Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

multiple unknown processes unable to kill them or open spybot or spywa


  • Please log in to reply

#16
r55741

r55741

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts

ok

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-12-2017
Ran by any (administrator) on ANY-PC (07-12-2017 10:50:07)
Running from C:\Users\any\Desktop
Loaded Profiles: any (Available Profiles: any)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [698712 2013-02-21] (Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [113656 2013-01-23] (Intel Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4174464 2017-05-23] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [104128 2015-10-18] (VMware, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1477751146-2404892005-3129194611-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10024624 2017-11-08] (Piriform Ltd)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{0C6985E1-1667-415A-B8DB-5171049BFE5E}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{11269F51-7019-4C34-A30D-7BD50404B7AF}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{5812E880-62D4-4E47-BC5A-0AD777C8A9C7}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{5812E880-62D4-4E47-BC5A-0AD777C8A9C7}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6E627F9B-B832-405D-B0AB-F2F42EDE8F7C}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{8D60680D-1169-444D-8E2D-F1A706293515}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{971C1E7E-B445-4875-93E4-AD13EC7B7628}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{AB434DF6-B1AF-42A3-B960-0CE5545B86EF}: [NameServer] 8.8.8.8

Internet Explorer:
==================
HKU\S-1-5-21-1477751146-2404892005-3129194611-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-10-05] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-10-05] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-26] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: h2cs3zsa.default
FF ProfilePath: C:\Users\any\AppData\Roaming\Mozilla\Firefox\Profiles\h2cs3zsa.default [2017-12-07]
FF Extension: (Adblock Plus) - C:\Users\any\AppData\Roaming\Mozilla\Firefox\Profiles\h2cs3zsa.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-12-03]
FF Extension: (Disable Media WMF NV12 format) - C:\Users\any\AppData\Roaming\Mozilla\Firefox\Profiles\h2cs3zsa.default\features\{ffa400d2-9eca-4c42-91ff-dda8aad4a55e}\[email protected] [2017-12-02] [Lagacy]
FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-10-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-10-05] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.38 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll [2012-05-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll [2012-05-21] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2017-03-21] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2131760 2017-05-23] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233936 2017-05-23] (Safer-Networking Ltd.)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-08-29] (TeamViewer GmbH)
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12465856 2015-10-18] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3750304 2017-03-21] (Intel® Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [119680 2017-03-08] (Future Technology Devices International Ltd.)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193464 2017-12-02] (Malwarebytes)
R1 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2017-12-02] (Malwarebytes)
R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw01.sys [11534096 2015-05-04] (Intel Corporation)
R3 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [200832 2017-11-22] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [211704 2017-11-22] (Oracle Corporation)
R2 VMparport; C:\Windows\system32\drivers\VMparport.sys [31936 2015-10-18] (VMware, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [75512 2015-10-18] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [34520 2015-07-09] (VMware, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-07 10:50 - 2017-12-07 10:50 - 000000000 ____D C:\Users\any\Desktop\FRST-OlderVersion
2017-12-06 22:40 - 2017-12-06 22:40 - 008172032 _____ (Malwarebytes) C:\Users\any\Desktop\AdwCleaner.exe
2017-12-06 20:04 - 2017-12-06 20:04 - 036195904 _____ (Adlice Software ) C:\Users\any\Downloads\setup(1).exe
2017-12-06 10:09 - 2017-12-06 10:10 - 000000000 ____D C:\ProgramData\TEMP
2017-12-06 10:09 - 2017-12-06 10:10 - 000000000 ____D C:\Program Files (x86)\SpywareBlaster
2017-12-06 10:09 - 2017-12-06 10:09 - 000001083 _____ C:\Users\Public\Desktop\SpywareBlaster.lnk
2017-12-06 10:09 - 2017-12-06 10:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2017-12-04 18:57 - 2017-12-05 21:06 - 000002567 _____ C:\Users\any\Desktop\Fixlog.txt
