Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware Help

Started by tsvc15 , Mar 28 2020 04:34 PM

  • Please log in to reply

#1
tsvc15
Posted 28 March 2020 - 04:34 PM

tsvc15

    New Member

  • Member
  • Pip
  • 2 posts

Hi there. I use Malwarebytes. Every month I run a scan just to make sure everything is good. For years I've had no issues but a couple of days ago it detected 2 threats during a scan.

 

 
www.malwarebytes.com
 
-Log Details-
Scan Date: 3/26/20
Scan Time: 11:22 PM
Log File: 20185d7a-6fda-11ea-a104-0ceee6f8eedc.json
 
-Software Information-
Version: 4.1.0.56
Components Version: 1.0.835
Update Package Version: 1.0.21426
License: Free
 
-System Information-
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: User-HP\User
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 189637
Threats Detected: 2
Threats Quarantined: 2
Time Elapsed: 25 min, 19 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 1
Malware.Heuristic.7, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\IEXPLORE.EXE, Quarantined, 7, 0, , , , 
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 1
Malware.Heuristic.7, C:\USERS\USER\APPDATA\LOCAL\TEMP\RARSFX0\PROCS\IEXPLORE.EXE, Quarantined, 7, 0, 1.0.21426, 7, dds, 00649573
 
Physical Sector: 0
(No malicious items detected)
 
WMI: 0
(No malicious items detected)
 
 
(end)
 
Quarantined both. Today I decided to do another scan as I was bothered by the fact that I got Malware. Ran a scan and got another threat. This time only one.
 
 
www.malwarebytes.com
 
-Log Details-
Scan Date: 3/28/20
Scan Time: 5:37 PM
Log File: 604dabda-713c-11ea-a74f-0ceee6f8eedc.json
 
-Software Information-
Version: 4.1.0.56
Components Version: 1.0.859
Update Package Version: 1.0.21530
License: Free
 
-System Information-
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: User-HP\User
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 189553
Threats Detected: 1
Threats Quarantined: 1
Time Elapsed: 27 min, 6 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 1
Malware.Heuristic.7, C:\USERS\USER\APPDATA\LOCAL\TEMP\RARSFX0\PEV.EXE, Quarantined, 7, 0, 1.0.21530, 7, dds, 00652104
 
Physical Sector: 0
(No malicious items detected)
 
WMI: 0
(No malicious items detected)
 
 
(end)
 
It's quarantined but I feel like this problem won't go away. That if I were to run a scan again in a few days I might find more Malware. Any help with how to deal with this is greatly appreciated. 
 
Thank you

 


  • 0

Advertisements

#2
iMacg3
Posted 28 March 2020 - 07:06 PM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Hi tsvc15, welcome to the Geeks to Go malware removal forum.

I am iMacg3 and will be helping you with your computer problems.

Please keep the following information in mind before we begin:
  • Back up any important data before we continue.
    • Back up any important data on your computer to external media. I will not knowingly suggest any steps that will damage your computer; however, malware infections are often unpredictable and it may be necessary to reformat and reinstall your operating system depending on the infection.
  • Do not install any new software or run any fixes/tools on your system unless I request that you do so.
    • Running additional tools on your system can interfere with the clean-up process, or cause issues such as false positives.
  • Please read all instructions carefully, and complete them in the order listed.
    • Items that are especially important will be highlighted in bold or red.
  • If your computer seems to start working normally, please don't abandon the topic.
    • Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.
  • If you have pirated or illegal software on your computer, uninstall it now before proceeding.
    • Using pirated/cracked software is an easy way to infect your computer - almost as easy as intentionally downloading malware. Therefore, please remove any, if present, before we begin the clean-up.
  • If you don't respond to your topic in 4 days, it will be closed.
    • If your topic is closed and you still need assistance, send me a Personal Message with a link to your topic.
  • If you have questions at any time during the cleanup, feel free to ask.
---------------------------------------------------
Farbar Recovery Scan Tool (FRST)

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, and that will be the right version.
  • Right-click FRST.exe/FRST64.exe then click "Run as administrator"
  • When the tool opens, click Yes to the disclaimer.
  • Press the Scan button.
  • When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from.
  • Please copy and paste the logs in your next reply.

