Author Topic: A new friend needs help...  (Read 12409 times)

0 Members and 1 Guest are viewing this topic.

Offline DR M

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 1606
  • Keep on keeping on.
    • View Profile
    • Grecian Geek Genius
A new friend needs help...
« on: August 26, 2017, 03:37:44 PM »
Hi, Corrine. :)

Chara is a friend, and she would like you to take a look at her computer. I have already uninstalled some programs, and installed others. and now I'm posting the required logs.

SECURITY SCAN:


Result of Security Analysis by Rocket Grannie (x86) Updated: 25th August, 2017
Running from:C:\Users\Chara\Desktop (19:25:49 - 08/26/2017)
***---------------------------------------------------------***
Microsoft Windows 8.1 X64
UAC is Enabled
Internet Explorer 11
Default Browser:
***------------Antivirus - Antispyware - Firewall-----------***
Windows Defender (Disabled - up to Date)
Malwarebytes (Enabled - up to Date)
Malwarebytes (Enabled - up to Date)
Windows Defender (Disabled - up to Date)
Windows Firewall (Enabled)
No other Firewall Installed
***-------Security Programs - Browsers - Miscellaneous------***
Adobe Flash Player NPAPI (26.0.0.151)
Malwarebytes (3.2.2.2018)
Microsoft Silverlight (5.1.50907.0)
Pale Moon (27.4.2)
Windows Live Essentials (16.4.3505.0912) ==> is no longer supported
WinPatrol (35.5.2017.8)

***----------------Analysis Complete-------------------------***


FRST64 LOG:


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
Ran by Chara (administrator) on CHARAMAK (26-08-2017 19:28:53)
Running from C:\Users\Chara\Desktop
Loaded Profiles: Chara (Available Profiles: Chara)
Platform: Windows 8.1 (Update) (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Ruiware) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Dropbox, Inc.) C:\Users\Chara\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Dropbox, Inc.) C:\Users\Chara\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc.) C:\Users\Chara\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(MyCity) C:\Program Files (x86)\MCShield\MCShieldRTM.exe
(Moonchild Productions) C:\Program Files (x86)\Pale Moon\palemoon.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7156296 2013-03-08] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3053808 2013-10-08] (Synaptics Incorporated)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163640 2017-08-13] (IvoSoft)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-03-11] (Hewlett-Packard Company)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-02-25] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2015-06-08] (Power Software Ltd)
HKU\S-1-5-21-1135430969-821980154-205310625-1002\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1223560 2017-05-08] (Ruiware)
HKU\S-1-5-21-1135430969-821980154-205310625-1002\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-1135430969-821980154-205310625-1002\...\MountPoints2: G - "G:\SETUP.EXE"
HKU\S-1-5-21-1135430969-821980154-205310625-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\WLXPGSS.SCR [322048 2012-09-12] (Microsoft Corporation)
Startup: C:\Users\Chara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2017-08-24]
ShortcutTarget: Dropbox.lnk -> C:\Users\Chara\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Chara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2014-10-31]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (No File)
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{22E9B889-1675-4F41-B05A-B6FF4D238690}: [DhcpNameServer] 192.168.10.254
Tcpip\..\Interfaces\{3B8797D1-77D7-4F3F-91D3-C004D8DC6D57}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HPNTDFJS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NIS&pvid=21.6.0.32
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NIS&pvid=21.6.0.32
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NIS&pvid=21.6.0.32
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NIS&pvid=21.6.0.32
HKU\S-1-5-21-1135430969-821980154-205310625-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com.cy/?gws_rd=ssl
HKU\S-1-5-21-1135430969-821980154-205310625-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\S-1-5-21-1135430969-821980154-205310625-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1135430969-821980154-205310625-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-1135430969-821980154-205310625-1002 - (No Name) - {0953a3a2-9223-4990-a1c9-efb4d4686ef2} - C:\Program Files (x86)\PopularScreensavers_7i\bar\1.bin\7iSrcAs.dll No File
SearchScopes: HKLM -> {259FA9CE-E339-45B4-9C81-76174B1BD98F} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {259FA9CE-E339-45B4-9C81-76174B1BD98F} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1135430969-821980154-205310625-1002 -> {259FA9CE-E339-45B4-9C81-76174B1BD98F} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1135430969-821980154-205310625-1002 -> {9A8547D7-76CB-4151-9E04-46DD55D45211} URL = hxxp://www.mysearchresults.com/search?c=3523&t=01&q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2017-07-11] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
BHO: AppGraffiti -> {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} -> C:\PROGRA~2\APPGRA~1\APPGRA~2.DLL => No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\OFFICE15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2017-08-13] (IvoSoft)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-06-13] (Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-13] (IvoSoft)
BHO-x32: AppGraffiti -> {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} -> C:\PROGRA~2\APPGRA~1\APPGRA~1.DLL => No File
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2012-07-09] (Hewlett-Packard)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2017-08-13] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-13] (IvoSoft)
Toolbar: HKU\S-1-5-21-1135430969-821980154-205310625-1002 -> No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} -  No File
Toolbar: HKU\S-1-5-21-1135430969-821980154-205310625-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File