2017-12-04 15:47 - 2017-12-04 15:47 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\445775F3.sys
2017-12-03 20:42 - 2017-12-04 16:04 - 000000000 ____D C:\Users\any\Desktop\mbar
2017-12-03 20:42 - 2017-12-04 16:04 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-12-03 20:42 - 2017-12-03 20:42 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\55E4E48E.sys
2017-12-03 20:41 - 2017-12-03 20:42 - 014161479 _____ C:\Users\any\Downloads\mbar-1.10.3.1001-nr.exe
2017-12-03 14:45 - 2017-12-06 22:44 - 000000000 ____D C:\AdwCleaner
2017-12-03 14:45 - 2017-12-03 14:45 - 008187336 _____ (Malwarebytes) C:\Users\any\Downloads\adwcleaner_7.0.5.0.exe
2017-12-03 12:46 - 2017-12-03 12:47 - 000034763 _____ C:\Users\any\Desktop\Addition.txt
2017-12-03 12:45 - 2017-05-01 06:25 - 001458856 _____ (Sysinternals - www.sysinternals.com) C:\Users\any\Desktop\procexp64.exe
2017-12-03 12:41 - 2017-12-07 10:50 - 002390528 _____ (Farbar) C:\Users\any\Desktop\FRST64.exe
2017-12-03 12:41 - 2017-12-07 10:50 - 000009722 _____ C:\Users\any\Desktop\FRST.txt
2017-12-03 12:41 - 2017-12-07 10:50 - 000000000 ____D C:\FRST
2017-12-03 12:09 - 2017-12-03 12:45 - 000003325 _____ C:\Users\any\Desktop\Processes.txt
2017-12-03 12:08 - 2017-12-03 12:09 - 000000674 _____ C:\Users\any\Desktop\processname.vbs
2017-12-03 12:06 - 2017-12-03 12:06 - 000532480 _____ (Trend Micro Incorporated) C:\Users\any\Downloads\cwshredder.exe
2017-12-03 12:02 - 2017-12-03 12:02 - 004291320 _____ (BrightFort LLC ) C:\Users\any\Downloads\spywareblastersetup55(2).exe
2017-12-03 12:02 - 2017-12-03 12:02 - 004291320 _____ (BrightFort LLC ) C:\Users\any\Downloads\spywareblastersetup55(1).exe
2017-12-03 12:01 - 2017-12-03 12:01 - 000000000 ____D C:\Users\any\AppData\Local\CrashDumps
2017-12-03 11:56 - 2017-12-06 20:05 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-12-03 11:56 - 2017-12-06 20:04 - 000000858 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-12-03 11:56 - 2017-12-06 20:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-12-03 11:56 - 2017-12-06 20:01 - 000000000 ____D C:\ProgramData\RogueKiller
2017-12-03 11:55 - 2017-12-06 20:04 - 000000000 ____D C:\Program Files\RogueKiller
2017-12-03 11:55 - 2017-12-03 11:55 - 036146872 _____ (Adlice Software ) C:\Users\any\Downloads\setup.exe
2017-12-03 11:25 - 2017-12-03 11:26 - 482629632 _____ C:\Users\any\Desktop\naugatx8620160902.iso
2017-12-03 11:17 - 2017-12-03 11:17 - 000030404 _____ C:\ProgramData\agent.uninstall.1512321414.bdinstall.bin
2017-12-03 00:07 - 2017-12-03 07:48 - 000000000 ____D C:\Users\any\Downloads\Android 4.0.1 Ice Cream Sandwich Virtual Machine
2017-12-03 00:06 - 2017-12-03 00:13 - 477644890 _____ C:\Users\any\Downloads\naugatx8620160902.iso.bz2
2017-12-02 23:45 - 2017-12-02 23:45 - 000000000 ____D C:\Users\any\Documents\Virtual Machines
2017-12-02 23:40 - 2017-12-06 22:47 - 000000000 ____D C:\Users\any\AppData\LocalLow\Mozilla
2017-12-02 23:40 - 2017-12-02 23:40 - 000000000 ____D C:\Users\any\AppData\Roaming\Mozilla
2017-12-02 23:39 - 2017-12-02 23:44 - 000000000 ____D C:\Users\any\AppData\Local\Mozilla
2017-12-02 23:39 - 2017-12-02 23:39 - 000311256 _____ (Mozilla) C:\Users\any\Downloads\Firefox Installer.exe
2017-12-02 23:39 - 2017-12-02 23:39 - 000000936 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-12-02 23:39 - 2017-12-02 23:39 - 000000924 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-12-02 23:39 - 2017-12-02 23:39 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-12-02 23:39 - 2017-12-02 23:39 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-12-02 23:35 - 2017-12-03 12:01 - 000000000 ____D C:\Users\any\AppData\Roaming\VMware
2017-12-02 23:35 - 2017-12-03 12:01 - 000000000 ____D C:\Users\any\AppData\Local\VMware
2017-12-02 23:23 - 2015-10-18 18:33 - 000066752 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmx86.sys
2017-12-02 23:23 - 2015-10-18 18:33 - 000031936 _____ (VMware, Inc.) C:\Windows\system32\Drivers\VMparport.sys
2017-12-02 23:23 - 2015-10-18 17:53 - 000075512 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vsock.sys
2017-12-02 23:23 - 2015-10-18 17:53 - 000068288 _____ (VMware, Inc.) C:\Windows\system32\vsocklib.dll
2017-12-02 23:23 - 2015-10-18 17:53 - 000064192 _____ (VMware, Inc.) C:\Windows\SysWOW64\vsocklib.dll
2017-12-02 23:21 - 2015-10-18 18:33 - 000934080 _____ (VMware, Inc.) C:\Windows\system32\vnetlib64.dll
2017-12-02 23:21 - 2015-10-18 18:33 - 000391872 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
2017-12-02 23:21 - 2015-10-18 18:33 - 000358080 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
2017-12-02 23:21 - 2015-10-18 18:11 - 000026816 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetuserif.sys