  • 0

#3
tsvc15
Posted 28 March 2020 - 10:56 PM

tsvc15

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts

Hi thanks for the response. Appreciate the help

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-03-2020
Ran by User (administrator) on USER-HP (Hewlett-Packard HP Mini 210-1000) (29-03-2020 00:35:25)
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Platform: Microsoft Windows 7 Starter  Service Pack 1 (X86) Language: العربية (السعودية)‏
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Adobe Inc. -> Adobe Systems) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Corel Corporation -> WinZip Computing) C:\Program Files\WinZip\WzPreloader.exe
(DATA TRANSFER OF NEVADA, LLC  -> Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP QuickSync\QuickSync.exe
(DeviceVM, Inc.) [File not signed] C:\SPLASH.SYS\config\DVMExportService.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company ->  Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Hewlett-Packard Company -> ) C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
(Hewlett-Packard) [File not signed] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Intel Corporation -> Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation -> Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Hardware Compatibility Publisher -> Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\AEstSrv.exe
(Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\stacsv.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Sun Microsystems, Inc.) [File not signed] C:\Program Files\Hewlett-Packard\HP QuickSync\jre\bin\javaw.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Zecter Inc. -> Zecter Inc.) C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664 2009-11-03] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation -> Intel Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2009-10-12] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
HKLM\...\Run: [HP] => C:\Program Files\Hewlett-Packard\HP QuickSync\QuickSync.exe [589104 2009-07-14] (DATA TRANSFER OF NEVADA, LLC  -> Hewlett-Packard)
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [322104 2009-08-20] (Hewlett-Packard Company ->  Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [WirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [499768 2009-09-01] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM\...\Run: [ZumoDrive] => C:\Program Files\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk [2042 2010-12-27] () [File not signed]
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-03-14] (Oracle America, Inc. -> Oracle Corporation)
HKLM\...\Run: [WinZip UN] => C:\Program Files\WinZip\WZUpdateNotifier.exe [2268624 2019-05-17] (Corel Corporation -> Corel Corporation)
HKLM\...\Run: [WinZip PreLoader] => C:\Program Files\WinZip\WzPreloader.exe [130624 2019-05-17] (Corel Corporation -> WinZip Computing)
HKLM\...\Run: [WinZip FAH] => C:\Program Files\WinZip\FAHConsole.exe [455360 2019-05-17] (WinZip Computing LLC -> WinZip Computing, S.L.)
HKU\S-1-5-21-3461133905-2381754433-3374124651-1000\...\Run: [Simplify Media] => C:\Program Files\HP\HP MediaStream\HPMediaStream.exe [21498376 2009-10-23] (Simplify Media, Inc. -> Simplify Media, Inc.)
HKU\S-1-5-21-3461133905-2381754433-3374124651-1000\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-16] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\80.0.3987.149\Installer\chrmstp.exe [2020-03-18] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{50968FF7-10C1-4fb3-98B0-CD654D6CB97E}] -> C:\Program Files\WIDCOMM\Bluetooth Software\\BtwCP.dll [2009-09-04] (Broadcom Corporation -> Broadcom Corporation.)
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2016-11-30]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation -> Broadcom Corporation.)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2016-11-30]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0247B2BB-C362-4B82-9EE4-4F6EAA120DD2} - System32\Tasks\RecoveryCDWin7 => C:\Program Files\Hewlett-Packard\HP Setup\RemEngine.exe [38456 2009-10-07] (Hewlett-Packard Company -> )
Task: {204F1052-FC49-4DD6-8104-81B3C29541FF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1242704 2020-02-25] (Adobe Inc. -> Adobe Systems)
Task: {2BD05BA6-988D-4BD3-A9CD-9A39F80AF524} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {2E2A89C9-3BBA-453D-81E0-1D50BA51E0F7} - System32\Tasks\WinZip Update Notifier 1 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2268624 2019-05-17] (Corel Corporation -> Corel Corporation)
Task: {3B5C1F2B-3FF6-42A0-89F5-139AE8A3B746} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Tuneup => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [1379592 2009-10-16] (Hewlett-Packard -> Hewlett-Packard)
Task: {4A309451-EFCB-4BF4-863D-939DE072AC7F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {5B184694-64C3-4633-94C5-945B3FA561D6} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {5CEEAE39-82F3-4F66-889C-06814E860C58} - System32\Tasks\WinZip Update Notifier 2 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2268624 2019-05-17] (Corel Corporation -> Corel Corporation)
Task: {64650E7F-1118-4916-B63E-4F3633AE184D} - System32\Tasks\Registration => C:\Program Files\Hewlett-Packard\HP Setup\RemEngine.exe [38456 2009-10-07] (Hewlett-Packard Company -> )
Task: {6AEF0C98-2CB4-4B67-8C70-4C977C7355CC} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => {B1AEBB5D-EAD9-4476-B375-9C3ED9F32AFC}
Task: {6B7AC694-8D6D-481B-9DD8-2A3A741ADA6D} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem => {927EA2AF-1C54-43D5-825E-0074CE028EEE}
Task: {9334C323-F100-4656-9BA0-E4AA69C0F9C2} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe
Task: {94B668EE-6F76-4302-82E6-7983C2E2A328} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {97F6641F-9E26-466C-BBDB-9EC1B1E22B5C} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Health Analysis => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [1379592 2009-10-16] (Hewlett-Packard -> Hewlett-Packard)
Task: {9F54B95F-5096-4803-AE61-E9B3AC5B616D} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Task: {B66EA050-59D3-4E30-8652-E3FD5897F1E9} - System32\Tasks\WinZip Update Notifier 3 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2268624 2019-05-17] (Corel Corporation -> Corel Corporation)
Task: {B7F179D5-CD0A-4A46-99B4-9285E01800B9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [269504 2016-05-13] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {D1EC85D6-9CAD-4B4B-B8BB-258765583B68} - System32\Tasks\GoogleUpdateTaskMachineCore1d1e944aed98777 => C:\Program Files\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {D21F6024-191F-4454-BBBC-09A650DA2549} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {D5AEA61B-8AAD-44CD-BAC0-360E9EA72245} - System32\Tasks\{4908488D-3C6B-49EA-9A61-00CD5186EEE4} => "c:\program files\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/6.1.0.129.272/en/abandoninstall?page=tsProgressBar
Task: {E405E471-818C-459A-93B3-CF75E647BF39} - System32\Tasks\GoogleUpdateTaskMachineUA1d1e944af3d8143 => C:\Program Files\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {F93C7104-998A-4A38-B935-775A3138B3C3} - System32\Tasks\Microsoft\Windows\Location\Notifications => C:\Windows\System32\LocationNotificationWindows.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
Tcpip\Parameters: [DhcpNameServer] 64.71.255.204 64.71.255.198
Tcpip\..\Interfaces\{BC3338C4-7E79-4C29-AF82-106FE814952E}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{CE8FD610-94AB-4EB8-8D8D-28A4167AE16D}: [DhcpNameServer] 64.71.255.204 64.71.255.198
 
Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {95FBE619-19B8-4D4D-85FF-AC655C023F00} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {12FD45BA-0F44-4C46-93F6-DE497A12A58A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3461133905-2381754433-3374124651-1000 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://tbsearch.ask.com/redirect?client=ie&tb=PTV&o=15184&src=crm&q={searchTerms}&locale=en_US
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-06-30] (Oracle America, Inc. -> Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-06-30] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKU\S-1-5-21-3461133905-2381754433-3374124651-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-3461133905-2381754433-3374124651-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_131-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-00131-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_131-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_131-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation -> Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation -> Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ivvbeojz.default [2020-02-26]
FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ivvbeojz.default\user.js [2013-10-12]
FF Homepage: Mozilla\Firefox\Profiles\ivvbeojz.default -> hxxp://www.rogers.com/smartkey
FF NetworkProxy: Mozilla\Firefox\Profiles\ivvbeojz.default -> type", 0
FF Extension: (DivX Web Player) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ivvbeojz.default\Extensions\[email protected] [2012-11-12] [Legacy] [not signed]
FF Extension: (Simple Adblock) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ivvbeojz.default\Extensions\[email protected] [2013-04-21] [Legacy] [not signed]
FF Extension: (Google Code Correction) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ivvbeojz.default\features\{0de90141-3771-4976-9faa-b18fbb1e0711}\[email protected] [2018-06-17] [Legacy]
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ivvbeojz.default\searchplugins\avg-secure-search.xml [2013-10-11]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-13] (Adobe Systems Incorporated -> )
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2009-03-20] (Adobe Systems, Inc.) [File not signed]
FF Plugin: @funwebproducts.com/Plugin -> C:\Program Files\FunWebProducts\Installr\1.bin\NPFunWeb.dll [No File]
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-06-30] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-06-30] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-03-05] (Adobe Inc. -> Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2020-03-29]
CHR DownloadDir: C:\Users\User\Desktop
CHR Extension: (Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-02-19]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-03-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-05]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-03-19]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile [2018-01-14]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-02-06] (ArcSoft, Inc. -> ArcSoft Inc.)
R2 AdobeARMservice; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [88648 2020-02-25] (Adobe Inc. -> Adobe Systems)
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\aestsrv.exe [81920 2009-03-02] (Microsoft Windows Hardware Compatibility Publisher -> Andrea Electronics Corporation)
R2 DvmMDES; C:\SPLASH.SYS\config\DVMExportService.exe [323584 2009-07-08] (DeviceVM, Inc.) [File not signed]
R2 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [120832 2009-10-15] (Hewlett-Packard) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [5547464 2020-03-11] (Malwarebytes Inc -> Malwarebytes)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\STacSV.exe [221266 2009-10-12] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
R2 wlidsvc; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [1710464 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 athr; C:\Windows\System32\DRIVERS\athr.sys [1096704 2009-07-13] (Microsoft Windows -> Atheros Communications, Inc.)
R3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl6.sys [2494968 2009-10-27] (Broadcom Corporation -> Broadcom Corporation)
R3 btwaudio; C:\Windows\System32\drivers\btwaudio.sys [86056 2009-09-17] (Broadcom Corporation -> Broadcom Corporation.)
R3 btwavdt; C:\Windows\System32\DRIVERS\btwavdt.sys [108072 2009-09-17] (Broadcom Corporation -> Broadcom Corporation.)
R3 btwl2cap; C:\Windows\System32\DRIVERS\btwl2cap.sys [29472 2009-09-17] (Broadcom Corporation -> Broadcom Corporation.)
R3 btwrchid; C:\Windows\System32\DRIVERS\btwrchid.sys [18472 2009-09-17] (Broadcom Corporation -> Broadcom Corporation.)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [109456 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 DVMIO; C:\SPLASH.SYS\config\dvmio.sys [17624 2009-09-29] (DeviceVM Inc. -> DeviceVM, Inc.)
R3 HpqKbFiltr; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [15872 2009-04-29] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Development Company, L.P.)
S3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [174592 2009-09-01] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.)
S3 RTL8167; C:\Windows\System32\DRIVERS\Rt86win7.sys [204288 2009-10-02] (Microsoft Windows Hardware Compatibility Publisher -> Realtek )
S3 SrvHsfHDA; C:\Windows\System32\DRIVERS\VSTAZL3.SYS [207360 2009-07-13] (Microsoft Windows -> Conexant Systems, Inc.)
S3 SrvHsfV92; C:\Windows\System32\DRIVERS\VSTDPV3.SYS [980992 2009-07-13] (Microsoft Windows -> Conexant Systems, Inc.)
S3 SrvHsfWinac; C:\Windows\System32\DRIVERS\VSTCNXT3.SYS [661504 2009-07-13] (Microsoft Windows -> Conexant Systems, Inc.)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [147344 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 STHDA; C:\Windows\System32\DRIVERS\stwrt.sys [420864 2009-10-12] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [15872 2013-02-11] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ===================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2020-03-29 00:35 - 2020-03-29 00:37 - 000026046 _____ C:\Users\User\Desktop\FRST.txt
2020-03-29 00:34 - 2020-03-29 00:36 - 000000000 ____D C:\FRST
2020-03-29 00:32 - 2020-03-29 00:33 - 002008064 _____ (Farbar) C:\Users\User\Desktop\FRST.exe
2020-03-28 18:14 - 2020-03-28 18:14 - 000001302 _____ C:\Users\User\Documents\mbscan2.txt
2020-03-26 23:55 - 2020-03-26 23:55 - 000001425 _____ C:\Users\User\Documents\mbscan.txt
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2020-03-29 00:34 - 2009-07-14 00:34 - 000016480 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-03-29 00:34 - 2009-07-14 00:34 - 000016480 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-03-27 02:12 - 2019-09-07 16:08 - 000129056 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
2020-03-27 02:08 - 2010-01-04 05:12 - 000000177 ____H C:\dvmexp.idx
2020-03-27 02:04 - 2009-09-06 19:02 - 000782510 _____ C:\Windows\system32\PerfStringBackup.INI
2020-03-27 02:04 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\inf
2020-03-27 01:59 - 2010-12-28 15:17 - 000000000 ____D C:\Users\User\Tracing
2020-03-27 01:59 - 2010-12-27 23:31 - 000000184 _____ C:\ProgramData\HPWALog.txt
2020-03-27 01:58 - 2010-12-27 23:31 - 000000000 ____D C:\Users\User\.migoDesktop
2020-03-27 01:58 - 2009-07-14 00:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-03-24 22:19 - 2019-01-06 15:27 - 000000000 ____D C:\Program Files\Infantry Online
2020-03-20 21:05 - 2019-07-03 14:34 - 000004464 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2020-03-20 21:04 - 2019-07-03 14:32 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-03-20 20:34 - 2016-07-28 22:55 - 000003322 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA1d1e944af3d8143
2020-03-20 20:34 - 2016-07-28 22:55 - 000003194 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore1d1e944aed98777
2020-03-18 13:55 - 2014-12-04 19:56 - 000002130 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-03-18 13:55 - 2014-12-04 19:56 - 000002089 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-03-16 22:00 - 2012-07-31 00:03 - 000000000 ____D C:\Users\User\AppData\Local\CrashDumps
2020-03-15 04:04 - 2013-08-14 20:16 - 000000000 ____D C:\Windows\system32\MRT
2020-03-15 03:07 - 2011-01-20 08:34 - 118379832 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2020-03-11 22:35 - 2019-09-07 16:08 - 000001908 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
 
==================== Files in the root of some directories ========
 
2010-12-27 23:31 - 2010-12-27 23:31 - 000000000 _____ () C:\Users\User\AppData\Local\AtStart.txt
2010-12-27 23:31 - 2010-12-27 23:31 - 000000000 _____ () C:\Users\User\AppData\Local\DSwitch.txt
2010-12-27 23:31 - 2010-12-27 23:31 - 000000000 _____ () C:\Users\User\AppData\Local\QSwitch.txt
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
 
LastRegBack: 2016-05-09 15:18
==================== End of FRST.txt ========================
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-03-2020
Ran by User (29-03-2020 00:38:53)
Running from C:\Users\User\Desktop
Microsoft Windows 7 Starter  Service Pack 1 (X86) (2010-12-28 03:24:19)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3461133905-2381754433-3374124651-500 - Administrator - Disabled)
Guest (S-1-5-21-3461133905-2381754433-3374124651-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3461133905-2381754433-3374124651-1004 - Limited - Enabled)
User (S-1-5-21-3461133905-2381754433-3374124651-1000 - Administrator - Enabled) => C:\Users\User
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
ActiveCheck component for HP Active Support Library (HKLM\...\{254C37AA-6B72-4300-84F6-98A82419187E}) (Version: 3.0.0.1 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.006.20042 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.7.0.1530 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.5 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}) (Version: 11.0 - Adobe Systems, Inc.)
ArcSoft WebCam Companion 3 (HKLM\...\{34985F59-8F6F-46F4-9AD5-53E2714294D2}) (Version: 3.0.189 - ArcSoft)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.18.41 - Broadcom Corporation)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2118 - CyberLink Corp.)
ESU for Microsoft Windows 7 (HKLM\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
GOM Player (HKLM\...\GOM Player) (Version: 2.1.21.4846 - Gretech Crop.)
Google Chrome (HKLM\...\Google Chrome) (Version: 80.0.3987.149 - Google LLC)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
HP CloudDrive (HKLM\...\ZumoDrive) (Version:  - )
HP Games (HKLM\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Integrated Module with Bluetooth wireless technology (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.500 - Broadcom Corporation)
HP MediaStream (HKLM\...\{4414C431-245A-4AF7-8FE0-3ED2333FD8D2}) (Version: 2.5.1466 - Simplify Media)
HP Quick Launch Buttons (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.7.1 - Hewlett-Packard)
HP QuickSync (HKLM\...\{EEA95E6C-6847-49BE-83C9-ED92D8E18983}) (Version: 5.1.234.4788 - Hewlett-Packard)
HP QuickWeb (HKLM\...\{21FFAF37-E51A-41AB-8749-ACD1F9CF8E37}) (Version: 1.1.2.2 - DeviceVM, Inc.)
HP Setup (HKLM\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)
HP Support Assistant (HKLM\...\{06F22256-8A8D-4F3F-B22C-6E07313D0FD1}) (Version: 4.2.6.13 - Hewlett-Packard)
HP Update (HKLM\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
HP User Guides 0169 (HKLM\...\{4B7057D5-6D5D-4088-8217-48EA20C44373}) (Version: 1.01.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{1061DF04-CF33-40B0-8360-D07C9BBEB122}) (Version: 3.50.10.1 - Hewlett-Packard)
HPAsset component for HP Active Support Library (HKLM\...\{669D4A35-146B-4314-89F1-1AC3D7B88367}) (Version: 3.0.0.3 - Hewlett-Packard) Hidden
IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6246.0 - IDT)
Infantry Online (HKLM\...\{C5C9130F-1F0F-47E7-96D1-032573247263}) (Version: 2.1.0.9 - Free Infantry Group) Hidden
Infantry Online (HKU\S-1-5-21-3461133905-2381754433-3374124651-1000\...\Infantry Online 2.1.0.9) (Version: 2.1.0.9 - Free Infantry Group)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.14.10.1929 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java 8 Update 131 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Junk Mail filter update (HKLM\...\{8E5233E1-7495-44FB-8DEB-4BE906D59619}) (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Malwarebytes version 4.1.0.56 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.0.56 - Malwarebytes)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft .NET Framework 4.8 (العربية) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1025) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 2 (SP2) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version:  - Microsoft)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 49.0.1 (x86 en-GB) (HKLM\...\Mozilla Firefox 49.0.1 (x86 en-GB)) (Version: 49.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 49.0.1 - Mozilla)
Mumble 1.2.19 (HKLM\...\{9BCF5203-72BB-4425-A391-83BF298EF376}) (Version: 1.2.19 - Thorvald Natvig)
OpenOffice.org 3.4.1 (HKLM\...\{C1D2E768-21A2-4AEF-AF5E-48E9CE6550F2}) (Version: 3.41.9593 - Apache Software Foundation)
Paint XP version 1.2 (HKLM\...\{2367FAB6-055A-4923-835F-F57F7BBBA363}_is1) (Version: 1.2 - MSPAINTXP.COM)
Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3318 - CyberLink Corp.) Hidden
Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3318 - CyberLink Corp.)
QLBCASL (HKLM\...\{F1D7AC58-554A-4A58-B784-B61558B1449A}) (Version: 6.40.17.2 - Hewlett-Packard) Hidden
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0010 - Realtek)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30104 - Realtek Semiconductor Corp.)
Recovery Manager (HKLM\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.2214 - CyberLink Corp.) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.13.1 - Synaptics Incorporated)
The KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version:  - )
Times Reader (HKLM\...\{491ADA37-04EE-2ECE-9F86-DDC0106047AC}) (Version: 2.055 - The New York Times Company)
VC80CRTRedist - 8.0.50727.6195 (HKLM\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WildTangent ShortcutProvider (HKLM\...\{80831F60-19D7-43B3-A60C-5CAF8C478DF6}) (Version: 4.5.1.170 - WildTangent) Hidden
Windows Driver Package - Broadcom Bluetooth  (06/15/2009 6.2.0.9000) (HKLM\...\B7541EC5F72AA713F557569278EB6273725F5607) (Version: 06/15/2009 6.2.0.9000 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (HKLM\...\A6A8668C0A13640CA28FE2A7D9654BE4AE478B13) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\BF20603967CFDCB2BBF91950E8A56DFBC5C833FE) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinZip 23.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2411E}) (Version: 23.0.13431 - Corel Corporation)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3461133905-2381754433-3374124651-1000_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader.WinZipExpressForOffice.dll (Corel Corporation -> )
ShellIconOverlayIdentifiers: [00Zecter] -> {D25B32FE-CB96-491A-98FF-AD59DA382D69} => C:\Program Files\Hewlett-Packard\HP CloudDrive\ShellExt.dll [2009-10-28] (Versionate Inc.) [File not signed]
ShellIconOverlayIdentifiers: [01Zecter] -> {EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5} => C:\Program Files\Hewlett-Packard\HP CloudDrive\ShellExt.dll [2009-10-28] (Versionate Inc.) [File not signed]
ShellIconOverlayIdentifiers: [02Zecter] -> {B3C78E40-6B64-47C3-AE34-60B770881EB8} => C:\Program Files\Hewlett-Packard\HP CloudDrive\ShellExt.dll [2009-10-28] (Versionate Inc.) [File not signed]
ShellIconOverlayIdentifiers: [03Zecter] -> {622AFE52-33F6-4D9F-9966-E0BC52D7D69D} => C:\Program Files\Hewlett-Packard\HP CloudDrive\ShellExt.dll [2009-10-28] (Versionate Inc.) [File not signed]
ShellIconOverlayIdentifiers: [04Zecter] -> {855156F0-2A0F-11DE-8C30-0800200C9A66} => C:\Program Files\Hewlett-Packard\HP CloudDrive\ShellExt.dll [2009-10-28] (Versionate Inc.) [File not signed]
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshlstb.dll [2019-05-17] (Corel Corporation -> WinZip Computing)
ContextMenuHandlers1: [Zecter] -> {E032716F-2E0A-4CCB-9FEB-BF2090B035DF} => C:\Program Files\Hewlett-Packard\HP CloudDrive\ShellExt.dll [2009-10-28] (Versionate Inc.) [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshlstb.dll [2019-05-17] (Corel Corporation -> WinZip Computing)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2009-09-23] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshlstb.dll [2019-05-17] (Corel Corporation -> WinZip Computing)
ContextMenuHandlers6: [Zecter] -> {E032716F-2E0A-4CCB-9FEB-BF2090B035DF} => C:\Program Files\Hewlett-Packard\HP CloudDrive\ShellExt.dll [2009-10-28] (Versionate Inc.) [File not signed]
 
==================== Codecs (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Drivers32: [msacm.divxa32] => C:\Windows\system32\msaud32_divx.acm [186368 2003-02-03] (Microsoft Corporation) [File not signed]
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2008-11-13 18:28 - 2008-11-13 18:28 - 000007168 _____ ( ) [File not signed] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\Interop.HPQTOASTERLib.dll
2008-11-13 18:28 - 2008-11-13 18:28 - 000005120 _____ ( ) [File not signed] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\Interop.HPQWMIEXLib.dll
2020-03-27 02:00 - 2020-03-27 02:00 - 000379904 _____ () [File not signed] C:\Users\User\AppData\Local\Temp\libsqlitejdbc-8274762169473387228.lib
2010-12-27 23:31 - 2020-03-27 01:59 - 000197120 _____ () [File not signed] C:\Users\User\AppData\Local\Temp\WindowsAPI.dll
2010-12-27 23:31 - 2010-12-27 23:31 - 000077824 _____ (Eclipse Foundation) [File not signed] C:\Users\User\AppData\Local\Temp\swt-gdip-win32-3448.dll
2010-12-27 23:31 - 2010-12-27 23:31 - 000335872 _____ (Eclipse Foundation) [File not signed] C:\Users\User\AppData\Local\Temp\swt-win32-3448.dll
2009-09-01 14:30 - 2009-09-01 14:30 - 000013824 _____ (Hewlett-Packard Development Company, L.P.) [File not signed] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\ar\HPWAMain.resources.dll
2010-01-04 05:06 - 2010-01-04 05:06 - 000101376 _____ (Hewlett-Packard) [File not signed] C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
2010-01-04 04:44 - 2009-06-04 23:03 - 000073728 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel Matrix Storage Manager\ENU\IAAMon_ENU.dll
2010-01-04 04:44 - 2009-06-04 23:02 - 000118784 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel Matrix Storage Manager\ENU\PlugInRAID_ENU.dll
2010-01-04 04:44 - 2009-06-04 22:55 - 000208896 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel Matrix Storage Manager\ISDI.dll
2009-07-14 07:54 - 2009-07-14 07:54 - 000348160 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Hewlett-Packard\HP QuickSync\jre\bin\msvcr71.dll
2010-12-28 14:32 - 2010-12-28 14:32 - 000352256 _____ (Microsoft Corporation) [File not signed] C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_ar_b77a5c561934e089\mscorlib.resources.dll
2010-12-28 14:32 - 2010-12-28 14:32 - 000040960 _____ (Microsoft Corporation) [File not signed] C:\Windows\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_ar_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll
2012-07-23 20:20 - 2012-07-23 20:20 - 001101824 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80.DLL
2012-07-23 20:20 - 2012-07-23 20:20 - 001093120 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL
2009-07-14 07:54 - 2009-07-14 07:54 - 002301952 _____ (Sun Microsystems, Inc.) [File not signed] C:\Program Files\Hewlett-Packard\HP QuickSync\jre\bin\client\jvm.dll
2009-07-14 07:54 - 2009-07-14 07:54 - 000015872 _____ (Sun Microsystems, Inc.) [File not signed] C:\Program Files\Hewlett-Packard\HP QuickSync\jre\bin\hpi.dll
2009-07-14 07:54 - 2009-07-14 07:54 - 000126976 _____ (Sun Microsystems, Inc.) [File not signed] C:\Program Files\Hewlett-Packard\HP QuickSync\jre\bin\java.dll
2009-07-14 07:54 - 2009-07-14 07:54 - 000077824 _____ (Sun Microsystems, Inc.) [File not signed] C:\Program Files\Hewlett-Packard\HP QuickSync\jre\bin\net.dll
2009-07-14 07:54 - 2009-07-14 07:54 - 000031744 _____ (Sun Microsystems, Inc.) [File not signed] C:\Program Files\Hewlett-Packard\HP QuickSync\jre\bin\verify.dll
2009-07-14 07:54 - 2009-07-14 07:54 - 000047104 _____ (Sun Microsystems, Inc.) [File not signed] C:\Program Files\Hewlett-Packard\HP QuickSync\jre\bin\zip.dll
2009-10-28 21:18 - 2009-10-28 21:18 - 000661504 _____ (Versionate Inc.) [File not signed] C:\Program Files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer trusted/restricted ==========
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:04 - 2009-06-10 17:39 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Broadcom\Broadcom 802.11\Driver;C:\Program Files\WIDCOMM\Bluetooth Software\
HKU\S-1-5-21-3461133905-2381754433-3374124651-1000\Control Panel\Desktop\\Wallpaper -> %windir%\web\wallpaper\windows\img0.jpg
DNS Servers: 64.71.255.204 - 64.71.255.198
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{33DA6925-0959-4372-82BB-5B3D2AFCC0C2}C:\program files\hewlett-packard\hp quicksync\jre\bin\javaw.exe] => (Block) C:\program files\hewlett-packard\hp quicksync\jre\bin\javaw.exe
FirewallRules: [UDP Query User{AAFDA8FA-54DB-4858-B711-59147468F957}C:\program files\hewlett-packard\hp quicksync\jre\bin\javaw.exe] => (Block) C:\program files\hewlett-packard\hp quicksync\jre\bin\javaw.exe
FirewallRules: [{D945B66C-2523-423A-96E9-7AE6B3126403}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C8D0A1AB-A3F7-48EA-A1FB-D37A3866DBBE}] => (Allow) svchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{1D1710F4-336B-465F-8E81-FE4E70C394AD}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8258AB0D-2343-40AE-BD5B-7DDF1B50468D}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{12A1DEA4-154A-40CD-92AB-F659330AAFDA}C:\program files\hewlett-packard\hp quicksync\jre\bin\javaw.exe] => (Block) C:\program files\hewlett-packard\hp quicksync\jre\bin\javaw.exe
FirewallRules: [UDP Query User{17516C5A-8C23-4DE9-9A83-D1BC6822CAB5}C:\program files\hewlett-packard\hp quicksync\jre\bin\javaw.exe] => (Block) C:\program files\hewlett-packard\hp quicksync\jre\bin\javaw.exe
FirewallRules: [{C663071D-460E-4C21-A8AF-D6977B2B49B1}] => (Allow) C:\Program Files\Steam\Steam.exe No File
FirewallRules: [{FC9D5C45-DA19-415A-A413-EB50309E73A0}] => (Allow) C:\Program Files\Steam\Steam.exe No File
FirewallRules: [{998901DC-328C-42B7-9DDB-AD46317B8630}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe No File
FirewallRules: [{662310F8-7794-4C58-B856-8A9AC76F1931}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe No File
FirewallRules: [TCP Query User{67A38F2C-5FAC-4A00-A8FF-BBB3EDAC4F46}C:\users\user\appdata\local\popcorn time community\nw.exe] => (Block) C:\users\user\appdata\local\popcorn time community\nw.exe No File
FirewallRules: [UDP Query User{2B7CE4C5-6B31-45AB-B4F0-04AA6A40A208}C:\users\user\appdata\local\popcorn time community\nw.exe] => (Block) C:\users\user\appdata\local\popcorn time community\nw.exe No File
FirewallRules: [{93267959-D3CE-41E0-AA98-477DE8ABE4C4}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe No File
FirewallRules: [{63247B58-D3DD-440E-88E7-41F2BCD37296}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe No File
FirewallRules: [{2929A2A3-3952-4B10-B511-0064BFA9EB1A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{3C909B20-234D-4431-96D4-942CA02F3688}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{BF63ADEE-D316-4818-ACE3-11591F49FAF2}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
 
==================== Restore Points =========================
 
08-03-2020 19:02:42 Windows Update
15-03-2020 03:00:49 Windows Update
17-03-2020 03:00:50 Windows Update
21-03-2020 14:47:53 Windows Update
24-03-2020 13:38:49 Windows Update
28-03-2020 14:31:26 Windows Update
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (03/27/2020 02:04:22 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 001 language ID. The first DWORD in the Data section contains the Win32 error code.
 
Error: (03/27/2020 02:04:21 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 001 language ID. The first DWORD in the Data section contains the Win32 error code.
 
Error: (03/24/2020 01:44:17 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: ‏‏المنتج: Microsoft Office OneNote MUI (English) 2007 - تعذر تثبيت تحديث 'Update for Microsoft Office OneNote 2007 Help (KB963670)'. رمز الخطأ 1603. تمكن لـ Windows Installer إنشاء سجلات للمساعدة في استكشاف المشاكل الخاصة بتثبيت حزم البرامج وحلها. استخدم الارتباط التالي للحصول على إرشادات حول تشغيل دعم التسجيل: http://go.microsoft....k/?LinkId=23127
 
Error: (03/24/2020 01:44:01 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: ‏‏المنتج: Microsoft Office PowerPoint MUI (English) 2007 - تعذر تثبيت تحديث 'Update for Microsoft Office Powerpoint 2007 Help (KB963669)'. رمز الخطأ 1603. تمكن لـ Windows Installer إنشاء سجلات للمساعدة في استكشاف المشاكل الخاصة بتثبيت حزم البرامج وحلها. استخدم الارتباط التالي للحصول على إرشادات حول تشغيل دعم التسجيل: http://go.microsoft....k/?LinkId=23127
 
Error: (03/24/2020 01:43:49 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: ‏‏المنتج: Microsoft Office Shared MUI (English) 2007 - تعذر تثبيت تحديث 'Update for Microsoft Office 2007 Help for Common Features (KB963673)'. رمز الخطأ 1603. تمكن لـ Windows Installer إنشاء سجلات للمساعدة في استكشاف المشاكل الخاصة بتثبيت حزم البرامج وحلها. استخدم الارتباط التالي للحصول على إرشادات حول تشغيل دعم التسجيل: http://go.microsoft....k/?LinkId=23127
 
Error: (03/24/2020 01:43:41 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: ‏‏المنتج: Microsoft Office Word MUI (English) 2007 - تعذر تثبيت تحديث 'Update for Microsoft Office Word 2007 Help (KB963665)'. رمز الخطأ 1603. تمكن لـ Windows Installer إنشاء سجلات للمساعدة في استكشاف المشاكل الخاصة بتثبيت حزم البرامج وحلها. استخدم الارتباط التالي للحصول على إرشادات حول تشغيل دعم التسجيل: http://go.microsoft....k/?LinkId=23127
 
Error: (03/24/2020 01:43:35 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: ‏‏المنتج: Microsoft Office Excel MUI (English) 2007 - تعذر تثبيت تحديث 'Update for Microsoft Office Excel 2007 Help (KB963678)'. رمز الخطأ 1603. تمكن لـ Windows Installer إنشاء سجلات للمساعدة في استكشاف المشاكل الخاصة بتثبيت حزم البرامج وحلها. استخدم الارتباط التالي للحصول على إرشادات حول تشغيل دعم التسجيل: http://go.microsoft....k/?LinkId=23127
 
Error: (03/24/2020 01:41:37 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: ‏‏المنتج: Microsoft Office Shared MUI (English) 2007 - تعذر تثبيت تحديث 'Microsoft Office 2007 Service Pack 3 (SP3)'. رمز الخطأ 1603. تمكن لـ Windows Installer إنشاء سجلات للمساعدة في استكشاف المشاكل الخاصة بتثبيت حزم البرامج وحلها. استخدم الارتباط التالي للحصول على إرشادات حول تشغيل دعم التسجيل: http://go.microsoft....k/?LinkId=23127
 
 
System errors:
=============
Error: (03/27/2020 06:49:50 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: ‏‏تم الوصول إلى نهاية المهلة (30000 مللي ثانية) أثناء انتظار استجابة معاملة من الخدمة ShellHWDetection.
 
Error: (03/27/2020 05:10:08 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: ‏‏تم الوصول إلى نهاية المهلة (30000 مللي ثانية) أثناء انتظار استجابة معاملة من الخدمة Netman.
 
Error: (03/27/2020 01:58:24 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: ‏‏فشل تحميل برنامج التشغيل التالي الخاص ببدء تشغيل النظام أو تمهيد للتشغيل: 
cdrom
 
Error: (03/27/2020 01:58:02 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 01:54:05 on ‎27/‎03/‎2020 was unexpected.
 
Error: (03/25/2020 08:38:50 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: ‏‏تم الوصول إلى نهاية المهلة (30000 مللي ثانية) أثناء انتظار استجابة معاملة من الخدمة wuauserv.
 
Error: (03/24/2020 04:17:36 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: ‏‏تم الوصول إلى نهاية المهلة (30000 مللي ثانية) أثناء انتظار استجابة معاملة من الخدمة Schedule.
 
Error: (03/24/2020 02:08:42 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070663: تحديث أمان لـ Microsoft Office 2007 suites (KB2825645).
 
Error: (03/24/2020 02:08:42 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: تحديث لتعليمات برنامج Microsoft Office OneNote 2007 رقم (KB963670).
 
 
Windows Defender:
===================================
Date: 2019-08-12 16:50:19.880
Description: 
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x80070003
Error description:??????? ??? ?????? ?????? ??? ?????? ??????. 
Signature version:0.0.0.0
Engine version:0.0.0.0
 
Date: 2018-07-04 19:26:09.454
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version:1.271.442.0
Previous Signature Version:1.269.1075.0
Update Source:User
Signature Type:AntiSpyware
Update Type:Delta
Current Engine Version:1.1.15000.2
Previous Engine Version:1.1.14901.4
Error code:0x80070666
Error description:???? ?????? ????? ????? ??? ?? ??? ??????. ????? ?????? ????? ??? ???????. ?????? ??????? ??????? ?? ??? ?????? ?? ??????? ?????? "?????/????? ???????" ??? "???? ??????". 
 
Date: 2018-07-04 19:26:09.454
Description: 
Windows Defender has encountered an error trying to update the engine.
New Engine Version:1.1.15000.2
Previous Engine Version:1.1.14901.4
Update Source:User
Error Code:0x80070666
Error description:???? ?????? ????? ????? ??? ?? ??? ??????. ????? ?????? ????? ??? ???????. ?????? ??????? ??????? ?? ??? ?????? ?? ??????? ?????? "?????/????? ???????" ??? "???? ??????". 
 
==================== Memory info =========================== 
 
BIOS: Hewlett-Packard F.02 12/04/2009
Motherboard: Hewlett-Packard 3660
Processor: Intel® Atom™ CPU N450 @ 1.66GHz
Percentage of memory in use: 92%
Total physical RAM: 2011.48 MB
Available physical RAM: 144.41 MB
Total Virtual: 4022.95 MB
Available Virtual: 1537.55 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:221.1 GB) (Free:138.75 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:11.49 GB) (Free:1.87 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
 
\\?\Volume{0dd352f5-131c-11e0-99a7-806e6f6e6963}\ () (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 871A1FDD)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=221.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
 
==================== End of Addition.txt =======================

  • 0

#4
iMacg3
Posted 31 March 2020 - 09:50 PM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
My apologies for the delay, currently reviewing your logs.
  • 0

#5
iMacg3
Posted 01 April 2020 - 09:09 PM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Hi tsvc15,

I don't see an Antivirus program running on your machine

Download and install an antivirus program, and make sure that you keep it updated
New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
A good free antivirus is Microsoft Security Essentials

Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

---------------------------------------------------
Did you set a proxy in Firefox?

FF NetworkProxy: Mozilla\Firefox\Profiles\ivvbeojz.default -> type", 0


---------------------------------------------------
Farbar Recovery Scan Tool - Fix
  • Highlight the contents of the below code box and press Ctrl + C on your keyboard:
    Start::
CreateRestorePoint:
CloseProcesses:
Task: {2BD05BA6-988D-4BD3-A9CD-9A39F80AF524} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {5B184694-64C3-4633-94C5-945B3FA561D6} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {9F54B95F-5096-4803-AE61-E9B3AC5B616D} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Task: {D21F6024-191F-4454-BBBC-09A650DA2549} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {95FBE619-19B8-4D4D-85FF-AC655C023F00} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3461133905-2381754433-3374124651-1000 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://tbsearch.ask.com/redirect?client=ie&tb=PTV&o=15184&src=crm&q={searchTerms}&locale=en_US
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
Toolbar: HKU\S-1-5-21-3461133905-2381754433-3374124651-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-3461133905-2381754433-3374124651-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF Plugin: @funwebproducts.com/Plugin -> C:\Program Files\FunWebProducts\Installr\1.bin\NPFunWeb.dll [No File]
FirewallRules: [{C663071D-460E-4C21-A8AF-D6977B2B49B1}] => (Allow) C:\Program Files\Steam\Steam.exe No File
FirewallRules: [{FC9D5C45-DA19-415A-A413-EB50309E73A0}] => (Allow) C:\Program Files\Steam\Steam.exe No File
FirewallRules: [{998901DC-328C-42B7-9DDB-AD46317B8630}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe No File
FirewallRules: [{662310F8-7794-4C58-B856-8A9AC76F1931}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe No File
FirewallRules: [TCP Query User{67A38F2C-5FAC-4A00-A8FF-BBB3EDAC4F46}C:\users\user\appdata\local\popcorn time community\nw.exe] => (Block) C:\users\user\appdata\local\popcorn time community\nw.exe No File
FirewallRules: [UDP Query User{2B7CE4C5-6B31-45AB-B4F0-04AA6A40A208}C:\users\user\appdata\local\popcorn time community\nw.exe] => (Block) C:\users\user\appdata\local\popcorn time community\nw.exe No File
FirewallRules: [{93267959-D3CE-41E0-AA98-477DE8ABE4C4}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe No File
FirewallRules: [{63247B58-D3DD-440E-88E7-41F2BCD37296}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe No File
C:\Program Files\FunWebProducts
VirusTotal: C:\dvmexp.idx
End::
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Double-click FRST.exe/FRST64.exe to run it.
  • Press the Fix button just once and wait.
    Note: No need to paste the script into FRST.
  • Restart the computer if prompted.
  • When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
  • Please copy and paste its contents into your reply.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP