Jump to content

Samson

Members
  • Content Count

    23
  • Joined

  • Last visited

About Samson

  • Rank
    Member

Previous Fields

  • System Specifications:
    DELL 5558, 1TB HDD, 8GB RAM, Win 10.
  1. Thanks, i've done myself.. I just tried by unchecking "Automatically Detect Settings" in Lan Settings and it worked.. Actually i tried all the steps you suggested and then i just tried.. Thanks once again.
  2. Yea, i uninstalled and reinstalled twice.. I don't think, i found any error message.. Is there any registry fix tool.. I just wanna fix my registry like a new formatted Computer.. I hope at least that will work, because we tried to fix every other possible ways, right? I'm a Computer Engineering student and i tried as much as i know..
  3. Yea, everything is fine with the rules.. Google chrome, Edge, opera is also allowed..
  4. I tried few steps before and tried everything now.. But, nothing seems to work.. I don't know.. And, my battery is running out very fast.. It used to stand for minimum 3-4hours, but now it hardly stands for a hour and a half or 2.. It seems like some back ground process is sucking out my battery.. Because all of a sudden it doing a high process for a minute and gets down to normal.. Even if it is in stand-by, it happens..
  5. Hi Juliet, I don't know, why i can't use another browser except Firefox.. Other browsers like chrome and opera is not connecting to internet. Like i said before that edge and IE is not working. Same proxy error, i guess.. And i tried to check for the Windows Update manually, but it shows some error "We couldn't connect to the update service. We'll try again later, or you can check now. If it still doesn't work, make sure you're connected to the Internet." Help me once again.
  6. Ma'am, thank you for all your help and support.. Now everything is working well..
  7. I tried with both the solutions, but still IE and Edge is not working.. Shall i uninstall all the other s/w you said me to install before? What are the things you want me to follow? Suggest me one good antivirus. Which will be good? Paid or free and what's the difference? Shall i use Malwarebyte instead of antivirus or can i have both?
  8. So, what should i do to make it work? And Microsoft Edge is not working now.. I was alright till yesterday.. It gives that proxy error.. I just wanna reset it.. How should i do?
  9. Yea, it is working well. But, i can't access windows defender. It says, it is turned off by group policy.
  10. Emsisoft Emergency Kit - Version 12.0 Last update: 11-12-2016 12:17:27 User account: LAPTOP-DL6LJGA8\Sam Computer name: LAPTOP-DL6LJGA8 OS version: Windows 10x64 Scan settings: Scan type: Malware Scan Objects: Rootkits, Memory, Traces, Files Detect PUPs: On Scan archives: Off ADS Scan: On File extension filter: Off Direct disk access: Off Scan start: 11-12-2016 12:18:36 C:\Users\Samson\Downloads\TheTruthSpy_7.9.apk -> AndroidManifest.xml detected: Android.Monitor.Agent.A ( [krnl.xmd] Scanned 82637 Found 1 Scan end: 11-12-2016 12:26:50 Scan time: 0:08:14 C:\Users\Samson\Downloads\TheTruthSpy_7.9.apk Android.Monitor.Agent.A ( Quarantined 1
  11. Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 11-12-2016 Scan Time: 11:08 Logfile: Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.12.11.02 Rootkit Database: v2016.11.20.01 License: Trial Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 10 CPU: x64 File System: NTFS User: Sam Scan Type: Threat Scan Result: Completed Objects Scanned: 304155 Time Elapsed: 24 min, 52 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 1 PUP.Optional.VulnerableDellSystemDetect, HKU\S-1-5-21-1043693715-1181851726-2221882957-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|DellSystemDetect, C:\Users\Samson\AppData\Local\Apps\2.0\2KRD71CW.65W\82P8WH81.08D\dell..tion_6d0a76327dca4869_0007.000b_df227eeaae3cac0d\DellSystemDetect.exe 4zZn5oeQk9WMM5ZBt7fsYA==, Quarantined, [da34b82ef2a896a0e52571f118ebe719] Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)
  12. Hi, Here are the things you asked. Fixlog : Fix result of Farbar Recovery Scan Tool (x64) Version: 07-12-2016 Ran by Sam (10-12-2016 22:05:56) Run:1 Running from C:\Users\Samson\Desktop Loaded Profiles: Sam (Available Profiles: Sam) Boot Mode: Normal ============================================== fixlist content: ***************** start CreateRestorePoint: CloseProcesses: Task: {DCE31DB1-4836-4CD8-B131-A8E5DAB76448} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION ShortcutWithArgument: C:\Users\Samson\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1" --disable-quic ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File SearchScopes: HKU\S-1-5-21-1043693715-1181851726-2221882957-1001 -> {40C54957-4028-43E2-8047-F02C6A57D31B} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1 SearchScopes: HKU\S-1-5-21-1043693715-1181851726-2221882957-1001 -> {9891125E-B064-47C2-9E2E-BC1C79AE9BA0} URL = CHR Profile: C:\Users\Samson\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2016-12-07] <==== ATTENTION CHR Extension: (No Name) - C:\Users\Samson\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\cebkcnlhbjapdpofhcokcdhfgpehhajk [2016-10-13] CHR HKU\S-1-5-21-1043693715-1181851726-2221882957-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [akhdblbjebmbllhinponghfmaekhlhob] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-1043693715-1181851726-2221882957-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [cckdoammdligdedbakcgnmegjljgipjb] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-1043693715-1181851726-2221882957-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [clmghkfhfkcfhpccgbafbailibgogkbi] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-1043693715-1181851726-2221882957-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [eoepodkgpakekgncgnfnijcippobokhp] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-1043693715-1181851726-2221882957-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gccplojjfpdbeidicabkegekmcplafee] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-1043693715-1181851726-2221882957-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hkdmihdclhhoghpojiifklmegjnjkdlh] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-1043693715-1181851726-2221882957-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ikdlehiegikpggplngbmpdgnidekfmjn] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-1043693715-1181851726-2221882957-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pgoackgjjkpbkjoomkklkofbhpkbeboc] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [akhdblbjebmbllhinponghfmaekhlhob] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [cckdoammdligdedbakcgnmegjljgipjb] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [clmghkfhfkcfhpccgbafbailibgogkbi] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [eoepodkgpakekgncgnfnijcippobokhp] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gccplojjfpdbeidicabkegekmcplafee] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [hkdmihdclhhoghpojiifklmegjnjkdlh] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [ikdlehiegikpggplngbmpdgnidekfmjn] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [pgoackgjjkpbkjoomkklkofbhpkbeboc] - hxxps://clients2.google.com/service/update2/crx S2 Cegoe; "C:\Users\Samson\AppData\Roaming\Xeeedxi\Xeeedxi.exe" -cms [X] C:\Users\Samson\AppData\Roaming\Xeeedxi R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X] S3 NAVENG; \??\C:\Program Files (x86)\Norton Security with Backup\NortonData\22.8.0.50\Definitions\SDSDefs\20161012.008\ENG64.SYS [X] S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security with Backup\NortonData\22.8.0.50\Definitions\SDSDefs\20161012.008\EX64.SYS [X] C:\Program Files (x86)\SmartPCFixer C:\WINDOWS\SysWOW64\kz.exe C:\Users\Samson\AppData\Local\Temp\HD-LibraryHandler.dll C:\Users\Samson\AppData\Local\Temp\HD-Logger-Native.dll C:\Users\Samson\AppData\Local\Temp\ieframe.dll C:\Users\Samson\AppData\Local\Temp\jre-8u111-windows-au.exe C:\Users\Samson\AppData\Local\Temp\libeay32.dll C:\Users\Samson\AppData\Local\Temp\msvcr120.dll C:\Users\Samson\AppData\Local\Temp\setup_54CB.exe C:\Users\Samson\AppData\Local\Temp\setup_72A2.exe C:\Users\Samson\AppData\Local\Temp\setup_DF35.exe C:\Users\Samson\AppData\Local\Temp\SkypeSetup.exe C:\Users\Samson\AppData\Local\Temp\sqlite3.dll C:\Users\Samson\AppData\Local\Temp\10.tmp.exe C:\Users\Samson\AppData\Local\Temp\100.tmp.exe C:\Users\Samson\AppData\Local\Temp\1000.tmp.exe CMD: ipconfig /flushdns CMD: netsh winsock reset all CMD: netsh int ipv4 reset CMD: netsh int ipv6 reset EmptyTemp: Hosts: End ***************** Restore point was successfully created. Processes closed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DCE31DB1-4836-4CD8-B131-A8E5DAB76448}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DCE31DB1-4836-4CD8-B131-A8E5DAB76448}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => key removed successfully C:\Users\Samson\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk => Shortcut argument removed successfully. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. "HKU\S-1-5-21-1043693715-1181851726-2221882957-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{40C54957-4028-43E2-8047-F02C6A57D31B}" => key removed successfully HKCR\CLSID\{40C54957-4028-43E2-8047-F02C6A57D31B} => key not found. "HKU\S-1-5-21-1043693715-1181851726-2221882957-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9891125E-B064-47C2-9E2E-BC1C79AE9BA0}" => key removed successfully HKCR\CLSID\{9891125E-B064-47C2-9E2E-BC1C79AE9BA0} => key not found. C:\Users\Samson\AppData\Local\Google\Chrome\User Data\ChromeDefaultData => moved successfully C:\Users\Samson\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\cebkcnlhbjapdpofhcokcdhfgpehhajk => moved successfully "HKU\S-1-5-21-1043693715-1181851726-2221882957-1001\SOFTWARE\Google\Chrome\Extensions\akhdblbjebmbllhinponghfmaekhlhob" => key removed successfully "HKU\S-1-5-21-1043693715-1181851726-2221882957-1001\SOFTWARE\Google\Chrome\Extensions\cckdoammdligdedbakcgnmegjljgipjb" => key removed successfully "HKU\S-1-5-21-1043693715-1181851726-2221882957-1001\SOFTWARE\Google\Chrome\Extensions\clmghkfhfkcfhpccgbafbailibgogkbi" => key removed successfully "HKU\S-1-5-21-1043693715-1181851726-2221882957-1001\SOFTWARE\Google\Chrome\Extensions\eoepodkgpakekgncgnfnijcippobokhp" => key removed successfully "HKU\S-1-5-21-1043693715-1181851726-2221882957-1001\SOFTWARE\Google\Chrome\Extensions\gccplojjfpdbeidicabkegekmcplafee" => key removed successfully "HKU\S-1-5-21-1043693715-1181851726-2221882957-1001\SOFTWARE\Google\Chrome\Extensions\hkdmihdclhhoghpojiifklmegjnjkdlh" => key removed successfully "HKU\S-1-5-21-1043693715-1181851726-2221882957-1001\SOFTWARE\Google\Chrome\Extensions\ikdlehiegikpggplngbmpdgnidekfmjn" => key removed successfully "HKU\S-1-5-21-1043693715-1181851726-2221882957-1001\SOFTWARE\Google\Chrome\Extensions\pgoackgjjkpbkjoomkklkofbhpkbeboc" => key removed successfully "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\akhdblbjebmbllhinponghfmaekhlhob" => key removed successfully "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cckdoammdligdedbakcgnmegjljgipjb" => key removed successfully "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\clmghkfhfkcfhpccgbafbailibgogkbi" => key removed successfully "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eoepodkgpakekgncgnfnijcippobokhp" => key removed successfully "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => key removed successfully "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gccplojjfpdbeidicabkegekmcplafee" => key removed successfully "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hkdmihdclhhoghpojiifklmegjnjkdlh" => key removed successfully "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ikdlehiegikpggplngbmpdgnidekfmjn" => key removed successfully "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgoackgjjkpbkjoomkklkofbhpkbeboc" => key removed successfully Cegoe => service removed successfully C:\Users\Samson\AppData\Roaming\Xeeedxi => moved successfully ibtsiva => service removed successfully NAVENG => service removed successfully NAVEX15 => service removed successfully C:\Program Files (x86)\SmartPCFixer => moved successfully C:\WINDOWS\SysWOW64\kz.exe => moved successfully "C:\Users\Samson\AppData\Local\Temp\HD-LibraryHandler.dll" => not found. "C:\Users\Samson\AppData\Local\Temp\HD-Logger-Native.dll" => not found. "C:\Users\Samson\AppData\Local\Temp\ieframe.dll" => not found. "C:\Users\Samson\AppData\Local\Temp\jre-8u111-windows-au.exe" => not found. "C:\Users\Samson\AppData\Local\Temp\libeay32.dll" => not found. "C:\Users\Samson\AppData\Local\Temp\msvcr120.dll" => not found. "C:\Users\Samson\AppData\Local\Temp\setup_54CB.exe" => not found. "C:\Users\Samson\AppData\Local\Temp\setup_72A2.exe" => not found. "C:\Users\Samson\AppData\Local\Temp\setup_DF35.exe" => not found. "C:\Users\Samson\AppData\Local\Temp\SkypeSetup.exe" => not found. "C:\Users\Samson\AppData\Local\Temp\sqlite3.dll" => not found. "C:\Users\Samson\AppData\Local\Temp\10.tmp.exe" => not found. "C:\Users\Samson\AppData\Local\Temp\100.tmp.exe" => not found. "C:\Users\Samson\AppData\Local\Temp\1000.tmp.exe" => not found. ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= ========= netsh winsock reset all ========= Sucessfully reset the Winsock Catalog. You must restart the computer in order to complete the reset. ========= End of CMD: ========= ========= netsh int ipv4 reset ========= Resetting Global, OK! Resetting Interface, OK! Resetting Unicast Address, OK! Resetting Neighbor, OK! Resetting Path, OK! Resetting Route, OK! Resetting , failed. Access is denied. Resetting , OK! Restart the computer to complete this action. ========= End of CMD: ========= ========= netsh int ipv6 reset ========= Resetting Interface, OK! Resetting Neighbor, OK! Resetting Path, OK! Resetting , failed. Access is denied. Resetting , OK! Resetting , OK! Restart the computer to complete this action. ========= End of CMD: ========= C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. =========== EmptyTemp: ========== BITS transfer queue => 0 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 461555637 B Java, Flash, Steam htmlcache => 55277 B Windows/system/drivers => 0 B Edge => 192241754 B Chrome => 16739532 B Firefox => 266384211 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 19758 B NetworkService => 329540 B Samson => 11516918 B RecycleBin => 1632239846 B EmptyTemp: => 2.4 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 22:10:20 ==== AdwCleaner : # AdwCleaner v6.040 - Logfile created 10/12/2016 at 22:29:08 # Updated on 02/12/2016 by Malwarebytes # Database : 2016-12-02.1 [Local] # Operating System : Windows 10 Home (X64) # Username : Sam - LAPTOP-DL6LJGA8 # Running from : C:\Users\Samson\Desktop\AdwCleaner.exe # Mode: Clean # Support : https://www.malwarebytes.com/support ***** [ Services ] ***** ***** [ Folders ] ***** [#] Folder deleted on reboot: C:\Users\Samson\AppData\Local\Microsoft\Performance\Monitor ***** [ Files ] ***** ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled Tasks ] ***** ***** [ Registry ] ***** [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96} [-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\cmptch.com [-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\static.cmptch.com [-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\cmptch.com [-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\static.cmptch.com [#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\cmptch.com [#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\static.cmptch.com [#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\cmptch.com [#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\static.cmptch.com ***** [ Web browsers ] ***** ************************* :: "Tracing" keys deleted :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [2685 Bytes] - [10/12/2016 22:29:08] C:\AdwCleaner\AdwCleaner[s0].txt - [2924 Bytes] - [10/12/2016 22:26:31] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2831 Bytes] ########## JRT : ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.0.9 (09.30.2016) Operating System: Windows 10 Home x64 Ran by Sam (Administrator) on 10-12-2016 at 23:10:19.84 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 14 Successfully deleted: C:\ProgramData\1473003670.bdinstall.bin (File) Successfully deleted: C:\ProgramData\1481112663.bdinstall.bin (File) Successfully deleted: C:\ProgramData\1481124870.bdinstall.bin (File) Successfully deleted: C:\Users\Samson\AppData\Local\{B5F70934-5E12-42d2-882D-62D42EA1FA67} (Empty Folder) Successfully deleted: C:\Users\Samson\Appdata\LocalLow\company (Folder) Successfully deleted: C:\Users\Samson\Documents\add-in express (Folder) Successfully deleted: C:\WINDOWS\fiddlercore4.dll (File) Successfully deleted: C:\WINDOWS\system32\Tasks\PCDEventLauncherTask (Task) Successfully deleted: C:\WINDOWS\system32\Tasks\PCDoctorBackgroundMonitorTask-Retry (Task) Successfully deleted: C:\WINDOWS\system32\Tasks\PCDoctorBackgroundMonitorTask (Task) Successfully deleted: C:\WINDOWS\system32\Tasks\WinDriver (Task) Successfully deleted: C:\WINDOWS\prefetch\DRIVERIDENTIFIER.EXE-3EF218FC.pf (File) Successfully deleted: C:\WINDOWS\prefetch\DRIVERTUNER.EXE-B15988C2.pf (File) Successfully deleted: C:\WINDOWS\prefetch\DRIVERTUNER_SETUP.TMP-014089E5.pf (File) Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 10-12-2016 at 23:12:13.40 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  13. Except Smadav and Malwarebyte i don't have any.. I used avast sometimes before and avira a long before..
  14. Addition.txt Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2016 Ran by Sam (10-12-2016 12:41:17) Running from C:\Users\Samson\Desktop Windows 10 Home Version 1607 (X64) (2016-09-27 15:53:20) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1043693715-1181851726-2221882957-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-1043693715-1181851726-2221882957-503 - Limited - Disabled) Guest (S-1-5-21-1043693715-1181851726-2221882957-501 - Limited - Disabled) Sam (S-1-5-21-1043693715-1181851726-2221882957-1001 - Administrator - Enabled) => C:\Users\Samson ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 22 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated) Adobe Photoshop CS (HKLM-x32\...\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}) (Version: CS - Adobe Systems, Inc.) Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated) Adobe Photoshop Lightroom 4.1 64-bit (HKLM\...\{F7ADB493-B913-4D61-9A63-DA736C20C3F2}) (Version: 4.1.2 - Adobe) B1 Free Archiver (HKLM-x32\...\B1FreeArchiver) (Version: 0.0.0.0 - Catalina Group Ltd) BitTorrent (HKU\S-1-5-21-1043693715-1181851726-2221882957-1001\...\BitTorrent) (Version: 7.9.9.42974 - BitTorrent Inc.) CyberLink Power Media Player 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5627.59 - CyberLink Corp.) Dell Data Vault (Version: 4.3.5.1 - Dell Inc.) Hidden Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.3.6855.61 - Dell) Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.1.14 - Dell) Dell System Detect (HKU\S-1-5-21-1043693715-1181851726-2221882957-1001\...\58d94f3ce2c27db0) (Version: 7.6.0.17 - Dell) DriverIdentifier 5.1 (HKLM-x32\...\{40A3E5DB-5EF8-4F04-BF3E-7AB87C4AE85A}_is1) (Version: - DriverIdentifier) F1 2014 (HKLM-x32\...\RjEyMDE0_is1) (Version: 1 - ) GlassFish Server Open Source Edition 4.0 (HKLM\...\nbi-glassfish-mod-4.0.0.89.0) (Version: - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.75 - Google Inc.) Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden Intel® Chipset Device Software (x32 Version: 10.1.1.7 - Intel® Corporation) Hidden Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4300 - Intel Corporation) Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.253.0 - Intel Corporation) Intel® WiDi (HKLM\...\{76FAF7E1-52D0-49F7-A627-E78303F9C7EF}) (Version: 6.0.39.0 - Intel Corporation) Intel® WiDi Software Asset Manager (x32 Version: 1.1.347 - Intel Corporation) Hidden Intel® Wireless Bluetooth® (HKLM-x32\...\{DC5673D2-228D-45BC-B9BB-9610CE67DFC0}) (Version: 17.1.1524.1353 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{4544164b-edf0-455c-b150-bed7109d751e}) (Version: 18.11.0 - Intel Corporation) Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.) Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation) Java SE Development Kit 7 Update 40 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170400}) (Version: 1.7.0.400 - Oracle) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Maxx Audio Installer (x64) (Version: 2.6.6168.9 - Waves Audio Ltd.) Hidden Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Mozilla Firefox 50.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.0.2 (x86 en-US)) (Version: 50.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.0.2 - Mozilla) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) NetBeans IDE 7.4 (HKLM\...\nbi-nb-base-7.4.0.0.201310111528) (Version: 7.4 - NetBeans.org) NVIDIA PhysX (HKLM-x32\...\{9530AE42-DAE1-4619-9594-B23487285D17}) (Version: 9.11.1107 - NVIDIA Corporation) NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.17.12.6514 - NVIDIA Corporation) Opera beta 42.0.2393.78 (HKLM-x32\...\Opera 42.0.2393.78) (Version: 42.0.2393.78 - Opera Software) PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden PhotoInstrument 4.5 (HKLM-x32\...\{5A7A2AED-781B-45DC-AAF6-EAA3A9370C83}}_is1) (Version: - Fatykhov Timur) Python 2.7.12 (64-bit) (HKLM\...\{9DA28CE5-0AA5-429E-86D8-686ED898C666}) (Version: 2.7.12150 - Python Software Foundation) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.31213 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.) Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.) SMADAV version 11.0 (HKLM-x32\...\{8B9FA5FF-3E61-4658-B0DA-E6DDB46D6BAD}_is1) (Version: 11.0 - Smadsoft) TorrentsTime Media Player (HKLM\...\TorrentsTime Media Player_is1) (Version: 1.1.6.8 - TorrentsTime) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN) Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation) Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {02D415B0-03A3-4995-8921-BE8D4E9E0747} - System32\Tasks\Opera scheduled Autoupdate 1476690476 => C:\Program Files (x86)\Opera beta\launcher.exe [2016-12-07] (Opera Software) Task: {1594B5FB-DCD8-4EEF-84B9-5224D97BD3AF} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-09-30] (Dell Inc.) Task: {161DF4D4-B6DF-41F1-BD35-5D924A5C6473} - System32\Tasks\PCDoctorBackgroundMonitorTask-Retry => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2016-09-13] (PC-Doctor, Inc.) Task: {476B9EEB-74D5-42EC-A9C7-8A6CA10E0A2A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-10] (Google Inc.) Task: {48CDD171-440C-44A3-A67B-34E82E664A2B} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2015-06-06] (Intel Corporation) Task: {4A17DC09-EF3D-49C1-AA10-F0847E6B3B08} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-12-08] (Microsoft Corporation) Task: {4B6E9525-C7D9-4B7E-BF16-CA621D1AEFC8} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-06-17] (Intel Corporation) Task: {4CBC8B73-883F-4A4A-9C42-C55DB1987839} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2016-09-13] (PC-Doctor, Inc.) Task: {729C3E22-25F7-4FAC-A47F-2C3EB4701743} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-06-17] (Intel Corporation) Task: {8F1D8DBA-EACD-414E-92AE-5646522FCA85} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-10] (Google Inc.) Task: {91E22760-AF17-4BC6-8F1D-ECCEE9FA3F82} - System32\Tasks\{FFAD7D26-5D86-4698-8D97-3C1EDE66C8D8} => pcalua.exe -a "C:\Extras\sai games\Need for Speed The Run\Need For Speed The Run.exe" -d "C:\Extras\sai games\Need for Speed The Run" Task: {9E016BCB-A807-4E8E-A82A-434DB9F0768B} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe Task: {A7D75D42-80B4-4E81-9A59-EEB146885E11} - System32\Tasks\WinDriver => slp.exe Task: {AE76811A-53AD-45C9-B496-5FC3FA68A971} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe Task: {C581B295-9A6E-4771-8489-C4B90A2E6085} - System32\Tasks\WinVDA => slp.exe Task: {C6F36D12-4E11-4C45-9CF9-AE82CF38162C} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2016-09-13] (PC-Doctor, Inc.) Task: {DCE31DB1-4836-4CD8-B131-A8E5DAB76448} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION Task: {DF1D4514-3441-492B-A9F2-8759CCEEA20C} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-04-29] (Realtek Semiconductor) Task: {E85BFF72-38CD-4959-BF21-5280C362250F} - System32\Tasks\smadav => C:\Program Files (x86)\Smadav\SMΔRTP.exe [2016-10-13] (Smadsoft) Task: {EDACCBDD-5C43-4A21-BB87-48392CF52139} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\Samson\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1" --disable-quic ==================== Loaded Modules (Whitelisted) ============== 2016-07-16 17:12 - 2016-07-16 17:12 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-10-03 16:09 - 2016-09-15 22:55 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2015-11-16 08:16 - 2015-11-16 08:16 - 00395368 _____ () C:\WINDOWS\system32\igfxTray.exe 2016-10-03 16:09 - 2016-09-15 22:55 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll 2016-12-08 11:25 - 2016-12-08 11:25 - 01864384 _____ () C:\Users\Samson\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll 2016-09-28 10:12 - 2016-09-28 10:12 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2016-11-10 00:23 - 2016-11-02 16:00 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2016-11-10 00:22 - 2016-11-02 15:51 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-11-10 00:23 - 2016-11-02 15:45 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-11-10 00:23 - 2016-11-02 15:44 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2016-11-10 00:22 - 2016-11-02 15:45 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2016-11-10 00:22 - 2016-11-02 15:46 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-11-10 00:23 - 2016-11-02 15:47 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-03-10 10:46 - 2015-03-11 06:59 - 00454656 _____ () C:\Program Files (x86)\Reliance Wi-Pod\CheckNDISPort.exe 2016-02-13 18:43 - 2015-11-24 01:47 - 03843584 _____ () C:\Program Files (x86)\TorrentsTime Media Player\bin\torrent.dll 2016-12-08 11:25 - 2016-12-08 11:25 - 01383616 _____ () C:\Users\Samson\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll 2016-03-10 10:46 - 2015-03-11 06:58 - 00335872 _____ () C:\Program Files (x86)\Reliance Wi-Pod\Helper.dll 2016-03-10 10:46 - 2015-03-11 06:58 - 00851968 _____ () C:\Program Files (x86)\Reliance Wi-Pod\Runtime.dll 2016-03-10 10:46 - 2015-03-11 06:58 - 00026624 _____ () C:\Program Files (x86)\Reliance Wi-Pod\Threading.dll 2016-03-10 10:46 - 2015-03-04 12:17 - 00971776 _____ () C:\Program Files (x86)\Reliance Wi-Pod\libxml2.dll 2016-03-10 10:46 - 2015-03-04 12:17 - 00290904 _____ () C:\Program Files (x86)\Reliance Wi-Pod\libxslt.dll 2016-03-10 10:46 - 2015-03-04 12:17 - 00073728 _____ () C:\Program Files (x86)\Reliance Wi-Pod\zlib1.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-07-10 16:34 - 2016-12-07 14:31 - 00001006 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 down.baidu2016.com 127.0.0.1 123.sogou.com 127.0.0.1 www.czzsyzgm.com 127.0.0.1 www.czzsyzxl.com 127.0.0.1 union.baidu2019.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1043693715-1181851726-2221882957-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Samson\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{4745ae1b-74d6-4179-ac98-e4ef6dd3e4a0}.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\StartupFolder: => "WinZip Preloader.lnk" HKLM\...\StartupApproved\StartupFolder: => "Update Notifier.lnk" HKU\S-1-5-21-1043693715-1181851726-2221882957-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-1043693715-1181851726-2221882957-1001\...\StartupApproved\Run: => "IKIKMOIJ9H" HKU\S-1-5-21-1043693715-1181851726-2221882957-1001\...\StartupApproved\Run: => "98E1DZWTFF" HKU\S-1-5-21-1043693715-1181851726-2221882957-1001\...\StartupApproved\Run: => "D1SLWN76VW" HKU\S-1-5-21-1043693715-1181851726-2221882957-1001\...\StartupApproved\Run: => "Feeder" HKU\S-1-5-21-1043693715-1181851726-2221882957-1001\...\StartupApproved\Run: => "Mojorojoup" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => LPort=139 FirewallRules: [uDP Query User{E6E3CBAC-EA2A-4294-9EA0-CC8AF46E2C1F}C:\program files (x86)\cisco packet tracer 6.2sv\bin\packettracer6.exe] => C:\program files (x86)\cisco packet tracer 6.2sv\bin\packettracer6.exe FirewallRules: [TCP Query User{D22E7A06-D361-442A-9BC0-F555A7DE5D72}C:\program files (x86)\cisco packet tracer 6.2sv\bin\packettracer6.exe] => C:\program files (x86)\cisco packet tracer 6.2sv\bin\packettracer6.exe FirewallRules: [uDP Query User{6A693FEB-047B-48D5-BAA7-E0BFB22179D7}C:\windows\system32\rundll32.exe] => C:\windows\system32\rundll32.exe FirewallRules: [TCP Query User{DB4F2383-C82F-4AA2-A95C-12BBBBB146CE}C:\windows\system32\rundll32.exe] => C:\windows\system32\rundll32.exe FirewallRules: [uDP Query User{3FB83EF7-1B61-45B6-A859-8AD25A9E9199}C:\games\murdered.soul.suspect-kaos\binaries\win64\murdered.exe] => C:\games\murdered.soul.suspect-kaos\binaries\win64\murdered.exe FirewallRules: [TCP Query User{9DD351E4-20D3-407A-A871-2695668EA999}C:\games\murdered.soul.suspect-kaos\binaries\win64\murdered.exe] => C:\games\murdered.soul.suspect-kaos\binaries\win64\murdered.exe FirewallRules: [uDP Query User{47C653FB-6FA7-44EA-A69A-518B404D77AB}C:\program files (x86)\r.g. mechanics\enemy front\bin32\enemyfront.exe] => C:\program files (x86)\r.g. mechanics\enemy front\bin32\enemyfront.exe FirewallRules: [TCP Query User{C1ACEE3C-2191-4BA3-A083-EB0F1FDDD8B5}C:\program files (x86)\r.g. mechanics\enemy front\bin32\enemyfront.exe] => C:\program files (x86)\r.g. mechanics\enemy front\bin32\enemyfront.exe FirewallRules: [uDP Query User{F7ACE36C-BA5E-4522-8481-9D66305C5855}C:\users\samson\desktop\ipmsg new ver.exe] => C:\users\samson\desktop\ipmsg new ver.exe FirewallRules: [TCP Query User{DC325447-3286-41B8-AA94-60544EDFE77E}C:\users\samson\desktop\ipmsg new ver.exe] => C:\users\samson\desktop\ipmsg new ver.exe FirewallRules: [{7DD15DF0-3DD0-49DC-89A0-56BB784EC3AC}] => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe FirewallRules: [{65938AA9-6792-4C1C-B5ED-E9CAB235B29F}] => C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe FirewallRules: [{1515C8BA-CC7A-447F-BCBC-45868D057A85}] => C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe FirewallRules: [{B41AF535-58DE-434C-A9CF-DB215C96AEF9}] => C:\Program Files\Intel Corporation\Intel WiDi\WiDiAppOld.exe FirewallRules: [{19D0A017-5399-48C5-AB0F-453EA2787076}] => C:\Program Files\Intel Corporation\Intel WiDi\Next\WirelessDisplay.exe FirewallRules: [{AF40A67E-6E39-4C2E-97F6-5E624E0CEF8C}] => C:\Program Files\Intel Corporation\Intel WiDi\SmartAgentTest.exe FirewallRules: [{47FF4F18-39B2-427D-A450-4079C77A4C92}] => C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe FirewallRules: [TCP Query User{A1989828-8765-4D70-BEFF-237C0A7AB961}C:\users\samson\appdata\roaming\bittorrent\bittorrent.exe] => C:\users\samson\appdata\roaming\bittorrent\bittorrent.exe FirewallRules: [uDP Query User{4DC12A61-E699-40BE-A150-754D442BC324}C:\users\samson\appdata\roaming\bittorrent\bittorrent.exe] => C:\users\samson\appdata\roaming\bittorrent\bittorrent.exe FirewallRules: [{61F4A9E0-B217-4DB2-945E-1FCFCD15B35F}] => C:\Program Files (x86)\TorrentsTime Media Player\bin\chromecast\node.exe FirewallRules: [{0A2C5BB7-F0A3-4802-827C-048D5828405A}] => C:\Program Files (x86)\TorrentsTime Media Player\bin\chromecast\node.exe FirewallRules: [{9FFB5890-9F78-423A-A4FF-6EE4D55D6EC1}] => C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [TCP Query User{BC49DC96-E455-448B-9F3E-308B56A0DF26}C:\program files (x86)\battlefield 4\bf4.exe] => C:\program files (x86)\battlefield 4\bf4.exe FirewallRules: [uDP Query User{D231069E-33EA-4B54-A3CD-D5C889FD31F0}C:\program files (x86)\battlefield 4\bf4.exe] => C:\program files (x86)\battlefield 4\bf4.exe FirewallRules: [{5BBFB31D-18FA-41C7-A268-5C841517FD71}] => C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe FirewallRules: [TCP Query User{E5322061-65D6-4F5C-982D-247B733F35B5}C:\users\samson\appdata\roaming\bittorrent\bittorrent.exe] => C:\users\samson\appdata\roaming\bittorrent\bittorrent.exe FirewallRules: [uDP Query User{104B9AC1-28B7-4099-8AE6-63CA1B18D624}C:\users\samson\appdata\roaming\bittorrent\bittorrent.exe] => C:\users\samson\appdata\roaming\bittorrent\bittorrent.exe FirewallRules: [{3BEEF2E7-49A0-46CD-B551-9BB8D64DDC7E}] => C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe FirewallRules: [{35696B18-3DAC-4F0D-AEAA-4C61D48C2A0D}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{D4ADB908-ACD9-4D41-88D9-A7191B7CEE2D}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{31AABD44-02F7-44C7-BDA6-6D255A0D4647}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Restore Points ========================= ==================== Faulty Device Manager Devices ============= Name: HID-compliant touch screen Description: HID-compliant touch screen Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da} Manufacturer: (Standard system devices) Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (12/10/2016 11:48:58 AM) (Source: ESENT) (EventID: 489) (User: ) Description: firefox (4648) An attempt to open the file "C:\Users\Samson\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.edb" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8). Error: (12/10/2016 11:17:49 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. Error: (12/09/2016 02:56:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: LAPTOP-DL6LJGA8) Description: Package Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy+CortanaUI was terminated because it took too long to suspend. Error: (12/09/2016 11:46:38 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Music.UI.exe, version: 10.16102.1034.0, time stamp: 0x582f5ce3 Faulting module name: Music.UI.exe, version: 10.16102.1034.0, time stamp: 0x582f5ce3 Exception code: 0x80000003 Fault offset: 0x0000000000046737 Faulting process id: 0x4a8 Faulting application start time: 0x01d251e25cd34369 Faulting application path: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.16102.10341.0_x64__8wekyb3d8bbwe\Music.UI.exe Faulting module path: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.16102.10341.0_x64__8wekyb3d8bbwe\Music.UI.exe Report Id: 7bb4c61f-c9fd-403b-8a45-b75fd31081ea Faulting package full name: Microsoft.ZuneMusic_10.16102.10341.0_x64__8wekyb3d8bbwe Faulting package-relative application ID: Microsoft.ZuneMusic Error: (12/09/2016 11:20:59 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: AdwCleaner.exe, version: 6.0.4.0, time stamp: 0x5841ceb4 Faulting module name: AdwCleaner.exe, version: 6.0.4.0, time stamp: 0x5841ceb4 Exception code: 0xc0000005 Fault offset: 0x00020fea Faulting process id: 0x2544 Faulting application start time: 0x01d251dfd56300b5 Faulting application path: C:\Users\Samson\Downloads\AdwCleaner.exe Faulting module path: C:\Users\Samson\Downloads\AdwCleaner.exe Report Id: 5acc35f4-2b8e-4520-b9be-4654af17e76a Faulting package full name: Faulting package-relative application ID: Error: (12/09/2016 09:50:52 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: CompatTelRunner.exe, version: 10.0.14913.1002, time stamp: 0x57d1070d Faulting module name: devinv.dll, version: 10.0.14913.1002, time stamp: 0x57d10950 Exception code: 0xc0000005 Fault offset: 0x0000000000023c00 Faulting process id: 0x13c4 Faulting application start time: 0x01d251cce3b40a09 Faulting application path: C:\WINDOWS\system32\CompatTelRunner.exe Faulting module path: C:\WINDOWS\system32\devinv.dll Report Id: 4e611d9d-f7f1-4350-a6e1-5a3348460865 Faulting package full name: Faulting package-relative application ID: Error: (12/09/2016 12:51:27 AM) (Source: Perflib) (EventID: 1023) (User: ) Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code. Error: (12/09/2016 12:51:23 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. Error: (12/08/2016 07:02:36 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP-DL6LJGA8) Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (12/08/2016 06:56:30 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP-DL6LJGA8) Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information. System errors: ============= Error: (12/10/2016 12:02:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/10/2016 11:54:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Cegoe service failed to start due to the following error: The system cannot find the file specified. Error: (12/10/2016 11:54:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The wscsvc service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process. Error: (12/10/2016 11:14:19 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/10/2016 02:02:00 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/10/2016 02:01:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The wscsvc service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process. Error: (12/10/2016 02:01:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Cegoe service failed to start due to the following error: The system cannot find the file specified. Error: (12/09/2016 10:27:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/09/2016 10:15:08 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/09/2016 10:13:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The wscsvc service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process. CodeIntegrity: =================================== Date: 2016-12-09 22:11:43.681 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume3\Program Files\Windows Defender\NisSrv.exe that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-12-09 22:11:39.859 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-12-09 22:07:28.979 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-12-02 21:04:35.935 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-11-19 15:17:39.467 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-11-06 16:12:54.163 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-10-31 15:04:08.177 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-10-18 23:31:48.526 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-10-17 21:31:38.804 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-10-13 20:32:41.623 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel® Core i5-4210U CPU @ 1.70GHz Percentage of memory in use: 41% Total physical RAM: 8108.61 MB Available physical RAM: 4768.67 MB Total Virtual: 30508.61 MB Available Virtual: 27012.39 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.71 GB) (Free:53.81 GB) NTFS Drive d: (Local Disk) (Fixed) (Total:200 GB) (Free:73.16 GB) NTFS Drive e: (Local Disk) (Fixed) (Total:150 GB) (Free:28.08 GB) NTFS Drive f: (Local Disk) (Fixed) (Total:114.36 GB) (Free:21.47 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 341B5912) Partition: GPT. ==================== End of Addition.txt ============================ FRST.txt has almost 63k lines.. Can i upload the files here?
×
×
  • Create New...