2017-12-02 23:21 - 2015-10-06 08:02 - 000057536 _____ (VMware, Inc.) C:\Windows\system32\Drivers\hcmon.sys
2017-12-02 23:19 - 2017-12-02 23:19 - 000001024 _____ C:\Windows\SysWOW64\%TMP%
2017-12-02 23:18 - 2017-12-02 23:18 - 000001203 _____ C:\Users\Public\Desktop\VMware Workstation Pro.lnk
2017-12-02 23:18 - 2017-12-02 23:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2017-12-02 23:18 - 2017-12-02 23:18 - 000000000 ____D C:\Program Files\Common Files\VMware
2017-12-02 23:15 - 2017-12-06 22:46 - 000000000 ____D C:\ProgramData\VMware
2017-12-02 23:15 - 2017-12-02 23:15 - 000000000 ____D C:\Users\Public\Documents\Shared Virtual Machines
2017-12-02 23:15 - 2017-12-02 23:15 - 000000000 ____D C:\Program Files (x86)\VMware
2017-12-02 22:57 - 2017-12-02 23:02 - 295212528 _____ (Emsisoft Ltd. ) C:\Users\any\Downloads\EmsisoftAntiMalwareSetup.exe
2017-12-02 22:55 - 2017-12-02 22:55 - 000048459 _____ C:\ProgramData\agent.1512276895.bdinstall.bin
2017-12-02 22:54 - 2017-12-02 22:55 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2017-12-02 22:53 - 2017-12-02 22:53 - 009932672 _____ C:\Users\any\Downloads\bitdefender_online.exe
2017-12-02 22:33 - 2017-12-04 14:39 - 000004130 _____ C:\Windows\System32\Tasks\CCleaner Update
2017-12-02 22:33 - 2017-12-02 22:33 - 000002782 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-12-02 22:33 - 2017-12-02 22:33 - 000000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-12-02 22:33 - 2017-12-02 22:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-12-02 22:33 - 2017-12-02 22:33 - 000000000 ____D C:\Program Files\CCleaner
2017-12-02 22:32 - 2017-12-02 22:32 - 010849904 _____ (Piriform Ltd) C:\Users\any\Downloads\ccsetup537.exe
2017-12-02 22:29 - 2017-12-02 22:29 - 004291320 _____ (BrightFort LLC ) C:\Users\any\Downloads\spywareblastersetup55.exe
2017-12-02 22:15 - 2017-12-02 22:15 - 000001395 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-12-02 22:15 - 2017-12-02 22:15 - 000001383 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2017-12-02 22:15 - 2017-12-02 22:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-12-02 22:14 - 2017-05-23 09:22 - 000032240 _____ (Safer-Networking Ltd.) C:\Windows\system32\sdnclean64.exe
2017-12-02 22:02 - 2017-12-02 22:02 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-12-02 22:02 - 2017-12-02 22:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-12-02 22:02 - 2017-12-02 22:02 - 000000000 ____D C:\ProgramData\MB3CoreBackup
2017-12-02 22:02 - 2017-11-01 08:54 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-12-02 21:57 - 2017-12-02 21:57 - 000000085 _____ C:\Windows\wininit.ini
2017-12-02 21:51 - 2017-12-03 20:43 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-12-02 21:51 - 2017-12-02 22:02 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2017-12-02 21:51 - 2017-12-02 22:02 - 000193464 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2017-12-02 21:51 - 2017-12-02 21:51 - 000000000 ____D C:\Program Files\Malwarebytes
2017-12-02 20:54 - 2017-12-02 20:17 - 000001282 _____ C:\Windows\system32\Drivers\etc\hosts.20171202-205444.backup
2017-12-02 20:50 - 2017-12-03 11:18 - 000000000 ____D C:\Windows\pss
2017-12-02 20:47 - 2017-12-02 22:15 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-12-02 20:47 - 2017-12-02 22:15 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-12-02 20:34 - 2017-12-02 22:34 - 000000000 ____D C:\Windows\Minidump
2017-12-02 20:25 - 2017-12-02 20:25 - 000000000 ____D C:\Users\any\AppData\Roaming\Macromedia
2017-12-02 20:19 - 2017-12-02 20:19 - 000018772 _____ C:\Users\any\Downloads\O-Demonoid_www.Demonoid.pw-O_VMware_Workstation_Pro_14_0_0_Build_6661328_License_Keys_[SadeemPC].TORRENT
2017-12-02 20:18 - 2017-12-03 11:19 - 000003614 _____ C:\Windows\System32\Tasks\bak6717741k6717741
2017-12-02 20:17 - 2017-12-07 09:52 - 000000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-12-02 20:17 - 2017-12-02 20:17 - 000797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-12-02 20:17 - 2017-12-02 20:17 - 000142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-12-02 20:17 - 2017-12-02 20:17 - 000003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-12-02 20:17 - 2017-12-02 20:17 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-12-02 20:17 - 2017-12-02 20:17 - 000000000 ____D C:\Windows\system32\Macromed
2017-12-02 19:59 - 2017-12-02 20:11 - 000000000 ____D C:\Users\any\Downloads\VMware Workstation Pro v12.0.1.3160714 + Serials [TechTools.NET]
2017-12-02 19:14 - 2017-12-02 19:20 - 462422016 _____ C:\Users\any\Desktop\android-x86-4.4-r5.iso
2017-12-01 17:02 - 2017-12-01 17:03 - 000000000 ____D C:\Users\any\VirtualBox VMs
2017-12-01 16:25 - 2017-12-02 20:12 - 000000000 ____D C:\Users\any\.VirtualBox