FireFox:
========
FF DefaultProfile: awvqwlym.default
FF DefaultProfile: mi9cfi3g.default
FF ProfilePath: C:\Users\Chara\AppData\Roaming\Mozilla\Firefox\Profiles\awvqwlym.default [2017-03-28]
FF ProfilePath: C:\Users\Chara\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\mi9cfi3g.default [2017-08-26]
FF Homepage: Moonchild Productions\Pale Moon\Profiles\mi9cfi3g.default -> www.google.com
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-08-26] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-26] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-08-27] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @popularscreensavers.com/Plugin -> C:\Program Files (x86)\PopularScreensavers\NPp5Stub.dll [No File]
FF Plugin-x32: @PopularScreensavers_7i.com/Plugin -> C:\Program Files (x86)\PopularScreensavers_7i\bar\1.bin\NP7iStub.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-08-27] (Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> msn.com
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR NewTab: Default ->  Active:"chrome-extension://aipfmkinhleccnodemkoofnnofpbbpac/redirect.html"
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxp://www.bing.com/osjson.aspx?FORM=__PARAM__DF&PC=__PARAM__&query={searchTerms}
CHR Profile: C:\Users\Chara\AppData\Local\Google\Chrome\User Data\Default [2017-08-26]
CHR Extension: (Google Slides) - C:\Users\Chara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-27]
CHR Extension: (Search-Gol Toolbar) - C:\Users\Chara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aipfmkinhleccnodemkoofnnofpbbpac [2013-10-01] [UpdateUrl: hxxp://img.delta-search.com/ext/chrome/update/update-delta.xml] <==== ATTENTION
CHR Extension: (Google Docs) - C:\Users\Chara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-27]
CHR Extension: (Google Drive) - C:\Users\Chara\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (YouTube) - C:\Users\Chara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (Google Search) - C:\Users\Chara\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Bing) - C:\Users\Chara\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2016-09-03]
CHR Extension: (Google Sheets) - C:\Users\Chara\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-27]
CHR Extension: (ObviousIdea) - C:\Users\Chara\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnefekibahpibgnllfjpckodgobkpije [2014-09-23] [UpdateUrl: hxxp://www.obviousidea.us/pa/chrome-updates/] <==== ATTENTION
CHR Extension: (Google Docs Offline) - C:\Users\Chara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-20]
CHR Extension: (RealDownloader) - C:\Users\Chara\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-11-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Chara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-25]
CHR Extension: (WebSite Recommendation) - C:\Users\Chara\AppData\Local\Google\Chrome\User Data\Default\Extensions\olakgnkoldmagdblaalodobkmeokmgjj [2013-12-28]
CHR Extension: (Gmail) - C:\Users\Chara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-16]
CHR Extension: (Chrome Media Router) - C:\Users\Chara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-09]
CHR Extension: (AppGraffiti) - C:\Program Files (x86)\AppGraffiti\chrome\ []
CHR HKU\S-1-5-21-1135430969-821980154-205310625-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fnefekibahpibgnllfjpckodgobkpije] - C:\Users\Chara\AppData\Local\ObviousIdea\extension.crx [2013-05-07]
CHR HKLM-x32\...\Chrome\Extension: [hendmekoldfacfhlojkjcnbjegkahclb] - C:\Program Files (x86)\diamondata\hendmekoldfacfhlojkjcnbjegkahclb.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [103424 2013-04-16] () [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-02-01] (Hewlett-Packard Development Company, L.P.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [239176 2013-02-20] (Realtek Semiconductor)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
S2 ekrn; "C:\Program Files\ESET\ESET Smart Security\ekrn.exe" [X]
S2 PopularScreensavers_7iService; C:\Program Files (x86)\PopularScreensavers_7i\bar\1.bin\7ibarsvc.exe [X]
S2 Update diamondata; "C:\Program Files (x86)\diamondata\updatediamondata.exe" [X]
S2 Util diamondata; "C:\Program Files (x86)\diamondata\bin\utildiamondata.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdAS4; C:\WINDOWS\System32\drivers\AmdAS4.sys [17504 2013-02-08] (Advanced Micro Devices, INC.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdW86.sys [94208 2013-02-15] (Advanced Micro Devices)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [132272 2017-01-17] (ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [106768 2017-01-17] (ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15488 2016-06-23] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [180544 2017-01-17] (ESET)
R2 ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [49672 2017-01-17] (ESET)
R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [77616 2017-01-17] (ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [96856 2017-01-17] (ESET)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-08-24] ()
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [192960 2017-08-26] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [101824 2017-08-26] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [45472 2017-08-26] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [253888 2017-08-26] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [94144 2017-08-26] (Malwarebytes)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [288328 2013-01-24] (Realtek Semiconductor Corp.)
S3 RTSPER; C:\WINDOWS\System32\DRIVERS\RtsPer.sys [448072 2013-02-02] (RTS Corporation)
R3 RTWlanE; C:\WINDOWS\system32\DRIVERS\rtwlane.sys [3068120 2014-01-13] (Realtek Semiconductor Corporation )
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [28400 2013-02-06] (Synaptics Incorporated)
S3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [31984 2013-02-06] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-26 19:28 - 2017-08-26 19:30 - 000022887 _____ C:\Users\Chara\Desktop\FRST.txt
2017-08-26 19:28 - 2017-08-26 19:28 - 000000000 ____D C:\FRST
2017-08-26 19:25 - 2017-08-26 19:26 - 000000921 _____ C:\Users\Chara\Desktop\SALog.txt
2017-08-26 19:23 - 2017-08-26 19:23 - 002395648 _____ (Farbar) C:\Users\Chara\Desktop\FRST64.exe
2017-08-26 19:23 - 2017-08-26 19:23 - 000899584 _____ C:\Users\Chara\Desktop\RGSA.exe
2017-08-26 19:20 - 2017-08-26 19:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield
2017-08-26 19:20 - 2017-08-26 19:20 - 000000000 ____D C:\ProgramData\MCShield
2017-08-26 19:20 - 2017-08-26 19:20 - 000000000 ____D C:\Program Files (x86)\MCShield
2017-08-26 19:17 - 2017-08-26 19:19 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-08-26 19:17 - 2017-08-26 19:17 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-08-26 19:17 - 2017-08-26 19:17 - 000192960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-08-26 19:17 - 2017-08-26 19:17 - 000101824 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-08-26 19:17 - 2017-08-26 19:17 - 000045472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-08-26 19:17 - 2017-08-26 19:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-08-26 19:17 - 2017-08-26 19:17 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-08-26 19:17 - 2017-08-26 19:17 - 000000000 ____D C:\Program Files\Malwarebytes
2017-08-26 19:17 - 2017-08-24 11:27 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-08-26 19:04 - 2017-08-26 19:05 - 000000000 ____D C:\Users\Chara\AppData\Roaming\WinPatrol
2017-08-26 19:04 - 2017-08-26 19:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2017-08-26 19:04 - 2017-08-26 19:04 - 000000000 ____D C:\ProgramData\InstallMate
2017-08-26 19:04 - 2017-08-26 19:04 - 000000000 ____D C:\Program Files (x86)\Ruiware
2017-08-26 19:02 - 2017-08-26 19:03 - 000000000 ____D C:\Users\Chara\Desktop\DESKTOP 26.8.2017
2017-08-26 18:55 - 2017-08-26 18:55 - 004860560 _____ (Krzysztof Kowalczyk) C:\Users\Chara\Downloads\SumatraPDF-3.1.2-install.exe
2017-08-26 18:55 - 2017-08-26 18:55 - 000001948 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SumatraPDF.lnk
2017-08-26 18:55 - 2017-08-26 18:55 - 000000000 ____D C:\Users\Chara\AppData\Roaming\SumatraPDF
2017-08-26 18:55 - 2017-08-26 18:55 - 000000000 ____D C:\Program Files (x86)\SumatraPDF
2017-08-26 18:50 - 2017-08-26 18:50 - 000000000 ____D C:\Users\Chara\AppData\Roaming\Moonchild Productions
2017-08-26 18:50 - 2017-08-26 18:50 - 000000000 ____D C:\Users\Chara\AppData\Local\Moonchild Productions
2017-08-26 18:47 - 2017-08-26 18:47 - 000001143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pale Moon.lnk
2017-08-26 18:47 - 2017-08-26 18:47 - 000000000 ____D C:\Program Files (x86)\Pale Moon
2017-08-26 18:39 - 2017-08-26 19:26 - 000000000 ____D C:\Users\Chara\AppData\Local\ClassicShell
2017-08-26 18:39 - 2017-08-26 18:39 - 000000000 ____D C:\Users\Chara\AppData\Roaming\ClassicShell
2017-08-26 18:39 - 2017-08-26 18:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
2017-08-26 18:39 - 2017-08-26 18:39 - 000000000 ____D C:\ProgramData\ClassicShell
2017-08-26 18:39 - 2017-08-26 18:39 - 000000000 ____D C:\Program Files\Classic Shell
2017-08-26 18:33 - 2017-08-26 18:33 - 000003362 _____ C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1135430969-821980154-205310625-1002
2017-08-26 18:33 - 2017-08-26 18:33 - 000003306 _____ C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1135430969-821980154-205310625-1002
2017-08-24 23:08 - 2017-08-24 23:08 - 000000000 ____D C:\Users\Chara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-08-18 22:29 - 2017-08-25 22:08 - 000000000 ____D C:\Users\Chara\AppData\Local\Viber
2017-08-13 08:49 - 2017-08-13 08:49 - 000291128 _____ (IvoSoft) C:\WINDOWS\system32\StartMenuHelper64.dll
2017-08-13 08:49 - 2017-08-13 08:49 - 000248120 _____ (IvoSoft) C:\WINDOWS\SysWOW64\StartMenuHelper32.dll
2017-08-09 00:41 - 2017-07-21 16:40 - 000518144 _____ C:\WINDOWS\SysWOW64\msjetoledb40.dll
2017-08-09 00:41 - 2017-07-21 16:40 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjtes40.dll
2017-08-09 00:41 - 2017-07-14 09:49 - 025733632 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-08-09 00:41 - 2017-07-14 08:35 - 005981184 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-08-09 00:41 - 2017-07-14 07:40 - 015254016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-08-09 00:41 - 2017-07-14 05:54 - 020270080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-08-09 00:41 - 2017-07-14 05:17 - 004546048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-08-09 00:41 - 2017-07-08 22:12 - 004169728 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-08-09 00:41 - 2017-07-08 20:45 - 007078912 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll
2017-08-09 00:41 - 2017-07-08 19:39 - 005274624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll
2017-08-09 00:41 - 2017-07-08 19:37 - 007797248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-08-09 00:41 - 2017-07-08 18:59 - 005270016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-08-09 00:41 - 2017-07-01 16:47 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2017-08-09 00:41 - 2017-07-01 16:47 - 000616448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrepl40.dll
2017-08-09 00:41 - 2017-07-01 16:47 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2017-08-09 00:41 - 2017-07-01 16:47 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2017-08-09 00:41 - 2017-06-08 04:48 - 002457936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-08-09 00:40 - 2017-08-02 06:17 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-08-09 00:40 - 2017-07-15 13:10 - 000536688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-08-09 00:40 - 2017-07-15 13:10 - 000140016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-08-09 00:40 - 2017-07-15 13:06 - 000449840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-08-09 00:40 - 2017-07-15 13:06 - 000136832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-08-09 00:40 - 2017-07-14 23:08 - 000037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2017-08-09 00:40 - 2017-07-14 21:44 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2017-08-09 00:40 - 2017-07-14 09:44 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-08-09 00:40 - 2017-07-14 09:19 - 000817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-08-09 00:40 - 2017-07-14 08:26 - 001033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2017-08-09 00:40 - 2017-07-14 08:10 - 000806912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-08-09 00:40 - 2017-07-14 07:23 - 003240960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-08-09 00:40 - 2017-07-14 07:07 - 001545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-08-09 00:40 - 2017-07-14 06:58 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-08-09 00:40 - 2017-07-14 05:48 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-08-09 00:40 - 2017-07-14 05:38 - 000663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-08-09 00:40 - 2017-07-14 05:17 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2017-08-09 00:40 - 2017-07-14 05:12 - 000693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-08-09 00:40 - 2017-07-14 05:09 - 013663744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-08-09 00:40 - 2017-07-14 04:53 - 002767872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-08-09 00:40 - 2017-07-14 04:50 - 001314816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-08-09 00:40 - 2017-07-14 04:48 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-08-09 00:40 - 2017-07-08 23:14 - 000376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-08-09 00:40 - 2017-07-08 20:05 - 003631616 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-08-09 00:40 - 2017-07-08 19:23 - 002749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-08-09 00:40 - 2017-07-08 06:46 - 000377688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgrx.sys
2017-08-09 00:40 - 2017-07-08 06:16 - 007440728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-08-09 00:40 - 2017-07-08 06:16 - 001674520 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-08-09 00:40 - 2017-07-08 06:16 - 001534072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-08-09 00:40 - 2017-07-08 06:16 - 001499920 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-08-09 00:40 - 2017-07-08 06:16 - 001370328 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-08-09 00:40 - 2017-07-08 06:16 - 000086360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2017-08-09 00:40 - 2017-07-01 16:47 - 000866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswdat10.dll
2017-08-09 00:40 - 2017-07-01 16:47 - 000641536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-08-09 00:40 - 2017-07-01 16:47 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2017-08-09 00:40 - 2017-07-01 16:47 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2017-08-09 00:40 - 2017-07-01 16:47 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-08-09 00:40 - 2017-07-01 16:47 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstext40.dll
2017-08-09 00:40 - 2017-07-01 16:47 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2017-08-09 00:40 - 2017-07-01 16:47 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-08-09 00:40 - 2017-07-01 16:47 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjter40.dll
2017-08-09 00:40 - 2017-06-24 19:46 - 000424448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprapi.dll
2017-08-09 00:40 - 2017-06-24 19:16 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprapi.dll
2017-08-09 00:40 - 2017-06-15 17:17 - 002551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-08-09 00:40 - 2017-06-15 17:16 - 001920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-08-09 00:40 - 2017-06-13 20:51 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-08-09 00:40 - 2017-06-13 20:23 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2017-08-09 00:40 - 2017-06-13 20:19 - 000383488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlansec.dll
2017-08-09 00:40 - 2017-06-13 20:16 - 000024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2017-08-09 00:40 - 2017-06-13 20:11 - 000238080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2017-08-09 00:40 - 2017-06-13 20:07 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2017-08-09 00:40 - 2017-06-13 17:17 - 000656384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-08-09 00:40 - 2017-06-13 17:16 - 000252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2017-08-09 00:40 - 2017-06-13 12:47 - 000445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2017-08-09 00:40 - 2017-06-13 12:09 - 000445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-08-09 00:40 - 2017-06-13 11:22 - 001436160 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-08-09 00:40 - 2017-06-13 11:16 - 000445952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2017-08-09 00:40 - 2017-06-13 11:10 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2017-08-09 00:40 - 2017-06-13 11:07 - 000301568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll
2017-08-09 00:40 - 2017-06-13 11:03 - 000302080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2017-08-09 00:40 - 2017-06-13 10:54 - 000374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2017-08-09 00:40 - 2017-06-13 10:50 - 001547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2017-08-09 00:40 - 2017-06-12 03:14 - 000276320 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-08-09 00:40 - 2017-06-11 23:13 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\umrdp.dll
2017-08-09 00:40 - 2017-06-11 23:11 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SessEnv.dll
2017-08-09 00:40 - 2017-06-11 23:02 - 002778112 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2017-08-09 00:40 - 2017-06-11 23:02 - 000299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SessEnv.dll
2017-08-09 00:40 - 2017-06-11 22:52 - 002463744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2017-08-09 00:40 - 2017-06-09 16:47 - 000448629 _____ C:\WINDOWS\system32\ApnDatabase.xml
2017-08-09 00:40 - 2017-06-08 20:01 - 001737600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-08-09 00:40 - 2017-06-08 20:01 - 001502000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-08-09 00:40 - 2017-06-07 07:25 - 000428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2017-08-09 00:40 - 2017-06-06 21:38 - 000607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2017-08-09 00:40 - 2017-06-06 20:44 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2017-08-09 00:40 - 2017-05-27 19:42 - 001115136 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2017-08-09 00:40 - 2017-05-27 19:38 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdsdwmdr.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-26 19:14 - 2013-09-01 19:34 - 000003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1135430969-821980154-205310625-1002
2017-08-26 19:11 - 2016-01-05 14:19 - 000003758 _____ C:\WINDOWS\System32\Tasks\AutoKMS
2017-08-26 19:10 - 2014-10-19 20:37 - 000000000 ____D C:\Users\Chara\OneDrive
2017-08-26 19:08 - 2013-09-05 17:47 - 000000000 ____D C:\Program Files\Google
2017-08-26 19:08 - 2013-09-05 17:46 - 000000000 ____D C:\Program Files (x86)\Google
2017-08-26 19:08 - 2013-08-22 17:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-08-26 19:08 - 2013-08-22 17:44 - 000493240 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-08-26 19:07 - 2014-10-19 19:36 - 000000000 ____D C:\Users\Chara
2017-08-26 19:07 - 2013-08-22 16:25 - 000524288 ___SH C:\WINDOWS\system32\config\BBI
2017-08-26 19:00 - 2013-12-25 18:34 - 000000000 ____D C:\Users\Chara\AppData\Roaming\vlc
2017-08-26 18:58 - 2013-08-22 18:36 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-08-26 18:58 - 2013-08-22 18:36 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-08-26 18:55 - 2015-06-13 18:27 - 000000936 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1135430969-821980154-205310625-1002UA.job
2017-08-26 18:49 - 2013-09-05 17:46 - 000000000 ____D C:\Users\Chara\AppData\Local\Google
2017-08-26 18:47 - 2013-11-17 12:29 - 000000000 ____D C:\Users\Chara\AppData\Roaming\Real
2017-08-26 18:46 - 2013-11-17 12:30 - 000000000 ____D C:\Program Files (x86)\Real
2017-08-26 18:46 - 2013-11-17 12:27 - 000000000 ____D C:\ProgramData\Real
2017-08-26 18:44 - 2016-12-28 22:25 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-08-26 18:44 - 2016-01-05 14:11 - 000000000 ____D C:\Program Files\KMSpico
2017-08-26 18:44 - 2016-01-05 13:37 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-08-26 18:42 - 2013-12-25 17:22 - 000000000 ____D C:\Users\Chara\AppData\Roaming\BitTorrent Sync
2017-08-26 18:41 - 2017-05-24 19:20 - 000000000 ____D C:\Program Files (x86)\Adobe
2017-08-26 18:41 - 2013-09-05 17:49 - 000000000 ____D C:\Users\Chara\AppData\LocalLow\Adobe
2017-08-26 18:34 - 2014-10-19 21:06 - 000003926 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{FA6E384E-D448-4ACF-96A0-AC2382757700}
2017-08-25 22:07 - 2017-04-17 22:35 - 000000000 ___RD C:\Program Files (x86)\Skype
2017-08-25 22:07 - 2013-09-18 21:34 - 000000000 ____D C:\Users\Chara\AppData\Roaming\Skype
2017-08-25 22:07 - 2013-09-18 21:34 - 000000000 ____D C:\ProgramData\Skype
2017-08-25 22:03 - 2013-10-03 05:38 - 005275648 ___SH C:\Users\Chara\Downloads\Thumbs.db
2017-08-25 20:54 - 2014-09-14 21:36 - 000000000 ____D C:\Users\Chara\Documents\ViberDownloads
2017-08-25 05:55 - 2015-06-13 18:27 - 000000884 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1135430969-821980154-205310625-1002Core.job
2017-08-24 23:09 - 2013-09-05 17:21 - 000000000 ____D C:\Users\Chara\AppData\Roaming\Dropbox
2017-08-21 11:52 - 2013-08-22 18:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-08-19 21:24 - 2017-06-03 21:25 - 000003284 _____ C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1135430969-821980154-205310625-1002
2017-08-19 21:24 - 2016-11-13 18:13 - 000003340 _____ C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1135430969-821980154-205310625-1002
2017-08-18 23:58 - 2013-08-22 18:36 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-08-17 00:07 - 2013-09-07 08:35 - 015277568 ___SH C:\Users\Chara\Desktop\Thumbs.db
2017-08-13 22:51 - 2013-08-22 18:36 - 000000000 ____D C:\WINDOWS\rescache
2017-08-13 16:40 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\Inf
2017-08-10 22:37 - 2013-08-22 18:36 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2017-08-10 22:37 - 2013-08-22 18:36 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2017-08-10 21:28 - 2013-08-22 18:36 - 000000000 ___HD C:\Program Files\WindowsApps
2017-08-10 09:05 - 2016-01-05 13:49 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-08-09 21:46 - 2012-07-26 10:59 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-08-09 21:40 - 2013-09-06 00:18 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-08-09 21:34 - 2013-09-06 00:18 - 140394280 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-07-30 19:53 - 2012-07-26 08:26 - 000000269 _____ C:\WINDOWS\win.ini
2017-07-29 03:03 - 2017-07-17 22:08 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-07-29 03:03 - 2017-07-17 22:08 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2013-10-17 16:01 - 2015-06-07 15:55 - 000032256 _____ () C:\Users\Chara\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-03 15:28 - 2013-09-03 15:28 - 000000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
2017-03-30 07:10 - 2017-03-30 07:10 - 022214368 _____ (DsNET Corp                                                  ) C:\Users\Chara\AppData\Local\Temp\atcMedia4991490857836.exe
2015-12-07 06:50 - 2015-12-07 06:50 - 000071168 _____ () C:\Users\Chara\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmbqg10.dll
2015-12-07 18:41 - 2015-12-07 18:41 - 000071168 _____ () C:\Users\Chara\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppdx36s.dll
2014-12-07 12:48 - 2014-12-29 21:52 - 021360947 _____ () C:\Users\Chara\AppData\Local\Temp\HPConnectedMusicInstaller_100100128.exe
2014-12-29 20:19 - 2014-12-29 20:19 - 000372936 _____ (ESET) C:\Users\Chara\AppData\Local\Temp\InstHelper.exe
2016-01-05 13:37 - 2012-10-02 03:44 - 000178824 ____R (Microsoft Corporation) C:\Users\Chara\AppData\Local\Temp\ose00000.exe
2015-03-11 17:30 - 2017-01-24 22:15 - 043918808 _____ (Skype Technologies S.A.) C:\Users\Chara\AppData\Local\Temp\SkypeSetup.exe
2017-08-26 18:48 - 2013-08-28 16:22 - 000340464 _____ (Babylon Ltd.) C:\Users\Chara\AppData\Local\Temp\uninst1.exe
2017-03-25 23:04 - 2017-04-17 22:52 - 014456872 _____ (Microsoft Corporation) C:\Users\Chara\AppData\Local\Temp\vc_redist.x86.exe
2015-06-25 17:59 - 2015-06-25 18:00 - 028849904 _____ () C:\Users\Chara\AppData\Local\Temp\vlc-2.2.1-win32.exe
2017-08-26 18:59 - 2017-08-26 18:59 - 030950664 _____ () C:\Users\Chara\AppData\Local\Temp\vlc-2.2.6-win32.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-08-25 06:49

==================== End of FRST.txt ============================


ADDITION LOG:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by Chara (26-08-2017 19:31:53)
Running from C:\Users\Chara\Desktop
Windows 8.1 (Update) (X64) (2014-10-19 17:26:49)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1135430969-821980154-205310625-500 - Administrator - Disabled)
Chara (S-1-5-21-1135430969-821980154-205310625-1002 - Administrator - Enabled) => C:\Users\Chara
Guest (S-1-5-21-1135430969-821980154-205310625-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1135430969-821980154-205310625-1006 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{AB1FC306-0E04-81D5-F105-C929F912CF20}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AppGraffiti (HKLM-x32\...\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}_is1) (Version: 1.0.0.46 - Omega Partners Ltd) <==== ATTENTION
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Classic Shell (HKLM\...\{CABCE573-0A86-42FA-A52A-C7EA61D5BE08}) (Version: 4.3.1 - IvoSoft)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3.5901 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.3.2608 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4016 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2527 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.3.2606 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.8.5004 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.6.6117 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-1135430969-821980154-205310625-1002\...\Dropbox) (Version: 33.4.23 - Dropbox, Inc.)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{AE2F1669-5B1F-47C5-B639-78D74DD0BCE4}) (Version: 6.0.10.1 - Επωνυμία Επιχείρησης)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-1135430969-821980154-205310625-1002\...\HPConnectedMusic) (Version: 1.1 (build 112) hp - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company)
HP Deskjet 3050A J611 series Βοήθεια (HKLM-x32\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard)
HP Documentation (HKLM-x32\...\{B41C6B3F-F752-46EA-BC46-F26D3AD147B8}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Quick Start (HKLM-x32\...\{BDAFE880-A1C2-4F86-9F7C-4A53F8795E20}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6317.4309 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{C27D60E4-3132-45A3-A71A-E3BD1DA3F794}) (Version: 1.0.4 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HP Utility Center (HKLM\...\{73237EBB-B26F-4628-8754-4EFE563D72E9}) (Version: 2.1.5 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company)
HPDiagnosticAlert (HKLM-x32\...\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}) (Version: 1.00.0000 - Microsoft) Hidden
Light Image Resizer 4.5.2.0 (HKLM-x32\...\{EBE030DD-D404-4D92-85E9-8C3624820808}_is1) (Version: 4.5.2.0 - ObviousIdea)
Malwarebytes version 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes)
MCShield ::Anti-Malware Tool:: (HKLM-x32\...\MCShield) (Version: 3.0.5.28 - MyCity)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-1135430969-821980154-205310625-1002\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{62BBCDDC-4979-4E59-9D97-5B8E874C3191}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{8E6E8CBB-8E58-493C-943F-4664F5F2FEDB}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Subtitles Searcher 1.0 (HKLM-x32\...\{0428932D-FEAE-4FA2-953B-0437ABE9ADF3}_is1) (Version: 1.0 - OpenSubtitles.org)
OEM Application Profile (HKLM-x32\...\{C89A97B6-F991-EBB5-77B7-927BCF420EBE}) (Version: 1.00.0000 - Επωνυμία Επιχείρησης)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Pale Moon 27.4.2 (x86 en-US) (HKLM-x32\...\Pale Moon 27.4.2 (x86 en-US)) (Version: 27.4.2 - Moonchild Productions)
PopularScreensavers Internet Explorer Toolbar (HKLM-x32\...\PopularScreensavers_7ibar Uninstall Internet Explorer) (Version:  - Mindspark Interactive Network) <==== ATTENTION
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.3 - Power Software Ltd)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6856 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{BCDA54F6-C4B6-4519-A09E-FA064A6B4098}) (Version: 1.1.9200.007 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.12.0906 - REALTEK Semiconductor Corp.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 3.1.2 - Krzysztof Kowalczyk)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.5.3.3 - Synaptics Incorporated)
Update for Skype for Business 2015 (KB4011046) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{DED3C7C7-564E-4FF5-9A2F-53CB356ECD74}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4011046) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{DED3C7C7-564E-4FF5-9A2F-53CB356ECD74}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4011046) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{DED3C7C7-564E-4FF5-9A2F-53CB356ECD74}) (Version:  - Microsoft)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinPatrol (HKLM-x32\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 35.5.2017.8 - Ruiware)
Βασικό λογισμικό συσκευής HP Deskjet 3050A J611 series (HKLM\...\{A71F4804-8501-42C3-8596-179024BAB800}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
Εργαλεία γλωσσικού ελέγχου του Microsoft Office 2013 - Ελληνικά (HKLM\...\{90150000-001F-0408-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Εργαλεία γλωσσικού ελέγχου του Microsoft Office 2013 - Ελληνικά (HKLM-x32\...\{90150000-001F-0408-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Μελέτη βελτίωσης προϊόντων HP Deskjet 3050A J611 series (HKLM\...\{BFD57A6C-CC39-46A7-8CCB-ED4AC8DD2A11}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
Οι Πειρατές ανακαλύπτουν (HKLM-x32\...\Οι Πειρατές ανακαλύπτουν) (Version:  - )
Συλλογή φωτογραφιών (HKLM-x32\...\{A19A8C25-272A-4CD6-8BA8-3772321A021B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1135430969-821980154-205310625-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Chara\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1135430969-821980154-205310625-1002_Classes\CLSID\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}\InprocServer32 -> C:\PROGRA~2\APPGRA~1\APPGRA~2.DLL => No File
CustomCLSID: HKU\S-1-5-21-1135430969-821980154-205310625-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Chara\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1135430969-821980154-205310625-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Chara\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1135430969-821980154-205310625-1002_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Chara\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1135430969-821980154-205310625-1002_Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9}\InprocServer32 -> C:\PROGRA~2\APPGRA~1\APPGRA~2.DLL => No File
CustomCLSID: HKU\S-1-5-21-1135430969-821980154-205310625-1002_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Chara\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1135430969-821980154-205310625-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Chara\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1135430969-821980154-205310625-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Chara\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1135430969-821980154-205310625-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chara\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1135430969-821980154-205310625-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chara\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1135430969-821980154-205310625-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chara\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1135430969-821980154-205310625-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chara\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1135430969
"In one of the stars I shall be living. In one of them I shall be laughing. And so it will be as if all the stars will be laughing when you look at the sky at night.. You, only you, will have stars that can laugh..."

Offline DR M

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 1606
  • Keep on keeping on.
    • View Profile
    • Grecian Geek Genius
Re: A new friend needs help...
« Reply #1 on: August 26, 2017, 03:39:33 PM »
ADDITION LOG (THE REST):

CustomCLSID: HKU\S-1-5-21-1135430969-821980154-205310625-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Chara\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1135430969-821980154-205310625-1002_Classes\CLSID\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}\InprocServer32 -> C:\PROGRA~2\APPGRA~1\APPGRA~2.DLL => No File
CustomCLSID: HKU\S-1-5-21-1135430969-821980154-205310625-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Chara\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1135430969-821980154-205310625-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Chara\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1135430969-821980154-205310625-1002_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Chara\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1135430969-821980154-205310625-1002_Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9}\InprocServer32 -> C:\PROGRA~2\APPGRA~1\APPGRA~2.DLL => No File
CustomCLSID: HKU\S-1-5-21-1135430969-821980154-205310625-1002_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Chara\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1135430969-821980154-205310625-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Chara\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1135430969-821980154-205310625-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Chara\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1135430969-821980154-205310625-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chara\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1135430969-821980154-205310625-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chara\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1135430969-821980154-205310625-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chara\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1135430969-821980154-205310625-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chara\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1135430969-821980154-205310625-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chara\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1135430969-821980154-205310625-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chara\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1135430969-821980154-205310625-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chara\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1135430969-821980154-205310625-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chara\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1135430969-821980154-205310625-1002_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chara\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1135430969-821980154-205310625-1002_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chara\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1135430969-821980154-205310625-1002_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Chara\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chara\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chara\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chara\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chara\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chara\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chara\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chara\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chara\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chara\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chara\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chara\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chara\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chara\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chara\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chara\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-01-29] (Cyberlink)
ContextMenuHandlers1: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Smart Security\shellExt.dll -> No File
ContextMenuHandlers1: [Explorer Context Menu] -> {82C63EC5-1B4C-43B7-7AC8-57148B696B95} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2015-06-08] (Power Software Ltd)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-01-29] (Cyberlink)
ContextMenuHandlers2: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Smart Security\shellExt.dll -> No File
ContextMenuHandlers2: [Explorer Context Menu] -> {82C63EC5-1B4C-43B7-7AC8-57148B696B95} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers4: [Explorer Context Menu] -> {82C63EC5-1B4C-43B7-7AC8-57148B696B95} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2015-06-08] (Power Software Ltd)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2014-07-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Smart Security\shellExt.dll -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2015-06-08] (Power Software Ltd)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\system32\StartMenuHelper64.dll [2017-08-13] (IvoSoft)
ContextMenuHandlers1_S-1-5-21-1135430969-821980154-205310625-1002: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Chara\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-1135430969-821980154-205310625-1002: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Chara\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-1135430969-821980154-205310625-1002: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Chara\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2A861734-A256-4C66-B640-4ABC7484929B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Restart => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {305C341C-8EE7-4B45-A358-CD7C80D76FDB} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2013-01-17] (CyberLink)
Task: {38FC2E9F-E84C-4667-8D1E-53A7D6B85F38} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {3A2251CA-9679-4A8F-923A-A2DCE7FCF7B9} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1135430969-821980154-205310625-1002UA => C:\Users\Chara\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {66204DD6-3745-49C6-A5F5-167F064849A8} - System32\Tasks\DTReg => C:\Windows\system32\config\systemprofile\AppData\Roaming\DefaultTab\DefaultTab\DTReg.exe <==== ATTENTION
Task: {6BFCED5E-BC46-46CB-9652-9D4A1AFF8845} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1135430969-821980154-205310625-1002 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {6CE59436-C456-43B6-910B-74FBBCC9B097} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1135430969-821980154-205310625-1002Core => C:\Users\Chara\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {704A5AF8-D640-46E1-B0B6-E60D2789E9C2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {791F673F-00D9-46B8-9E43-A025D2EDDADD} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-08] (CyberLink)
Task: {7BCD43D4-EE68-43B8-94F9-9F65402C3C59} - System32\Tasks\{22B8C6EC-5B87-47C1-90B2-BD010F99B872} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=6.7.0.102&LastError=404
Task: {81CEA13C-8626-4FE5-BBD5-3990D882CF0B} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe [2016-01-05] ()
Task: {8203C849-781B-4A2B-BC4C-03522B2A0692} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {84340AB4-B47E-4AB9-BC74-649861D6D6A2} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1135430969-821980154-205310625-1002 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {849CC081-22A2-4169-8821-3452FD241434} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1135430969-821980154-205310625-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {85B34245-F6EE-44FC-907B-5A564B572D8F} - System32\Tasks\DTChk => C:\Users\Public\Util\DTChk.exe <==== ATTENTION
Task: {8770C8D5-B674-4465-BDA4-49EFCC60CF83} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {898AABCE-81FB-4639-BC5B-A700A1C1994C} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1135430969-821980154-205310625-1002 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {99814E3C-F20B-4B31-9793-B8644004E61F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-09-05] (Hewlett-Packard Company)
Task: {BE928E43-D0F1-4DB6-A030-046E1F45F80C} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-10-08] (Synaptics Incorporated)
Task: {C2E6B662-A334-4BD4-8DB6-F82937121097} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1135430969-821980154-205310625-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {CC8EB816-D52E-44DA-88BA-D78D67DC71F2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {CF5B6E35-551D-47CA-A571-C59F941EC325} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {FA3E5469-A180-41A8-A820-FE1B995DC9BB} - System32\Tasks\HPCustParticipation HP Deskjet 3050A J611 series => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {FA90AFF9-C9A6-4143-A443-ED807B26D79E} - System32\Tasks\Yahoo! Search => C:\Users\Chara\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.8.2\dsrlte.exe <==== ATTENTION
Task: {FF53E5F1-DDCF-4B04-A459-CDA03EB52152} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Critical Actions Pending => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1135430969-821980154-205310625-1002Core.job => C:\Users\Chara\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1135430969-821980154-205310625-1002UA.job => C:\Users\Chara\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2013-04-16 23:51 - 2013-04-16 23:51 - 000103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2014-07-04 21:33 - 2014-07-04 21:33 - 000127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2017-02-23 09:29 - 2017-02-23 09:29 - 008909512 _____ () C:\Program Files\Microsoft Office\OFFICE15\1033\GrooveIntlResource.dll
2017-08-26 19:17 - 2017-08-24 11:27 - 002264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2013-06-09 09:59 - 2012-06-08 06:34 - 000627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 11:34 - 2012-06-08 11:34 - 000016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2017-08-24 23:08 - 2017-08-22 19:55 - 000757568 _____ () C:\Users\Chara\AppData\Roaming\Dropbox\bin\dropbox_watchdog.dll
2017-08-24 23:08 - 2017-08-22 19:55 - 001787200 _____ () C:\Users\Chara\AppData\Roaming\Dropbox\bin\dropbox_crashpad.dll
2017-08-24 23:08 - 2017-08-22 19:53 - 000100296 _____ () C:\Users\Chara\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2017-08-24 23:08 - 2017-08-22 19:53 - 000018888 _____ () C:\Users\Chara\AppData\Roaming\Dropbox\bin\select.pyd
2017-08-24 23:08 - 2017-08-22 19:57 - 000020800 _____ () C:\Users\Chara\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2017-08-24 23:08 - 2017-08-22 19:53 - 000035792 _____ () C:\Users\Chara\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2017-08-24 23:08 - 2017-08-22 19:56 - 000021848 _____ () C:\Users\Chara\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2017-08-24 23:08 - 2017-08-22 19:53 - 000125904 _____ () C:\Users\Chara\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2017-08-24 23:08 - 2017-08-22 19:53 - 000694224 _____ () C:\Users\Chara\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2017-08-24 23:08 - 2017-08-22 19:56 - 001862992 _____ () C:\Users\Chara\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2017-08-24 23:08 - 2017-08-22 19:56 - 000022864 _____ () C:\Users\Chara\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2017-08-24 23:08 - 2017-08-22 19:53 - 000145864 _____ () C:\Users\Chara\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2017-08-24 23:08 - 2017-08-22 19:55 - 000116688 _____ () C:\Users\Chara\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2017-08-24 23:08 - 2017-08-22 19:53 - 000105928 _____ () C:\Users\Chara\AppData\Roaming\Dropbox\bin\win32api.pyd
2017-08-24 23:08 - 2017-08-22 19:57 - 000022864 _____ () C:\Users\Chara\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd
2017-08-24 23:08 - 2017-08-22 19:57 - 000062784 _____ () C:\Users\Chara\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2017-08-24 23:08 - 2017-08-22 19:57 - 000040248 _____ () C:\Users\Chara\AppData\Roaming\Dropbox\bin\fastpath.pyd
2017-08-24 23:08 - 2017-08-22 19:53 - 000024528 _____ () C:\Users\Chara\AppData\Roaming\Dropbox\bin\win32event.pyd
2017-08-24 23:08 - 2017-08-22 19:53 - 000020936 _____ () C:\Users\Chara\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2017-08-24 23:08 - 2017-08-22 19:53 - 000124880 _____ () C:\Users\Chara\AppData\Roaming\Dropbox\bin\win32file.pyd
2017-08-24 23:08 - 2017-08-22 19:53 - 000116176 _____ () C:\Users\Chara\AppData\Roaming\Dropbox\bin\win32security.pyd
2017-08-24 23:08 - 2017-08-22 19:55 - 000392656 _____ () C:\Users\Chara\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2017-08-24 23:08 - 2017-08-22 19:57 - 000392512 _____ () C:\Users\Chara\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2017-08-24 23:08 - 2017-08-22 19:57 - 000026456 _____ () C:\Users\Chara\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-08-24 23:08 - 2017-08-22 19:53 - 000024016 _____ () C:\Users\Chara\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2017-08-24 23:08 - 2017-08-22 19:53 - 000175560 _____ () C:\Users\Chara\AppData\Roaming\Dropbox\bin\win32gui.pyd
2017-08-24 23:08 - 2017-08-22 19:53 - 000030160 _____ () C:\Users\Chara\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2017-08-24 23:08 - 2017-08-22 19:53 - 000043472 _____ () C:\Users\Chara\AppData\Roaming\Dropbox\bin\win32process.pyd
2017-08-24 23:08 - 2017-08-22 19:53 - 000048592 _____ () C:\Users\Chara\AppData\Roaming\Dropbox\bin\win32service.pyd
2017-08-24 23:08 - 2017-08-22 19:53 - 000057808 _____ () C:\Users\Chara\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2017-08-24 23:08 - 2017-08-22 19:56 - 000022336 _____ () C:\Users\Chara\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2017-08-24 23:08 - 2017-08-22 19:57 - 000082264 _____ () C:\Users\Chara\AppData\Roaming\Dropbox\bin\winenumhandles.compiled._WinEnumHandles.pyd
2017-08-24 23:08 - 2017-08-22 19:57 - 000025432 _____ () C:\Users\Chara\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2017-08-24 23:08 - 2017-08-22 19:57 - 003928896 _____ () C:\Users\Chara\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2017-08-24 23:08 - 2017-08-22 19:53 - 000083912 _____ () C:\Users\Chara\AppData\Roaming\Dropbox\bin\sip.pyd
2017-08-24 23:08 - 2017-08-22 19:57 - 001826104 _____ () C:\Users\Chara\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2017-08-24 23:08 - 2017-08-22 19:57 - 001972024 _____ () C:\Users\Chara\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2017-08-24 23:08 - 2017-08-22 19:53 - 000028616 _____ () C:\Users\Chara\AppData\Roaming\Dropbox\bin\win32ts.pyd
2017-08-24 23:08 - 2017-08-22 19:53 - 000024016 _____ () C:\Users\Chara\AppData\Roaming\Dropbox\bin\win32profile.pyd
2017-08-24 23:08 - 2017-08-22 19:57 - 000171336 _____ () C:\Users\Chara\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2017-08-24 23:08 - 2017-08-22 19:57 - 000042816 _____ () C:\Users\Chara\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2017-08-24 23:08 - 2017-08-22 19:57 - 000531264 _____ () C:\Users\Chara\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2017-08-24 23:08 - 2017-08-22 19:57 - 000133432 _____ () C:\Users\Chara\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2017-08-24 23:08 - 2017-08-22 19:57 - 000224064 _____ () C:\Users\Chara\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2017-08-24 23:08 - 2017-08-22 19:57 - 000207680 _____ () C:\Users\Chara\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2017-08-24 23:08 - 2017-08-22 19:53 - 000060880 _____ () C:\Users\Chara\AppData\Roaming\Dropbox\bin\win32print.pyd
2017-08-24 23:08 - 2017-08-22 19:57 - 000054608 _____ () C:\Users\Chara\AppData\Roaming\Dropbox\bin\winrpcserver.compiled._RPCServer.pyd
2017-08-24 23:08 - 2017-08-22 19:57 - 000022864 _____ () C:\Users\Chara\AppData\Roaming\Dropbox\bin\winffi.user32.compiled._winffi_user32.pyd
2017-08-24 23:08 - 2017-08-22 19:57 - 000022872 _____ () C:\Users\Chara\AppData\Roaming\Dropbox\bin\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-08-24 23:08 - 2017-08-22 19:57 - 000021848 _____ () C:\Users\Chara\AppData\Roaming\Dropbox\bin\winffi.winerror.compiled._winffi_winerror.pyd
2017-08-24 23:08 - 2017-08-22 19:57 - 000022872 _____ () C:\Users\Chara\AppData\Roaming\Dropbox\bin\winffi.wininet.compiled._winffi_wininet.pyd
2017-08-24 23:08 - 2017-08-22 19:56 - 000027488 _____ () C:\Users\Chara\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-08-24 23:08 - 2017-08-22 19:53 - 000349128 _____ () C:\Users\Chara\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2017-08-24 23:08 - 2017-08-22 19:57 - 000103232 _____ () C:\Users\Chara\AppData\Roaming\Dropbox\bin\PyQt5.QtWinExtras.pyd
2017-08-24 23:08 - 2017-08-22 19:58 - 000023896 _____ () C:\Users\Chara\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2017-08-24 23:08 - 2017-08-22 19:57 - 000025936 _____ () C:\Users\Chara\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2017-08-24 23:08 - 2017-08-22 19:55 - 000036296 _____ () C:\Users\Chara\AppData\Roaming\Dropbox\bin\librsync.dll
2017-08-24 23:08 - 2017-08-22 19:56 - 000181056 _____ () C:\Users\Chara\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2017-08-24 23:08 - 2017-08-22 19:57 - 000030536 _____ () C:\Users\Chara\AppData\Roaming\Dropbox\bin\wind3d11.compiled._wind3d11.pyd
2017-08-24 23:08 - 2017-08-22 19:57 - 000024368 _____ () C:\Users\Chara\AppData\Roaming\Dropbox\bin\libEGL.dll
2017-08-24 23:08 - 2017-08-22 19:57 - 001637688 _____ () C:\Users\Chara\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2017-08-24 23:08 - 2017-08-22 19:57 - 000026456 _____ () C:\Users\Chara\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-08-24 23:08 - 2017-08-22 19:57 - 000023368 _____ () C:\Users\Chara\AppData\Roaming\Dropbox\bin\wincrashpad.compiled._Crashpad.pyd
2017-08-24 23:08 - 2017-08-22 19:57 - 000546104 _____ () C:\Users\Chara\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2017-08-24 23:08 - 2017-08-22 19:57 - 000357688 _____ () C:\Users\Chara\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2017-08-26 18:47 - 2017-08-21 21:07 - 004000768 _____ () C:\Program Files (x86)\Pale Moon\mozjs.dll
2017-02-23 09:29 - 2017-02-23 09:29 - 008909512 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\SysWOW64\CN18C430B605PJ:NW

AlternateDataStreams: C:\Users\Chara\Documents\9_12_May_2014_Chara_ppt.pptx:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Chara\Documents\anakuklosi:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Chara\Documents\Introducing_Oral_History.pdf:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Chara\Documents\KPE_Kalindonia_28_11_2009 (49).JPG:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Chara\Documents\Lebanon_presentation_part_2_and_3.pptx:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Chara\Documents\LOW_ORAL-HISTORY_GR.pdf:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Chara\Documents\Prostimo_Pliromi_Chara.pdf:com.dropbox.attributes [168]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 16:25 - 2013-08-22 16:25 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1135430969-821980154-205310625-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Chara\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\mr.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "AccelerometerSysTrayApplet"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "HP CoolSense"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "TkBellExe"
HKLM\...\StartupApproved\Run32: => "MobileBroadband"
HKU\S-1-5-21-1135430969-821980154-205310625-1002\...\StartupApproved\Run: => "HP Deskjet 3050A J611 series (NET)"
HKU\S-1-5-21-1135430969-821980154-205310625-1002\...\StartupApproved\Run: => "ISUSPM"
HKU\S-1-5-21-1135430969-821980154-205310625-1002\...\StartupApproved\Run: => "BitTorrent Sync"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{77385ED6-36B6-4E6C-99F2-970E4BC57206}] => (Allow) C:\Users\Chara\AppData\Local\iLivid\iLivid.exe
FirewallRules: [{111C7DFD-C3BA-4F72-B5FA-81947EBFE4E3}] => (Allow) C:\Users\Chara\AppData\Local\iLivid\iLivid.exe
FirewallRules: [{C71422A0-AF15-44C1-A223-562BA747150B}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{3CF8B4E2-BD6B-4EBE-A2A5-5B1353A82F64}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{CFB76905-C577-4754-BEB9-7912F296A68E}] => (Allow) C:\Users\Chara\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{46488589-33B1-4048-90D9-D66E26C5A2C1}] => (Allow) C:\Users\Chara\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{EB245CB2-B16B-4D73-ACD8-A83BB96C8352}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{118891E0-F8F9-432F-9860-865CF1575BE0}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{D87CFC47-CB12-4D81-80AD-96014C48D960}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\DeviceSetup.exe
FirewallRules: [{256559B0-727A-433D-8837-5C4DF381BCE9}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{F9C7CAEA-89FB-4DB7-9E39-DF093831F0BF}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{CB63332A-25ED-498D-B4E4-6AE517F61595}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{63F186D5-CC8F-4E0F-849F-FC3A02BA6F33}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8900CB5F-4301-44CF-B5E6-0873F3917C5E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{38BC20E3-8E88-4691-A76A-190C88A7D1F2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C4F2EE73-2B57-46AD-B56D-685BF1AFCBD9}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{DCD1F8F1-F4B8-4107-98EE-8DDC6569C32E}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{0298381A-FEC5-408D-A8DC-D70FF51DA351}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{6AD0DB46-4B09-4EAA-B6C4-930D3927A5C9}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{46DEE714-C411-479B-AA5E-0BE46AB86E25}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{6C47B144-92F4-4AB0-BDCB-FE540AE1494C}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{CFF1A83E-B8EA-4948-AD16-6C7290AD26B4}] => (Allow) LPort=1900
FirewallRules: [{3EC12F07-53F5-4741-BAD9-30079AEF9403}] => (Allow) LPort=2869
FirewallRules: [{C6A54F19-0425-4461-8BE8-7A06450878BF}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{083CD4C7-52BB-4F4A-AD65-9AEDAABF5440}] => (Allow) C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{34A0AFD7-9936-4FBA-8F78-CF2B1BCB47DC}] => (Allow) C:\Users\Chara\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{2929B051-4971-489E-91A3-FB3A228FCA65}] => (Allow) C:\Users\Chara\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{E22AC5BE-1066-486C-956A-F3E6D543682B}] => (Allow) C:\Users\Chara\AppData\Local\Temp\7zS5BBF\HPDiagnosticCoreUI.exe
FirewallRules: [{FB4C3F69-A8F7-4D9F-A83B-C507A2614C2E}] => (Allow) C:\Users\Chara\AppData\Local\Temp\7zS5BBF\HPDiagnosticCoreUI.exe
FirewallRules: [{7156F1A5-439B-47BA-93D8-5C57A732071D}] => (Allow) C:\Users\Chara\AppData\Local\Temp\7zS40C6\HPDiagnosticCoreUI.exe
FirewallRules: [{53AE70C4-430A-4AB4-A2F3-0B80C2A58502}] => (Allow) C:\Users\Chara\AppData\Local\Temp\7zS40C6\HPDiagnosticCoreUI.exe
FirewallRules: [{EAB636A9-7B5E-42AD-BF0D-64D5290BCAC9}] => (Allow) C:\Users\Chara\AppData\Local\Temp\7zS2359\HPDiagnosticCoreUI.exe
FirewallRules: [{A621AE35-C942-47DA-B4CF-DF1C1FD2C8EE}] => (Allow) C:\Users\Chara\AppData\Local\Temp\7zS2359\HPDiagnosticCoreUI.exe
FirewallRules: [{6A9F2B83-8CAC-4219-A4CD-FED181196F72}] => (Allow) C:\Users\Chara\AppData\Local\Temp\7zS314E\HPDiagnosticCoreUI.exe
FirewallRules: [{18D6ECA6-A397-4BEA-967A-2BB4CB4D8DDC}] => (Allow) C:\Users\Chara\AppData\Local\Temp\7zS314E\HPDiagnosticCoreUI.exe
FirewallRules: [{EE29CE3E-07A8-4CD8-A371-B905E2AD5D88}] => (Allow) C:\Program Files\Microsoft Office\OFFICE15\lync.exe
FirewallRules: [{7588B35E-6608-4F60-BBA6-D8897FF1455A}] => (Allow) C:\Program Files\Microsoft Office\OFFICE15\lync.exe
FirewallRules: [{72033633-D5AE-429A-B8C7-FBA6B542A7CB}] => (Allow) C:\Program Files\Microsoft Office\OFFICE15\UcMapi.exe
FirewallRules: [{FCD2F5BE-EF3F-4AF1-8B7F-AAD2C9907963}] => (Allow) C:\Program Files\Microsoft Office\OFFICE15\UcMapi.exe
FirewallRules: [{6B396B47-5A48-4D78-B53D-6DDDEBD76872}] => (Allow) C:\Program Files\Microsoft Office\OFFICE15\lync.exe
FirewallRules: [{417DCA98-867A-469A-98A7-DC792ECE099D}] => (Allow) C:\Program Files\Microsoft Office\OFFICE15\lync.exe
FirewallRules: [{0406DC70-8E87-448D-83E9-E44C819DCDAB}] => (Allow) C:\Program Files\Microsoft Office\OFFICE15\UcMapi.exe
FirewallRules: [{3039A398-2326-4786-9715-C28C55554997}] => (Allow) C:\Program Files\Microsoft Office\OFFICE15\UcMapi.exe
FirewallRules: [{0EB49164-994F-44F7-8D95-26EA1F22AD65}] => (Allow) C:\Program Files\KMSpico\WINLQQAG5JR.exe
FirewallRules: [{3226E9BA-E35E-446A-9F69-647E0A00AC88}] => (Allow) C:\Program Files\KMSpico\WINLQQAG5JR.exe
FirewallRules: [{BC49BD00-1C8E-454E-AD94-80F6A7BF2B7E}] => (Allow) C:\Program Files\KMSpico\WWD8DFP7GAK.exe
FirewallRules: [{FC756F17-5D14-430C-8BFE-08D6CB42674D}] => (Allow) C:\Program Files\KMSpico\WWD8DFP7GAK.exe
FirewallRules: [{B6716861-92BD-47E1-BD76-05592B947EE4}] => (Allow) C:\Program Files\KMSpico\ZSZTCNJ3OMK.exe
FirewallRules: [{4B803194-FC76-4FB2-BCE8-9DA0F2391662}] => (Allow) C:\Program Files\KMSpico\ZSZTCNJ3OMK.exe
FirewallRules: [{4411B936-3129-4B98-ACA6-A6024A157C64}] => (Allow) C:\Program Files\KMSpico\EIQHYMJYI1W.exe
FirewallRules: [{5C3D7DC7-A9D0-4DA9-8922-3F198E1940B0}] => (Allow) C:\Program Files\KMSpico\EIQHYMJYI1W.exe
FirewallRules: [{746E1518-A55E-434F-94E3-8BB38E73CB1D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F5868678-4BD6-4327-9F90-EBA5024CAD28}] => (Allow) C:\Program Files\KMSpico\QV9XVJ6Q888.exe
FirewallRules: [{E29FA1DE-8D13-44C3-B1DC-759FAF31E71D}] => (Allow) C:\Program Files\KMSpico\QV9XVJ6Q888.exe
FirewallRules: [{82A7C9D7-9979-4777-8330-560C13BDAD7F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

09-08-2017 21:31:34 Windows Modules Installer
19-08-2017 00:19:03 Scheduled Checkpoint
25-08-2017 22:05:47 Removed Skype™ 7.39

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/26/2017 06:39:36 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/24/2017 11:04:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 89066016

Error: (08/24/2017 11:04:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 89066016

Error: (08/24/2017 11:04:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/23/2017 10:20:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3750

Error: (08/23/2017 10:20:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3750

Error: (08/23/2017 10:20:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/23/2017 10:12:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 41486750

Error: (08/23/2017 10:12:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 41486750

Error: (08/23/2017 10:12:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (08/26/2017 07:33:42 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (08/26/2017 07:33:40 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (08/26/2017 07:08:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Util diamondata service failed to start due to the following error:
The system cannot find the file specified.

Error: (08/26/2017 07:08:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update diamondata service failed to start due to the following error:
The system cannot find the file specified.

Error: (08/26/2017 07:08:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The PopularScreensaversService service failed to start due to the following error:
The system cannot find the file specified.

Error: (08/26/2017 07:08:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ESET Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (08/26/2017 06:57:26 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer DELLY
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{3B8797D1-77D7-4F3F-91D3-C004D8DC6D57}.
The master browser is stopping or an election is being forced.

Error: (08/26/2017 06:53:49 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer DELLY
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{3B8797D1-77D7-4F3F-91D3-C004D8DC6D57}.
The master browser is stopping or an election is being forced.

Error: (08/26/2017 06:27:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Util diamondata service failed to start due to the following error:
The system cannot find the file specified.

Error: (08/26/2017 06:27:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update diamondata service failed to start due to the following error:
The system cannot find the file specified.


CodeIntegrity:
===================================
  Date: 2017-06-07 22:36:15.895
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-06-07 22:36:12.622
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-06-07 22:30:38.258
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-06-07 22:30:34.821
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-06-07 22:25:05.126
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-06-07 22:25:02.798
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-06-07 22:19:57.964
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-06-07 22:19:55.323
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-06-07 22:07:42.020
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-06-07 22:07:39.114
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: AMD A4-5000 APU with Radeon(TM) HD Graphics
Percentage of memory in use: 59%
Total physical RAM: 3549.01 MB
Available physical RAM: 1427.59 MB
Total Virtual: 4445.01 MB
Available Virtual: 2411.96 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:446.95 GB) (Free:251.71 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:17.6 GB) (Free:1.83 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 8BD8ED4D)

Partition: GPT.

==================== End of Addition.txt ============================
"In one of the stars I shall be living. In one of them I shall be laughing. And so it will be as if all the stars will be laughing when you look at the sky at night.. You, only you, will have stars that can laugh..."

Online Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19425
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: A new friend needs help...
« Reply #2 on: August 26, 2017, 05:19:34 PM »
Hi, Panos.

1.  It appears that Chara had ESET and AVG installed at one time, uninstalled it but didn't run a removal tool as there are remnants remaining.  Please go to Uninstall ESET manually using the ESET uninstaller tool—ESET Knowledgebase and follow the instructions for Windows 8. It should also pick up AVG.  If not, please run the AVG removal tool from here:  https://www.avg.com/en-us/utilities

2.  Have you explained to Chara the dangers of P2P programs and the use of BitTorrent?  If not, please explain to Chara that P2P programs form a direct conduit on to your computer. They have always been a target of malware writers and are increasingly so of late. P2P security measures are easily circumvented and if your P2P program is not configured correctly, you may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program.

With P2P file sharing, a file can be distributed among many hosts, and peers will provide for download the sections that they have already downloaded. This results in the distinct possibility of a distribution method in which malicious bits are mixed with with good files.

3.  Please do the following to run FRST:

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Please select the entire contents of the code box below, from the "Start::" line to "End", including both lies.  Right-click and select "Copy ".
Code: [Select]
Start::
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
URLSearchHook: HKU\S-1-5-21-1135430969-821980154-205310625-1002 - (No Name) - {0953a3a2-9223-4990-a1c9-efb4d4686ef2} - C:\Program Files (x86)\PopularScreensavers_7i\bar\1.bin\7iSrcAs.dll No File
BHO: AppGraffiti -> {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} -> C:\PROGRA~2\APPGRA~1\APPGRA~2.DLL => No File
BHO-x32: AppGraffiti -> {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} -> C:\PROGRA~2\APPGRA~1\APPGRA~1.DLL => No File
Toolbar: HKU\S-1-5-21-1135430969-821980154-205310625-1002 -> No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} -  No File
Toolbar: HKU\S-1-5-21-1135430969-821980154-205310625-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
FF Plugin-x32: @popularscreensavers.com/Plugin -> C:\Program Files (x86)\PopularScreensavers\NPp5Stub.dll [No File]
CHR Extension: (Search-Gol Toolbar) - C:\Users\Chara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aipfmkinhleccnodemkoofnnofpbbpac [2013-10-01] [UpdateUrl: hxxp://img.delta-search.com/ext/chrome/update/update-delta.xml] <==== ATTENTION
CHR Extension: (ObviousIdea) - C:\Users\Chara\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnefekibahpibgnllfjpckodgobkpije [2014-09-23] [UpdateUrl: hxxp://www.obviousidea.us/pa/chrome-updates/] <==== ATTENTION
CHR Extension: (AppGraffiti) - C:\Program Files (x86)\AppGraffiti\chrome\ []
S2 ekrn; "C:\Program Files\ESET\ESET Smart Security\ekrn.exe" [X]
S2 PopularScreensavers_7iService; C:\Program Files (x86)\PopularScreensavers_7i\bar\1.bin\7ibarsvc.exe [X]
S2 Update diamondata; "C:\Program Files (x86)\diamondata\updatediamondata.exe" [X]
S2 Util diamondata; "C:\Program Files (x86)\diamondata\bin\utildiamondata.exe" [X]
2017-08-26 18:42 - 2013-12-25 17:22 - 000000000 ____D C:\Users\Chara\AppData\Roaming\BitTorrent Sync
2013-10-17 16:01 - 2015-06-07 15:55 - 000032256 _____ () C:\Users\Chara\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-03 15:28 - 2013-09-03 15:28 - 000000057 _____ () C:\ProgramData\Ament.ini
CustomCLSID: HKU\S-1-5-21-1135430969-821980154-205310625-1002_Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9}\InprocServer32 -> C:\PROGRA~2\APPGRA~1\APPGRA~2.DLL => No File
Task: {66204DD6-3745-49C6-A5F5-167F064849A8} - System32\Tasks\DTReg => C:\Windows\system32\config\systemprofile\AppData\Roaming\DefaultTab\DefaultTab\DTReg.exe <==== ATTENTION
Task: {85B34245-F6EE-44FC-907B-5A564B572D8F} - System32\Tasks\DTChk => C:\Users\Public\Util\DTChk.exe <==== ATTENTION
C:\WINDOWS\SysWOW64\CN18C430B605PJ:NW
AlternateDataStreams: C:\Users\Chara\Documents\9_12_May_2014_Chara_ppt.pptx:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Chara\Documents\anakuklosi:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Chara\Documents\Introducing_Oral_History.pdf:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Chara\Documents\KPE_Kalindonia_28_11_2009 (49).JPG:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Chara\Documents\Lebanon_presentation_part_2_and_3.pptx:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Chara\Documents\LOW_ORAL-HISTORY_GR.pdf:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Chara\Documents\Prostimo_Pliromi_Chara.pdf:com.dropbox.attributes [168]
HKU\S-1-5-21-1135430969-821980154-205310625-1002\...\StartupApproved\Run: => "BitTorrent Sync"
FirewallRules: [{77385ED6-36B6-4E6C-99F2-970E4BC57206}] => (Allow) C:\Users\Chara\AppData\Local\iLivid\iLivid.exe
FirewallRules: [{111C7DFD-C3BA-4F72-B5FA-81947EBFE4E3}] => (Allow) C:\Users\Chara\AppData\Local\iLivid\iLivid.exe
FirewallRules: [{77385ED6-36B6-4E6C-99F2-970E4BC57206}] => (Allow) C:\Users\Chara\AppData\Local\iLivid\iLivid.exe
FirewallRules: [{111C7DFD-C3BA-4F72-B5FA-81947EBFE4E3}] => (Allow) C:\Users\Chara\AppData\Local\iLivid\iLivid.exe
FirewallRules: [{0EB49164-994F-44F7-8D95-26EA1F22AD65}] => (Allow) C:\Program Files\KMSpico\WINLQQAG5JR.exe
FirewallRules: [{3226E9BA-E35E-446A-9F69-647E0A00AC88}] => (Allow) C:\Program Files\KMSpico\WINLQQAG5JR.exe
FirewallRules: [{BC49BD00-1C8E-454E-AD94-80F6A7BF2B7E}] => (Allow) C:\Program Files\KMSpico\WWD8DFP7GAK.exe
FirewallRules: [{FC756F17-5D14-430C-8BFE-08D6CB42674D}] => (Allow) C:\Program Files\KMSpico\WWD8DFP7GAK.exe
FirewallRules: [{B6716861-92BD-47E1-BD76-05592B947EE4}] => (Allow) C:\Program Files\KMSpico\ZSZTCNJ3OMK.exe
FirewallRules: [{4B803194-FC76-4FB2-BCE8-9DA0F2391662}] => (Allow) C:\Program Files\KMSpico\ZSZTCNJ3OMK.exe
FirewallRules: [{4411B936-3129-4B98-ACA6-A6024A157C64}] => (Allow) C:\Program Files\KMSpico\EIQHYMJYI1W.exe
FirewallRules: [{5C3D7DC7-A9D0-4DA9-8922-3F198E1940B0}] => (Allow) C:\Program Files\KMSpico\EIQHYMJYI1W.exe
FirewallRules: [{F5868678-4BD6-4327-9F90-EBA5024CAD28}] => (Allow) C:\Program Files\KMSpico\QV9XVJ6Q888.exe
FirewallRules: [{E29FA1DE-8D13-44C3-B1DC-759FAF31E71D}] => (Allow) C:\Program Files\KMSpico\QV9XVJ6Q888.exe
C:\Program Files\KMSpico

EmptyTemp:
End::
  • Please right-click on FRST/FRST64 to run as administrator.  When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST/FRST64.exe
  • Please post the log in your next reply.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline DR M

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 1606
  • Keep on keeping on.
    • View Profile
    • Grecian Geek Genius
Re: A new friend needs help...
« Reply #3 on: August 26, 2017, 05:38:34 PM »
Hi, Corrine.

1. Wow... Uninstalling Eset is a big procedure! I can't run cmd as administrator. I also have to find the key to start in safe mode.

2. P2P: Yes. I told her. I always do this... Even in school, every computer has Bit Torrent installed and this makes me crazy...

3. I will be back in a while.
"In one of the stars I shall be living. In one of them I shall be laughing. And so it will be as if all the stars will be laughing when you look at the sky at night.. You, only you, will have stars that can laugh..."

Offline DR M

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 1606
  • Keep on keeping on.
    • View Profile
    • Grecian Geek Genius
Re: A new friend needs help...
« Reply #4 on: August 26, 2017, 06:35:23 PM »
Hi, Corrine.

Some points to mention:

1. I could not run cmd as administrator. I ran it as Chara (the account has admin's privileges).
2. AVG remover was taking to much to complete. Run and run and run. I stopped it. If there are still remnants, I will run it again.
3. I think the FRST instructions need something. I went to an older thread, to see that the fix code had to be saved in a notepad file and then ran the FRST. I press fix without saving the code somewhere, and then remembered that something is missing. And I stopped it. I don't know if that was a good move.
4. The computer is very slow to start, even though I installed Win Patrol and controlled the start up entries.


HERE IS THE FIX LOG:


Fix result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by Chara (26-08-2017 22:22:40) Run:1
Running from C:\Users\Chara\Desktop
Loaded Profiles: Chara (Available Profiles: Chara)
Boot Mode: Normal
==============================================

fixlist content:
*****************

CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
URLSearchHook: HKU\S-1-5-21-1135430969-821980154-205310625-1002 - (No Name) - {0953a3a2-9223-4990-a1c9-efb4d4686ef2} - C:\Program Files (x86)\PopularScreensavers_7i\bar\1.bin\7iSrcAs.dll No File
BHO: AppGraffiti -> {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} -> C:\PROGRA~2\APPGRA~1\APPGRA~2.DLL => No File
BHO-x32: AppGraffiti -> {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} -> C:\PROGRA~2\APPGRA~1\APPGRA~1.DLL => No File
Toolbar: HKU\S-1-5-21-1135430969-821980154-205310625-1002 -> No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} -  No File
Toolbar: HKU\S-1-5-21-1135430969-821980154-205310625-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
FF Plugin-x32: @popularscreensavers.com/Plugin -> C:\Program Files (x86)\PopularScreensavers\NPp5Stub.dll [No File]
CHR Extension: (Search-Gol Toolbar) - C:\Users\Chara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aipfmkinhleccnodemkoofnnofpbbpac [2013-10-01] [UpdateUrl: hxxp://img.delta-search.com/ext/chrome/update/update-delta.xml] <==== ATTENTION
CHR Extension: (ObviousIdea) - C:\Users\Chara\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnefekibahpibgnllfjpckodgobkpije [2014-09-23] [UpdateUrl: hxxp://www.obviousidea.us/pa/chrome-updates/] <==== ATTENTION
CHR Extension: (AppGraffiti) - C:\Program Files (x86)\AppGraffiti\chrome\ []
S2 ekrn; "C:\Program Files\ESET\ESET Smart Security\ekrn.exe" [X]
S2 PopularScreensavers_7iService; C:\Program Files (x86)\PopularScreensavers_7i\bar\1.bin\7ibarsvc.exe [X]
S2 Update diamondata; "C:\Program Files (x86)\diamondata\updatediamondata.exe" [X]
S2 Util diamondata; "C:\Program Files (x86)\diamondata\bin\utildiamondata.exe" [X]
2017-08-26 18:42 - 2013-12-25 17:22 - 000000000 ____D C:\Users\Chara\AppData\Roaming\BitTorrent Sync
2013-10-17 16:01 - 2015-06-07 15:55 - 000032256 _____ () C:\Users\Chara\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-03 15:28 - 2013-09-03 15:28 - 000000057 _____ () C:\ProgramData\Ament.ini
CustomCLSID: HKU\S-1-5-21-1135430969-821980154-205310625-1002_Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9}\InprocServer32 -> C:\PROGRA~2\APPGRA~1\APPGRA~2.DLL => No File
Task: {66204DD6-3745-49C6-A5F5-167F064849A8} - System32\Tasks\DTReg => C:\Windows\system32\config\systemprofile\AppData\Roaming\DefaultTab\DefaultTab\DTReg.exe <==== ATTENTION
Task: {85B34245-F6EE-44FC-907B-5A564B572D8F} - System32\Tasks\DTChk => C:\Users\Public\Util\DTChk.exe <==== ATTENTION
C:\WINDOWS\SysWOW64\CN18C430B605PJ:NW
AlternateDataStreams: C:\Users\Chara\Documents\9_12_May_2014_Chara_ppt.pptx:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Chara\Documents\anakuklosi:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Chara\Documents\Introducing_Oral_History.pdf:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Chara\Documents\KPE_Kalindonia_28_11_2009 (49).JPG:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Chara\Documents\Lebanon_presentation_part_2_and_3.pptx:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Chara\Documents\LOW_ORAL-HISTORY_GR.pdf:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Chara\Documents\Prostimo_Pliromi_Chara.pdf:com.dropbox.attributes [168]
HKU\S-1-5-21-1135430969-821980154-205310625-1002\...\StartupApproved\Run: => "BitTorrent Sync"
FirewallRules: [{77385ED6-36B6-4E6C-99F2-970E4BC57206}] => (Allow) C:\Users\Chara\AppData\Local\iLivid\iLivid.exe
FirewallRules: [{111C7DFD-C3BA-4F72-B5FA-81947EBFE4E3}] => (Allow) C:\Users\Chara\AppData\Local\iLivid\iLivid.exe
FirewallRules: [{77385ED6-36B6-4E6C-99F2-970E4BC57206}] => (Allow) C:\Users\Chara\AppData\Local\iLivid\iLivid.exe
FirewallRules: [{111C7DFD-C3BA-4F72-B5FA-81947EBFE4E3}] => (Allow) C:\Users\Chara\AppData\Local\iLivid\iLivid.exe
FirewallRules: [{0EB49164-994F-44F7-8D95-26EA1F22AD65}] => (Allow) C:\Program Files\KMSpico\WINLQQAG5JR.exe
FirewallRules: [{3226E9BA-E35E-446A-9F69-647E0A00AC88}] => (Allow) C:\Program Files\KMSpico\WINLQQAG5JR.exe
FirewallRules: [{BC49BD00-1C8E-454E-AD94-80F6A7BF2B7E}] => (Allow) C:\Program Files\KMSpico\WWD8DFP7GAK.exe
FirewallRules: [{FC756F17-5D14-430C-8BFE-08D6CB42674D}] => (Allow) C:\Program Files\KMSpico\WWD8DFP7GAK.exe
FirewallRules: [{B6716861-92BD-47E1-BD76-05592B947EE4}] => (Allow) C:\Program Files\KMSpico\ZSZTCNJ3OMK.exe
FirewallRules: [{4B803194-FC76-4FB2-BCE8-9DA0F2391662}] => (Allow) C:\Program Files\KMSpico\ZSZTCNJ3OMK.exe
FirewallRules: [{4411B936-3129-4B98-ACA6-A6024A157C64}] => (Allow) C:\Program Files\KMSpico\EIQHYMJYI1W.exe
FirewallRules: [{5C3D7DC7-A9D0-4DA9-8922-3F198E1940B0}] => (Allow) C:\Program Files\KMSpico\EIQHYMJYI1W.exe
FirewallRules: [{F5868678-4BD6-4327-9F90-EBA5024CAD28}] => (Allow) C:\Program Files\KMSpico\QV9XVJ6Q888.exe
FirewallRules: [{E29FA1DE-8D13-44C3-B1DC-759FAF31E71D}] => (Allow) C:\Program Files\KMSpico\QV9XVJ6Q888.exe
C:\Program Files\KMSpicoEmptyTemp:

*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\system32\GroupPolicy\User => moved successfully
HKLM\SOFTWARE\Policies\Google => key removed successfully
HKU\S-1-5-21-1135430969-821980154-205310625-1002\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0953a3a2-9223-4990-a1c9-efb4d4686ef2} => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} => key removed successfully
HKLM\Software\Classes\CLSID\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} => key removed successfully
HKU\S-1-5-21-1135430969-821980154-205310625-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A13C2648-91D4-4BF3-BC6D-0079707C4389} => value removed successfully
HKLM\Software\Classes\CLSID\{A13C2648-91D4-4BF3-BC6D-0079707C4389} => key removed successfully
HKU\S-1-5-21-1135430969-821980154-205310625-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
HKLM\Software\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key removed successfully
HKLM\Software\Classes\PROTOCOLS\Handler\skype4com => key removed successfully
HKLM\Software\Classes\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} => key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@popularscreensavers.com/Plugin => key removed successfully
CHR Extension: (Search-Gol Toolbar) - C:\Users\Chara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aipfmkinhleccnodemkoofnnofpbbpac [2013-10-01] [UpdateUrl: hxxp://img.delta-search.com/ext/chrome/update/update-delta.xml] <==== ATTENTION => Error: No automatic fix found for this entry.
CHR Extension: (ObviousIdea) - C:\Users\Chara\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnefekibahpibgnllfjpckodgobkpije [2014-09-23] [UpdateUrl: hxxp://www.obviousidea.us/pa/chrome-updates/] <==== ATTENTION => Error: No automatic fix found for this entry.
CHR Extension: (AppGraffiti) - C:\Program Files (x86)\AppGraffiti\chrome\ [] => Error: No automatic fix found for this entry.
ekrn => service not found.
HKLM\System\CurrentControlSet\Services\PopularScreensavers_7iService => key removed successfully
PopularScreensavers_7iService => service removed successfully
HKLM\System\CurrentControlSet\Services\Update diamondata => key removed successfully
Update diamondata => service removed successfully
HKLM\System\CurrentControlSet\Services\Util diamondata => key removed successfully
Util diamondata => service removed successfully
C:\Users\Chara\AppData\Roaming\BitTorrent Sync => moved successfully
C:\Users\Chara\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
C:\ProgramData\Ament.ini => moved successfully
HKU\S-1-5-21-1135430969-821980154-205310625-1002_Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{66204DD6-3745-49C6-A5F5-167F064849A8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66204DD6-3745-49C6-A5F5-167F064849A8} => key removed successfully
C:\WINDOWS\System32\Tasks\DTReg => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DTReg => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{85B34245-F6EE-44FC-907B-5A564B572D8F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{85B34245-F6EE-44FC-907B-5A564B572D8F} => key removed successfully
C:\WINDOWS\System32\Tasks\DTChk => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DTChk => key removed successfully
Could not move "C:\WINDOWS\SysWOW64\CN18C430B605PJ:NW" => Scheduled to move on reboot.
C:\Users\Chara\Documents\9_12_May_2014_Chara_ppt.pptx => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\Chara\Documents\anakuklosi => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\Chara\Documents\Introducing_Oral_History.pdf => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\Chara\Documents\KPE_Kalindonia_28_11_2009 (49).JPG => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\Chara\Documents\Lebanon_presentation_part_2_and_3.pptx => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\Chara\Documents\LOW_ORAL-HISTORY_GR.pdf => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\Chara\Documents\Prostimo_Pliromi_Chara.pdf => ":com.dropbox.attributes" ADS removed successfully.
HKU\S-1-5-21-1135430969-821980154-205310625-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\BitTorrent Sync => value removed successfully
HKU\S-1-5-21-1135430969-821980154-205310625-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\BitTorrent Sync => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{77385ED6-36B6-4E6C-99F2-970E4BC57206} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{111C7DFD-C3BA-4F72-B5FA-81947EBFE4E3} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{77385ED6-36B6-4E6C-99F2-970E4BC57206} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{111C7DFD-C3BA-4F72-B5FA-81947EBFE4E3} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0EB49164-994F-44F7-8D95-26EA1F22AD65} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3226E9BA-E35E-446A-9F69-647E0A00AC88} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BC49BD00-1C8E-454E-AD94-80F6A7BF2B7E} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FC756F17-5D14-430C-8BFE-08D6CB42674D} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B6716861-92BD-47E1-BD76-05592B947EE4} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4B803194-FC76-4FB2-BCE8-9DA0F2391662} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4411B936-3129-4B98-ACA6-A6024A157C64} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5C3D7DC7-A9D0-4DA9-8922-3F198E1940B0} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F5868678-4BD6-4327-9F90-EBA5024CAD28} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E29FA1DE-8D13-44C3-B1DC-759FAF31E71D} => value removed successfully
"C:\Program Files\KMSpicoEmptyTemp:" => not found.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 26-08-2017 22:27:07)

"C:\WINDOWS\SysWOW64\CN18C430B605PJ:NW" => Could not move

==== End of Fixlog 22:27:08 ====
"In one of the stars I shall be living. In one of them I shall be laughing. And so it will be as if all the stars will be laughing when you look at the sky at night.. You, only you, will have stars that can laugh..."

Online Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19425
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: A new friend needs help...
« Reply #5 on: August 26, 2017, 07:06:07 PM »
The FRST instructions have changed since the last time you ran it.  :) 

Please do the following to run FRST so we can take a closer look a the file listed:

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Please select the entire contents of the code box below, from the "Start::" line to "End", including both lies.  Right-click and select "Copy ".
Code: [Select]
Start::
File:  C:\WINDOWS\SysWOW64\CN18C430B605PJ:NW
End::
  • Please right-click on FRST/FRST64 to run as administrator.  When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST/FRST64.exe
  • Please post the log in your next reply.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline DR M

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 1606
  • Keep on keeping on.
    • View Profile
    • Grecian Geek Genius
Re: A new friend needs help...
« Reply #6 on: August 26, 2017, 07:08:50 PM »
Quote
The FRST instructions have changed since the last time you ran it.  :) 

OK!!!!! But it runs the fix only with a copy? WOW!!!!!  :o ;D
"In one of the stars I shall be living. In one of them I shall be laughing. And so it will be as if all the stars will be laughing when you look at the sky at night.. You, only you, will have stars that can laugh..."

Offline DR M

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 1606
  • Keep on keeping on.
    • View Profile
    • Grecian Geek Genius
Re: A new friend needs help...
« Reply #7 on: August 26, 2017, 07:12:03 PM »
FIX LOG RESULT

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by Chara (26-08-2017 23:10:39) Run:2
Running from C:\Users\Chara\Desktop
Loaded Profiles: Chara (Available Profiles: Chara)
Boot Mode: Normal
==============================================

fixlist content:
*****************

File:  C:\WINDOWS\SysWOW64\CN18C430B605PJ:NW

*****************


========================= File:  C:\WINDOWS\SysWOW64\CN18C430B605PJ:NW ========================

File not signed
MD5: D41D8CD98F00B204E9800998ECF8427E (0-byte)
Creation and modification date:  -
Size: 000000000
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: 0-byte

====== End of File: ======


==== End of Fixlog 23:10:39 ====
"In one of the stars I shall be living. In one of them I shall be laughing. And so it will be as if all the stars will be laughing when you look at the sky at night.. You, only you, will have stars that can laugh..."

Online Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19425
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: A new friend needs help...
« Reply #8 on: August 26, 2017, 07:39:43 PM »
Ok, 0 bytes.  Thanks.

Now I see why FRST didn't remove temp files.  I had an extra return in the code.  My apology.

Quote
C:\Program Files\KMSpico
                                                <------ That wasn't supposed to be there so FRST read it as one line. 
EmptyTemp:
End::

So, one more quick run please.

Please do the following to run FRST:

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Please select the entire contents of the code box below, from the "Start::" line to "End", including both lies.  Right-click and select "Copy ".
Code: [Select]
Start::
CreateRestorePoint:
CloseProcesses:
C:\Program Files\KMSpico
EmptyTemp:
End::
  • Please right-click on FRST/FRST64 to run as administrator.  When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST/FRST64.exe
  • Please post the log in your next reply.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline DR M

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 1606
  • Keep on keeping on.
    • View Profile
    • Grecian Geek Genius
Re: A new friend needs help...
« Reply #9 on: August 26, 2017, 07:50:45 PM »
OK! Here is the new log:

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by Chara (26-08-2017 23:42:37) Run:3
Running from C:\Users\Chara\Desktop
Loaded Profiles: Chara (Available Profiles: Chara)
Boot Mode: Normal
==============================================

fixlist content:
*****************

CreateRestorePoint:
CloseProcesses:
C:\Program Files\KMSpico
EmptyTemp:

*****************

Restore point was successfully created.
Processes closed successfully.
C:\Program Files\KMSpico => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 18071682 B
Java, Flash, Steam htmlcache => 291 B
Windows/system/drivers => 923700957 B
Edge => 0 B
Chrome => 22880387 B
Firefox => 42184366 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 297574 B
systemprofile32 => 128 B
LocalService => 9771622 B
NetworkService => 49450 B
Chara => 2517883187 B

RecycleBin => 4861104 B
EmptyTemp: => 3.3 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 23:46:26 ====

"In one of the stars I shall be living. In one of them I shall be laughing. And so it will be as if all the stars will be laughing when you look at the sky at night.. You, only you, will have stars that can laugh..."

Offline DR M

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 1606
  • Keep on keeping on.
    • View Profile
    • Grecian Geek Genius
Re: A new friend needs help...
« Reply #10 on: August 26, 2017, 08:00:26 PM »
Corrine,

I have to go now. I will read your next instructions tomorrow.

Meanwhile, I have a question: Is it possible for Chara's computer to be upgraded with Windows 8.1 and then 10? If yes, how?

Thank you, Corrine!
"In one of the stars I shall be living. In one of them I shall be laughing. And so it will be as if all the stars will be laughing when you look at the sky at night.. You, only you, will have stars that can laugh..."

Online Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19425
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: A new friend needs help...
« Reply #11 on: August 26, 2017, 08:55:22 PM »
This should help:  EmptyTemp: => 3.3 GB temporary data Removed.  In addition, there are a few other programs that don't need to be running at startup:  HP Support Assistant, PowerISO and Dropbox.

To update Windows 8, two steps are needed.  First see Update to Windows 8.1 from Windows 8 - Windows Help then Install the Windows 8.1 Update (KB 2919355) - Windows Help.

As to updating to Windows 10, the free upgrade ended on July 29, 2016, although Microsoft still offers free Windows 10 upgrades for users of assistive technologies, announced at the end of the free upgrade for those who don't need those technologies (i.e., screen reading with Narrator) Windows 10 free upgrade page for people who use assistive technologies – Microsoft Accessibility Blog.



Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline DR M

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 1606
  • Keep on keeping on.
    • View Profile
    • Grecian Geek Genius
Re: A new friend needs help...
« Reply #12 on: August 27, 2017, 03:23:39 PM »
Hello, me again. :)

This is how the situation is now:

1. I ran MBAM. 257 PUP were found and removed. Log is shown below.
2. I upgraded to Windows 10, and it seems that the OS is running well. It took 3 hours for installation only (I was not in front of it during downloading).
3. The computer is running better, but still, it stucks as before. Not responding programs/windows/actions/browser. It's very annoying. As soon as I get in Task Manager, everything is getting better, without taking any action. Just getting in the Task Manager (=> the computer is afraid of Task Manager! )

Here is the MBAM log:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 8/27/17
Scan Time: 10:01 AM
Log File: 7c29f8c0-8af5-11e7-8640-a45d366bce78.json
Administrator: Yes

-Software Information-
Version: 3.2.2.2018
Components Version: 1.0.188
Update Package Version: 1.0.2667
License: Trial

-System Information-
OS: Windows 8.1
CPU: x64
File System: NTFS
User: CHARAMAK\Chara

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 349501
Threats Detected: 257
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 6 min, 10 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 137
PUP.Optional.AppGraffiti, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}_is1, No Action By User, [7251], [235493],1.0.2667
PUP.Optional.Babylon, HKU\S-1-5-21-1135430969-821980154-205310625-1002\SOFTWARE\BABSOLUTION\Updater, No Action By User, [1730], [235649],1.0.2667
PUP.Optional.SearchGolTB, HKLM\SOFTWARE\CLASSES\esrv.searchgolESrvc.1, No Action By User, [6608], [242719],1.0.2667
PUP.Optional.SearchGolTB, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{840A13FF-B464-4782-9C96-AAF3092E55DD}, No Action By User, [6608], [242719],1.0.2667
PUP.Optional.SearchGolTB, HKLM\SOFTWARE\CLASSES\TYPELIB\{88AF4F6A-C6B7-4229-9275-824E98BF97F9}, No Action By User, [6608], [242719],1.0.2667
PUP.Optional.SearchGolTB, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{88AF4F6A-C6B7-4229-9275-824E98BF97F9}, No Action By User, [6608], [242719],1.0.2667
PUP.Optional.SearchGolTB, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{88AF4F6A-C6B7-4229-9275-824E98BF97F9}, No Action By User, [6608], [242719],1.0.2667
PUP.Optional.SearchGolTB, HKLM\SOFTWARE\CLASSES\APPID\{88AF4F6A-C6B7-4229-9275-824E98BF97F9}, No Action By User, [6608], [242719],1.0.2667
PUP.Optional.SearchGolTB, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{88AF4F6A-C6B7-4229-9275-824E98BF97F9}, No Action By User, [6608], [242719],1.0.2667
PUP.Optional.SearchGolTB, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{88AF4F6A-C6B7-4229-9275-824E98BF97F9}, No Action By User, [6608], [242719],1.0.2667
PUP.Optional.SearchGolTB, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{840A13FF-B464-4782-9C96-AAF3092E55DD}, No Action By User, [6608], [242719],1.0.2667
PUP.Optional.SearchGolTB, HKLM\SOFTWARE\CLASSES\esrv.searchgolESrvc, No Action By User, [6608], [242719],1.0.2667
PUP.Optional.SearchGolTB, HKLM\SOFTWARE\CLASSES\searchgol.searchgolappCore.1, No Action By User, [6608], [242720],1.0.2667
PUP.Optional.SearchGolTB, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{539F74BF-7E5C-46BD-9D45-35B1A91C9CBD}, No Action By User, [6608], [242720],1.0.2667
PUP.Optional.SearchGolTB, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{539F74BF-7E5C-46BD-9D45-35B1A91C9CBD}, No Action By User, [6608], [242720],1.0.2667
PUP.Optional.SearchGolTB, HKLM\SOFTWARE\CLASSES\searchgol.searchgolappCore, No Action By User, [6608], [242720],1.0.2667
PUP.Optional.KeepMySearch, HKU\S-1-5-21-1135430969-821980154-205310625-1002_Classes\keepmysearch, No Action By User, [13785], [239725],1.0.2667
PUP.Optional.SearchGolTB, HKLM\SOFTWARE\CLASSES\searchgol.searchgoldskBnd.1, No Action By User, [6608], [242720],1.0.2667
PUP.Optional.SearchGolTB, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{00078E95-3A4A-4137-8DE7-2824908D1C17}, No Action By User, [6608], [242720],1.0.2667
PUP.Optional.SearchGolTB, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{00078E95-3A4A-4137-8DE7-2824908D1C17}, No Action By User, [6608], [242720],1.0.2667
PUP.Optional.SearchGolTB, HKU\S-1-5-21-1135430969-821980154-205310625-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{00078E95-3A4A-4137-8DE7-2824908D1C17}, No Action By User, [6608], [242720],1.0.2667
PUP.Optional.SearchGolTB, HKU\S-1-5-21-1135430969-821980154-205310625-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{00078E95-3A4A-4137-8DE7-2824908D1C17}, No Action By User, [6608], [242720],1.0.2667
PUP.Optional.SearchGolTB, HKLM\SOFTWARE\CLASSES\searchgol.searchgoldskBnd, No Action By User, [6608], [242720],1.0.2667
PUP.Optional.SearchGolTB, HKLM\SOFTWARE\CLASSES\searchgol.searchgolHlpr.1, No Action By User, [6608], [242720],1.0.2667
PUP.Optional.SearchGolTB, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{8F547BDD-FCD4-48F8-A06F-573D6F404A3C}, No Action By User, [6608], [242720],1.0.2667
PUP.Optional.SearchGolTB, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{8F547BDD-FCD4-48F8-A06F-573D6F404A3C}, No Action By User, [6608], [242720],1.0.2667
PUP.Optional.SearchGolTB, HKU\S-1-5-21-1135430969-821980154-205310625-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{8F547BDD-FCD4-48F8-A06F-573D6F404A3C}, No Action By User, [6608], [242720],1.0.2667
PUP.Optional.SearchGolTB, HKU\S-1-5-21-1135430969-821980154-205310625-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{8F547BDD-FCD4-48F8-A06F-573D6F404A3C}, No Action By User, [6608], [242720],1.0.2667
PUP.Optional.SearchGolTB, HKLM\SOFTWARE\CLASSES\searchgol.searchgolHlpr, No Action By User, [6608], [242720],1.0.2667
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\hendmekoldfacfhlojkjcnbjegkahclb, No Action By User, [39], [186340],1.0.2667
PUP.Optional.1ClickDownload, HKU\S-1-5-21-1135430969-821980154-205310625-1002\SOFTWARE\1ClickDownload, No Action By User, [5437], [235164],1.0.2667
PUP.Optional.AppGraffiti, HKU\S-1-5-21-1135430969-821980154-205310625-1002\SOFTWARE\AppGraffiti, No Action By User, [7251], [190051],1.0.2667
PUP.Optional.MindSpark, HKU\S-1-5-21-1135430969-821980154-205310625-1002\SOFTWARE\PopularScreensavers_7i, No Action By User, [259], [240647],1.0.2667
PUP.Optional.SearchGolTB, HKU\S-1-5-21-1135430969-821980154-205310625-1002\SOFTWARE\searchgol, No Action By User, [6608], [242721],1.0.2667
PUP.Optional.MindSpark, HKU\S-1-5-21-1135430969-821980154-205310625-1002\SOFTWARE\APPDATALOW\SOFTWARE\PopularScreensavers_7i, No Action By User, [259], [240505],1.0.2667
PUP.Optional.MySearchResults, HKU\S-1-5-21-1135430969-821980154-205310625-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9A8547D7-76CB-4151-9E04-46DD55D45211}, No Action By User, [13859], [241087],1.0.2667
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@PopularScreensavers_7i.com/Plugin, No Action By User, [259], [240769],1.0.2667
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{73643b10-6ee2-48be-8280-37aa35e0dfa6}, No Action By User, [259], [240755],1.0.2667
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{8107C112-6DD7-4CF7-A887-79CAFD232B30}, No Action By User, [259], [240755],1.0.2667
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\TYPELIB\{A5F237F3-1DA6-43AF-8CA5-CFD7BE9259A2}, No Action By User, [259], [240755],1.0.2667
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{13431DEE-CAD4-403C-BDC2-F36F3F3F0852}, No Action By User, [259], [240755],1.0.2667
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{30B470CE-FFC9-463D-A6A3-CF5FCDB84581}, No Action By User, [259], [240755],1.0.2667
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{BB0F9869-32C9-441B-960D-70D0405CB276}, No Action By User, [259], [240755],1.0.2667
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{D40A5080-2E18-4F53-84B7-6254AB5FE904}, No Action By User, [259], [240755],1.0.2667
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{13431DEE-CAD4-403C-BDC2-F36F3F3F0852}, No Action By User, [259], [240755],1.0.2667
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{30B470CE-FFC9-463D-A6A3-CF5FCDB84581}, No Action By User, [259], [240755],1.0.2667
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{BB0F9869-32C9-441B-960D-70D0405CB276}, No Action By User, [259], [240755],1.0.2667
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{D40A5080-2E18-4F53-84B7-6254AB5FE904}, No Action By User, [259], [240755],1.0.2667
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{13431DEE-CAD4-403C-BDC2-F36F3F3F0852}, No Action By User, [259], [240755],1.0.2667
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{30B470CE-FFC9-463D-A6A3-CF5FCDB84581}, No Action By User, [259], [240755],1.0.2667
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{BB0F9869-32C9-441B-960D-70D0405CB276}, No Action By User, [259], [240755],1.0.2667
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{D40A5080-2E18-4F53-84B7-6254AB5FE904}, No Action By User, [259], [240755],1.0.2667
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A5F237F3-1DA6-43AF-8CA5-CFD7BE9259A2}, No Action By User, [259], [240755],1.0.2667
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{A5F237F3-1DA6-43AF-8CA5-CFD7BE9259A2}, No Action By User, [259], [240755],1.0.2667
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{8107C112-6DD7-4CF7-A887-79CAFD232B30}, No Action By User, [259], [240755],1.0.2667
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8107c112-6dd7-4cf7-a887-79cafd232b30}, No Action By User, [259], [240755],1.0.2667
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{87085ae6-dc1b-4e6b-98a7-6f4ac5f1eb49}, No Action By User, [259], [240755],1.0.2667
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{93E4AD7F-B2DD-4273-9AD9-E6DE2A2670E8}, No Action By User, [259], [240755],1.0.2667
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{93E4AD7F-B2DD-4273-9AD9-E6DE2A2670E8}, No Action By User, [259], [240755],1.0.2667
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{93E4AD7F-B2DD-4273-9AD9-E6DE2A2670E8}, No Action By User, [259], [240755],1.0.2667
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{93e4ad7f-b2dd-4273-9ad9-e6de2a2670e8}, No Action By User, [259], [240755],1.0.2667
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{A0A80369-0C8A-44D9-B7CD-4D9C24DCA4E1}, No Action By User, [259], [240755],1.0.2667
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A0A80369-0C8A-44D9-B7CD-4D9C24DCA4E1}, No Action By User, [259], [240755],1.0.2667
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{A0A80369-0C8A-44D9-B7CD-4D9C24DCA4E1}, No Action By User, [259], [240755],1.0.2667
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{a0a80369-0c8a-44d9-b7cd-4d9c24dca4e1}, No Action By User, [259], [240755],1.0.2667
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{d2497c4b-ac5c-45df-8b83-adc99791a299}, No Action By User, [259], [240755],1.0.2667
PUP.Optional.AppGraffiti, HKLM\SOFTWARE\WOW6432NODE\AppGraffiti, No Action By User, [7251], [190050],1.0.2667
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\PopularScreensavers_7i, No Action By User, [259], [240791],1.0.2667
PUP.Optional.SearchGolTB, HKLM\SOFTWARE\WOW6432NODE\searchgol, No Action By User, [6608], [242723],1.0.2667
PUP.Optional.YahooSearch, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Yahoo! Search, No Action By User, [14286], [245143],1.0.2667
PUP.Optional.SearchGolTB, HKLM\SOFTWARE\CLASSES\escort.escortIEPane, No Action By User, [6608], [168750],1.0.2667
PUP.Optional.SearchGolTB, HKLM\SOFTWARE\CLASSES\escort.escortIEPane.1, No Action By User, [6608], [168750],1.0.2667
PUP.Optional.SearchGolTB, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D8E43B96-EB46-4820-92B7-232AEB735685}, No Action By User, [6608], [168750],1.0.2667
PUP.Optional.SearchGolTB, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{D8E43B96-EB46-4820-92B7-232AEB735685}, No Action By User, [6608], [168750],1.0.2667
PUP.Optional.SearchGolTB, HKLM\SOFTWARE\CLASSES\INTERFACE\{3860D897-7DCD-473C-9744-B21DB133AB20}, No Action By User, [6608], [168747],1.0.2667
PUP.Optional.SearchGolTB, HKLM\SOFTWARE\CLASSES\INTERFACE\{4B62762D-AA67-4312-A5BF-91BCB7A4720A}, No Action By User, [6608], [168747],1.0.2667
PUP.Optional.SearchGolTB, HKLM\SOFTWARE\CLASSES\INTERFACE\{506DD7C6-B05D-43CE-81FF-AA05E11DBDFD}, No Action By User, [6608], [168747],1.0.2667
PUP.Optional.SearchGolTB, HKLM\SOFTWARE\CLASSES\INTERFACE\{6D3C9858-2674-46E1-9112-107340758481}, No Action By User, [6608], [168747],1.0.2667
PUP.Optional.SearchGolTB, HKLM\SOFTWARE\CLASSES\INTERFACE\{79C9FA6C-352A-49BA-89BA-85077BC35DC3}, No Action By User, [6608], [168747],1.0.2667
PUP.Optional.SearchGolTB, HKLM\SOFTWARE\CLASSES\INTERFACE\{909112FE-C4A2-4990-A499-E58867D55B15}, No Action By User, [6608], [168747],1.0.2667
PUP.Optional.SearchGolTB, HKLM\SOFTWARE\CLASSES\INTERFACE\{9BEEB5A2-8B02-465A-904D-FE5A447F59EB}, No Action By User, [6608], [168747],1.0.2667
PUP.Optional.SearchGolTB, HKLM\SOFTWARE\CLASSES\INTERFACE\{B618C19D-A418-4586-80C6-09DBDA9C748E}, No Action By User, [6608], [168747],1.0.2667
PUP.Optional.SearchGolTB, HKLM\SOFTWARE\CLASSES\INTERFACE\{B68B00A0-95B9-4162-BA45-7A1113317DA9}, No Action By User, [6608], [168747],1.0.2667
PUP.Optional.SearchGolTB, HKLM\SOFTWARE\CLASSES\INTERFACE\{BFE45A8B-650C-4E99-A3F4-CC6A2874893B}, No Action By User, [6608], [168747],1.0.2667
PUP.Optional.SearchGolTB, HKLM\SOFTWARE\CLASSES\INTERFACE\{E413D78F-283C-45F1-9992-8EF7D55A4933}, No Action By User, [6608], [168747],1.0.2667
PUP.Optional.SearchGolTB, HKLM\SOFTWARE\CLASSES\INTERFACE\{E7C2FDF1-1635-41B4-8207-C1684B6807D7}, No Action By User, [6608], [168747],1.0.2667
PUP.Optional.SearchGolTB, HKLM\SOFTWARE\CLASSES\INTERFACE\{F9F5A267-FA5A-4CA3-8BE5-4C1EEAD01011}, No Action By User, [6608], [168747],1.0.2667
PUP.Optional.SearchGolTB, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{3860D897-7DCD-473C-9744-B21DB133AB20}, No Action By User, [6608], [168747],1.0.2667
PUP.Optional.SearchGolTB, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{4B62762D-AA67-4312-A5BF-91BCB7A4720A}, No Action By User, [6608], [168747],1.0.2667
PUP.Optional.SearchGolTB, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{506DD7C6-B05D-43CE-81FF-AA05E11DBDFD}, No Action By User, [6608], [168747],1.0.2667
PUP.Optional.SearchGolTB, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{6D3C9858-2674-46E1-9112-107340758481}, No Action By User, [6608], [168747],1.0.2667
PUP.Optional.SearchGolTB, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{79C9FA6C-352A-49BA-89BA-85077BC35DC3}, No Action By User, [6608], [168747],1.0.2667
PUP.Optional.SearchGolTB, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{909112FE-C4A2-4990-A499-E58867D55B15}, No Action By User, [6608], [168747],1.0.2667
PUP.Optional.SearchGolTB, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{9BEEB5A2-8B02-465A-904D-FE5A447F59EB}, No Action By User, [6608], [168747],1.0.2667
PUP.Optional.SearchGolTB, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{B618C19D-A418-4586-80C6-09DBDA9C748E}, No Action By User, [6608], [168747],1.0.2667
PUP.Optional.SearchGolTB, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{B68B00A0-95B9-4162-BA45-7A1113317DA9}, No Action By User, [6608], [168747],1.0.2667
PUP.Optional.SearchGolTB, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{BFE45A8B-650C-4E99-A3F4-CC6A2874893B}, No Action By User, [6608], [168747],1.0.2667
PUP.Optional.SearchGolTB, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{E413D78F-283C-45F1-9992-8EF7D55A4933}, No Action By User, [6608], [168747],1.0.2667
PUP.Optional.SearchGolTB, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{E7C2FDF1-1635-41B4-8207-C1684B6807D7}, No Action By User, [6608], [168747],1.0.2667
PUP.Optional.SearchGolTB, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{F9F5A267-FA5A-4CA3-8BE5-4C1EEAD01011}, No Action By User, [6608], [168747],1.0.2667
PUP.Optional.SearchGolTB, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3860D897-7DCD-473C-9744-B21DB133AB20}, No Action By User, [6608], [168747],1.0.2667
PUP.Optional.SearchGolTB, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4B62762D-AA67-4312-A5BF-91BCB7A4720A}, No Action By User, [6608], [168747],1.0.2667
PUP.Optional.SearchGolTB, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{506DD7C6-B05D-43CE-81FF-AA05E11DBDFD}, No Action By User, [6608], [168747],1.0.2667
PUP.Optional.SearchGolTB, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{6D3C9858-2674-46E1-9112-107340758481}, No Action By User, [6608], [168747],1.0.2667
PUP.Optional.SearchGolTB, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{79C9FA6C-352A-49BA-89BA-85077BC35DC3}, No Action By User, [6608], [168747],1.0.2667
PUP.Optional.SearchGolTB, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{909112FE-C4A2-4990-A499-E58867D55B15}, No Action By User, [6608], [168747],1.0.2667
PUP.Optional.SearchGolTB, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9BEEB5A2-8B02-465A-904D-FE5A447F59EB}, No Action By User, [6608], [168747],1.0.2667
PUP.Optional.SearchGolTB, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B618C19D-A418-4586-80C6-09DBDA9C748E}, No Action By User, [6608], [168747],1.0.2667
PUP.Optional.SearchGolTB, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B68B00A0-95B9-4162-BA45-7A1113317DA9}, No Action By User, [6608], [168747],1.0.2667
PUP.Optional.SearchGolTB, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{BFE45A8B-650C-4E99-A3F4-CC6A2874893B}, No Action By User, [6608], [168747],1.0.2667
PUP.Optional.SearchGolTB, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E413D78F-283C-45F1-9992-8EF7D55A4933}, No Action By User, [6608], [168747],1.0.2667
PUP.Optional.SearchGolTB, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E7C2FDF1-1635-41B4-8207-C1684B6807D7}, No Action By User, [6608], [168747],1.0.2667
PUP.Optional.SearchGolTB, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F9F5A267-FA5A-4CA3-8BE5-4C1EEAD01011}, No Action By User, [6608], [168747],1.0.2667
PUP.Optional.SearchGolTB, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{105F25A9-C42F-48A6-998D-0494E8AE336A}, No Action By User, [6608], [168747],1.0.2667
PUP.Optional.SearchGolTB, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{105F25A9-C42F-48A6-998D-0494E8AE336A}, No Action By User, [6608], [168747],1.0.2667
PUP.Optional.SearchGolTB, HKLM\SOFTWARE\CLASSES\TYPELIB\{105F25A9-C42F-48A6-998D-0494E8AE336A}, No Action By User, [6608], [168747],1.0.2667
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\CLSID\{3A6625A2-591B-4E83-AC3F-8C25EEA30AC0}, No Action By User, [259], [168277],1.0.2667
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3A6625A2-591B-4E83-AC3F-8C25EEA30AC0}, No Action By User, [259], [168277],1.0.2667
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{3A6625A2-591B-4E83-AC3F-8C25EEA30AC0}, No Action By User, [259], [168277],1.0.2667
PUP.Optional.MindSpark, HKU\S-1-5-21-1135430969-821980154-205310625-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3A6625A2-591B-4E83-AC3F-8C25EEA30AC0}, No Action By User, [259], [168277],1.0.2667
PUP.Optional.MindSpark, HKU\S-1-5-21-1135430969-821980154-205310625-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{3A6625A2-591B-4E83-AC3F-8C25EEA30AC0}, No Action By User, [259], [168277],1.0.2667
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\CLSID\{F339A07F-9578-412D-85E0-B8A80277151A}, No Action By User, [259], [168511],1.0.2667
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{F339A07F-9578-412D-85E0-B8A80277151A}, No Action By User, [259], [168511],1.0.2667
PUP.Optional.MindSpark, HKU\S-1-5-21-1135430969-821980154-205310625-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{F339A07F-9578-412D-85E0-B8A80277151A}, No Action By User, [259], [168511],1.0.2667
PUP.Optional.MindSpark, HKU\S-1-5-21-1135430969-821980154-205310625-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{F339A07F-9578-412D-85E0-B8A80277151A}, No Action By User, [259], [168511],1.0.2667
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{f339a07f-9578-412d-85e0-b8a80277151a}, No Action By User, [259], [168511],1.0.2667
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\CLSID\{0709F2CC-D1E6-4B43-9EFC-1C0701CB173D}, No Action By User, [259], [168206],1.0.2667
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{0709F2CC-D1E6-4B43-9EFC-1C0701CB173D}, No Action By User, [259], [168206],1.0.2667
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{0709F2CC-D1E6-4B43-9EFC-1C0701CB173D}, No Action By User, [259], [168206],1.0.2667
PUP.Optional.MindSpark, HKU\S-1-5-21-1135430969-821980154-205310625-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{0709F2CC-D1E6-4B43-9EFC-1C0701CB173D}, No Action By User, [259], [168206],1.0.2667
PUP.Optional.MindSpark, HKU\S-1-5-21-1135430969-821980154-205310625-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{0709F2CC-D1E6-4B43-9EFC-1C0701CB173D}, No Action By User, [259], [168206],1.0.2667
PUP.Optional.AppGraffiti, HKU\S-1-5-21-1135430969-821980154-205310625-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}, No Action By User, [7251], [167654],1.0.2667
PUP.Optional.AppGraffiti, HKU\S-1-5-21-1135430969-821980154-205310625-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}, No Action By User, [7251], [167654],1.0.2667
PUP.Optional.AppGraffiti, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}, No Action By User, [7251], [167654],1.0.2667
PUP.Optional.AppGraffiti, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}, No Action By User, [7251], [167654],1.0.2667
PUP.Optional.AppGraffiti, HKU\S-1-5-21-1135430969-821980154-205310625-1002_Classes\CLSID\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}, No Action By User, [7251], [167654],1.0.2667
PUP.Optional.DefaultTab, HKU\S-1-5-21-1135430969-821980154-205310625-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}, No Action By User, [3307], [167894],1.0.2667

Registry Value: 8
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\hendmekoldfacfhlojkjcnbjegkahclb|PATH, No Action By User, [39], [186340],1.0.2667
PUP.Optional.MySearchResults, HKU\S-1-5-21-1135430969-821980154-205310625-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9A8547D7-76CB-4151-9E04-46DD55D45211}|URL, No Action By User, [13859], [241087],1.0.2667
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{73643b10-6ee2-48be-8280-37aa35e0dfa6}|APPPATH, No Action By User, [259], [240755],1.0.2667
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8107c112-6dd7-4cf7-a887-79cafd232b30}|APPPATH, No Action By User, [259], [240755],1.0.2667
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{87085ae6-dc1b-4e6b-98a7-6f4ac5f1eb49}|APPPATH, No Action By User, [259], [240755],1.0.2667
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{93e4ad7f-b2dd-4273-9ad9-e6de2a2670e8}|APPPATH, No Action By User, [259], [240755],1.0.2667
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{a0a80369-0c8a-44d9-b7cd-4d9c24dca4e1}|APPPATH, No Action By User, [259], [240755],1.0.2667
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{d2497c4b-ac5c-45df-8b83-adc99791a299}|APPPATH, No Action By User, [259], [240755],1.0.2667

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 46
PUP.Optional.OpenCandy, C:\Users\Chara\AppData\Roaming\OpenCandy\OpenCandy_4C3895680FD74812AAD5B5A63F426869, No Action By User, [515], [173202],1.0.2667
PUP.Optional.OpenCandy, C:\Users\Chara\AppData\Roaming\OpenCandy\4C3895680FD74812AAD5B5A63F426869, No Action By User, [515], [173202],1.0.2667
PUP.Optional.OpenCandy, C:\USERS\CHARA\APPDATA\ROAMING\OPENCANDY, No Action By User, [515], [173202],1.0.2667
PUP.Optional.AppGraffiti, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\APPGRAFFITI, No Action By User, [7251], [174336],1.0.2667
PUP.Optional.OnlySearch, C:\Users\Chara\AppData\Local\onlysearch\onlysearch\1.3.12.9, No Action By User, [3623], [174398],1.0.2667
PUP.Optional.OnlySearch, C:\Users\Chara\AppData\Local\onlysearch\onlysearch, No Action By User, [3623], [174398],1.0.2667
PUP.Optional.OnlySearch, C:\USERS\CHARA\APPDATA\LOCAL\ONLYSEARCH, No Action By User, [3623], [174398],1.0.2667
PUP.Optional.AppGraffiti, C:\Program Files (x86)\AppGraffiti\chrome\plugins, No Action By User, [7251], [235493],1.0.2667
PUP.Optional.AppGraffiti, C:\Program Files (x86)\AppGraffiti\chrome\img, No Action By User, [7251], [235493],1.0.2667
PUP.Optional.AppGraffiti, C:\Program Files (x86)\AppGraffiti\chrome\js, No Action By User, [7251], [235493],1.0.2667
PUP.Optional.AppGraffiti, C:\Program Files (x86)\AppGraffiti\chrome, No Action By User, [7251], [235493],1.0.2667
PUP.Optional.AppGraffiti, C:\Program Files (x86)\AppGraffiti\Update, No Action By User, [7251], [235493],1.0.2667
PUP.Optional.AppGraffiti, C:\PROGRAM FILES (X86)\APPGRAFFITI, No Action By User, [7251], [235493],1.0.2667
PUP.Optional.MindSpark, C:\Program Files (x86)\PopularScreensavers_7i\bar\1.bin\ThirdPartyInstallers, No Action By User, [259], [240410],1.0.2667
PUP.Optional.MindSpark, C:\Program Files (x86)\PopularScreensavers_7i\bar\1.bin\chrome, No Action By User, [259], [240410],1.0.2667
PUP.Optional.MindSpark, C:\Program Files (x86)\PopularScreensavers_7i\bar\Settings, No Action By User, [259], [240410],1.0.2667
PUP.Optional.MindSpark, C:\Program Files (x86)\PopularScreensavers_7i\bar\IE9Mesg, No Action By User, [259], [240410],1.0.2667
PUP.Optional.MindSpark, C:\Program Files (x86)\PopularScreensavers_7i\bar\Message, No Action By User, [259], [240410],1.0.2667
PUP.Optional.MindSpark, C:\Program Files (x86)\PopularScreensavers_7i\bar\1.bin, No Action By User, [259], [240410],1.0.2667
PUP.Optional.MindSpark, C:\Program Files (x86)\PopularScreensavers_7i\bar\gen1, No Action By User, [259], [240410],1.0.2667
PUP.Optional.MindSpark, C:\PROGRAM FILES (X86)\PopularScreensavers_7i\BAR, No Action By User, [259], [240410],1.0.2667
PUP.Optional.MindSpark, C:\PROGRAM FILES (X86)\PopularScreensavers_7i, No Action By User, [259], [178311],1.0.2667
PUP.Optional.MindSpark, C:\Users\Chara\AppData\LocalLow\PopularScreensavers_7i\bar\Settings, No Action By User, [259], [178440],1.0.2667
PUP.Optional.MindSpark, C:\Users\Chara\AppData\LocalLow\PopularScreensavers_7i\bar, No Action By User, [259], [178440],1.0.2667
PUP.Optional.MindSpark, C:\USERS\CHARA\APPDATA\LOCALLOW\PopularScreensavers_7i, No Action By User, [259], [178440],1.0.2667
PUP.Optional.MindSpark, C:\Users\Chara\AppData\LocalLow\PopularScreensavers_7iEI\Installr\Cache, No Action By User, [259], [178440],1.0.2667
PUP.Optional.MindSpark, C:\Users\Chara\AppData\LocalLow\PopularScreensavers_7iEI\Installr, No Action By User, [259], [178440],1.0.2667
PUP.Optional.MindSpark, C:\USERS\CHARA\APPDATA\LOCALLOW\PopularScreensavers_7iEI, No Action By User, [259], [178440],1.0.2667
PUP.Optional.PayByAds, C:\Users\Chara\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.8.2, No Action By User, [3383], [178834],1.0.2667
PUP.Optional.PayByAds, C:\Users\Chara\AppData\Local\Pay-By-Ads\Yahoo! Search, No Action By User, [3383], [178834],1.0.2667
PUP.Optional.PayByAds, C:\USERS\CHARA\APPDATA\LOCAL\PAY-BY-ADS, No Action By User, [3383], [178834],1.0.2667
PUP.Optional.SearchGol, C:\Users\Chara\AppData\LocalLow\searchgol\searchgol, No Action By User, [11621], [179447],1.0.2667
PUP.Optional.SearchGol, C:\USERS\CHARA\APPDATA\LOCALLOW\SEARCHGOL, No Action By User, [11621], [179447],1.0.2667
PUP.Optional.SearchGolTB, C:\Program Files (x86)\searchgol\searchgol\1.8.16.19\bh, No Action By User, [6608], [179448],1.0.2667
PUP.Optional.SearchGolTB, C:\Program Files (x86)\searchgol\searchgol\1.8.16.19, No Action By User, [6608], [179448],1.0.2667
PUP.Optional.SearchGolTB, C:\Program Files (x86)\searchgol\searchgol, No Action By User, [6608], [179448],1.0.2667
PUP.Optional.SearchGolTB, C:\PROGRAM FILES (X86)\SEARCHGOL, No Action By User, [6608], [179448],1.0.2667
PUP.Optional.SearchGol, C:\USERS\CHARA\APPDATA\ROAMING\SEARCHGOL, No Action By User, [11621], [242715],1.0.2667
PUP.Optional.SimilarSites, C:\USERS\CHARA\APPDATA\ROAMING\SIMILARSITES, No Action By User, [3413], [179613],1.0.2667
PUP.Optional.Sanbreel, C:\Program Files (x86)\diamondata\bin\plugins, No Action By User, [2463], [242511],1.0.2667
PUP.Optional.Sanbreel, C:\Program Files (x86)\diamondata\bin\TEMP, No Action By User, [2463], [242511],1.0.2667
PUP.Optional.Sanbreel, C:\Program Files (x86)\diamondata\update, No Action By User, [2463], [242511],1.0.2667
PUP.Optional.Sanbreel, C:\Program Files (x86)\diamondata\bin, No Action By User, [2463], [242511],1.0.2667
PUP.Optional.Sanbreel, C:\PROGRAM FILES (X86)\diamondata, No Action By User, [2463], [242511],1.0.2667
PUP.Optional.SearchGolTB, C:\Users\Chara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aipfmkinhleccnodemkoofnnofpbbpac\1.0_0, No Action By User, [6608], [182515],1.0.2667
PUP.Optional.SearchGolTB, C:\USERS\CHARA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\AIPFMKINHLECCNODEMKOOFNNOFPBBPAC, No Action By User, [6608], [182515],1.0.2667

File: 66
PUP.Optional.AppGraffiti, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AppGraffiti\Uninstall AppGraffiti.lnk, No Action By User, [7251], [174336],1.0.2667
PUP.Optional.AppGraffiti, C:\PROGRAM FILES (X86)\APPGRAFFITI\UNINS000.DAT, No Action By User, [7251], [235493],1.0.2667
PUP.Optional.AppGraffiti, C:\Program Files (x86)\AppGraffiti\chrome\img\128x128.png, No Action By User, [7251], [235493],1.0.2667
PUP.Optional.AppGraffiti, C:\Program Files (x86)\AppGraffiti\chrome\img\16x16.png, No Action By User, [7251], [235493],1.0.2667
PUP.Optional.AppGraffiti, C:\Program Files (x86)\AppGraffiti\chrome\img\48x48.png, No Action By User, [7251], [235493],1.0.2667
PUP.Optional.AppGraffiti, C:\Program Files (x86)\AppGraffiti\chrome\js\background.js, No Action By User, [7251], [235493],1.0.2667
PUP.Optional.AppGraffiti, C:\Program Files (x86)\AppGraffiti\chrome\js\facebook.js, No Action By User, [7251], [235493],1.0.2667
PUP.Optional.AppGraffiti, C:\Program Files (x86)\AppGraffiti\chrome\js\getevent.js, No Action By User, [7251], [235493],1.0.2667
PUP.Optional.AppGraffiti, C:\Program Files (x86)\AppGraffiti\chrome\js\myspace.js, No Action By User, [7251], [235493],1.0.2667
PUP.Optional.AppGraffiti, C:\Program Files (x86)\AppGraffiti\chrome\js\twitter.js, No Action By User, [7251], [235493],1.0.2667
PUP.Optional.AppGraffiti, C:\Program Files (x86)\AppGraffiti\chrome\plugins\npUniPlugin.dll, No Action By User, [7251], [235493],1.0.2667
PUP.Optional.AppGraffiti, C:\Program Files (x86)\AppGraffiti\chrome\appgraffiti-chrome.pem, No Action By User, [7251], [235493],1.0.2667
PUP.Optional.AppGraffiti, C:\Program Files (x86)\AppGraffiti\chrome\background.html, No Action By User, [7251], [235493],1.0.2667
PUP.Optional.AppGraffiti, C:\Program Files (x86)\AppGraffiti\chrome\graff_chr.ver, No Action By User, [7251], [235493],1.0.2667
PUP.Optional.AppGraffiti, C:\Program Files (x86)\AppGraffiti\chrome\manifest.json, No Action By User, [7251], [235493],1.0.2667
PUP.Optional.AppGraffiti, C:\Program Files (x86)\AppGraffiti\AGupdate.exe, No Action By User, [7251], [235493],1.0.2667
PUP.Optional.AppGraffiti, C:\Program Files (x86)\AppGraffiti\config.dat, No Action By User, [7251], [235493],1.0.2667
PUP.Optional.AppGraffiti, C:\Program Files (x86)\AppGraffiti\unins000.exe, No Action By User, [7251], [235493],1.0.2667
PUP.Optional.MindSpark, C:\PROGRAM FILES (X86)\PopularScreensavers_7i\BAR\1.BIN\BOOTSTRAP.JS, No Action By User, [259], [240410],1.0.2667
PUP.Optional.MindSpark, C:\Program Files (x86)\PopularScreensavers_7i\bar\1.bin\chrome\7iffxtbr.jar, No Action By User, [259], [240410],1.0.2667
PUP.Optional.MindSpark, C:\Program Files (x86)\PopularScreensavers_7i\bar\1.bin\CHROME.MANIFEST, No Action By User, [259], [240410],1.0.2667
PUP.Optional.MindSpark, C:\Program Files (x86)\PopularScreensavers_7i\bar\1.bin\INSTALL.RDF, No Action By User, [259], [240410],1.0.2667
PUP.Optional.MindSpark, C:\Program Files (x86)\PopularScreensavers_7i\bar\1.bin\installKeys.js, No Action By User, [259], [240410],1.0.2667
PUP.Optional.MindSpark, C:\Program Files (x86)\PopularScreensavers_7i\bar\1.bin\LOGO.BMP, No Action By User, [259], [240410],1.0.2667
PUP.Optional.MindSpark, C:\Program Files (x86)\PopularScreensavers_7i\bar\1.bin\T8RES.DLL, No Action By User, [259], [240410],1.0.2667
PUP.Optional.MindSpark, C:\Program Files (x86)\PopularScreensavers_7i\bar\gen1\COMMON.T8S, No Action By User, [259], [240410],1.0.2667
PUP.Optional.MindSpark, C:\Program Files (x86)\PopularScreensavers_7i\bar\IE9Mesg\COMMON.T8S, No Action By User, [259], [240410],1.0.2667
PUP.Optional.MindSpark, C:\Program Files (x86)\PopularScreensavers_7i\bar\Message\COMMON.T8S, No Action By User, [259], [240410],1.0.2667
PUP.Optional.MindSpark, C:\Program Files (x86)\PopularScreensavers_7i\bar\Settings\s_pid.dat, No Action By User, [259], [240410],1.0.2667
PUP.Optional.YahooSearch, C:\WINDOWS\SYSTEM32\TASKS\Yahoo! Search, No Action By User, [14286], [245141],1.0.2667
PUP.Optional.MindSpark, C:\Users\Chara\AppData\LocalLow\PopularScreensavers_7iEI\Installr\Cache\files.ini, No Action By User, [259], [178440],1.0.2667
PUP.Optional.PayByAds, C:\Users\Chara\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.8.2\app.ini, No Action By User, [3383], [178834],1.0.2667
PUP.Optional.PayByAds, C:\Users\Chara\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.8.2\serp.js, No Action By User, [3383], [178834],1.0.2667
PUP.Optional.PayByAds, C:\Users\Chara\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.8.2\sqlite.dll, No Action By User, [3383], [178834],1.0.2667
PUP.Optional.SearchGol, C:\USERS\CHARA\APPDATA\ROAMING\SEARCHGOL\SQLITE3.DLL, No Action By User, [11621], [242715],1.0.2667
PUP.Optional.Sanbreel, C:\PROGRAM FILES (X86)\diamondata\BIN\BrowserAdapter.7z, No Action By User, [2463], [242511],1.0.2667
PUP.Optional.Sanbreel, C:\Program Files (x86)\diamondata\bin\diamondata.PurBrowseG.zip, No Action By User, [2463], [242511],1.0.2667
PUP.Optional.Sanbreel, C:\Program Files (x86)\diamondata\bin\7za.exe, No Action By User, [2463], [242511],1.0.2667
PUP.Optional.Sanbreel, C:\Program Files (x86)\diamondata\bin\bau, No Action By User, [2463], [242511],1.0.2667
PUP.Optional.Sanbreel, C:\Program Files (x86)\diamondata\bin\BrowserAdapterS.7z, No Action By User, [2463], [242511],1.0.2667
PUP.Optional.Sanbreel, C:\Program Files (x86)\diamondata\bin\diamondata.PurBrowse.zip, No Action By User, [2463], [242511],1.0.2667
PUP.Optional.Sanbreel, C:\Program Files (x86)\diamondata\bin\sqlite3.dll, No Action By User, [2463], [242511],1.0.2667
PUP.Optional.Sanbreel, C:\Program Files (x86)\diamondata\bin\utildiamondata.InstallState, No Action By User, [2463], [242511],1.0.2667
PUP.Optional.Sanbreel, C:\Program Files (x86)\diamondata\diamondata.ico, No Action By User, [2463], [242511],1.0.2667
PUP.Optional.Sanbreel, C:\Program Files (x86)\diamondata\Microsoft.Win32.TaskScheduler.dll, No Action By User, [2463], [242511],1.0.2667
PUP.Optional.Sanbreel, C:\Program Files (x86)\diamondata\sqlite3.exe, No Action By User, [2463], [242511],1.0.2667
PUP.Optional.Sanbreel, C:\Program Files (x86)\diamondata\updatediamondata.InstallState, No Action By User, [2463], [242511],1.0.2667
PUP.Optional.SearchGolTB, C:\Users\Chara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aipfmkinhleccnodemkoofnnofpbbpac\1.0_0\manifest.json, No Action By User, [6608], [182515],1.0.2667
PUP.Optional.SearchGolTB, C:\Users\Chara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aipfmkinhleccnodemkoofnnofpbbpac\1.0_0\redirect.html, No Action By User, [6608], [182515],1.0.2667
PUP.Optional.SearchGolTB, C:\Users\Chara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aipfmkinhleccnodemkoofnnofpbbpac\1.0_0\redirect.js, No Action By User, [6608], [182515],1.0.2667
PUP.Optional.SearchGolTB, C:\Users\Chara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aipfmkinhleccnodemkoofnnofpbbpac\1.0_0\searchgol128.png, No Action By User, [6608], [182515],1.0.2667
PUP.Optional.SearchGolTB, C:\Users\Chara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aipfmkinhleccnodemkoofnnofpbbpac\1.0_0\searchgol48.png, No Action By User, [6608], [182515],1.0.2667
PUP.Optional.Yontoo, C:\PROGRAMDATA\NTUSER.POL, No Action By User, [39], [-1],0.0.0
PUP.Optional.Yontoo, C:\USERS\CHARA\NTUSER.POL, No Action By User, [39], [-1],0.0.0
PUP.Optional.MindSpark, C:\PROGRAM FILES (X86)\POPULARSCREENSAVERS\UNINSTALL.EXE, No Action By User, [259], [301125],1.0.2667
PUP.Optional.Bandoo, C:\USERS\CHARA\APPDATA\LOCAL\ILIVID\PYTHON27.DLL, No Action By User, [972], [301304],1.0.2667
PUP.Optional.Bandoo, C:\USERS\CHARA\APPDATA\LOCAL\ILIVID\SSLEAY32.DLL, No Action By User, [972], [301304],1.0.2667
PUP.Optional.Bandoo, C:\USERS\CHARA\APPDATA\LOCAL\ILIVID\ILIVID.EXE, No Action By User, [972], [301304],1.0.2667
PUP.Optional.Bandoo, C:\USERS\CHARA\APPDATA\LOCAL\ILIVID\QTCORE4.DLL, No Action By User, [972], [301304],1.0.2667
PUP.Optional.Bandoo, C:\USERS\CHARA\APPDATA\LOCAL\ILIVID\MSVCR100.DLL, No Action By User, [972], [301304],1.0.2667
PUP.Optional.Bandoo, C:\USERS\CHARA\APPDATA\LOCAL\ILIVID\QTXML4.DLL, No Action By User, [972], [301304],1.0.2667
PUP.Optional.Bandoo, C:\USERS\CHARA\APPDATA\LOCAL\ILIVID\MSVCP100.DLL, No Action By User, [972], [301304],1.0.2667
PUP.Optional.Bandoo, C:\USERS\CHARA\APPDATA\LOCAL\ILIVID\QTWEBKIT4.DLL, No Action By User, [972], [301304],1.0.2667
PUP.Optional.Bandoo, C:\USERS\CHARA\APPDATA\LOCAL\ILIVID\QTNETWORK4.DLL, No Action By User, [972], [301304],1.0.2667
PUP.Optional.Bandoo, C:\USERS\CHARA\APPDATA\LOCAL\ILIVID\LIBEAY32.DLL, No Action By User, [972], [301304],1.0.2667
PUP.Optional.Bandoo, C:\USERS\CHARA\APPDATA\LOCAL\ILIVID\QTGUI4.DLL, No Action By User, [972], [301304],1.0.2667

Physical Sector: 0
(No malicious items detected)


(end)
"In one of the stars I shall be living. In one of them I shall be laughing. And so it will be as if all the stars will be laughing when you look at the sky at night.. You, only you, will have stars that can laugh..."

Online Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19425
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: A new friend needs help...
« Reply #13 on: August 27, 2017, 04:05:32 PM »
Why "no action by user" and not quarantined?


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline DR M

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 1606
  • Keep on keeping on.
    • View Profile
    • Grecian Geek Genius
Re: A new friend needs help...
« Reply #14 on: August 27, 2017, 04:08:30 PM »
Why "no action by user" and not quarantined?

I sent them to quarantine. Perhaps I saved the log before I removed them.
"In one of the stars I shall be living. In one of them I shall be laughing. And so it will be as if all the stars will be laughing when you look at the sky at night.. You, only you, will have stars that can laugh..."