Jump to content

ProblemsRBad

Members
  • Content count

    1,095
  • Joined

  • Last visited

  • Days Won

    1

About ProblemsRBad

  • Rank
    $ Supporting Member

Profile Information

  • Gender
    Not Telling
  • OS
    Windows 10

Profile Fields

  • Country
  1. Latest RogueKiller hanging up for 8+ hours on msacm.msg711

    Thanks, I posted there. We'll see what they have to say. I'll let you guys know.
  2. Latest RogueKiller hanging up for 8+ hours on msacm.msg711

    I have not install any codecs. Still hanging up at the same spot from safe mode.
  3. Latest RogueKiller hanging up for 8+ hours on msacm.msg711

    They? I have no idea...
  4. As the title says, I'm scanning my Win 10 machine and RogueKiller 64 bit portable is haning up at regisrty value [x64] HKEY_LOCAL_MACHINE\SOFTWARE...T\CurrentVersion\Drivers32 : msacm.msg711 string. I don't know what to do or why it's hanging up. I did open task manager and close it down. Restarted the scan and still hang up here. Anybody know why?
  5. Ran DelFix, Computer working better now thanks for the help. Now I will upgrade it to Win 10.
  6. Results of screen317's Security Check version 1.014 --- 12/23/15 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` SpywareBlaster 5.5 SUPERAntiSpyware Java version 32-bit out of Date! Adobe Flash Player 27.0.0.187 Mozilla Firefox (57.0) Google Chrome (62.0.3202.94) Google Chrome (SetupMetrics...) ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: 3% ````````````````````End of Log`````````````````````` ---------------------------------------------------------------------------- Farbar Service Scanner Version: 27-01-2016 Ran by User (administrator) on 29-11-2017 at 07:32:08 Running from "C:\Users\User\Desktop" Microsoft Windows 7 Ultimate Service Pack 1 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== Other Services: ============== File Check: ======== C:\Windows\system32\nsisvc.dll => File is digitally signed C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed C:\Windows\system32\dhcpcore.dll => File is digitally signed C:\Windows\system32\Drivers\afd.sys => File is digitally signed C:\Windows\system32\Drivers\tdx.sys => File is digitally signed C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed C:\Windows\system32\dnsrslvr.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\mpssvc.dll => File is digitally signed C:\Windows\system32\bfe.dll => File is digitally signed C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed C:\Windows\system32\SDRSVC.dll => File is digitally signed C:\Windows\system32\vssvc.exe => File is digitally signed C:\Windows\system32\wscsvc.dll => File is digitally signed C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed C:\Windows\system32\wuaueng.dll => File is digitally signed C:\Windows\system32\qmgr.dll => File is digitally signed C:\Windows\system32\es.dll => File is digitally signed C:\Windows\system32\cryptsvc.dll => File is digitally signed C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed C:\Windows\system32\ipnathlp.dll => File is digitally signed C:\Windows\system32\iphlpsvc.dll => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed **** End of log ****
  7. All finished Sophos scanned back clean so I don't have a log.
  8. Fix result of Farbar Recovery Scan Tool (x86) Version: 27-11-2017 Ran by User (29-11-2017 07:03:03) Run:1 Running from C:\Users\User\Desktop Loaded Profiles: User (Available Profiles: User & Kids) Boot Mode: Normal ============================================== fixlist content: ***************** GroupPolicy: Restriction - Chrome <==== ATTENTION GroupPolicy\User: Restriction ? <==== ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\User\AppData\Local\Facebook\Games\FacebookGameroom.exe (No File) S3 SophosVirusRemovalTool; C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [X] U3 catchme; \??\C:\Users\User\AppData\Local\Temp\catchme.sys [X] R3 gkernel; \??\C:\Users\User\AppData\Local\Temp\gkernel.sys [X] U3 mbr; \??\C:\ComboFix\mbr.sys [X] 2017-11-29 05:16 - 2017-09-13 23:10 - 001310528 _____ (Microsoft Corporation) C:\Users\User\AppData\Local\temp\dllnt_dump.dll AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125] ***************** C:\Windows\system32\GroupPolicy\Machine => moved successfully C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully C:\Windows\system32\GroupPolicy\User => moved successfully HKLM\SOFTWARE\Policies\Google => key removed successfully. C:\Users\User\AppData\Local\Facebook\Games\FacebookGameroom.exe => not found. HKLM\System\CurrentControlSet\Services\SophosVirusRemovalTool => key removed successfully. SophosVirusRemovalTool => service removed successfully. HKLM\System\CurrentControlSet\Services\catchme => key removed successfully. catchme => service removed successfully. gkernel => Unable to stop service. HKLM\System\CurrentControlSet\Services\gkernel => key removed successfully. gkernel => service removed successfully. HKLM\System\CurrentControlSet\Services\mbr => key removed successfully. mbr => service removed successfully. C:\Users\User\AppData\Local\temp\dllnt_dump.dll => moved successfully C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully. The system needed a reboot. ==== End of Fixlog 07:03:09 ====
  9. [RESOLVED] Friends Win 7 AV wont update.

    Sophos scanned clean and didn't have a log, I did say that in the post. :)
  10. Sophos scanned clean and didn't have a log, I did say that in the post. :)
  11. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-11-2017 Ran by User (administrator) on USER-PC (29-11-2017 06:35:29) Running from C:\Users\User\Desktop Loaded Profiles: User (Available Profiles: User & Kids) Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe () C:\Program Files\AnyDesk\AnyDesk.exe (Camshare Inc.) C:\Program Files\Camfrog\Camfrog Video Chat\update\cf_update_service.exe (arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Google Inc.) C:\Program Files\Google\Update\1.3.33.7\GoogleCrashHandler.exe () C:\Program Files\AnyDesk\AnyDesk.exe () C:\Program Files\Garena Plus\ggdllhost.exe () C:\Program Files\Garena Plus\ggdllhost.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe () C:\Program Files\AnyDesk\AnyDesk.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe () C:\Program Files\AnyDesk\AnyDesk.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12021464 2014-01-23] (Realtek Semiconductor) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation) HKLM\...\Run: [CheckNDISPort52ac99] => C:\Program Files\Hostless Modem\SMART BRO\CheckNDISPort_df.exe [474504 2016-06-24] () HKLM\...\Run: [CancelAutoPlay_df] => C:\Program Files\Hostless Modem\SMART BRO\CancelAutoPlay_df.exe [446344 2016-06-24] () HKU\S-1-5-21-170921496-1106030034-2206049285-1000\...\Run: [Spotify Web Helper] => C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1444976 2017-03-23] (Spotify Ltd) HKU\S-1-5-21-170921496-1106030034-2206049285-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27832264 2017-10-10] (Skype Technologies S.A.) HKU\S-1-5-21-170921496-1106030034-2206049285-1000\...\Run: [BingSvc] => C:\Users\User\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2016-03-17] (© 2015 Microsoft Corporation) HKU\S-1-5-21-170921496-1106030034-2206049285-1000\...\Run: [Camfrog] => C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe [17875976 2017-07-17] (Camshare, Inc.) HKU\S-1-5-21-170921496-1106030034-2206049285-1000\...\Run: [ManyCam] => C:\Program Files\ManyCam\ManyCam.exe [12580880 2017-09-27] (Visicom Media Inc.) HKU\S-1-5-21-170921496-1106030034-2206049285-1000\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-170921496-1106030034-2206049285-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-170921496-1106030034-2206049285-1000\...\Policies\Explorer: [NolowDiskSpaceChecks] 1 Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [2017-11-27] ShortcutTarget: AnyDesk.lnk -> C:\Program Files\AnyDesk\AnyDesk.exe () Startup: C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2017-05-05] ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\User\AppData\Local\Facebook\Games\FacebookGameroom.exe (No File) GroupPolicy: Restriction - Chrome <==== ATTENTION GroupPolicy\User: Restriction ? <==== ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{BB31A002-A206-4182-B2FB-5249F087FC4A}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{BD80AB38-0FDF-4548-8E80-482302297371}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-170921496-1106030034-2206049285-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-170921496-1106030034-2206049285-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ph.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-170921496-1106030034-2206049285-1000 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?FORM=SK2BDF&PC=SK2B&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-170921496-1106030034-2206049285-1000 -> {DBA82A39-8414-497B-B3AB-4526E0E01675} URL = hxxps://ph.search.yahoo.com/search?p={searchTerms}&intl=ph&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.) Toolbar: HKU\S-1-5-21-170921496-1106030034-2206049285-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.) Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ceddelit.default [2017-11-29] FF Homepage: Mozilla\Firefox\Profiles\ceddelit.default -> google.com FF Extension: (Avast Passwords) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ceddelit.default\Extensions\jid1-r1tDuNiNb4SEww@jetpack.xpi [2017-11-22] FF Extension: (__MSG_appName__) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ceddelit.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}.xpi [2017-10-23] FF Extension: (Video DownloadHelper) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ceddelit.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-11-17] FF Extension: (Adblock Plus) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ceddelit.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-11-09] FF Extension: (Disable Media WMF NV12 format) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ceddelit.default\features\{0fd9cb75-16e3-407f-9dbe-209ecbfdc1c5}\disable-media-wmf-nv12@mozilla.org.xpi [2017-11-22] [Lagacy] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_27_0_0_187.dll [2017-11-14] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin: @t.garena.com/garenatalk -> C:\Program Files\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2016-10-25] ( Garena) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-05] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-170921496-1106030034-2206049285-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-12-17] (Unity Technologies ApS) Chrome: ======= CHR DefaultProfile: Profile 1 CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2017-11-29] CHR Extension: (Avast SafePrice) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-06-12] CHR Extension: (Avast Online Security) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-06-12] CHR Extension: (Mga Pagbabayad sa Chrome Web Store) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-06-12] CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-12] CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-11-29] CHR Extension: (Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-16] CHR Extension: (Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13] CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-04] CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-04] CHR Extension: (Paghahanap sa Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-04] CHR Extension: (Adobe Acrobat) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-07-24] CHR Extension: (EverWing Hacks) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fbingkbgnhkfpmffjiekekmedohpmfef [2017-09-22] CHR Extension: (Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-16] CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-19] CHR Extension: (GitHub Selfies) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nffhanbibppaafgcnpihfifdhfgohijm [2017-08-21] CHR Extension: (Mga Pagbabayad sa Chrome Web Store) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22] CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-04] CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-18] CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile [2016-07-08] CHR HKU\S-1-5-21-170921496-1106030034-2206049285-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [143776 2017-01-31] (SUPERAntiSpyware.com) R2 AnyDesk; C:\Program Files\AnyDesk\AnyDesk.exe [1809096 2017-11-27] () S2 AnyDeskVolatileSvc; C:\Users\User\Downloads\AnyDesk.exe [1809096 2017-11-27] () R2 camfrog_update_service; C:\Program Files\Camfrog\Camfrog Video Chat\update\cf_update_service.exe [1063968 2016-12-19] (Camshare Inc.) S3 Lenovo EasyPlus Hotspot; C:\Program Files\Common Files\LENOVO\easyplussdk\bin\EPHotspot.exe [509408 2015-07-22] (Lenovo) S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2945312 2016-01-12] (IObit) S2 ManyCam Service; C:\ProgramData\ManyCam\Service\ManyCamService.exe [544984 2016-03-31] (Visicom Media Inc.) S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4430792 2017-08-07] (Malwarebytes) R2 PSI_SVC_2; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (arvato digital services llc) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) S3 SophosVirusRemovalTool; C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [59904 2017-10-07] () R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49064 2017-02-08] (Visicom Media Inc.) S3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [91576 2017-10-14] (Malwarebytes) S3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [40384 2017-10-14] (Malwarebytes) S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [221112 2017-11-29] (Malwarebytes) S3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [65824 2017-10-14] (Malwarebytes) R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv.sys [30488 2014-12-29] (Visicom Media Inc.) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SCT_SKMScan; C:\Windows\System32\DRIVERS\sct_skmscan.sys [33096 2012-10-12] (Sophos Limited) S3 scvad_simple; C:\Windows\System32\drivers\SplitCamAudio.sys [18944 2017-08-11] (Windows (R) Win 7 DDK provider) R3 Serenum; C:\Windows\System32\DRIVERS\nuvserenum.sys [17920 2014-01-12] (Windows (R) Win 7 DDK provider) R3 Serial; C:\Windows\System32\DRIVERS\nuvserial.sys [76288 2014-01-12] (Nuvoton Technology Corp.) S3 splitcam_hd_driver; C:\Windows\System32\DRIVERS\splitcam_hd_driver.sys [37088 2017-08-11] (Windows (R) Win 7 DDK provider) R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [36944 2017-04-26] (Anchorfree Inc.) S3 VASDeviceDrm; C:\Windows\System32\drivers\vasdDev.sys [1451312 2015-07-21] (ShiningMorning Inc.) S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [128704 2016-08-16] (MBB) U3 catchme; \??\C:\Users\User\AppData\Local\Temp\catchme.sys [X] R3 gkernel; \??\C:\Users\User\AppData\Local\Temp\gkernel.sys [X] U3 mbr; \??\C:\ComboFix\mbr.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-11-29 06:35 - 2017-11-29 06:36 - 000016586 _____ C:\Users\User\Desktop\FRST.txt 2017-11-29 06:34 - 2017-11-29 06:34 - 001752064 _____ (Farbar) C:\Users\User\Desktop\FRST.exe 2017-11-29 04:27 - 2017-11-29 04:27 - 000017059 _____ C:\ComboFix.txt 2017-11-29 04:14 - 2017-11-29 04:27 - 000000000 ____D C:\Qoobox 2017-11-29 04:14 - 2011-06-26 14:45 - 000256000 _____ C:\Windows\PEV.exe 2017-11-29 04:14 - 2010-11-08 01:20 - 000208896 _____ C:\Windows\MBR.exe 2017-11-29 04:14 - 2009-04-20 12:56 - 000060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2017-11-29 04:14 - 2000-08-31 08:00 - 000518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2017-11-29 04:14 - 2000-08-31 08:00 - 000406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2017-11-29 04:14 - 2000-08-31 08:00 - 000098816 _____ C:\Windows\sed.exe 2017-11-29 04:14 - 2000-08-31 08:00 - 000080412 _____ C:\Windows\grep.exe 2017-11-29 04:14 - 2000-08-31 08:00 - 000068096 _____ C:\Windows\zip.exe 2017-11-29 04:11 - 2017-11-29 04:12 - 005659763 ____R (Swearware) C:\Users\User\Desktop\ComboFix.exe 2017-11-28 14:18 - 2017-11-28 14:18 - 000001547 _____ C:\Users\User\Desktop\AdwCleaner[C3].txt 2017-11-28 13:31 - 2017-11-28 13:31 - 000001315 _____ C:\Users\User\Desktop\malbyte.txt 2017-11-28 13:15 - 2017-11-28 13:15 - 000004676 _____ C:\Users\User\Desktop\rkiller.txt 2017-11-28 12:19 - 2017-11-28 12:20 - 022468168 _____ (Adlice Software) C:\Users\User\Desktop\RogueKiller_portable32.exe 2017-11-28 00:34 - 2017-11-29 03:07 - 000221112 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2017-11-27 23:51 - 2017-11-27 23:51 - 008261584 _____ (Malwarebytes) C:\Users\User\Desktop\AdwCleaner.exe 2017-11-27 23:30 - 2017-11-27 23:32 - 036146872 _____ (Adlice Software ) C:\Users\User\Downloads\RogueKiller_setup_ref3.exe 2017-11-27 23:26 - 2017-11-29 06:35 - 000000000 ____D C:\FRST 2017-11-27 22:59 - 2017-11-27 22:59 - 000001806 _____ C:\Users\Public\Desktop\AnyDesk.lnk 2017-11-27 22:59 - 2017-11-27 22:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnyDesk 2017-11-27 22:59 - 2017-11-27 22:59 - 000000000 ____D C:\ProgramData\AnyDesk 2017-11-27 22:59 - 2017-11-27 22:59 - 000000000 ____D C:\Program Files\AnyDesk 2017-11-27 22:06 - 2017-11-27 22:53 - 000000000 ____D C:\Users\User\AppData\Roaming\AnyDesk 2017-11-27 22:05 - 2017-11-27 22:05 - 001809096 _____ C:\Users\User\Downloads\AnyDesk.exe 2017-11-17 09:23 - 2017-11-17 09:23 - 000730147 _____ C:\Users\Kids\Downloads\robotics.pptx 2017-11-17 07:08 - 2017-11-17 07:08 - 003562979 _____ C:\Users\Kids\Downloads\Sexual-Reproduction.pptx 2017-11-17 07:08 - 2017-11-17 07:08 - 001323659 _____ C:\Users\Kids\Downloads\Asexual-Reproduction.pptx 2017-11-16 13:45 - 2017-11-16 14:02 - 000000000 ____D C:\Users\User\Desktop\New folder 2017-11-15 13:01 - 2017-10-18 14:45 - 000347336 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2017-11-15 13:01 - 2017-10-18 09:55 - 000285696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2017-11-15 13:01 - 2017-10-18 09:55 - 000259584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2017-11-15 13:01 - 2017-10-18 09:55 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2017-11-15 13:01 - 2017-10-18 09:55 - 000046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2017-11-15 13:01 - 2017-10-18 09:55 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2017-11-15 13:01 - 2017-10-18 09:55 - 000020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2017-11-15 13:01 - 2017-10-18 09:55 - 000006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2017-11-15 13:01 - 2017-10-17 06:49 - 001213672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2017-11-15 13:01 - 2017-10-17 06:25 - 002402816 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2017-11-15 13:01 - 2017-10-17 05:55 - 000339968 _____ (Microsoft Corporation) C:\Windows\system32\msexcl40.dll 2017-11-15 13:01 - 2017-10-14 15:14 - 020269056 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2017-11-15 13:01 - 2017-10-14 15:03 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2017-11-15 13:01 - 2017-10-14 15:03 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2017-11-15 13:01 - 2017-10-14 14:53 - 000499200 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2017-11-15 13:01 - 2017-10-14 14:53 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2017-11-15 13:01 - 2017-10-14 14:52 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2017-11-15 13:01 - 2017-10-14 14:52 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2017-11-15 13:01 - 2017-10-14 14:51 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2017-11-15 13:01 - 2017-10-14 14:50 - 002293760 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2017-11-15 13:01 - 2017-10-14 14:47 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2017-11-15 13:01 - 2017-10-14 14:47 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2017-11-15 13:01 - 2017-10-14 14:46 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2017-11-15 13:01 - 2017-10-14 14:45 - 000662016 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2017-11-15 13:01 - 2017-10-14 14:45 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2017-11-15 13:01 - 2017-10-14 14:45 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2017-11-15 13:01 - 2017-10-14 14:45 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2017-11-15 13:01 - 2017-10-14 14:41 - 000667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2017-11-15 13:01 - 2017-10-14 14:38 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2017-11-15 13:01 - 2017-10-14 14:35 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2017-11-15 13:01 - 2017-10-14 14:35 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2017-11-15 13:01 - 2017-10-14 14:34 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2017-11-15 13:01 - 2017-10-14 14:33 - 004542464 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2017-11-15 13:01 - 2017-10-14 14:33 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2017-11-15 13:01 - 2017-10-14 14:32 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2017-11-15 13:01 - 2017-10-14 14:31 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2017-11-15 13:01 - 2017-10-14 14:30 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2017-11-15 13:01 - 2017-10-14 14:28 - 013680128 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2017-11-15 13:01 - 2017-10-14 14:25 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2017-11-15 13:01 - 2017-10-14 14:24 - 000694272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2017-11-15 13:01 - 2017-10-14 14:24 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2017-11-15 13:01 - 2017-10-14 14:23 - 002058752 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2017-11-15 13:01 - 2017-10-14 14:23 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2017-11-15 13:01 - 2017-10-14 14:10 - 002767872 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2017-11-15 13:01 - 2017-10-14 14:07 - 001314304 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2017-11-15 13:01 - 2017-10-14 14:04 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2017-11-15 13:01 - 2017-10-12 08:40 - 000308456 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2017-11-15 13:01 - 2017-10-12 08:37 - 012574208 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2017-11-15 13:01 - 2017-10-12 08:37 - 011410944 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2017-11-15 13:01 - 2017-10-12 08:37 - 001549824 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll 2017-11-15 13:01 - 2017-10-12 08:37 - 001400320 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll 2017-11-15 13:01 - 2017-10-12 08:37 - 001363968 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll 2017-11-15 13:01 - 2017-10-12 08:37 - 000666624 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll 2017-11-15 13:01 - 2017-10-12 08:37 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll 2017-11-15 13:01 - 2017-10-12 08:37 - 000197120 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll 2017-11-15 13:01 - 2017-10-12 08:37 - 000111104 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll 2017-11-15 13:01 - 2017-10-12 08:37 - 000104448 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll 2017-11-15 13:01 - 2017-10-12 08:37 - 000070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2017-11-15 13:01 - 2017-10-12 08:37 - 000059392 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll 2017-11-15 13:01 - 2017-10-12 08:37 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll 2017-11-15 13:01 - 2017-10-12 08:37 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2017-11-15 13:01 - 2017-10-12 08:37 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2017-11-15 13:01 - 2017-10-12 08:26 - 000427520 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe 2017-11-15 13:01 - 2017-10-12 08:26 - 000164352 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe 2017-11-15 13:01 - 2017-10-12 08:25 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe 2017-11-15 13:01 - 2017-10-12 08:25 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll 2017-11-15 13:01 - 2017-10-12 08:24 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2017-11-15 13:01 - 2017-10-12 08:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2017-11-15 13:01 - 2017-10-12 08:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2017-11-15 13:01 - 2017-10-12 08:16 - 000034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2017-11-15 13:01 - 2017-10-12 08:14 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys 2017-11-15 13:01 - 2017-09-07 21:05 - 000922432 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll 2017-11-15 13:01 - 2017-09-07 21:05 - 000066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll 2017-11-15 13:01 - 2017-09-07 21:05 - 000022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll 2017-11-15 13:01 - 2017-09-07 21:05 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll 2017-11-15 13:01 - 2017-09-07 21:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll 2017-11-15 13:01 - 2017-09-07 21:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll 2017-11-15 13:01 - 2017-09-07 21:05 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll 2017-11-15 13:01 - 2017-09-07 21:05 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll 2017-11-15 13:01 - 2017-09-07 21:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll 2017-11-15 13:01 - 2017-09-07 21:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll 2017-11-15 13:01 - 2017-09-07 21:05 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll 2017-11-15 13:01 - 2017-09-07 21:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll 2017-11-15 13:01 - 2017-09-07 21:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll 2017-11-15 13:01 - 2017-09-07 21:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll 2017-11-15 13:01 - 2017-09-07 21:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll 2017-11-15 13:01 - 2017-09-07 21:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll 2017-11-15 13:01 - 2017-09-07 21:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll 2017-11-15 13:01 - 2017-09-07 21:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll 2017-11-15 13:01 - 2017-09-07 21:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll 2017-11-15 13:01 - 2017-09-07 21:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll 2017-11-15 13:01 - 2017-09-07 21:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll 2017-11-15 13:01 - 2017-09-07 21:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll 2017-11-15 13:01 - 2017-09-07 21:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll 2017-11-14 11:29 - 2017-11-14 11:29 - 002336768 _____ C:\Users\Kids\Desktop\LESSON_3_LAYERS.ppt 2017-11-14 11:29 - 2017-11-14 11:29 - 001641984 _____ C:\Users\Kids\Desktop\LESSON_5_Gradient_Tool__Paint_Bucket_Tool__Foreground_and_Background_Color.ppt 2017-11-14 11:29 - 2017-11-14 11:29 - 000304640 _____ C:\Users\Kids\Desktop\LESSON_4_Clone_Stamp__Patch_Tool.ppt 2017-11-14 11:28 - 2017-11-14 11:28 - 012604416 _____ C:\Users\Kids\Desktop\LESSON_2_FILTERS.ppt 2017-11-14 10:18 - 2017-11-14 10:19 - 012585472 _____ C:\Users\Kids\Downloads\LESSON_2_FILTERS.ppt 2017-11-14 10:18 - 2017-11-14 10:19 - 001633280 _____ C:\Users\Kids\Downloads\LESSON_5_Gradient_Tool__Paint_Bucket_Tool__Foreground_and_Background_Color.ppt 2017-11-14 10:18 - 2017-11-14 10:18 - 002393088 _____ C:\Users\Kids\Downloads\LESSON_3_LAYERS.ppt 2017-11-14 10:18 - 2017-11-14 10:18 - 000289792 _____ C:\Users\Kids\Downloads\LESSON_4_Clone_Stamp__Patch_Tool.ppt 2017-11-14 10:17 - 2017-11-14 10:19 - 010962432 _____ C:\Users\Kids\Downloads\LESSON_1_Adobe_Photoshop_Environment_and_Tool_Box.ppt 2017-11-11 06:50 - 2017-11-11 06:50 - 173729275 _____ C:\Windows\MEMORY.DMP 2017-11-11 06:50 - 2017-11-11 06:50 - 000419328 _____ C:\Windows\Minidump\111117-15693-01.dmp 2017-11-11 06:50 - 2017-11-11 06:50 - 000000000 ____D C:\Windows\Minidump 2017-10-30 07:59 - 2017-10-30 07:59 - 001091232 _____ (Unity Technologies ApS) C:\Users\Kids\Downloads\UnityWebPlayer(2).exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-11-29 05:17 - 2016-07-21 21:23 - 000024688 _____ C:\Windows\system32\Drivers\TrueSight.sys 2017-11-29 04:52 - 2016-11-17 00:55 - 000000000 ____D C:\Users\User\AppData\LocalLow\Mozilla 2017-11-29 04:25 - 2009-07-14 10:04 - 000000215 _____ C:\Windows\system.ini 2017-11-29 04:13 - 2009-07-14 12:34 - 000021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-11-29 04:13 - 2009-07-14 12:34 - 000021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-11-29 04:09 - 2016-03-16 21:03 - 000000000 ____D C:\Users\User\AppData\Roaming\Skype 2017-11-29 04:05 - 2009-07-14 12:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-11-29 04:04 - 2017-10-11 05:37 - 000000000 ____D C:\AdwCleaner 2017-11-29 04:04 - 2017-06-28 08:26 - 000000000 ____D C:\Program Files\SUPERAntiSpyware 2017-11-29 02:33 - 2017-10-20 09:09 - 000000000 ____D C:\Users\User\AppData\Local\ManyCam 2017-11-29 02:33 - 2016-07-20 13:59 - 000000000 ____D C:\Users\User\AppData\Roaming\ManyCam 2017-11-28 19:17 - 2015-12-10 17:06 - 000000000 ____D C:\Users\User\AppData\Roaming\Camfrog 2017-11-28 12:23 - 2017-06-28 08:24 - 000000000 ____D C:\ProgramData\TEMP 2017-11-28 12:23 - 2017-03-20 12:21 - 000040924 __RSH C:\ProgramData\ntuser.pol 2017-11-28 12:22 - 2017-06-28 08:24 - 000000000 ____D C:\Program Files\SpywareBlaster 2017-11-28 12:17 - 2017-03-18 22:41 - 000000000 ___RD C:\Users\User\Desktop\computer cleaner tools 2017-11-28 01:50 - 2009-07-14 12:33 - 000490296 _____ C:\Windows\system32\FNTCACHE.DAT 2017-11-27 23:01 - 2015-07-08 12:28 - 000134592 _____ C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT 2017-11-27 23:00 - 2016-06-30 15:34 - 000000000 ____D C:\Program Files\TeamViewer 2017-11-27 23:00 - 2016-06-16 20:56 - 000000000 ____D C:\Users\User\AppData\Roaming\TeamViewer 2017-11-26 07:22 - 2016-04-30 17:38 - 000000632 __RSH C:\Users\User\ntuser.pol 2017-11-25 21:21 - 2017-10-21 18:33 - 000000000 ____D C:\Users\User\Desktop\100GOPRO 2017-11-25 20:53 - 2016-07-31 08:09 - 000000000 ____D C:\Users\User\AppData\Local\CrashDumps 2017-11-25 18:43 - 2016-11-17 14:47 - 000000000 ____D C:\Users\Kids\AppData\LocalLow\Mozilla 2017-11-25 17:30 - 2016-11-18 17:32 - 000000000 ____D C:\Users\Kids\AppData\Roaming\GarenaPlus 2017-11-25 17:30 - 2016-11-18 12:18 - 000000000 ____D C:\ProgramData\GarenaMessenger 2017-11-25 06:09 - 2017-05-18 16:12 - 000000000 ____D C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox 2017-11-25 06:02 - 2016-08-29 05:29 - 000000902 __RSH C:\Users\Kids\ntuser.pol 2017-11-25 06:02 - 2016-08-29 05:29 - 000000000 ____D C:\Users\Kids 2017-11-24 11:02 - 2017-04-06 15:59 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox 2017-11-24 07:07 - 2015-12-16 15:32 - 000000000 ____D C:\Program Files\Opera 2017-11-22 10:15 - 2009-07-14 10:37 - 000000000 ____D C:\Windows\system32\NDF 2017-11-19 10:08 - 2016-09-03 11:27 - 000000000 ____D C:\Users\Kids\AppData\Roaming\vlc 2017-11-18 16:54 - 2010-11-21 05:01 - 000781782 _____ C:\Windows\system32\PerfStringBackup.INI 2017-11-18 16:54 - 2009-07-14 10:37 - 000000000 ____D C:\Windows\inf 2017-11-17 14:31 - 2016-08-29 05:31 - 000000000 ____D C:\Users\Kids\AppData\Roaming\Mozilla 2017-11-17 13:11 - 2017-06-21 10:58 - 000000000 ____D C:\Program Files\Mozilla Firefox 2017-11-17 13:11 - 2016-07-08 09:42 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service 2017-11-17 10:58 - 2016-07-08 09:42 - 000000000 ____D C:\Users\User\AppData\Roaming\Mozilla 2017-11-16 16:16 - 2016-05-06 00:50 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2017-11-16 13:51 - 2017-10-28 03:50 - 000000000 ____D C:\Users\User\Desktop\korea 2017 2017-11-15 17:29 - 2009-07-14 10:37 - 000000000 ____D C:\Windows\rescache 2017-11-14 19:51 - 2015-07-08 12:25 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2017-11-14 19:51 - 2015-07-08 12:25 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2017-11-14 19:51 - 2015-07-08 12:25 - 000000000 ____D C:\Windows\system32\Macromed 2017-11-14 07:46 - 2017-06-09 18:20 - 000002101 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-11-10 21:51 - 2016-03-16 21:02 - 000000000 ____D C:\ProgramData\Skype 2017-10-31 06:23 - 2009-07-14 12:53 - 000032574 _____ C:\Windows\Tasks\SCHEDLGU.TXT Some files in TEMP: ==================== 2017-11-29 05:16 - 2017-09-13 23:10 - 001310528 _____ (Microsoft Corporation) C:\Users\User\AppData\Local\temp\dllnt_dump.dll ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-11-24 07:22 ==================== End of FRST.txt ============================ -------------------------------------------------------------------------------------------------------------------------------------------------------------- Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-11-2017 Ran by User (29-11-2017 06:37:21) Running from C:\Users\User\Desktop Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2015-07-08 03:55:46) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-170921496-1106030034-2206049285-500 - Administrator - Disabled) Guest (S-1-5-21-170921496-1106030034-2206049285-501 - Limited - Enabled) HomeGroupUser$ (S-1-5-21-170921496-1106030034-2206049285-1002 - Limited - Enabled) Kids (S-1-5-21-170921496-1106030034-2206049285-1005 - Limited - Enabled) => C:\Users\Kids User (S-1-5-21-170921496-1106030034-2206049285-1000 - Administrator - Enabled) => C:\Users\User ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 4K YouTube to MP3 3.0 (HKLM\...\4K YouTube to MP3_is1) (Version: 3.0.1.1636 - Open Media LLC) Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20044 - Adobe Systems Incorporated) Adobe Flash Player 27 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 27.0.0.187 - Adobe Systems Incorporated) Adobe Flash Player 27 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated) AnyDesk (HKLM\...\AnyDesk) (Version: ad 3.6.3 - philandro Software GmbH) Camfrog Video Chat 6.18 (HKLM\...\Camfrog) (Version: 6.18.622 - Camshare, Inc.) ConvertHelper 3.2 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version: - DownloadHelper) Corel Update Manager (HKLM\...\{1229A9FF-55FA-4D4A-B482-5CA26D46A624}) (Version: 2.4.245 - Corel corporation) Hidden Corel Update Manager (HKLM\...\{EE61B6C5-F017-4505-85D3-6D40B1797D32}) (Version: 2.4.245 - Corel corporation) Hidden CorelDRAW Graphics Suite 2017 - Capture (HKLM\...\{00793547-E14A-418D-BDCC-149912C2124C}) (Version: 19.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2017 - Common (HKLM\...\{82362937-7C2B-42DF-B5D3-B44EEE235F07}) (Version: 19.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2017 - Connect (HKLM\...\{436A680E-2380-4E19-9435-E4F8AEA6C81B}) (Version: 19.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2017 - Custom Data (HKLM\...\{BE42F28B-E03E-4016-B42F-47993CD9440D}) (Version: 19.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2017 - Draw (HKLM\...\{9460A7E0-E382-4585-89AB-2F2CC3200331}) (Version: 19.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2017 - EN (HKLM\...\{FA6BA260-746E-4641-B89A-01AA723A7E88}) (Version: 19.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2017 - Filters (HKLM\...\{38C89065-DE8D-45CD-B263-DC4C99F5FEA1}) (Version: 19.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2017 - Font Manager (HKLM\...\{1B861CBD-0796-4186-87A8-3A1210F1CBE2}) (Version: 19.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2017 - IPM Content EN (HKLM\...\{EECC170F-E8EE-4EE7-B7D3-F33B006DBFA1}) (Version: 19.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2017 - IPM T (HKLM\...\{7662E81B-989F-4B9C-86A7-70CC5CA9D0D3}) (Version: 19.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2017 - PHOTO-PAINT (HKLM\...\{0F52557B-1437-4CC5-8C00-8E1F0C03CB1F}) (Version: 19.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2017 - Redist (HKLM\...\{062981C0-0146-42B0-AD7B-BCF16193FE77}) (Version: 19.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2017 - Setup Files (HKLM\...\{C552452D-1DF7-49C4-8EED-C84DC5B4E1A8}) (Version: 19.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2017 - VBA (HKLM\...\{A527F0CA-A6AC-4FE0-8FF9-BB63E23913CD}) (Version: 19.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2017 - VideoBrowser (HKLM\...\{3773C79F-2986-4210-867A-3EA6C87CB70A}) (Version: 19.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2017 - Workspaces (HKLM\...\{F73639E3-80A0-484C-B93F-63E097C53724}) (Version: 19.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2017 - Writing Tools (HKLM\...\{64B94B95-964A-40BE-B778-74525B0BC64F}) (Version: 19.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2017 (HKLM\...\_{C552452D-1DF7-49C4-8EED-C84DC5B4E1A8}) (Version: 19.1.0.419 - Corel Corporation) CorelDRAW Graphics Suite 2017 (HKLM\...\{AEE51EE6-8592-410A-ADC8-544FC4E9F03B}) (Version: 19.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - Capture (HKLM\...\{9640A543-E423-4D8D-8E82-A1CB6BECCB9C}) (Version: 18.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - Common (HKLM\...\{0622E0CF-F11D-483C-B858-7E7933996EE4}) (Version: 18.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - Connect (HKLM\...\{9F15073D-56EF-4F6F-AF06-74A3B3D6C5EB}) (Version: 18.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - Custom Data (HKLM\...\{E4AF1B6B-8513-4DB7-B99D-BA2B58503829}) (Version: 18.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - Draw (HKLM\...\{406E4433-96CF-4D4D-8317-6B8E6BDD8856}) (Version: 18.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - EN (HKLM\...\{0AAA51D9-5029-4F53-8AFC-B7A9658B4BD5}) (Version: 18.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - Filters (HKLM\...\{D4C83508-8D3A-4FBC-9F4C-AEF0D02DEF33}) (Version: 18.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - Font Manager (HKLM\...\{17D53EFD-57F4-43D8-96B7-46682C9C9741}) (Version: 18.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - IPM Content (HKLM\...\{D3515161-7F82-447A-9005-BDBDCC7B60AE}) (Version: 18.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - IPM T (HKLM\...\{442B9D08-9F56-43FE-905A-07364D0BFE8D}) (Version: 18.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - PHOTO-PAINT (HKLM\...\{7546E875-C203-4E87-8A3D-FD179944A763}) (Version: 18.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - Redist (HKLM\...\{635BA79D-FF3B-47E6-98BE-05D9FA6F884C}) (Version: 18.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - Setup Files (HKLM\...\{86F23E59-06B3-432A-9D16-B6A4DF379571}) (Version: 18.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - VBA (HKLM\...\{044AC1C1-C353-49D0-A97B-8BCCA9C4424E}) (Version: 18.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - VideoBrowser (HKLM\...\{24DBD064-369D-423F-964E-6064340342CB}) (Version: 18.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - Workspaces (HKLM\...\{3C68A5EA-7CBF-4CF7-9E24-3502014B3BE7}) (Version: 18.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - Writing Tools (HKLM\...\{7F9E5872-B446-4ADE-A9CC-0B7D7A5D8F08}) (Version: 18.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 (HKLM\...\_{86F23E59-06B3-432A-9D16-B6A4DF379571}) (Version: 18.0.0.448 - Corel Corporation) CorelDRAW Graphics Suite X8 (HKLM\...\{BD9B2CD9-7CC9-4C8C-92E5-4A1F19446B3D}) (Version: 18.0 - Corel Corporation) Hidden Facebook Gameroom 1.3.1.3 (HKLM\...\{7E155A45-DE1A-46E0-A6B2-10FE1D8501FC}) (Version: 1.3.1.3 - Facebook) GameSpy Arcade (HKLM\...\GameSpy Arcade) (Version: - ) Ghostscript GPL 8.64 (Msi Setup) (HKLM\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation) Ghostscript GPL 8.64 (Msi Setup) (HKLM\...\{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation) Hidden Google Chrome (HKLM\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.) Google Toolbar for Internet Explorer (HKLM\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.) Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.115 - Google Inc.) Hidden HP DeskJet 3630 series Basic Device Software (HKLM\...\{B07A5721-1C73-4B37-8320-76EBE729DA39}) (Version: 35.0.61.54677 - Hewlett-Packard Co.) HP DeskJet 3630 series Help (HKLM\...\{5F074370-FEB0-4477-820F-A59DF28A933E}) (Version: 35.0.0 - Hewlett Packard) HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP) HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 18.8 - Intel) KogamaLauncher-WWW (HKLM\...\{1CC9F278-D898-43D2-BBED-B3B765045888}) (Version: 1.0.3.0 - Multiverse ApS) Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes) ManyCam 6.0.2 (HKLM\...\ManyCam) (Version: 6.0.2 - Visicom Media Inc.) Metric Collection SDK 35 (HKLM\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0010.00 - Lenovo Group Limited) Hidden Microsoft .NET Framework 4.6 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.00081 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2015 (HKLM\...\{dd8b09df-3ef8-49f1-bd1a-65278435860b}) (Version: 14.0.23217 - Microsoft Corporation) Minecraft (HKLM\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang) Mozilla Firefox 57.0 (x86 en-US) (HKLM\...\Mozilla Firefox 57.0 (x86 en-US)) (Version: 57.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0.0.6525 - Mozilla) NVIDIA Graphics Driver 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.21 - NVIDIA Corporation) NVIDIA Update 10.11.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.11.15 - NVIDIA Corporation) Opera Stable 49.0.2725.47 (HKLM\...\Opera 49.0.2725.47) (Version: 49.0.2725.47 - Opera Software) Product Improvement Study for HP DeskJet 3630 series (HKLM\...\{C9226AA7-1A8D-4DA1-96B5-D75D7A903D6C}) (Version: 35.0.61.54677 - Hewlett-Packard Co.) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7161 - Realtek Semiconductor Corp.) Roblox Player for User (HKU\S-1-5-21-170921496-1106030034-2206049285-1000\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - Roblox Corporation) ROBLOX Studio (HKLM\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - ROBLOX Corporation) SHAREit (HKLM\...\SHAREit_is1) (Version: 2.5.1.5 - Lenovo Group Limited) Skype™ 7.40 (HKLM\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.104 - Skype Technologies S.A.) SMART BRO (HKLM\...\{AEFF9E60-3E93-41EE-9895-311F7D1C5FFD}) (Version: 1.0.0.3 - ZTE Corporation) Spotify (HKU\S-1-5-21-170921496-1106030034-2206049285-1000\...\Spotify) (Version: 1.0.45.186.g3b5036d6 - Spotify AB) SpywareBlaster 5.5 (HKLM\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1248 - SUPERAntiSpyware.com) Unity Web Player (HKU\S-1-5-21-170921496-1106030034-2206049285-1000\...\UnityWebPlayer) (Version: 5.3.1f1 - Unity Technologies ApS) Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-170921496-1106030034-2206049285-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS) ContextMenuHandlers1: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => C:\Program Files\Lenovo\SHAREit\ShellEx\ShellExt32.dll [2015-09-17] (Lenovo) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes) ContextMenuHandlers4: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => C:\Program Files\Lenovo\SHAREit\ShellEx\ShellExt32.dll [2015-09-17] (Lenovo) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-01-10] (Intel Corporation) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2013-12-20] (NVIDIA Corporation) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0D230D46-10F7-47D8-A5DA-7BCA88256E8F} - System32\Tasks\CorelUpdateHelperTask => C:\Program Files\Corel\CUH\v2\CUH.exe [2017-09-26] (Corel Corporation) Task: {0F6B50A0-D23A-4204-B814-D419D055C774} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-11-25] (Google Inc.) Task: {16BADD43-A78C-44D7-9FD0-A055C148CE5B} - System32\Tasks\{BF51C794-6FFE-4ABC-93DA-177B8E085822} => C:\Program Files\ManyCam\ManyCam.exe [2017-09-27] (Visicom Media Inc.) Task: {2C1621E0-A723-40A7-AB2A-612B3B32EDEF} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 35 => C:\Program Files\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-07-06] (Lenovo) Task: {347187DE-DB8A-44EA-98C4-8B0665EA43C4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-11-25] (Google Inc.) Task: {360CEEC9-26B4-4B16-9C85-63F0890E5047} - System32\Tasks\Garena+ Plugin Host Service => C:\Program Files\Garena Plus\ggdllhost.exe [2016-11-15] () Task: {442DC905-5EE4-4E90-A26B-2A92F9CA4AA4} - System32\Tasks\{C97947F3-120B-48FF-907C-DC95E339B19D} => C:\Program Files\ManyCam\ManyCam.exe [2017-09-27] (Visicom Media Inc.) Task: {6DFA7D36-9D23-44A1-8025-84B42C92305A} - System32\Tasks\CorelUpdateHelperTaskCore => c:\Program Files\Corel\CUH\v2\CUH.exe [2017-09-26] (Corel Corporation) Task: {8545A07A-5850-4643-B44E-3FEEFF136ECA} - System32\Tasks\{997DB58C-3BAD-4111-A9B8-43ACF5BACBBC} => C:\Program Files\ManyCam\ManyCam.exe [2017-09-27] (Visicom Media Inc.) Task: {8A8380EF-2224-400C-ADD5-22E574C1328F} - System32\Tasks\Opera scheduled Autoupdate 1450251767 => C:\Program Files\Opera\launcher.exe [2017-11-24] (Opera Software) Task: {8C4F8A0C-3477-49C9-924D-F509B7AEABD4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated) Task: {AA813128-8FA4-45EE-9E39-6FA8E07D16A1} - System32\Tasks\{C2FD7ABB-3827-4108-9103-94943D2C13C2} => c:\Program Files\Corel\CorelDRAW Graphics Suite X8\Programs\Capture.exe [2016-03-05] (Corel Corporation) Task: {B233D596-2CBD-4B93-A800-1C7E45BCB4F3} - System32\Tasks\{34BD5512-90D1-4EAE-902F-884AC2F826E4} => C:\Windows\system32\pcalua.exe -a C:\PROGRA~1\3DO\ARMYME~1\UNWISE.EXE -c C:\PROGRA~1\3DO\ARMYME~1\INSTALL.LOG Task: {D99F533B-6955-4C60-9ABD-11D52D3718D4} - System32\Tasks\Games\UpdateCheck_S-1-5-21-170921496-1106030034-2206049285-1000 Task: {DD156DBE-ED1C-467B-BB90-BA208D04D7DE} - System32\Tasks\{B8289DBA-B315-475C-AD9C-3445E6A55A86} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\51talk\uninst.exe" Task: {ED255155-AF1D-4A85-BB5C-768B13352905} - System32\Tasks\HPCustParticipation HP DeskJet 3630 series => C:\Program Files\HP\HP DeskJet 3630 series\Bin\HPCustPartic.exe [2015-04-09] (Hewlett-Packard Development Company, LP) Task: {F7D03C53-1BDA-4728-A1D4-1C0C39AD8C62} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-11-14] (Adobe Systems Incorporated) Task: {FBE97EAA-5A45-48B1-9B35-3E3079BCE704} - System32\Tasks\{3FBACA53-4FB8-492C-9877-F55766A708D1} => C:\Program Files\ManyCam\ManyCam.exe [2017-09-27] (Visicom Media Inc.) Task: {FED72613-9E50-4B46-BE70-29163BD05AEA} - System32\Tasks\{C5941939-7FA8-45C4-B9E7-47CC095B4D15} => c:\Program Files\Corel\CorelDRAW Graphics Suite X8\Programs\CorelDRW.exe [2016-03-05] (Corel Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Tao 1 - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1" ==================== Loaded Modules (Whitelisted) ============== 2015-07-08 12:02 - 2013-12-20 02:37 - 000107296 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll 2017-11-27 22:59 - 2017-11-27 22:05 - 001809096 _____ () C:\Program Files\AnyDesk\AnyDesk.exe 2016-11-15 20:32 - 2016-11-15 20:32 - 000175096 _____ () C:\Program Files\Garena Plus\ggdllhost.exe 2016-11-15 20:33 - 2016-11-15 20:33 - 003437008 _____ () C:\Program Files\Garena Plus\ggspawn.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCT_SKMScan => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SophosVirusRemovalTool => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCT_SKMScan => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SophosVirusRemovalTool => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\.DEFAULT\...\localhost -> localhost IE trusted site: HKU\S-1-5-21-170921496-1106030034-2206049285-1000\...\localhost -> localhost IE restricted site: HKU\S-1-5-21-170921496-1106030034-2206049285-1000\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-170921496-1106030034-2206049285-1000\...\008k.com -> 008k.com IE restricted site: HKU\S-1-5-21-170921496-1106030034-2206049285-1000\...\00hq.com -> 00hq.com IE restricted site: HKU\S-1-5-21-170921496-1106030034-2206049285-1000\...\0190-dialers.com -> 0190-dialers.com IE restricted site: HKU\S-1-5-21-170921496-1106030034-2206049285-1000\...\01i.info -> 01i.info IE restricted site: HKU\S-1-5-21-170921496-1106030034-2206049285-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com IE restricted site: HKU\S-1-5-21-170921496-1106030034-2206049285-1000\...\0411dd.com -> 0411dd.com IE restricted site: HKU\S-1-5-21-170921496-1106030034-2206049285-1000\...\0511zfhl.com -> 0511zfhl.com IE restricted site: HKU\S-1-5-21-170921496-1106030034-2206049285-1000\...\05p.com -> 05p.com IE restricted site: HKU\S-1-5-21-170921496-1106030034-2206049285-1000\...\0632qyw.com -> 0632qyw.com IE restricted site: HKU\S-1-5-21-170921496-1106030034-2206049285-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com IE restricted site: HKU\S-1-5-21-170921496-1106030034-2206049285-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com IE restricted site: HKU\S-1-5-21-170921496-1106030034-2206049285-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com IE restricted site: HKU\S-1-5-21-170921496-1106030034-2206049285-1000\...\0calories.net -> 0calories.net IE restricted site: HKU\S-1-5-21-170921496-1106030034-2206049285-1000\...\0cj.net -> 0cj.net IE restricted site: HKU\S-1-5-21-170921496-1106030034-2206049285-1000\...\0scan.com -> 0scan.com IE restricted site: HKU\S-1-5-21-170921496-1106030034-2206049285-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com IE restricted site: HKU\S-1-5-21-170921496-1106030034-2206049285-1000\...\1-domains-registrations.com -> 1-domains-registrations.com IE restricted site: HKU\S-1-5-21-170921496-1106030034-2206049285-1000\...\1-se.com -> 1-se.com IE restricted site: HKU\S-1-5-21-170921496-1106030034-2206049285-1000\...\1001movie.com -> 1001movie.com There are 6091 more sites. ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 10:04 - 2017-10-01 13:14 - 000000027 _____ C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-170921496-1106030034-2206049285-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\Services: dbupdate => 2 MSCONFIG\Services: dbupdatem => 3 MSCONFIG\Services: McComponentHostService => 3 MSCONFIG\startupfolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [TCP Query User{1D1AA182-96A4-45F2-906E-ED7F76CEDAAF}C:\program files\3do\army men rts\amrts.exe] => (Allow) C:\program files\3do\army men rts\amrts.exe FirewallRules: [UDP Query User{3E258609-2DDB-403E-91F8-6C193AAE170E}C:\program files\3do\army men rts\amrts.exe] => (Allow) C:\program files\3do\army men rts\amrts.exe FirewallRules: [TCP Query User{67D74A8B-125E-44AD-8739-CFB8E0E2C676}C:\program files\camfrog\camfrog video chat\camfrog video chat.exe] => (Block) C:\program files\camfrog\camfrog video chat\camfrog video chat.exe FirewallRules: [UDP Query User{24847F72-4A17-4CB5-AD92-32E94653C249}C:\program files\camfrog\camfrog video chat\camfrog video chat.exe] => (Block) C:\program files\camfrog\camfrog video chat\camfrog video chat.exe FirewallRules: [{BAF353AC-C071-451C-98EB-9CA23182ECF4}] => (Allow) C:\Program Files\Lenovo\SHAREit\SHAREit.exe FirewallRules: [{2F10C0A1-B22A-4296-9B4A-D32B8B823B5F}] => (Allow) C:\Program Files\Lenovo\SHAREit\SHAREit.exe FirewallRules: [{F4F36359-83C6-4342-93C4-6E3B3E8B5D15}] => (Allow) C:\Users\User\AppData\Local\Chromium\Application\chrome.exe FirewallRules: [{132C7BEF-EB74-47D1-8300-04537434DC60}] => (Allow) C:\Program Files\HP\HP DeskJet 3630 series\Bin\DeviceSetup.exe FirewallRules: [{1C278572-6D34-4864-A319-61BB2A0FA851}] => (Allow) LPort=5357 FirewallRules: [{2E485E6A-234E-4250-9A38-3894B74658A1}] => (Allow) C:\Program Files\HP\HP DeskJet 3630 series\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [TCP Query User{2FA8C571-190E-4211-B002-689FD6775071}C:\program files\3do\army men rts\amrts.exe] => (Allow) C:\program files\3do\army men rts\amrts.exe FirewallRules: [UDP Query User{E2379B09-2200-4CF3-8EE8-8D8A19E1D1E8}C:\program files\3do\army men rts\amrts.exe] => (Allow) C:\program files\3do\army men rts\amrts.exe FirewallRules: [{B8F579E4-FEB9-4918-9310-8165BE2EDA15}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe FirewallRules: [{601F1094-6D4E-4A14-9055-8ADF611DEBB5}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe FirewallRules: [TCP Query User{111C056F-0F2F-44B0-9354-E90CC334E7BA}C:\program files\camfrog\camfrog video chat\camfrog video chat.exe] => (Block) C:\program files\camfrog\camfrog video chat\camfrog video chat.exe FirewallRules: [UDP Query User{1A0D0E13-4C2F-463C-984B-53F81424DE60}C:\program files\camfrog\camfrog video chat\camfrog video chat.exe] => (Block) C:\program files\camfrog\camfrog video chat\camfrog video chat.exe FirewallRules: [{66CE28F0-3852-4AAD-8970-0EF0B7033049}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X8\Programs\CorelDrw.exe FirewallRules: [{08A25C0D-E8B4-4835-926E-C34A3139C12B}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X8\Programs\CorelPP.exe FirewallRules: [TCP Query User{DF822C39-548B-4915-A206-24D194D42AF1}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{583FCD58-6CE4-46B3-BC9A-3DD89F48DB04}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{B9D0A988-821F-4ACD-AACB-4248231674C6}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\user\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{CE5C7DA9-DEDE-4878-B4EB-A1A69EB59860}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\user\appdata\roaming\spotify\spotify.exe FirewallRules: [{76BD0EAD-72FB-42C8-A1A3-5BA8B72C93A9}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe FirewallRules: [{381EF752-F3C0-4FE2-8210-7F24F626F127}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe FirewallRules: [{104CA484-F7C0-4D7C-AE91-287BB8EAF28C}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe FirewallRules: [{734E1D51-9C5A-4E3B-837A-A1D69414E237}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe FirewallRules: [{2283A52F-8685-454D-A11A-5758A6F1D367}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{9953E8DA-70D2-4A05-8A26-9DC4952F9275}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{DEE33FFA-922E-45CD-9671-ADB3466F04F7}] => (Allow) C:\Program Files\51talk\Launch.exe FirewallRules: [{201A84D3-AF69-4D2E-8EBB-21252FDF6009}] => (Allow) C:\Program Files\51talk\Launch.exe FirewallRules: [{1887F428-6028-40A9-A701-4ADFDCB0AEEE}] => (Allow) C:\Program Files\51talk\2.2.53.24071\ACUpdate.exe FirewallRules: [{BDFB03C0-2389-434E-9550-B2ABB5B6E90B}] => (Allow) C:\Program Files\51talk\2.2.53.24071\ACUpdate.exe FirewallRules: [{CC1CCC75-6BB6-4BCD-A28D-A2CAA2D30905}] => (Allow) C:\Program Files\51talk\2.2.53.24071\ACReport.exe FirewallRules: [{A71B4E05-F2EA-406F-8787-BCA5FFEBA837}] => (Allow) C:\Program Files\51talk\2.2.53.24071\ACReport.exe FirewallRules: [{E7F6625D-667E-4AF8-A9CA-09417F90D282}] => (Allow) C:\Program Files\51talk\2.2.53.24071\ACTalk.exe FirewallRules: [{48270DBE-87EB-45E2-915F-DAA9F7A6C913}] => (Allow) C:\Program Files\51talk\2.2.53.24071\ACTalk.exe FirewallRules: [{EBBE9DAA-2313-4F02-A0CB-AB8D418B6FAD}] => (Allow) C:\Program Files\51talk\2.3.56.18075\ACUpdate.exe FirewallRules: [{61CAB35F-728D-45A4-936F-5975AAAFC06C}] => (Allow) C:\Program Files\51talk\2.3.56.18075\ACUpdate.exe FirewallRules: [{64788AB9-A2AD-4778-BF95-A5175ED38C9A}] => (Allow) C:\Program Files\51talk\2.3.56.18075\ACReport.exe FirewallRules: [{A6040EF7-45BA-47F1-BB49-B332E2310800}] => (Allow) C:\Program Files\51talk\2.3.56.18075\ACReport.exe FirewallRules: [{1F842526-7652-4DCC-8B7B-98FDEFE259D9}] => (Allow) C:\Program Files\51talk\2.3.56.18075\ACTalk.exe FirewallRules: [{FDB7A593-C2A2-41E1-B01B-FFB5DFDA816F}] => (Allow) C:\Program Files\51talk\2.3.56.18075\ACTalk.exe FirewallRules: [TCP Query User{DE7C0A46-56F0-41E3-AA94-18A5B4F5EF31}C:\garenadownload\games\lolph\lolinstaller.exe] => (Allow) C:\garenadownload\games\lolph\lolinstaller.exe FirewallRules: [UDP Query User{6FC283B2-0E15-44FB-92A7-B482F61E4573}C:\garenadownload\games\lolph\lolinstaller.exe] => (Allow) C:\garenadownload\games\lolph\lolinstaller.exe FirewallRules: [TCP Query User{F581A93B-BBB1-48FF-BE8F-B29B0FE391D0}C:\users\kids\downloads\lolinstaller.exe] => (Allow) C:\users\kids\downloads\lolinstaller.exe FirewallRules: [UDP Query User{D1E39CF5-B6A0-4E63-AF20-F3A9BAF72933}C:\users\kids\downloads\lolinstaller.exe] => (Allow) C:\users\kids\downloads\lolinstaller.exe FirewallRules: [TCP Query User{FE7CA2AE-B417-4D2C-98F8-67AE198B995D}C:\program files\java\jre1.8.0_131\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_131\bin\javaw.exe FirewallRules: [UDP Query User{560C545E-B000-48F0-ABE0-2D7FAD70F26B}C:\program files\java\jre1.8.0_131\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_131\bin\javaw.exe FirewallRules: [TCP Query User{57AAD8AB-F1DB-4A24-A90D-914AE041A65A}C:\program files\java\jre1.8.0_131\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_131\bin\javaw.exe FirewallRules: [UDP Query User{0452EE4B-6DBF-43AB-922B-5F4A7FC04887}C:\program files\java\jre1.8.0_131\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_131\bin\javaw.exe FirewallRules: [{23136882-E600-42CC-A289-75EB1296475D}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite 2017\Programs\CorelDrw.exe FirewallRules: [{1D8BB729-B205-4E0D-AC25-AAA530F9D053}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite 2017\Programs\CorelPP.exe FirewallRules: [{36FD7282-3368-499E-8E75-1FAE9AB6F3DF}] => (Allow) C:\Program Files\Lenovo\SHAREit\SHAREit.exe FirewallRules: [{A5DADC6E-813F-49EE-A833-1EE4D839141E}] => (Allow) C:\Program Files\Lenovo\SHAREit\SHAREit.exe FirewallRules: [{B0CDE47C-47F1-4401-8BBA-5124A73DD6FA}] => (Allow) LPort=5357 FirewallRules: [{4EB9C8FC-A413-4256-96AA-0DE18992FC02}] => (Allow) C:\Program Files\Lenovo\SHAREit\SHAREit.exe FirewallRules: [{2618E8BB-1A39-42C4-912F-60DE16F61BBC}] => (Allow) C:\Program Files\Lenovo\SHAREit\SHAREit.exe FirewallRules: [{2F15B074-B4F3-4325-880F-A3AE828B9005}] => (Allow) LPort=5357 FirewallRules: [{B8AE4220-5BA0-4399-937B-9C5169D43D7F}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe FirewallRules: [{AC9D49B8-8EFD-463F-88CD-C5B2371846EE}] => (Allow) C:\Program Files\Opera\49.0.2725.39\opera.exe FirewallRules: [{6781EF31-BF5A-4E4F-B18A-F4D67A801F44}] => (Allow) C:\Program Files\Opera\49.0.2725.47\opera.exe FirewallRules: [{64B07DB2-61D9-4CB8-91BC-65E941EC409A}] => (Allow) C:\Program Files\AnyDesk\AnyDesk.exe FirewallRules: [{4AA590A2-2EB2-490C-A46D-E47B199A5C88}] => (Allow) C:\Program Files\AnyDesk\AnyDesk.exe FirewallRules: [{A80CA659-6D72-4367-AFC7-4EACDA349F00}] => (Allow) C:\Program Files\AnyDesk\AnyDesk.exe FirewallRules: [{C3163049-06D4-4587-9372-73D347B27A47}] => (Allow) C:\Program Files\AnyDesk\AnyDesk.exe FirewallRules: [{4BA35614-9CFB-4259-A453-35C5B85CAB81}] => (Allow) C:\Program Files\AnyDesk\AnyDesk.exe FirewallRules: [{3F5FAD9F-DDBF-42EB-B0AB-E51C37E5DDDC}] => (Allow) C:\Program Files\AnyDesk\AnyDesk.exe FirewallRules: [{D33322CA-6359-4EA2-B1EF-2CB8B8F68AE4}] => (Allow) C:\Users\User\Downloads\AnyDesk.exe FirewallRules: [{8BD47EE6-8004-4569-A44E-11AF31968F03}] => (Allow) C:\Users\User\Downloads\AnyDesk.exe FirewallRules: [{46BA208E-4EE8-4D58-A02D-06FD50FE5EB8}] => (Allow) C:\Users\User\Downloads\AnyDesk.exe FirewallRules: [{F1E16EB4-40CA-4663-9C2A-D62AED760DE1}] => (Allow) C:\Users\User\Downloads\AnyDesk.exe FirewallRules: [{B006857A-9D90-46FF-8E73-098D3E172238}] => (Allow) C:\Users\User\Downloads\AnyDesk.exe FirewallRules: [{55873540-2B91-4311-85D7-1F7AC001F6B9}] => (Allow) C:\Users\User\Downloads\AnyDesk.exe ==================== Restore Points ========================= 21-11-2017 09:25:20 Windows Update 28-11-2017 16:33:00 Windows Update ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (11/29/2017 04:06:46 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (11/28/2017 05:33:11 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (11/28/2017 03:44:23 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (11/28/2017 02:48:08 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (11/28/2017 02:06:26 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (11/28/2017 05:21:22 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (11/28/2017 01:51:58 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (11/27/2017 10:55:04 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (11/27/2017 05:09:44 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (11/27/2017 05:09:06 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. System errors: ============= Error: (11/29/2017 04:25:31 AM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (11/29/2017 04:22:25 AM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (11/29/2017 04:16:37 AM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (11/29/2017 04:13:46 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The ManyCam Service service terminated unexpectedly. It has done this 1 time(s). Error: (11/29/2017 04:05:37 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The AnyDesk VolatileService service terminated unexpectedly. It has done this 3 time(s). Error: (11/29/2017 04:05:05 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The AnyDesk VolatileService service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (11/29/2017 04:05:04 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The AnyDesk VolatileService service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. Error: (11/29/2017 04:04:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not start due to a logon failure. Error: (11/29/2017 04:04:26 AM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: The WMPNetworkSvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error: (11/29/2017 04:04:00 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 70. CodeIntegrity: =================================== Date: 2017-10-10 07:49:36.929 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system. Date: 2017-10-10 07:49:36.851 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system. Date: 2017-10-09 18:59:24.490 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system. Date: 2017-10-09 18:59:24.365 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system. Date: 2017-10-09 18:52:34.820 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system. Date: 2017-10-09 18:52:34.758 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system. Date: 2017-10-09 15:08:41.099 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system. Date: 2017-10-09 15:08:41.021 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system. Date: 2017-10-09 05:25:59.491 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system. Date: 2017-10-09 05:25:59.428 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3 CPU 540 @ 3.07GHz Percentage of memory in use: 61% Total physical RAM: 1973.4 MB Available physical RAM: 764.59 MB Total Virtual: 3946.8 MB Available Virtual: 2190.66 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:97.56 GB) (Free:34.41 GB) NTFS Drive d: () (Fixed) (Total:368.1 GB) (Free:156.66 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 9F05D129) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=368.1 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
  12. [RESOLVED] Friends Win 7 AV wont update.

    Think this one finished? I went ahead and downloaded DelFix and ran it. the system works well now, thanks Broni.
  13. Think this one finished? I went ahead and downloaded DelFix and ran it. the system works well now, thanks Broni.
  14. I did not need Rkill, here is Combofix log: ComboFix 17-11-14.01 - User 11/29/2017 4:17.1.4 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1973.974 [GMT 8:00] Running from: c:\users\User\Desktop\ComboFix.exe SP: Malwarebytes *Disabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2017-10-28 to 2017-11-28 ))))))))))))))))))))))))))))))) . . 2017-11-28 20:25 . 2017-11-28 20:25 -------- d-----w- c:\users\yoyo\AppData\Local\temp 2017-11-28 08:33 . 2017-10-30 07:26 11282328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A13EC514-47FA-4A4C-8994-91D84ED76617}\mpengine.dll 2017-11-27 16:34 . 2017-11-28 19:07 221112 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2017-11-27 15:26 . 2017-11-27 15:29 -------- d-----w- C:\FRST 2017-11-27 14:59 . 2017-11-27 14:59 -------- d-----w- c:\programdata\AnyDesk 2017-11-27 14:59 . 2017-11-27 14:59 -------- d-----w- c:\program files\AnyDesk 2017-11-27 14:06 . 2017-11-27 14:53 -------- d-----w- c:\users\User\AppData\Roaming\AnyDesk . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2017-11-28 18:28 . 2016-07-21 13:23 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys 2017-11-14 11:51 . 2015-07-08 04:25 803328 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2017-11-14 11:51 . 2015-07-08 04:25 144896 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2017-10-18 02:11 . 2017-11-15 05:01 11776 ----a-w- c:\windows\system32\drivers\en-US\usbhub.sys.mui 2017-10-18 02:11 . 2017-11-15 05:01 24576 ----a-w- c:\windows\system32\drivers\en-US\usbport.sys.mui 2017-10-18 02:11 . 2017-11-15 05:01 3072 ----a-w- c:\windows\system32\drivers\en-US\usbehci.sys.mui 2017-10-14 15:10 . 2017-10-07 06:08 65824 ----a-w- c:\windows\system32\drivers\mwac.sys 2017-10-14 04:03 . 2017-10-07 06:08 91576 ----a-w- c:\windows\system32\drivers\farflt.sys 2017-10-14 04:03 . 2017-10-07 06:08 40384 ----a-w- c:\windows\system32\drivers\mbam.sys 2017-10-12 05:23 . 2017-10-12 05:23 40584 ----a-w- c:\windows\system32\drivers\staport.sys 2017-10-11 16:05 . 2017-10-11 16:05 124059592 -c--a-w- c:\windows\system32\MRT-KB890830.exe 2017-10-07 06:07 . 2017-09-30 17:35 59904 ----a-w- c:\windows\system32\drivers\mbae.sys 2017-10-04 03:04 . 2017-10-04 03:04 1060864 ----a-w- c:\windows\system32\mfc71.dll 2017-10-04 03:04 . 2017-10-04 03:04 348160 ----a-w- c:\windows\system32\msvcr71.dll 2017-10-04 03:04 . 2017-10-04 03:04 1700352 ----a-w- c:\windows\system32\gdiplus.dll 2017-09-13 15:13 . 2017-10-11 21:51 4001512 ----a-w- c:\windows\system32\ntkrnlpa.exe 2017-09-13 15:13 . 2017-10-11 21:51 3945704 ----a-w- c:\windows\system32\ntoskrnl.exe 2017-09-13 15:13 . 2017-10-11 21:51 67304 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2017-09-13 15:13 . 2017-10-11 21:51 137960 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2017-09-13 15:10 . 2017-10-11 21:51 1310528 ----a-w- c:\windows\system32\ntdll.dll 2017-09-13 15:09 . 2017-10-11 21:51 392704 ----a-w- c:\windows\system32\wlansec.dll 2017-09-13 15:09 . 2017-10-11 21:51 428032 ----a-w- c:\windows\system32\wlanmsm.dll 2017-09-13 15:09 . 2017-10-11 21:51 83968 ----a-w- c:\windows\system32\wlanhlp.dll 2017-09-13 15:09 . 2017-10-11 21:51 828928 ----a-w- c:\windows\system32\wlansvc.dll 2017-09-13 15:09 . 2017-10-11 21:51 80896 ----a-w- c:\windows\system32\wlanapi.dll 2017-09-13 15:09 . 2017-10-11 21:51 172032 ----a-w- c:\windows\system32\wdigest.dll 2017-09-13 15:09 . 2017-10-11 21:51 400896 ----a-w- c:\windows\system32\srcore.dll 2017-09-13 15:09 . 2017-10-11 21:50 99840 ----a-w- c:\windows\system32\sspicli.dll 2017-09-13 15:09 . 2017-10-11 21:50 65536 ----a-w- c:\windows\system32\TSpkg.dll 2017-09-13 15:09 . 2017-10-11 21:50 43008 ----a-w- c:\windows\system32\srclient.dll 2017-09-13 15:09 . 2017-10-11 21:51 655360 ----a-w- c:\windows\system32\rpcrt4.dll 2017-09-13 15:09 . 2017-10-11 21:51 254464 ----a-w- c:\windows\system32\schannel.dll 2017-09-13 15:09 . 2017-10-11 21:50 141312 ----a-w- c:\windows\system32\rpchttp.dll 2017-09-13 15:09 . 2017-10-11 21:50 50176 ----a-w- c:\windows\system32\setbcdlocale.dll 2017-09-13 15:09 . 2017-10-11 21:50 22016 ----a-w- c:\windows\system32\secur32.dll 2017-09-13 15:09 . 2017-10-11 21:51 261120 ----a-w- c:\windows\system32\msv1_0.dll 2017-09-13 15:09 . 2017-10-11 21:51 223232 ----a-w- c:\windows\system32\ncrypt.dll 2017-09-13 15:09 . 2017-10-11 21:51 830464 ----a-w- c:\windows\system32\msctf.dll 2017-09-13 15:09 . 2017-10-11 21:50 60416 ----a-w- c:\windows\system32\msobjs.dll 2017-09-13 15:09 . 2017-10-11 21:50 146432 ----a-w- c:\windows\system32\msaudite.dll 2017-09-13 15:08 . 2017-10-11 21:51 554496 ----a-w- c:\windows\system32\kerberos.dll 2017-09-13 15:08 . 2017-10-11 21:51 1062912 ----a-w- c:\windows\system32\lsasrv.dll 2017-09-13 15:08 . 2017-10-11 21:50 38912 ----a-w- c:\windows\system32\csrsrv.dll 2017-09-13 15:08 . 2017-10-11 21:50 17408 ----a-w- c:\windows\system32\credssp.dll 2017-09-13 15:08 . 2017-10-11 21:50 82432 ----a-w- c:\windows\system32\bcrypt.dll 2017-09-13 15:08 . 2017-10-11 21:51 644096 ----a-w- c:\windows\system32\advapi32.dll 2017-09-13 15:08 . 2017-10-11 21:50 6656 ----a-w- c:\windows\system32\apisetschema.dll 2017-09-13 15:08 . 2017-10-11 21:50 50688 ----a-w- c:\windows\system32\appidapi.dll 2017-09-13 15:08 . 2017-10-11 21:50 690688 ----a-w- c:\windows\system32\adtschema.dll 2017-09-13 14:53 . 2017-10-11 21:51 271360 ----a-w- c:\windows\system32\drivers\nwifi.sys 2017-09-13 14:50 . 2017-10-11 21:50 97792 ----a-w- c:\windows\system32\appidpolicyconverter.exe 2017-09-13 14:50 . 2017-10-11 21:50 50688 ----a-w- c:\windows\system32\drivers\appid.sys 2017-09-13 14:50 . 2017-10-11 21:50 16896 ----a-w- c:\windows\system32\appidcertstorecheck.exe 2017-09-13 14:50 . 2017-10-11 21:50 29696 ----a-w- c:\windows\system32\appidsvc.dll 2017-09-13 14:50 . 2017-10-11 21:50 50176 ----a-w- c:\windows\system32\auditpol.exe 2017-09-13 14:48 . 2017-10-11 21:50 262656 ----a-w- c:\windows\system32\rstrui.exe 2017-09-13 14:46 . 2017-10-11 21:51 226304 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2017-09-13 14:46 . 2017-10-11 21:50 98304 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2017-09-13 14:46 . 2017-10-11 21:51 124416 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2017-09-13 14:46 . 2017-10-11 21:50 36352 ----a-w- c:\windows\system32\cryptbase.dll 2017-09-13 14:46 . 2017-10-11 21:50 22016 ----a-w- c:\windows\system32\lsass.exe 2017-09-13 14:46 . 2017-10-11 21:50 15872 ----a-w- c:\windows\system32\sspisrv.dll 2017-09-13 14:46 . 2017-10-11 21:51 69632 ----a-w- c:\windows\system32\smss.exe 2017-09-08 15:09 . 2017-10-11 21:51 306688 ----a-w- c:\windows\system32\gdi32.dll 2017-09-08 14:20 . 2017-10-11 21:51 640512 ----a-w- c:\windows\system32\mswstr10.dll 2017-09-08 14:20 . 2017-10-11 21:51 8704 ----a-w- c:\windows\system32\msjint40.dll 2017-09-07 15:12 . 2017-10-11 21:51 2755072 ----a-w- c:\windows\system32\themeui.dll 2017-09-07 14:48 . 2017-10-11 21:51 312320 ----a-w- c:\windows\system32\drivers\srv.sys 2017-09-07 14:48 . 2017-10-11 21:51 313856 ----a-w- c:\windows\system32\drivers\srv2.sys 2017-09-07 14:48 . 2017-10-11 21:51 115712 ----a-w- c:\windows\system32\drivers\srvnet.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="c:\users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe" [2017-03-23 1444976] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2017-10-10 27832264] "BingSvc"="c:\users\User\AppData\Local\Microsoft\BingSvc\BingSvc.exe" [2016-03-16 144008] "Camfrog"="c:\program files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe" [2017-07-17 17875976] "ManyCam"="c:\program files\ManyCam\ManyCam.exe" [2017-09-27 12580880] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-10 142616] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-10 177432] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-10 177944] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2014-01-23 12021464] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2017-03-14 587288] "CheckNDISPort52ac99"="c:\program files\Hostless Modem\SMART BRO\CheckNDISPort_df.exe" [2016-06-24 474504] "CancelAutoPlay_df"="c:\program files\Hostless Modem\SMART BRO\CancelAutoPlay_df.exe" [2016-06-24 446344] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ AnyDesk.lnk - c:\program files\AnyDesk\AnyDesk.exe --control [2017-11-27 1809096] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableSecureUIAPath"= 1 (0x1) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSimpleNetIDList"= 1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCT_SKMScan] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SophosVirusRemovalTool] @="Service" . [HKLM\~\startupfolder\C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk] path=c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup backupExtension=.Startup . R2 AnyDeskVolatileSvc;AnyDesk VolatileService;c:\users\User\Downloads\AnyDesk.exe [2017-11-27 1809096] R2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [2016-01-12 2945312] R2 ManyCam Service;ManyCam Service;c:\programdata\ManyCam\Service\ManyCamService.exe [2016-03-31 544984] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2017-07-18 317408] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2017-10-14 104960] R3 Lenovo EasyPlus Hotspot;Lenovo EasyPlus Hotspot;c:\program files\Common Files\LENOVO\easyplussdk\bin\EPHotspot.exe [2015-07-22 509408] R3 MBAMFarflt;MBAMFarflt;c:\windows\system32\DRIVERS\farflt.sys [2017-10-14 91576] R3 MBAMProtection;MBAMProtection;c:\windows\system32\DRIVERS\mbam.sys [2017-10-14 40384] R3 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [2017-08-07 4430792] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\Drivers\mbamswissarmy.sys [2017-11-28 221112] R3 MBAMWebProtection;MBAMWebProtection;c:\windows\system32\DRIVERS\mwac.sys [2017-10-14 65824] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2017-08-13 15872] R3 scvad_simple;SplitCam Virtual Microphone (WDM);c:\windows\system32\drivers\SplitCamAudio.sys [2017-08-11 18944] R3 SophosVirusRemovalTool;Sophos Virus Removal Tool;c:\program files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [x] R3 splitcam_hd_driver;SplitCam Virtual Video Driver;c:\windows\system32\DRIVERS\splitcam_hd_driver.sys [2017-08-11 37088] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640] R3 VASDeviceDrm;Virtual Audio Streaming with Drm (WDM);c:\windows\system32\drivers\vasdDev.sys [2015-07-21 1451312] R3 wdm_usb;wdm_usb;c:\windows\system32\DRIVERS\usb2ser.sys [2016-08-15 128704] S1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\windows\system32\drivers\mbae.sys [2017-10-07 59904] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664] S1 SCT_SKMScan;SCT_SKMScan;c:\windows\system32\DRIVERS\sct_skmscan.sys [2012-10-12 33096] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2017-01-30 143776] S2 AnyDesk;AnyDesk Service;c:\program files\AnyDesk\AnyDesk.exe [2017-11-27 1809096] S2 camfrog_update_service;Camfrog Update Service;c:\program files\Camfrog\Camfrog Video Chat\update\cf_update_service.exe [2016-12-19 1063968] S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992] S3 e1kexpress;Intel(R) Network Connections Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2013-07-17 369416] S3 gkernel;gkernel;c:\users\User\AppData\Local\Temp\gkernel.sys [x] S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv.sys [2017-02-08 49064] S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [2014-12-29 30488] S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [2017-04-26 36944] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] utcsvc REG_MULTI_SZ DiagTrack . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2017-11-13 23:44 1509208 ----a-w- c:\program files\Google\Chrome\Application\62.0.3202.94\Installer\chrmstp.exe . . ------- Supplementary Scan ------- . uStart Page = https://ph.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: localhost TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ceddelit.default\ FF - prefs.js: browser.startup.homepage - google.com . - - - - ORPHANS REMOVED - - - - . HKCU-Run-SplitCam - c:\program files\SplitCam\SplitCam.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_27_0_0_187_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_27_0_0_187_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2017-11-29 04:27:33 ComboFix-quarantined-files.txt 2017-11-28 20:27 . Pre-Run: 36,324,704,256 bytes free Post-Run: 37,097,734,144 bytes free . - - End Of File - - 9FC8FAEA31F6611F197B820BEC850C02 A36C5E4F47E84449FF07ED3517B43A31
  15. RogueKiller V12.11.26.0 [Nov 27 2017] (Free) by Adlice Software mail : http://www.adlice.com/contact/ Feedback : https://forum.adlice.com Website : http://www.adlice.com/download/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User : User [Administrator] Started from : C:\Users\User\Desktop\RogueKiller_portable32.exe Mode : Delete -- Date : 11/28/2017 12:23:37 (Duration : 00:38:53) ¤¤¤ Processes : 1 ¤¤¤ [Proc.Injected] dwm.exe(3104) -- C:\Windows\System32\dwm.exe[7] -> [NoKill] ¤¤¤ Registry : 1 ¤¤¤ [PUP.AdInstaller] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\AnyDesk -> Not selected ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 8 ¤¤¤ [PUP.AdInstaller][Folder] C:\ProgramData\AnyDesk -> Not selected [PUP.AdInstaller][File] C:\Users\Public\Desktop\AnyDesk.lnk [LNK@] C:\PROGRA~1\AnyDesk\AnyDesk.exe -> Not selected [PUP.AdInstaller][Folder] C:\Users\User\AppData\Roaming\AnyDesk -> Not selected [PUP.AdInstaller][Folder] C:\ProgramData\AnyDesk -> Not selected [PUP.AdInstaller][Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnyDesk -> Not selected [PUP.AdInstaller][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [LNK@] C:\PROGRA~1\AnyDesk\AnyDesk.exe --control -> Not selected [PUP.AdInstaller][Folder] C:\Program Files\AnyDesk -> Not selected [PUP.AdInstaller][File] C:\Users\Public\Desktop\AnyDesk.lnk [LNK@] C:\PROGRA~1\AnyDesk\AnyDesk.exe -> Not selected ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: ST3500413AS ATA Device +++++ --- User --- [MBR] 4e3f9e572c6ccc0a9d5e5d5397812977 [BSP] 9542c481b1e6840a089e36b553054f1b : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 99900 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 204802048 | Size: 376938 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK --------------------------------------------------------------------------------------------------------------------------------- Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 11/28/17 Scan Time: 1:18 PM Log File: 839c42a8-d3fb-11e7-8f0a-00fff8ba405b.json Administrator: Yes -Software Information- Version: 3.2.2.2029 Components Version: 1.0.212 Update Package Version: 1.0.3361 License: Free -System Information- OS: Windows 7 Service Pack 1 CPU: x86 File System: NTFS User: User-PC\User -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 366270 Threats Detected: 1 Threats Quarantined: 0 (No malicious items detected) Time Elapsed: 11 min, 14 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 PUP.Optional.WinYahoo, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\Secure Preferences, Removal Failed, [63], [454788],1.0.3361 Physical Sector: 0 (No malicious items detected) (end) ------------------------------------------------------------------------------------------------------------------------- # AdwCleaner 7.0.4.0 - Logfile created on Tue Nov 28 05:44:56 2017 # Updated on 2017/27/10 by Malwarebytes # Running on Windows 7 Ultimate (X86) # Mode: clean # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services deleted. ***** [ Folders ] ***** No malicious folders deleted. ***** [ Files ] ***** No malicious files deleted. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks deleted. ***** [ Registry ] ***** No malicious registry entries deleted. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries deleted. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries deleted. ************************* ::Tracing keys deleted ::Winsock settings cleared ::Additional Actions: 0 ************************* C:/AdwCleaner/AdwCleaner[C0].txt - [1135 B] - [2017/10/10 21:47:6] C:/AdwCleaner/AdwCleaner[C1].txt - [1294 B] - [2017/10/19 19:33:43] C:/AdwCleaner/AdwCleaner[C2].txt - [1410 B] - [2017/11/27 17:49:12] C:/AdwCleaner/AdwCleaner[S0].txt - [948 B] - [2017/10/10 21:40:51] C:/AdwCleaner/AdwCleaner[S1].txt - [1141 B] - [2017/10/19 19:31:51] C:/AdwCleaner/AdwCleaner[S2].txt - [1222 B] - [2017/11/27 17:48:30] C:/AdwCleaner/AdwCleaner[S3].txt - [1360 B] - [2017/11/28 5:43:10] ########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt ##########
×