21 - 2015-10-18 18:33 - 000391872 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
2017-12-02 23:21 - 2015-10-18 18:33 - 000358080 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
2017-12-02 23:21 - 2015-10-18 18:11 - 000026816 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetuserif.sys
2017-12-02 23:21 - 2015-10-06 08:02 - 000057536 _____ (VMware, Inc.) C:\Windows\system32\Drivers\hcmon.sys
2017-12-02 23:19 - 2017-12-02 23:19 - 000001024 _____ C:\Windows\SysWOW64\%TMP%
2017-12-02 23:18 - 2017-12-02 23:18 - 000001203 _____ C:\Users\Public\Desktop\VMware Workstation Pro.lnk
2017-12-02 23:18 - 2017-12-02 23:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2017-12-02 23:18 - 2017-12-02 23:18 - 000000000 ____D C:\Program Files\Common Files\VMware
2017-12-02 23:15 - 2017-12-03 11:15 - 000000000 ____D C:\ProgramData\VMware
2017-12-02 23:15 - 2017-12-02 23:15 - 000000000 ____D C:\Users\Public\Documents\Shared Virtual Machines
2017-12-02 23:15 - 2017-12-02 23:15 - 000000000 ____D C:\Program Files (x86)\VMware
2017-12-02 22:57 - 2017-12-02 23:02 - 295212528 _____ (Emsisoft Ltd. ) C:\Users\any\Downloads\EmsisoftAntiMalwareSetup.exe
2017-12-02 22:55 - 2017-12-02 22:55 - 000048459 _____ C:\ProgramData\agent.1512276895.bdinstall.bin
2017-12-02 22:54 - 2017-12-03 11:17 - 000000000 ____D C:\Program Files\Bitdefender Agent
2017-12-02 22:54 - 2017-12-02 22:55 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2017-12-02 22:53 - 2017-12-02 22:53 - 009932672 _____ C:\Users\any\Downloads\bitdefender_online.exe
2017-12-02 22:33 - 2017-12-02 22:33 - 000003872 _____ C:\Windows\System32\Tasks\CCleaner Update
2017-12-02 22:33 - 2017-12-02 22:33 - 000002782 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-12-02 22:33 - 2017-12-02 22:33 - 000000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-12-02 22:33 - 2017-12-02 22:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-12-02 22:33 - 2017-12-02 22:33 - 000000000 ____D C:\Program Files\CCleaner
2017-12-02 22:32 - 2017-12-02 22:32 - 010849904 _____ (Piriform Ltd) C:\Users\any\Downloads\ccsetup537.exe
2017-12-02 22:29 - 2017-12-02 22:29 - 004291320 _____ (BrightFort LLC ) C:\Users\any\Downloads\spywareblastersetup55.exe
2017-12-02 22:15 - 2017-12-02 22:15 - 000001395 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-12-02 22:15 - 2017-12-02 22:15 - 000001383 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2017-12-02 22:15 - 2017-12-02 22:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-12-02 22:14 - 2017-05-23 09:22 - 000032240 _____ (Safer-Networking Ltd.) C:\Windows\system32\sdnclean64.exe
2017-12-02 22:02 - 2017-12-02 22:02 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-12-02 22:02 - 2017-12-02 22:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-12-02 22:02 - 2017-12-02 22:02 - 000000000 ____D C:\ProgramData\MB3CoreBackup
2017-12-02 22:02 - 2017-11-01 08:54 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-12-02 21:57 - 2017-12-02 21:57 - 000000085 _____ C:\Windows\wininit.ini
2017-12-02 21:51 - 2017-12-03 11:15 - 000046008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-12-02 21:51 - 2017-12-02 22:02 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2017-12-02 21:51 - 2017-12-02 22:02 - 000193464 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2017-12-02 21:51 - 2017-12-02 22:02 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-12-02 21:51 - 2017-12-02 21:51 - 000000000 ____D C:\Program Files\Malwarebytes
2017-12-02 20:54 - 2017-12-02 20:17 - 000001282 _____ C:\Windows\system32\Drivers\etc\hosts.20171202-205444.backup
2017-12-02 20:50 - 2017-12-03 11:18 - 000000000 ____D C:\Windows\pss
2017-12-02 20:47 - 2017-12-02 22:15 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-12-02 20:47 - 2017-12-02 22:15 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-12-02 20:34 - 2017-12-02 22:34 - 000000000 ____D C:\Windows\Minidump
2017-12-02 20:31 - 2017-12-02 20:31 - 015399836 ____T C:\Windows\SysWOW64\mfs3E1.tmp
2017-12-02 20:30 - 2017-12-02 20:31 - 000000000 ____T C:\Windows\SysWOW64\mfs7798.tmp
2017-12-02 20:25 - 2017-12-02 20:25 - 000000000 ____D C:\Users\any\AppData\Roaming\Macromedia
2017-12-02 20:21 - 2017-12-03 12:03 - 000000000 ____D C:\Users\any\AppData\Local\sceikdl
2017-12-02 20:21 - 2017-12-02 20:21 - 000000000 ____D C:\Users\any\AppData\Local\CEF
2017-12-02 20:19 - 2017-12-02 20:19 - 000018772 _____ C:\Users\any\Downloads\O-Demonoid_www.Demonoid.pw-O_VMware_Workstation_Pro_14_0_0_Build_6661328_License_Keys_[SadeemPC].TORRENT
2017-12-02 20:18 - 2017-12-03 11:19 - 000003614 _____ C:\Windows\System32\Tasks\bak6717741k6717741
2017-12-02 20:17 - 2017-12-03 12:43 - 000000000 ____D C:\Users\any\AppData\Local\pwoivba
2017-12-02 20:17 - 2017-12-03 11:52 - 000000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-12-02 20:17 - 2017-12-02 20:45 - 000000000 ____D C:\Users\any\AppData\Local\igfxmtc
2017-12-02 20:17 - 2017-12-02 20:18 - 000000020 _____ C:\Windows\b71133229
2017-12-02 20:17 - 2017-12-02 20:17 - 000797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-12-02 20:17 - 2017-12-02 20:17 - 000142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-12-02 20:17 - 2017-12-02 20:17 - 000003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-12-02 20:17 - 2017-12-02 20:17 - 000000000 ___HD C:\Program Files (x86)\automated
2017-12-02 20:17 - 2017-12-02 20:17 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-12-02 20:17 - 2017-12-02 20:17 - 000000000 ____D C:\Windows\system32\Macromed
2017-12-02 20:17 - 2017-12-02 20:17 - 000000000 ____D C:\Program Files (x86)\Textual
2017-12-02 20:17 - 2017-12-02 20:17 - 000000000 ____D C:\Program Files (x86)\jab
2017-12-02 20:16 - 2017-12-03 11:13 - 002884096 _____ (TOSHIBA CORPORATION) C:\Windows\system32\dwezmovsvc.exe1
2017-12-02 20:15 - 2017-12-02 20:15 - 000000000 ____D C:\Windows\SysWOW64\dsdvakp
2017-12-02 20:15 - 2017-12-02 20:15 - 000000000 ____D C:\Windows\system32\dsdvakp
2017-12-02 20:15 - 2017-12-02 20:15 - 000000000 ____D C:\Users\any\AppData\Roaming\et
2017-12-02 20:14 - 2017-12-02 20:16 - 000000000 ____D C:\Users\any\AppData\Roaming\AGData
2017-12-02 20:13 - 2017-12-02 20:20 - 000000000 ____D C:\Windows\SysWOW64\SSL
2017-12-02 19:59 - 2017-12-02 20:11 - 000000000 ____D C:\Users\any\Downloads\VMware Workstation Pro v12.0.1.3160714 + Serials [TechTools.NET]
2017-12-02 19:14 - 2017-12-02 19:20 - 462422016 _____ C:\Users\any\Desktop\android-x86-4.4-r5.iso
2017-12-02 01:40 - 2017-12-02 01:40 - 000011264 _____ (Aerate) C:\Windows\sixteenths.exe
2017-12-01 17:02 - 2017-12-01 17:03 - 000000000 ____D C:\Users\any\VirtualBox VMs
2017-12-01 16:25 - 2017-12-02 20:12 - 000000000 ____D C:\Users\any\.VirtualBox
2017-12-01 16:23 - 2017-12-01 16:23 - 000001076 _____ C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2017-12-01 16:23 - 2017-12-01 16:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2017-12-01 16:22 - 2017-12-01 16:22 - 000000000 ____D C:\Program Files\Oracle
2017-12-01 16:22 - 2017-11-22 17:23 - 000972192 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2017-12-01 16:22 - 2017-11-22 17:23 - 000157672 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2017-12-01 16:20 - 2017-12-01 16:39 - 000000000 ____D C:\Users\any\Desktop\android files
2017-12-01 16:18 - 2017-12-01 16:18 - 000000000 ___RD C:\Users\any\Documents\MEGA
2017-12-01 16:11 - 2017-12-01 16:11 - 000001048 _____ C:\Users\any\Desktop\MEGAsync.lnk
2017-12-01 16:11 - 2017-12-01 16:11 - 000000000 ____D C:\Windows\System32\Tasks\MEGA
2017-12-01 16:11 - 2017-12-01 16:11 - 000000000 ____D C:\Users\any\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync
2017-12-01 16:11 - 2017-12-01 16:11 - 000000000 ____D C:\Users\any\AppData\Local\MEGAsync
2017-12-01 16:11 - 2017-12-01 16:11 - 000000000 ____D C:\Users\any\AppData\Local\Mega Limited
2017-12-01 16:10 - 2017-12-01 16:10 - 014976440 _____ (MEGA Limited) C:\Users\any\Downloads\MEGAsyncSetup.exe
2017-12-01 16:08 - 2017-12-01 16:10 - 115120984 _____ (Oracle Corporation) C:\Users\any\Downloads\VirtualBox-5.2.2-119230-Win.exe
2017-12-01 16:08 - 2017-12-01 16:09 - 019504049 _____ C:\Users\any\Downloads\Oracle_VM_VirtualBox_Extension_Pack-5.2.2-119230.vbox-extpack
2017-11-30 13:49 - 2017-11-30 13:49 - 000051617 _____ C:\Windows\uninstaller.dat
2017-11-22 17:23 - 2017-11-22 17:23 - 000211704 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetLwf.sys
2017-11-22 17:23 - 2017-11-22 17:23 - 000200832 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp6.sys
2017-11-20 22:45 - 2017-10-17 20:34 - 000134376 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-11-20 22:45 - 2017-10-17 20:30 - 000605184 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-11-20 22:45 - 2017-10-15 16:04 - 000407392 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-11-20 22:45 - 2017-10-04 07:04 - 002023936 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2017-11-20 22:45 - 2017-10-04 07:04 - 001570304 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-11-20 22:45 - 2017-10-04 07:04 - 000670208 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-11-20 22:45 - 2017-10-04 07:04 - 000603648 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-11-20 22:45 - 2017-10-04 07:04 - 000370688 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-11-20 22:45 - 2017-10-04 07:04 - 000241664 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-11-20 22:45 - 2017-10-04 07:04 - 000181760 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-11-12 14:39 - 2017-11-12 14:39 - 000006807 _____ C:\Users\any\Desktop\NCSExpert Profiles - PFL.zip.pdf
2017-11-12 14:34 - 2017-11-12 14:34 - 000006807 _____ C:\Users\any\Downloads\NCSExpert Profiles - PFL.zip (5).pdf
2017-11-12 14:34 - 2017-11-12 14:34 - 000006807 _____ C:\Users\any\Downloads\NCSExpert Profiles - PFL.zip (3).pdf
2017-11-12 14:34 - 2017-11-12 14:34 - 000006807 _____ C:\Users\any\Downloads\NCSExpert Profiles - PFL.zip (2).pdf
2017-11-12 14:33 - 2017-11-12 14:33 - 000008376 _____ C:\Users\any\Desktop\attachment.htm
2017-11-12 14:33 - 2017-11-12 14:33 - 000006807 _____ C:\Users\any\Downloads\NCSExpert Profiles - PFl.zip.pdf
2017-11-12 14:33 - 2017-11-12 14:33 - 000006807 _____ C:\Users\any\Downloads\NCSExpert Profiles - PFL.zip
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-12-03 12:45 - 2009-07-13 20:34 - 014155776 _____ C:\Windows\system32\config\HARDWARE
2017-12-03 11:23 - 2009-07-13 22:45 - 000021504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-12-03 11:23 - 2009-07-13 22:45 - 000021504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-12-03 11:21 - 2009-07-13 23:13 - 000803410 _____ C:\Windows\system32\PerfStringBackup.INI
2017-12-03 11:21 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\inf
2017-12-03 11:14 - 2009-07-13 23:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-12-03 11:12 - 2017-10-10 17:56 - 000000000 ____D C:\Users\any\AppData\Roaming\uTorrent
2017-12-02 23:41 - 2017-05-22 22:01 - 000000000 ____D C:\Program Files (x86)\Google
2017-12-02 23:27 - 2017-05-24 02:20 - 000000000 ____D C:\Windows\system32\appraiser
2017-12-02 23:18 - 2017-05-23 02:37 - 000799000 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-12-02 22:35 - 2017-05-27 10:03 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2017-12-02 22:34 - 2017-05-09 00:26 - 000000000 ____D C:\Windows\Panther
2017-12-02 20:54 - 2009-07-13 20:34 - 000451095 ____R C:\Windows\system32\Drivers\etc\hosts.20171202-213611.backup
2017-12-01 17:02 - 2017-05-08 19:32 - 000000000 ____D C:\Users\any
2017-11-12 14:37 - 2017-10-10 17:57 - 000000000 ____D C:\Users\any\Downloads\BMW
==================== Files in the root of some directories =======
2012-05-21 13:00 - 2012-05-21 13:00 - 000020984 _____ (Intel Corporation) C:\Users\any\AppData\Roaming\JomCap.dll
Some files in TEMP:
====================
2017-12-02 22:01 - 2017-12-02 22:01 - 000079552 _____ (Microsoft Corporation) C:\Users\any\AppData\Local\Temp\2828.tmp.exe
2017-12-02 22:01 - 2017-12-02 22:01 - 078346672 _____ (Malwarebytes ) C:\Users\any\AppData\Local\Temp\54A4.tmp.exe
2017-12-02 22:13 - 2017-12-02 22:13 - 051725936 _____ (Safer-Networking Ltd. ) C:\Users\any\AppData\Local\Temp\8F91.tmp.exe
2017-12-02 21:00 - 2017-12-02 21:00 - 007794352 _____ () C:\Users\any\AppData\Local\Temp\9C8C.tmp.exe
2017-12-03 11:56 - 2017-05-12 12:24 - 001732864 _____ (Microsoft Corporation) C:\Users\any\AppData\Local\Temp\dllnt_dump.dll
2017-12-03 12:19 - 2017-12-03 12:19 - 014280864 _____ (Reimage) C:\Users\any\AppData\Local\Temp\ReimagePackage.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
C:\Windows\system32\drivers\exkxadgk.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
LastRegBack: 2017-12-01 17:38
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-11-2017
Ran by any (03-12-2017 12:46:29)
Running from C:\Users\any\Desktop
Windows 7 Professional Service Pack 1 (X64) (2017-05-09 01:32:40)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1477751146-2404892005-3129194611-500 - Administrator - Disabled)
any (S-1-5-21-1477751146-2404892005-3129194611-1000 - Administrator - Enabled) => C:\Users\any
Guest (S-1-5-21-1477751146-2404892005-3129194611-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1477751146-2404892005-3129194611-1002 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Spybot - Search and Destroy (Disabled - Out of date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
7-Zip 17.00 beta (HKLM-x32\...\7-Zip) (Version: 17.00 beta - Igor Pavlov)
AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.10.34 - STMicroelectronics)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
CCleaner (HKLM\...\CCleaner) (Version: 5.37 - Piriform)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.127 - ALPS ELECTRIC CO., LTD.)
Intel® Identity Protection Technology 1.2.27.0 (HKLM-x32\...\{F109D156-577D-101B-A622-CF4351943AA4}) (Version: 1.2.27.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.70.1205 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 18.1 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{03929cf1-3ae4-4765-b8b3-32b8e2e26a8d}) (Version: 19.60.0 - Intel Corporation)
Java 8 Update 144 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
MegaDownloader 1.7 (HKLM\...\{C12C2297-65A4-4E64-9AE1-29F0D947FDA0}}_is1) (Version: 1.7 - AppsForMega.info)
MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited)
Microsoft .NET Framework 4.6.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mike's Easy BMW Tools (HKLM-x32\...\{CC94D767-0DEA-4D47-AD8F-641268491ACC}) (Version: 1.0 - Mike's Easy BMW Tools)
Mozilla Firefox 57.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0.1 (x64 en-US)) (Version: 57.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0.1 - Mozilla)
Oracle VM VirtualBox 5.2.2 (HKLM\...\{9F5D10F9-A372-4B1E-BEB3-001B47E0C325}) (Version: 5.2.2 - Oracle Corporation)
Reimage Repair (HKLM\...\Reimage Repair) (Version: 1.8.7.1 - Reimage) <==== ATTENTION
RogueKiller version 12.11.26.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.26.0 - Adlice Software)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.6.46 - Safer-Networking Ltd.)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.83369 - TeamViewer)
VMware Workstation (HKLM\...\{4B855F64-CB51-4FC3-935F-5AF7D3372BDE}) (Version: 12.0.1 - VMware, Inc.)
WinDirStat 1.1.2 (HKU\S-1-5-21-1477751146-2404892005-3129194611-1000\...\WinDirStat) (Version: - )
WinRAR 5.11 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\any\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\any\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\any\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\any\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\any\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\any\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov)
ContextMenuHandlers1-x32: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\any\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2014-08-27] (Alexander Roshal)
ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2014-08-27] (Alexander Roshal)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\any\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Workstation\vmdkShellExt.dll [2015-10-18] (VMware, Inc.)
ContextMenuHandlers2-x32: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Workstation\x64\vmdkShellExt64.dll [2015-10-18] (VMware, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\any\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov)
ContextMenuHandlers4-x32: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\any\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2015-06-01] (Intel Corporation)
ContextMenuHandlers6-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov)
ContextMenuHandlers6-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2014-08-27] (Alexander Roshal)
ContextMenuHandlers6-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2014-08-27] (Alexander Roshal)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0086367F-BB9A-415E-87DC-BA5B73222C9B} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-1477751146-2404892005-3129194611-1000 => C:\Users\any\AppData\Local\MEGAsync\MEGAupdater.exe [2017-11-23] (Mega Limited)
Task: {47A8E4B6-8E42-4B68-8ED2-7D416F61EF40} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-11-08] (Piriform Ltd)
Task: {48EE0773-BFCF-498E-8F22-C544D7CA9F83} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-12-02] (Adobe Systems Incorporated)
Task: {80BBAC1F-2868-414E-93DB-BEB36485F43B} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-11-08] (Piriform Ltd)
Task: {8BF00725-A8E9-4BB9-B5D1-AD44C989B2B8} - System32\Tasks\bak6717741k6717741 => C:\Program Files (x86)\jab\jab.exe [2017-12-02] (glosses)
Task: {8E998258-3C5B-45B4-87AB-04F27E99AB68} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2017-09-11] (Reimage®) <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2017-12-02 22:02 - 2017-11-01 08:55 - 002299344 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2015-10-18 18:32 - 2015-10-18 18:32 - 012465856 _____ () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
2017-10-18 15:51 - 2017-10-18 15:51 - 000598528 _____ () C:\Users\any\AppData\Local\MEGAsync\ShellExtX64.dll
2015-06-01 20:00 - 2015-06-01 20:00 - 000102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2017-12-02 22:14 - 2016-09-13 14:00 - 000109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2017-12-02 22:14 - 2016-09-13 14:00 - 000416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2017-12-02 22:14 - 2016-09-13 14:00 - 000167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2017-12-02 22:14 - 2017-05-12 11:36 - 000507464 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-10-18 18:32 - 2015-10-18 18:32 - 001301696 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll
2015-10-18 18:32 - 2015-10-18 18:32 - 000191680 _____ () C:\Program Files (x86)\VMware\VMware Workstation\LIBEXPAT.dll
2015-10-18 18:32 - 2015-10-18 18:32 - 000388800 _____ () C:\Program Files (x86)\VMware\VMware Workstation\ssoClient.dll
2015-10-18 18:32 - 2015-10-18 18:32 - 000165056 _____ () C:\Program Files (x86)\VMware\VMware Workstation\nfc-types.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7865 more sites.
IE restricted site: HKU\S-1-5-21-1477751146-2404892005-3129194611-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1477751146-2404892005-3129194611-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1477751146-2404892005-3129194611-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1477751146-2404892005-3129194611-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1477751146-2404892005-3129194611-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1477751146-2404892005-3129194611-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1477751146-2404892005-3129194611-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1477751146-2404892005-3129194611-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1477751146-2404892005-3129194611-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1477751146-2404892005-3129194611-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1477751146-2404892005-3129194611-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1477751146-2404892005-3129194611-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1477751146-2404892005-3129194611-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1477751146-2404892005-3129194611-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1477751146-2404892005-3129194611-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1477751146-2404892005-3129194611-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1477751146-2404892005-3129194611-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1477751146-2404892005-3129194611-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1477751146-2404892005-3129194611-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1477751146-2404892005-3129194611-1000\...\123simsen.com -> www.123simsen.com
There are 7865 more sites.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 20:34 - 2017-12-02 21:55 - 000450713 _____ C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
There are 15463 more lines.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1477751146-2404892005-3129194611-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is disabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\Services: 859d7d2e111c588668d48c8007e778f8 => 2
MSCONFIG\Services: EvtEng => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: MyWiFiDHCPDNS => 3
MSCONFIG\Services: ReimageRealTimeProtector => 2
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\startupfolder: C:^Users^any^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MEGAsync.lnk => C:\Windows\pss\MEGAsync.lnk.Startup
MSCONFIG\startupreg: FreeFallProtection => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: panted => "C:\Program Files (x86)\Textual\aerate.exe"
MSCONFIG\startupreg: pantedpanted => "C:\Program Files (x86)\Purged\aerate.exe"
MSCONFIG\startupreg: pantedpenman => "C:\Program Files (x86)\disputing\brothers.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{71E2A3DF-E572-4959-BE36-E6B43D480438}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{4877B1F7-4C92-49F3-821C-81F108CB7007}C:\rheingold\testergui\bin\release\istagui.exe] => (Block) C:\rheingold\testergui\bin\release\istagui.exe
FirewallRules: [UDP Query User{CBE15D90-B73A-4FFB-A4C4-F05DD5E83F40}C:\rheingold\testergui\bin\release\istagui.exe] => (Block) C:\rheingold\testergui\bin\release\istagui.exe
FirewallRules: [TCP Query User{7601579A-8FC1-430E-9654-18C6E547BB49}C:\rheingold\testergui\bin\release\istaoperation.exe] => (Allow) C:\rheingold\testergui\bin\release\istaoperation.exe
FirewallRules: [UDP Query User{60622DE9-CDD1-4980-A8BB-8936025BA888}C:\rheingold\testergui\bin\release\istaoperation.exe] => (Allow) C:\rheingold\testergui\bin\release\istaoperation.exe
FirewallRules: [{E5D18DE2-F227-4B3A-B4B5-CC4E15E396A8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7DF16D36-50CC-4CAF-8C29-1D2B9EDD97D3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{F54E7D34-64F0-4834-8D08-353039244ACD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{6CE7D632-5054-4F2C-A3A8-B738C854B622}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{D8E73AEA-B0A5-4796-8199-23F0F2C585A3}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{563C9EB5-64FD-428C-B761-0052812F1E92}] => (Allow) C:\Users\any\Downloads\utorrent_2.2.1.exe
FirewallRules: [{E24CDDD7-5FF1-443C-A3BD-83DE56B05CC0}] => (Allow) C:\Users\any\Downloads\utorrent_2.2.1.exe
FirewallRules: [{1EBD37EB-988F-4D50-8B0F-DE3F934D147E}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{AE339FB7-D388-43DE-B043-1CF15722483B}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{FC0D429A-F6F7-4CCE-AB61-3193FEED7DF0}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{3865D951-9061-48F4-AB2D-BF821D47F8D4}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Restore Points =========================
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Microsoft Loopback Adapter
Description: Microsoft Loopback Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: msloop
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: 5ec7dc23dedda4bd1c85308a0d1b524a
Description: 5ec7dc23dedda4bd1c85308a0d1b524a
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: 5ec7dc23dedda4bd1c85308a0d1b524a
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Broadcom USH
Description: Broadcom USH
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Mass Storage Controller
Description: Mass Storage Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (12/03/2017 11:58:11 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\System32\dwezmovsvc.exe for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Anti-malware remediation tool because of this error.
Program: Anti-malware remediation tool
File: C:\Windows\System32\dwezmovsvc.exe
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
Additional Data
Error value: C0000185
Disk type: 3
Error: (12/03/2017 11:58:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RogueKiller64.exe, version: 12.11.26.0, time stamp: 0x5a1bd51e
Faulting module name: RogueKiller64.exe, version: 12.11.26.0, time stamp: 0x5a1bd51e
Exception code: 0xc0000006
Fault offset: 0x0000000000a9a550
Faulting process id: 0x4c4
Faulting application start time: 0x01d36c5fff593881
Faulting application path: C:\Program Files\RogueKiller\RogueKiller64.exe
Faulting module path: C:\Program Files\RogueKiller\RogueKiller64.exe
Report Id: 866e7061-d853-11e7-9a91-9cb70ded215a
Error: (12/03/2017 11:57:08 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program WINWORD.EXE version 12.0.4518.1014 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 16bc
Start Time: 01d36c6005a2e00a
Termination Time: 8
Application Path: C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
Report Id: 4d7d43e1-d853-11e7-9a91-9cb70ded215a
Error: (12/03/2017 11:15:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (12/03/2017 02:43:41 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).
Error: (12/02/2017 11:29:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (12/02/2017 11:27:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ZeroConfigService.exe, version: 19.60.0.0, time stamp: 0x58d16fa6
Faulting module name: ZeroConfigService.exe, version: 19.60.0.0, time stamp: 0x58d16fa6
Exception code: 0x40000015
Fault offset: 0x000000000022af96
Faulting process id: 0xa0c
Faulting application start time: 0x01d36becc1e0bc75
Faulting application path: C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
Faulting module path: C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
Report Id: a8b023ca-d7ea-11e7-a05a-005056c00008
Error: (12/02/2017 11:13:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddWin32ServiceFiles: Unable to back up image of service 859d7d2e111c588668d48c8007e778f8 since QueryServiceConfig API failed
System Error:
The system cannot find the file specified.
.
Error: (12/02/2017 11:13:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddWin32ServiceFiles: Unable to back up image of service 7b2f27f2e6d8e72991d40af939b3c86a since QueryServiceConfig API failed
System Error:
The system cannot find the file specified.
.
Error: (12/02/2017 10:54:35 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost (1656) WebCacheLocal: An attempt to open the file "C:\Users\any\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
System errors:
=============
Error: (12/03/2017 12:31:42 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
Error: (12/03/2017 12:31:42 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
Error: (12/03/2017 12:31:42 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
Error: (12/03/2017 12:31:42 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
Error: (12/03/2017 12:31:42 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
Error: (12/03/2017 12:31:42 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
Error: (12/03/2017 12:31:42 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
Error: (12/03/2017 12:31:42 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
Error: (12/03/2017 12:31:42 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
Error: (12/03/2017 12:31:42 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
==================== Memory info ===========================
Processor: Intel® Core i5-2520M CPU @ 2.50GHz
Percentage of memory in use: 86%
Total physical RAM: 3977.02 MB
Available physical RAM: 546.76 MB
Total Virtual: 7952.21 MB
Available Virtual: 3342.33 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:297.99 GB) (Free:65.45 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: CED96774)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================