2017-12-01 16:23 - 2017-12-01 16:23 - 000001076 _____ C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2017-12-01 16:23 - 2017-12-01 16:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2017-12-01 16:22 - 2017-12-01 16:22 - 000000000 ____D C:\Program Files\Oracle
2017-12-01 16:22 - 2017-11-22 17:23 - 000972192 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2017-12-01 16:22 - 2017-11-22 17:23 - 000157672 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2017-12-01 16:20 - 2017-12-01 16:39 - 000000000 ____D C:\Users\any\Desktop\android files
2017-12-01 16:18 - 2017-12-01 16:18 - 000000000 ___RD C:\Users\any\Documents\MEGA
2017-12-01 16:11 - 2017-12-01 16:11 - 000001048 _____ C:\Users\any\Desktop\MEGAsync.lnk
2017-12-01 16:11 - 2017-12-01 16:11 - 000000000 ____D C:\Windows\System32\Tasks\MEGA
2017-12-01 16:11 - 2017-12-01 16:11 - 000000000 ____D C:\Users\any\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync
2017-12-01 16:11 - 2017-12-01 16:11 - 000000000 ____D C:\Users\any\AppData\Local\MEGAsync
2017-12-01 16:11 - 2017-12-01 16:11 - 000000000 ____D C:\Users\any\AppData\Local\Mega Limited
2017-12-01 16:10 - 2017-12-01 16:10 - 014976440 _____ (MEGA Limited) C:\Users\any\Downloads\MEGAsyncSetup.exe
2017-12-01 16:08 - 2017-12-01 16:10 - 115120984 _____ (Oracle Corporation) C:\Users\any\Downloads\VirtualBox-5.2.2-119230-Win.exe
2017-12-01 16:08 - 2017-12-01 16:09 - 019504049 _____ C:\Users\any\Downloads\Oracle_VM_VirtualBox_Extension_Pack-5.2.2-119230.vbox-extpack
2017-11-22 17:23 - 2017-11-22 17:23 - 000211704 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetLwf.sys
2017-11-22 17:23 - 2017-11-22 17:23 - 000200832 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp6.sys
2017-11-20 22:45 - 2017-10-17 20:34 - 000134376 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-11-20 22:45 - 2017-10-17 20:30 - 000605184 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-11-20 22:45 - 2017-10-15 16:04 - 000407392 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-11-20 22:45 - 2017-10-04 07:04 - 002023936 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2017-11-20 22:45 - 2017-10-04 07:04 - 001570304 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-11-20 22:45 - 2017-10-04 07:04 - 000670208 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-11-20 22:45 - 2017-10-04 07:04 - 000603648 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-11-20 22:45 - 2017-10-04 07:04 - 000370688 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-11-20 22:45 - 2017-10-04 07:04 - 000241664 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-11-20 22:45 - 2017-10-04 07:04 - 000181760 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-11-12 14:39 - 2017-11-12 14:39 - 000006807 _____ C:\Users\any\Desktop\NCSExpert Profiles - PFL.zip.pdf
2017-11-12 14:34 - 2017-11-12 14:34 - 000006807 _____ C:\Users\any\Downloads\NCSExpert Profiles - PFL.zip (5).pdf
2017-11-12 14:34 - 2017-11-12 14:34 - 000006807 _____ C:\Users\any\Downloads\NCSExpert Profiles - PFL.zip (3).pdf
2017-11-12 14:34 - 2017-11-12 14:34 - 000006807 _____ C:\Users\any\Downloads\NCSExpert Profiles - PFL.zip (2).pdf
2017-11-12 14:33 - 2017-11-12 14:33 - 000008376 _____ C:\Users\any\Desktop\attachment.htm
2017-11-12 14:33 - 2017-11-12 14:33 - 000006807 _____ C:\Users\any\Downloads\NCSExpert Profiles - PFl.zip.pdf
2017-11-12 14:33 - 2017-11-12 14:33 - 000006807 _____ C:\Users\any\Downloads\NCSExpert Profiles - PFL.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-07 03:51 - 2009-07-13 22:45 - 000021504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-12-07 03:51 - 2009-07-13 22:45 - 000021504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-12-06 22:46 - 2009-07-13 23:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-12-04 15:10 - 2009-07-13 20:34 - 014155776 _____ C:\Windows\system32\config\HARDWARE
2017-12-03 11:21 - 2009-07-13 23:13 - 000803410 _____ C:\Windows\system32\PerfStringBackup.INI
2017-12-03 11:21 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\inf
2017-12-03 11:12 - 2017-10-10 17:56 - 000000000 ____D C:\Users\any\AppData\Roaming\uTorrent
2017-12-02 23:41 - 2017-05-22 22:01 - 000000000 ____D C:\Program Files (x86)\Google
2017-12-02 23:27 - 2017-05-24 02:20 - 000000000 ____D C:\Windows\system32\appraiser
2017-12-02 23:18 - 2017-05-23 02:37 - 000799000 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-12-02 22:35 - 2017-05-27 10:03 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2017-12-02 22:34 - 2017-05-09 00:26 - 000000000 ____D C:\Windows\Panther
2017-12-02 20:54 - 2009-07-13 20:34 - 000451095 ____R C:\Windows\system32\Drivers\etc\hosts.20171202-213611.backup
2017-12-01 17:02 - 2017-05-08 19:32 - 000000000 ____D C:\Users\any
2017-11-12 14:37 - 2017-10-10 17:57 - 000000000 ____D C:\Users\any\Downloads\BMW

==================== Files in the root of some directories =======

2012-05-21 13:00 - 2012-05-21 13:00 - 000020984 _____ (Intel Corporation) C:\Users\any\AppData\Roaming\JomCap.dll

Some files in TEMP:
====================
2017-12-02 22:01 - 2017-12-02 22:01 - 000079552 _____ (Microsoft Corporation) C:\Users\any\AppData\Local\Temp\2828.tmp.exe
2017-12-02 22:01 - 2017-12-02 22:01 - 078346672 _____ (Malwarebytes                                                ) C:\Users\any\AppData\Local\Temp\54A4.tmp.exe
2017-12-02 22:13 - 2017-12-02 22:13 - 051725936 _____ (Safer-Networking Ltd.                                       ) C:\Users\any\AppData\Local\Temp\8F91.tmp.exe
2017-12-02 21:00 - 2017-12-02 21:00 - 007794352 _____ () C:\Users\any\AppData\Local\Temp\9C8C.tmp.exe
2017-12-03 11:56 - 2017-05-12 12:24 - 001732864 _____ (Microsoft Corporation) C:\Users\any\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-12-01 17:38

==================== End of FRST.txt ============================


  • 0

Advertisements


#17
Aura

Aura

    Special Ops

  • Malware Removal
  • 2,535 posts
I'm missing the second log, Addition.txt. Can you copy/paste it here as well?
  • 0

#18
r55741

r55741

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts

oops here it is

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-12-2017
Ran by any (07-12-2017 10:50:39)
Running from C:\Users\any\Desktop
Windows 7 Professional Service Pack 1 (X64) (2017-05-09 01:32:40)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1477751146-2404892005-3129194611-500 - Administrator - Disabled)
any (S-1-5-21-1477751146-2404892005-3129194611-1000 - Administrator - Enabled) => C:\Users\any
Guest (S-1-5-21-1477751146-2404892005-3129194611-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1477751146-2404892005-3129194611-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Spybot - Search and Destroy (Enabled - Out of date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
7-Zip 17.00 beta (HKLM-x32\...\7-Zip) (Version: 17.00 beta - Igor Pavlov)
AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.10.34 - STMicroelectronics)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
CCleaner (HKLM\...\CCleaner) (Version: 5.37 - Piriform)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.127 - ALPS ELECTRIC CO., LTD.)
Intel® Identity Protection Technology 1.2.27.0 (HKLM-x32\...\{F109D156-577D-101B-A622-CF4351943AA4}) (Version: 1.2.27.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.70.1205 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 18.1 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{03929cf1-3ae4-4765-b8b3-32b8e2e26a8d}) (Version: 19.60.0 - Intel Corporation)
Java 8 Update 144 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
MegaDownloader 1.7 (HKLM\...\{C12C2297-65A4-4E64-9AE1-29F0D947FDA0}}_is1) (Version: 1.7 - AppsForMega.info)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft .NET Framework 4.6.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mike's Easy BMW Tools (HKLM-x32\...\{CC94D767-0DEA-4D47-AD8F-641268491ACC}) (Version: 1.0 - Mike's Easy BMW Tools)
Mozilla Firefox 57.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0.1 (x64 en-US)) (Version: 57.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0.1 - Mozilla)
Oracle VM VirtualBox 5.2.2 (HKLM\...\{9F5D10F9-A372-4B1E-BEB3-001B47E0C325}) (Version: 5.2.2 - Oracle Corporation)
RogueKiller version 12.11.27.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.27.0 - Adlice Software)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.6.46 - Safer-Networking Ltd.)
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.83369 - TeamViewer)
VMware Workstation (HKLM\...\{4B855F64-CB51-4FC3-935F-5AF7D3372BDE}) (Version: 12.0.1 - VMware, Inc.)
WinDirStat 1.1.2 (HKU\S-1-5-21-1477751146-2404892005-3129194611-1000\...\WinDirStat) (Version:  - )
WinRAR 5.11 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\any\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\any\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\any\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\any\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\any\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\any\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov)
ContextMenuHandlers1-x32: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\any\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2014-08-27] (Alexander Roshal)
ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2014-08-27] (Alexander Roshal)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\any\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Workstation\vmdkShellExt.dll [2015-10-18] (VMware, Inc.)
ContextMenuHandlers2-x32: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Workstation\x64\vmdkShellExt64.dll [2015-10-18] (VMware, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\any\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov)
ContextMenuHandlers4-x32: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\any\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2015-06-01] (Intel Corporation)
ContextMenuHandlers6-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov)
ContextMenuHandlers6-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2014-08-27] (Alexander Roshal)
ContextMenuHandlers6-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2014-08-27] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0086367F-BB9A-415E-87DC-BA5B73222C9B} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-1477751146-2404892005-3129194611-1000 => C:\Users\any\AppData\Local\MEGAsync\MEGAupdater.exe [2017-11-23] (Mega Limited)
Task: {47A8E4B6-8E42-4B68-8ED2-7D416F61EF40} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-11-08] (Piriform Ltd)
Task: {48EE0773-BFCF-498E-8F22-C544D7CA9F83} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-12-02] (Adobe Systems Incorporated)
Task: {80BBAC1F-2868-414E-93DB-BEB36485F43B} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-11-08] (Piriform Ltd)
Task: {8BF00725-A8E9-4BB9-B5D1-AD44C989B2B8} - System32\Tasks\bak6717741k6717741 => C:\Program Files (x86)\jab\jab.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-10-18 15:51 - 2017-10-18 15:51 - 000598528 _____ () C:\Users\any\AppData\Local\MEGAsync\ShellExtX64.dll
2017-12-02 22:02 - 2017-11-01 08:55 - 002299344 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2015-06-01 20:00 - 2015-06-01 20:00 - 000102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-10-18 18:32 - 2015-10-18 18:32 - 012465856 _____ () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
2017-12-02 22:14 - 2016-09-13 14:00 - 000109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2017-12-02 22:14 - 2016-09-13 14:00 - 000416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2017-12-02 22:14 - 2016-09-13 14:00 - 000167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2017-12-02 22:14 - 2017-05-12 11:36 - 000507464 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-10-18 18:32 - 2015-10-18 18:32 - 001301696 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll
2015-10-18 18:32 - 2015-10-18 18:32 - 000191680 _____ () C:\Program Files (x86)\VMware\VMware Workstation\LIBEXPAT.dll
2015-10-18 18:32 - 2015-10-18 18:32 - 000388800 _____ () C:\Program Files (x86)\VMware\VMware Workstation\ssoClient.dll
2015-10-18 18:32 - 2015-10-18 18:32 - 000165056 _____ () C:\Program Files (x86)\VMware\VMware Workstation\nfc-types.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7865 more sites.

IE restricted site: HKU\S-1-5-21-1477751146-2404892005-3129194611-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1477751146-2404892005-3129194611-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1477751146-2404892005-3129194611-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1477751146-2404892005-3129194611-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1477751146-2404892005-3129194611-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1477751146-2404892005-3129194611-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1477751146-2404892005-3129194611-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1477751146-2404892005-3129194611-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1477751146-2404892005-3129194611-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1477751146-2404892005-3129194611-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-1477751146-2404892005-3129194611-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-1477751146-2404892005-3129194611-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1477751146-2404892005-3129194611-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-1477751146-2404892005-3129194611-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1477751146-2404892005-3129194611-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1477751146-2404892005-3129194611-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1477751146-2404892005-3129194611-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1477751146-2404892005-3129194611-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1477751146-2404892005-3129194611-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1477751146-2404892005-3129194611-1000\...\1-2005-search.com -> www.1-2005-search.com

There are 12682 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2017-12-02 21:55 - 000450713 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com
127.0.0.1    www.123moviedownload.com

There are 15463 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1477751146-2404892005-3129194611-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: 859d7d2e111c588668d48c8007e778f8 => 2
MSCONFIG\Services: EvtEng => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: MyWiFiDHCPDNS => 3
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\startupfolder: C:^Users^any^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MEGAsync.lnk => C:\Windows\pss\MEGAsync.lnk.Startup
MSCONFIG\startupreg: FreeFallProtection => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: panted => "C:\Program Files (x86)\Textual\aerate.exe"
MSCONFIG\startupreg: pantedpanted => "C:\Program Files (x86)\Purged\aerate.exe"
MSCONFIG\startupreg: pantedpenman => "C:\Program Files (x86)\disputing\brothers.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{71E2A3DF-E572-4959-BE36-E6B43D480438}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{4877B1F7-4C92-49F3-821C-81F108CB7007}C:\rheingold\testergui\bin\release\istagui.exe] => (Block) C:\rheingold\testergui\bin\release\istagui.exe
FirewallRules: [UDP Query User{CBE15D90-B73A-4FFB-A4C4-F05DD5E83F40}C:\rheingold\testergui\bin\release\istagui.exe] => (Block) C:\rheingold\testergui\bin\release\istagui.exe
FirewallRules: [TCP Query User{7601579A-8FC1-430E-9654-18C6E547BB49}C:\rheingold\testergui\bin\release\istaoperation.exe] => (Allow) C:\rheingold\testergui\bin\release\istaoperation.exe
FirewallRules: [UDP Query User{60622DE9-CDD1-4980-A8BB-8936025BA888}C:\rheingold\testergui\bin\release\istaoperation.exe] => (Allow) C:\rheingold\testergui\bin\release\istaoperation.exe
FirewallRules: [{E5D18DE2-F227-4B3A-B4B5-CC4E15E396A8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7DF16D36-50CC-4CAF-8C29-1D2B9EDD97D3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{F54E7D34-64F0-4834-8D08-353039244ACD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{6CE7D632-5054-4F2C-A3A8-B738C854B622}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{D8E73AEA-B0A5-4796-8199-23F0F2C585A3}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{563C9EB5-64FD-428C-B761-0052812F1E92}] => (Allow) C:\Users\any\Downloads\utorrent_2.2.1.exe
FirewallRules: [{E24CDDD7-5FF1-443C-A3BD-83DE56B05CC0}] => (Allow) C:\Users\any\Downloads\utorrent_2.2.1.exe
FirewallRules: [{1EBD37EB-988F-4D50-8B0F-DE3F934D147E}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{AE339FB7-D388-43DE-B043-1CF15722483B}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{FC0D429A-F6F7-4CCE-AB61-3193FEED7DF0}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{3865D951-9061-48F4-AB2D-BF821D47F8D4}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

04-12-2017 16:46:49 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft Loopback Adapter
Description: Microsoft Loopback Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: msloop
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Mass Storage Controller
Description: Mass Storage Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Broadcom USH
Description: Broadcom USH
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/07/2017 01:57:53 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).

Error: (12/06/2017 10:46:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/06/2017 06:23:05 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).

Error: (12/04/2017 04:58:46 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).

Error: (12/04/2017 03:11:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/04/2017 03:09:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ZeroConfigService.exe, version: 19.60.0.0, time stamp: 0x58d16fa6
Faulting module name: ZeroConfigService.exe, version: 19.60.0.0, time stamp: 0x58d16fa6
Exception code: 0x40000015
Fault offset: 0x000000000022af96
Faulting process id: 0x818
Faulting application start time: 0x01d36c7922ec18cd
Faulting application path: C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
Faulting module path: C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
Report Id: 5f5cf833-d937-11e7-b51d-9cb70ded215a

Error: (12/04/2017 02:16:20 PM) (Source: System Restore) (EventID: 8211) (User: )
Description: The scheduled restore point could not be created.  Additional information: (0x81000101).

Error: (12/04/2017 02:16:19 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x81000101).

Error: (12/03/2017 09:10:36 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).

Error: (12/03/2017 02:56:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (12/06/2017 11:05:01 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{5812E880-62D4-4E47-BC5A-0AD777C8A9C7}.
The backup browser is stopping.

Error: (12/06/2017 10:45:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error:
The service did not start due to a logon failure.

Error: (12/06/2017 10:45:17 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WMPNetworkSvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error:
The request is not supported.


To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (12/06/2017 10:45:00 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (12/06/2017 10:44:49 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (12/06/2017 10:44:49 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (12/06/2017 10:44:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Updating Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (12/06/2017 10:44:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Identity Protection Technology Host Interface Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/06/2017 10:44:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® PROSet/Wireless Registry Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/06/2017 10:44:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Management and Security Application User Notification Service service terminated unexpectedly.  It has done this 1 time(s).


==================== Memory info ===========================

Processor: Intel® Core™ i5-2520M CPU @ 2.50GHz
Percentage of memory in use: 65%
Total physical RAM: 3977.02 MB
Available physical RAM: 1355.5 MB
Total Virtual: 7952.21 MB
Available Virtual: 4994.21 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.99 GB) (Free:58.61 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: CED96774)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


  • 0

#19
Aura

Aura

    Special Ops

  • Malware Removal
  • 2,535 posts
Almost done!

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located)
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Fix button
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad
  • Copy and paste its content in your next reply
How's your system behaving now? Are there any other issues to address?

Attached Files


  • 0

#20
r55741

r55741

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts

Everything seems to be running fine now. Thanks so much!

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 08-12-2017
Ran by any (08-12-2017 11:09:38) Run:3
Running from C:\Users\any\Desktop
Loaded Profiles: any (Available Profiles: any)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:

Task: {8BF00725-A8E9-4BB9-B5D1-AD44C989B2B8} - System32\Tasks\bak6717741k6717741 => C:\Program Files (x86)\jab\jab.exe

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]

MSCONFIG\Services: 859d7d2e111c588668d48c8007e778f8 => 2
MSCONFIG\startupreg: panted => "C:\Program Files (x86)\Textual\aerate.exe"
MSCONFIG\startupreg: pantedpanted => "C:\Program Files (x86)\Purged\aerate.exe"
MSCONFIG\startupreg: pantedpenman => "C:\Program Files (x86)\disputing\brothers.exe"

C:\Program Files (x86)\jab
C:\Program Files (x86)\Textual
C:\Program Files (x86)\Purged
C:\Program Files (x86)\disputing

EmptyTemp:
*****************

Processes closed successfully.
Restore point was successfully created.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8BF00725-A8E9-4BB9-B5D1-AD44C989B2B8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8BF00725-A8E9-4BB9-B5D1-AD44C989B2B8}" => removed successfully
C:\Windows\System32\Tasks\bak6717741k6717741 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bak6717741k6717741" => removed successfully
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully
"HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\859d7d2e111c588668d48c8007e778f8" => removed successfully
HKLM\System\CurrentControlSet\Services\859d7d2e111c588668d48c8007e778f8 => key not found
"HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\panted" => removed successfully
"HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\pantedpanted" => removed successfully
"HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\pantedpenman" => removed successfully
"C:\Program Files (x86)\jab" => not found.
"C:\Program Files (x86)\Textual" => not found.
"C:\Program Files (x86)\Purged" => not found.
"C:\Program Files (x86)\disputing" => not found.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5745592 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 889209516 B
Edge => 0 B
Chrome => 0 B
Firefox => 383832825 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 33125 B
Public => 0 B
ProgramData => 0 B
systemprofile => 33253 B
systemprofile32 => 37271 B
LocalService => 33125 B
NetworkService => 17466 B
any => 231433473 B

RecycleBin => 380433 B
EmptyTemp: => 1.4 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 11:10:21 ====


  • 0

#21
Aura

Aura

    Special Ops

  • Malware Removal
  • 2,535 posts
Awesome!

Since there are no signs of infection anymore in your logs, and you just told me that there are no more issues left to address, I guess we're done here. We'll wrap it up by running DelFix to delete the tools and logs that were used in this clean-up.

BWuhenj.pngDelFix
Follow the instructions below to download and execute DelFix.
  • Download DelFix and move the executable to your Desktop;
  • Right-click on DelFix.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Check the following options :
    • Activate UAC;
    • Remove disinfection tools;
    • Create registry backup;
    • Purge system restore;
    • Reset system settings;
  • Once all the options mentionned above are checked, click on Run;
  • After DelFix is done running, a log will open. Please copy/paste the content of the output log in your next reply;
Qt25440.pngTips, tricks, advice and recommendations

Now it's time to give you some tips, tricks, advice and recommendations on how to protect your system and prevent you from being infected in the future. This is where I'll explain basic security measures that you should take to protect and harden your system, and also make sure it stays as safe and secure as possible against hackers and malware. You are free to ignore the recommendations listed below, although I obviously do not recommend it. If you have any questions about one of the points covered in the speech below, feel free to ask me your questions here directly so I can answer them and guide you.

Windows Updates

Keeping Windows up to date is one of the first steps in having a safe and secure system. The Security Updates that Windows receives are meant to fix exploits and flaws in it that makes it more secure and not exploitable by hackers. In order to do that, you should always install the Security Updates, known as "Important Updates" on your Windows system. These updates are released on the second Tuesday of every month, but some are also released before if they are emergency/critical Security Updates. Let's make sure that you have all your Important Updates and Recommended Updates installed and that your Windows Updates are set to be installed automatically.Keeping your programs up-to-date

Like keeping Windows updated, keeping your installed programs up-to-date is another important step in having a safe and secure system. Outdated programs can be exploited by hackers and malware to infect a system and take it over. This is especially true today with the rise of Exploit Kits which is one of the biggest attack vectors to distribute malware. Therefore, you should always keep vulnerable programs like Adobe Flash Player, Adobe Shockwave Player, Java, Silverlight, etc. updated to their most recent version (even better, you don't have to install them if you don't use them). Programs like eLDnJfI.pngSecuniaPSI and y5YE7At.pngHeimdal Free will scan your system for outdated programs, and help you identify them, as well as update them.

Antivirus, Antimalware, Firewall and Anti-Exploit/Ransomware

Having a decent security setup (led by an Antivirus) is the most crucial step to protect a system. These programs are a layer of defence that will prevent a system from being infected, or if it somehow ends up infected, help mitigate the infection and remediate it. Ideally, you should have on your system one Antivirus (never more than one installed at the time), one Antimalware (you can install multiple of these, assuming they do not conflict with each other and the other security programs installed), one Firewall and if you wish, one Anti-Exploit and/or Anti-Ransomware (since Ransomware are currently the most dangerous threat around and it can hit anywhere). Here are a few programs worth checking out if you don't have one yet.

Note: The programs listed below are all free to use or they have some sort of trial. Some of them have a paid version that provides more features, while a lot of other good programs only have a paid version but aren't listed there (such as Kaspersky and ESET Antivirus products).

AntivirusAntimalwareFirewall
Starting in Windows Vista, the Windows Firewall greatly improved and will satisfy the needs of most users. If you do not have an Internet Suite Antivirus program (which includes a firewall) and you want to use a 3rd party firewall, you can consider the options below.
  • 7p3JzTS.pngGlassWire - Has both a free and paid version (with different packages);
  • MQIMh6k.pngWindows Firewall Control - Gives you more control over your Windows Firewall;
  • 5RXGshU.pngTinyWall - Lightweight firewall implementing the Windows Firewall and giving you more control over it;
Anti-Exploit/Anti-RansomwareWeb Browsers and Web Browsing

Web Browsers could be considered as the closest door between a malware and your system. This is where most malware goes through to infect a system, and therefore it should be the program(s) you want to secure the most. There are two ways of going about it: hardening your web browser via extensions, and having good browsing habits.

Hardening your web browser means to install extensions that will help it protect itself (and your system on the same occasion) against Exploit Kits, MiTM attacks, etc. but also you at the same time. Here are a few extensions that I recommend you to install.
  • uBlock Origin: Efficient multi-purpose blocker that is lightweight on RAM and CPU usage (Google Chrome and Mozilla Firefox, called uBlock on Opera);
  • HTTPS Everywhere: Extension that converts your HTTP (unencrypted) requests to HTTPS (encrypted) ones (Google Chrome, Mozilla Firefox and Opera);
  • Web of Trust: Website reputation, rating and review extension that will help you quickly identify bad and suspicious sites from good ones (every web browsers);
  • NoScript: NoScript is a script blocker (Java, Flash, JavaScript, etc.) for Mozilla Firefox and Firefox-based browsers (Mozilla Firefox and Firefox-based web browsers);
  • uMatrix: For advanced users, a point and click matrix-like extensions that allow you to control requests done on a webpage (based on source, destination and type) (Google Chrome, Mozilla Firefox and Opera);
  • LastPass: Secure password manager allowing you to create, manage, and use passwords you save in your LastPass account (every web browser);
As for safe browsing habits, you can find tons of guides, tutorials, articles, etc. online that will highlight the basics you need to follow (only visit websites you trust, do not click on ads, do not download files from untrusted sources, use a password manager, always verify the URL of a website and make sure it's correctly typed, etc.), and even what you can do if you want to take it a step further (create a fake email address for spam emails, browse the web in a privacy mode, etc.). Here are a few:As you can see, there are plenty of resources out there. Simply Googling "good browsing habits" or "safe browsing habits" should allow you to find a lot of them.

Other recommendations

Even if you follow every recommendation that I listed here, in the end, it's also your job to be careful when browsing the web and downloading files if you don't want to get infected. Therefore, if you use your brain (common sense) when browsing the web, downloading programs and files, etc., you have far less chances to get infected by a malware. If for example you're not sure if a website is legitimate or not, or if a file is safe to download and execute, or if a program looks "too good" to be free, I suggest you to avoid going to that website, downloading that file or using that program.

Here are a few guides, tutorials, articles, etc. that you could read in order to learn more about computer protection and security to improve your current computer protection setup but also improve your good web browsing and computer usage practices :The End!

And that's it! Now that you know more about how to protect your computer and secure it, you're good to go back to your online activities, but in a safe and secure way! You are also free to stay on the forums and ask for help in different topics if you ever need to. Just make sure that you post your question/issue in the right section to get the best assistance possible. And if you ever get infected again (which I hope you wont!), you can always comeback in this section to get another checkup with one of our trained malware removal member.

Do you have any questions before I close this thread?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP