Broadcaster Channel pop-ups

**Malnutrition** · 02-20-2017, 11:48 PM

Hello, @Isorene the FRST log is incomplete, can you post the entire log for me please.

Dobrý den, @Isorene FRST log je neúplný, můžete po celý protokol pro mě prosím.

Auto logger scan!

Disable your Antivirus & Anti spyware applications!!
Download Autologger to your desktop.
Unzip it there. – If you are unsure how to unzip a program, then use ---- http://www.7-zip.org/ ----
Right click Autologger and run as admin. (Xp user double click)
AVZ4 will open and scan your machine, allow this to complete.
Upload Collectionlog.zip to your next reply.

**Isorene** · 02-21-2017, 01:56 AM

Hi
This is the first:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-02-2017
Ran by sandra123 (administrator) on SANDRA (21-02-2017 01:51:49)
Running from C:\Users\sandra123\Downloads
Loaded Profiles: sandra123 (Available Profiles: sandra123)
Platform: Microsoft Windows 8 Pro (X86) Language: Czech (Czech Republic)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Windows\System32\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\GfK Internet-Monitor\GfK-Reporting.exe
() C:\Program Files\GfK Internet-Monitor\GfK-Updater.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(GfK SE) C:\Program Files\GfK Internet-Monitor\GfK-LoginInterface.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(PrivacyRoot.com) C:\Program Files\Wipe\Wipe.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(@@Manufacturer@@) C:\Program Files\GfK Internet-Monitor\Chrome Extension\GfKChromeHost.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.32.7\GoogleCrashHandler.ex e
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-21-109433473-37108459-277044693-1001...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6828448 2017-02-08] (SUPERAntiSpyware)
HKU\S-1-5-21-109433473-37108459-277044693-1001...\Run: [Wipe Maintance] => C:\Program Files\Wipe\net1.exe [880920 2016-12-26] (www.privacyroot.com)
HKU\S-1-5-21-109433473-37108459-277044693-1001...\Run: [GoogleChromeAutoLaunch_72A44A76D81B451D279602D7456 7B17A] => C:\Program Files\Google\Chrome\Application\chrome.exe [945496 2017-02-01] (Google Inc.)
Startup: C:\Users\sandra123\AppData\Roaming\Microsoft\Windo ws\Start Menu\Programs\Startup\Wipe Tray Agent.lnk [2016-12-04]
ShortcutTarget: Wipe Tray Agent.lnk → C:\Program Files\Wipe\Wipe.exe (PrivacyRoot.com)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip..\Interfaces{1E332B64-6BBF-45F0-AB2D-C43CD7E93446}: [DhcpNameServer] 192.168.0.1
[HEADING=1]Internet Explorer:[/HEADING]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-109433473-37108459-277044693-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM → DefaultScope {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
SearchScopes: HKLM → {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
SearchScopes: HKU\S-1-5-21-109433473-37108459-277044693-1001 → DefaultScope {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
SearchScopes: HKU\S-1-5-21-109433473-37108459-277044693-1001 → {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
BHO: Skype for Business Browser Helper → {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} → C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO: GfK Internet-Monitor → {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} → C:\Program Files\GfK Internet-Monitor\Gacela2.dll [2016-02-01] (GfK)
BHO: Skype Click to Call for Internet Explorer → {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} → C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper → {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} → C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
[HEADING=1]FireFox:[/HEADING]
FF DefaultProfile: 4p6mfa8j.default
FF ProfilePath: C:\Users\sandra123\AppData\Roaming\Mozilla\Firefox \Profiles\4p6mfa8j.default [2017-02-20]
FF Extension: (QuickJava) - C:\Users\sandra123\AppData\Roaming\Mozilla\Firefox \Profiles\4p6mfa8j.default\Extensions{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2016-10-17]
FF HKLM...\Firefox\Extensions: [gacela2@nurago.com] - C:\Program Files\GfK Internet-Monitor\FirefoxAddon.xpi
FF Extension: (GfK Internet) - C:\Program Files\GfK Internet-Monitor\FirefoxAddon.xpi [2017-02-21]
FF HKLM...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files\NetRatingsNetSight\NetSight\meter2\FirefoxAd dOns\netsight@nielsen.xpi => not found
FF Plugin: @adobe.com/FlashPlayer → C:\Windows\system32\Macromed\Flash\NPSWF32_23_0_0_ 162.dll [2016-09-22] ()
FF Plugin: @microsoft.com/Lync,version=15.0 → C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 → c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 → C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 → C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 → C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.1 → C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 → C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: Adobe Reader → C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-19] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
[HEADING=1]Chrome:[/HEADING]
CHR DefaultProfile: Profile 1
CHR HomePage: Profile 1 → hxxp://www.google.com/
CHR StartupUrls: Profile 1 → “hxxp://www.google.com/”,“”
CHR Profile: C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\Default [2017-02-08]
CHR Extension: (Google Slides) - C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\aapocclcgogkmnckokdopfmhon fmgoek [2015-08-08]
CHR Extension: (Google Docs) - C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\aohghmighlieiainnegkcijnfi lokake [2015-08-08]
CHR Extension: (Google Drive) - C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf [2015-10-22]
CHR Extension: (VouchShare - UK Voucher Codes) - C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\bghnjgpffphlfnbdgcpgbnbkib ekpcak [2016-05-07]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\bhmmomiinigofkjcapegjjndpb ikblnp [2016-08-10]
CHR Extension: (Yahoo Partner) - C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\bjicifbhnpakmaekfnphojjehh nifkmc [2017-01-18]
CHR Extension: (YouTube) - C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf [2015-10-30]
CHR Extension: (Adobe Acrobat) - C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\efaidnbmnnnibpcajpcglclefi ndmkaj [2017-01-18]
CHR Extension: (Quidco Cashback Reminder) - C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\elfdpdgmnodokhbiabbcjabmhp dajcog [2016-05-20]
CHR Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfo mcebme [2016-11-28]
CHR Extension: (Google Sheets) - C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\felcaaldnbdncclmgdcncolpeb giejap [2015-08-08]
CHR Extension: (GfK Internet-Monitor) - C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\ggfendnnkdmkiegggcbdpcmpfi incaap [2016-02-26]
CHR Extension: (Google Docs Offline) - C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdl olhkhi [2016-03-17]
CHR Extension: (Skype) - C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfg npldfl [2016-11-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia [2015-08-08]
CHR Extension: (Chrome Media Router) - C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm [2017-02-08]
CHR Profile: C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\Profile 1 [2017-02-21]
CHR Extension: (Google Slides) - C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-14]
CHR Extension: (Google Docs) - C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-14]
CHR Extension: (Google Drive) - C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-14]
CHR Extension: (BeFunky Photo Editor) - C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\Profile 1\Extensions\apfkepiiddolifkgjmfdgpnipgnfejab [2016-11-09]
CHR Extension: (ButtonBeats DubCube) - C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\Profile 1\Extensions\bdijiampoihanablcndnakhfbgfciogm [2016-11-09]
CHR Extension: (YouTube) - C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-14]
CHR Extension: (Fun Switcher) - C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\Profile 1\Extensions\ddeoimiimmmfddbiggnbipkjomlalanb [2016-11-09]
CHR Extension: (B.S. Detector) - C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\Profile 1\Extensions\dlcgkekjiopopabcifhebmphmfmdbjod [2017-02-09]
CHR Extension: (Adobe Acrobat) - C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-02-01]
CHR Extension: (¿Qué cocino hoy?) - C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\Profile 1\Extensions\enadeelnincmhhilgbiphjbjnnagnhmh [2016-11-09]
CHR Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\Profile 1\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2016-11-18]
CHR Extension: (Google Sheets) - C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-14]
CHR Extension: (GfK Internet-Monitor) - C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\Profile 1\Extensions\ggfendnnkdmkiegggcbdpcmpfiincaap [2016-09-14]
CHR Extension: (Google Docs Offline) - C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-14]
CHR Extension: (Awesome Weather Widget [ANTP]) - C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\Profile 1\Extensions\goeepbfnllchoihkoiecpkkekbpfiboc [2016-11-09]
CHR Extension: (Pixlr Express) - C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\Profile 1\Extensions\hojmjpdlmjopaeginhldhiokeidchjid [2016-11-09]
CHR Extension: (ButtonBass Dubstep Balls) - C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\Profile 1\Extensions\icmjadonkmcblbkocpaaefjbceiijfdg [2016-11-09]
CHR Extension: (Yahoo Homepage) - C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\Profile 1\Extensions\jccfgghhbihbhomnlnadpjhkhmmboanj [2017-01-15]
CHR Extension: (Until AM Web App) - C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\Profile 1\Extensions\kodigjkcpaoeodlnmcnekemakpnmegnk [2016-11-09]
CHR Extension: (Webcam Toy) - C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\Profile 1\Extensions\lfbgimoladefibpklnfmkpknadbklade [2016-11-09]
CHR Extension: (Sketchpad) - C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\Profile 1\Extensions\lkllajgbhondgjjnhmmgbjndmogapinp [2016-11-09]
CHR Extension: (ButtonBass Player Piano) - C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\Profile 1\Extensions\lkmkonkgohgomnnkaclbiammkcjenfdi [2016-11-09]
CHR Extension: (3D Solar System Web) - C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\Profile 1\Extensions\mdaaepplopehigjgkolniddiadbbkphd [2016-11-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18]
CHR Extension: (Gmail) - C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-14]
CHR Extension: (Chrome Media Router) - C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-08]
CHR Extension: (Writer) - C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\Profile 1\Extensions\pnengefjfhgcceajaepbjhanoojifmog [2016-11-09]
CHR Profile: C:\Users\sandra123\AppData\Local\Google\Chrome\Use r Data\System Profile [2016-11-29]
CHR HKLM...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_ extension.crx [2015-10-12]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [143776 2017-02-08] (SUPERAntiSpyware.com)
R2 AtherosSvc; C:\Windows\system32\AdminService.exe [174080 2012-08-29] (Atheros Commnucations)
S3 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdate Svc.exe [1433216 2015-10-12] (Microsoft Corporation)
S3 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [290224 2015-06-01] (Intel Corporation)
R2 GfK-Reporting-Service; C:\Program Files\GfK Internet-Monitor\GfK-Reporting.exe [1940032 2016-02-01] ()
R2 GfK-Update-Service; C:\Program Files\GfK Internet-Monitor\GfK-Updater.exe [1475776 2015-08-24] ()
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [67592 2016-03-02] (Bitdefender)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14480 2015-07-06] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athr.sys [2273280 2012-06-02] (Qualcomm Atheros Communications, Inc.)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [633344 2013-04-17] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [486536 2013-04-17] (BitDefender)
R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [108008 2013-07-02] (Bitdefender SRL)
R1 bdselfpr; C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys [135472 2013-07-16] (BitDefender LLC)
R3 BtFilter; C:\Windows\system32\DRIVERS\btfilter.sys [480256 2012-08-29] (Qualcomm Atheros)
R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [164952 2013-04-22] (BitDefender LLC)
R3 MEI; C:\Windows\System32\drivers\HECI.sys [55104 2012-07-17] (Intel Corporation)
S1 qutmipc; C:\Windows\system32\drivers\qutmipc.sys [64872 2016-06-03] (360.cn)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [355744 2013-05-28] (BitDefender S.R.L.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [38928 2015-07-06] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [244600 2015-07-06] (Microsoft Corporation)
R3 WUDFWpdMtp; C:\Windows\System32\drivers\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-20 22:53 - 2017-02-20 22:53 - 00242504 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2017-02-20 22:49 - 2017-02-20 22:50 - 00022313 _____ C:\Users\sandra123\Downloads\Addition.txt
2017-02-20 22:47 - 2017-02-21 01:52 - 00019071 _____ C:\Users\sandra123\Downloads\FRST.txt
2017-02-20 22:47 - 2017-02-21 01:51 - 00000000 ____D C:\FRST
2017-02-20 22:46 - 2017-02-20 22:46 - 01764864 _____ (Farbar) C:\Users\sandra123\Downloads\FRST.exe
2017-02-20 22:46 - 2017-02-20 22:46 - 01764864 _____ (Farbar) C:\Users\sandra123\Downloads\FRST (1).exe
2017-02-20 21:40 - 2017-02-20 21:40 - 00155312 _____ C:\Windows\Minidump\022017-28671-01.dmp
2017-02-20 20:25 - 2017-02-20 20:25 - 04615856 _____ (Enigma Software Group USA, LLC.) C:\Users\sandra123\Downloads\SpyHunter-Installer.exe
2017-02-20 19:48 - 2017-02-20 22:48 - 00000000 ____D C:\Users\sandra123\AppData\Local\CrashDumps
2017-02-07 13:28 - 2017-02-07 13:32 - 00002799 ____T C:\Windows\system32\lic2tmp.xml13096
2017-02-03 12:38 - 2017-02-03 12:38 - 01199723 _____ C:\Users\sandra123\Downloads\classic_account_welco me_pack.pdf
2017-02-03 12:38 - 2017-02-03 12:38 - 00469438 _____ C:\Users\sandra123\Downloads\personal_banking_term s_and_conditions.pdf
2017-02-03 12:35 - 2017-02-03 12:35 - 00083401 _____ C:\Users\sandra123\Downloads\fscs_information_shee t.pdf
2017-02-02 18:59 - 2017-02-02 18:59 - 01463048 _____ C:\Users\sandra123\Downloads\NWB-3-in-1-Terms.pdf
2017-01-27 09:06 - 2017-01-27 09:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wipe
2017-01-24 14:48 - 2017-01-24 14:56 - 00002799 ____T C:\Windows\system32\lic2tmp.xml10824
2017-01-22 21:23 - 2017-01-22 21:27 - 00002900 _____ C:\Windows\system32\lic2.xml16339
2017-01-22 03:13 - 2017-01-22 03:13 - 00000000 ____T C:\Windows\system32\lic2tmp.xml31106

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-21 01:39 - 2016-02-12 16:41 - 00000000 ____D C:\Users\sandra123\AppData\Roaming\Wipe
2017-02-21 01:28 - 2015-08-08 14:49 - 00000000 ____D C:\Program Files\Windows 8 - 8.1 KMS Activator Ultimate 2014 v1.5.1
2017-02-20 23:07 - 2012-07-26 06:04 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-20 23:06 - 2016-01-09 11:13 - 00000000 ____D C:\Program Files\GfK Internet-Monitor
2017-02-20 22:10 - 2015-10-24 10:22 - 00000000 ____D C:\Users\sandra123\AppData\Local\ElevatedDiagnosti cs
2017-02-20 22:10 - 2012-07-26 06:53 - 00000000 ____D C:\Windows\system32\NDF
2017-02-20 21:40 - 2016-07-01 21:45 - 250104248 _____ C:\Windows\MEMORY.DMP
2017-02-20 21:40 - 2015-08-08 22:18 - 00000000 ____D C:\Windows\Minidump
2017-02-20 21:39 - 2015-08-08 14:05 - 00000000 ____D C:\Users\sandra123
2017-02-20 19:53 - 2015-08-23 10:11 - 00000000 ____D C:\ProgramData\Skype
2017-02-16 09:53 - 2015-09-04 21:25 - 00146432 ___SH C:\Users\sandra123\Desktop\Thumbs.db
2017-02-15 18:18 - 2015-08-16 09:52 - 07500800 ___SH C:\Users\sandra123\Downloads\Thumbs.db
2017-02-10 08:43 - 2015-08-08 18:21 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-02-09 07:52 - 2012-07-26 04:43 - 00000000 ____D C:\Windows\inf
2017-02-07 08:05 - 2015-08-08 14:22 - 00002141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-02 21:55 - 2012-07-26 04:17 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-02-02 16:08 - 2015-08-16 14:13 - 00000000 ____D C:\Users\sandra123\AppData\Roaming\vlc
2017-01-27 12:45 - 2015-11-11 15:12 - 00000000 ____D C:\Windows\system32\MRT
2017-01-27 12:29 - 2015-08-08 20:22 - 133456224 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-01-27 09:06 - 2016-02-12 16:42 - 00001755 _____ C:\Users\sandra123\Desktop\Wipe.lnk
2017-01-27 09:06 - 2016-02-12 16:41 - 00000000 ____D C:\Program Files\Wipe

==================== Files in the root of some directories =======

2016-07-15 17:13 - 2016-07-15 17:13 - 0215559 _____ () C:\ProgramData\1468602465.bdinstall.bin
[HEADING=1]Some files in TEMP:[/HEADING]
2017-02-20 19:54 - 2017-02-20 19:54 - 0090112 _____ () C:\Users\sandra123\AppData\Local\Temp\certutil.exe
2017-02-20 21:39 - 2017-02-20 21:39 - 0237736 _____ (Enigma Software Group USA, LLC.) C:\Users\sandra123\AppData\Local\Temp\esg_cleanup. exe
2017-02-20 19:54 - 2017-02-20 19:54 - 0348160 _____ (Microsoft Corporation) C:\Users\sandra123\AppData\Local\Temp\msvcr71.dll
2017-02-20 19:54 - 2017-02-20 19:54 - 0159744 _____ (Netscape Communications Corporation) C:\Users\sandra123\AppData\Local\Temp\nspr4.dll
2017-02-20 19:54 - 2017-02-20 19:54 - 0364544 _____ (Netscape Communications Corporation) C:\Users\sandra123\AppData\Local\Temp\nss3.dll
2017-02-20 19:54 - 2017-02-20 19:54 - 0013312 _____ (Netscape Communications Corporation) C:\Users\sandra123\AppData\Local\Temp\plc4.dll
2017-02-20 19:54 - 2017-02-20 19:54 - 0009216 _____ (Netscape Communications Corporation) C:\Users\sandra123\AppData\Local\Temp\plds4.dll
2017-02-20 19:54 - 2017-02-20 19:54 - 0106496 _____ (Netscape Communications Corporation) C:\Users\sandra123\AppData\Local\Temp\smime3.dll
2017-02-20 19:54 - 2017-02-20 19:54 - 0372736 _____ (Netscape Communications Corporation) C:\Users\sandra123\AppData\Local\Temp\softokn3.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-14 07:59

==================== End of FRST.txt ============================

**Isorene** · 02-21-2017, 01:59 AM

[HEADING=1]Second one:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-02-2017
Ran by sandra123 (21-02-2017 01:52:57)
Running from C:\Users\sandra123\Downloads
Microsoft Windows 8 Pro (X86) (2015-08-08 14:05:03)
Boot Mode: Normal[/HEADING]
==================== Accounts: =============================

Administrator (S-1-5-21-109433473-37108459-277044693-500 - Administrator - Disabled)
Guest (S-1-5-21-109433473-37108459-277044693-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-109433473-37108459-277044693-1003 - Limited - Enabled)
sandra123 (S-1-5-21-109433473-37108459-277044693-1001 - Administrator - Enabled) => C:\Users\sandra123

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus Free Edition (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Antivirus Free Edition (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM...{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM...{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM...{D9F3D66A-9885-4DDD-A800-9DDF488359A1}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM...{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bitdefender Antivirus Free Edition (HKLM...\BitDefender Gonzales) (Version: 1.0.21.1109 - Bitdefender)
Bonjour (HKLM...{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
Google Chrome (HKLM...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (Version: 1.3.32.7 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM...{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Microsoft Office Professional Plus 2013 (HKLM...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM...{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM...{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM...{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM...{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 50.1.0 (x86 en-GB) (HKLM...\Mozilla Firefox 50.1.0 (x86 en-GB)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM...{91150000-0011-0000-0000-0000000FF1CE}Office15.PROPLUSR{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
Skype Click to Call (HKLM...{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
Skype™ 7.14 (HKLM...{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.14.106 - Skype Technologies S.A.)
SUPERAntiSpyware (HKLM...{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1204 - SUPERAntiSpyware.com)
Update for Skype for Business 2015 (KB3039776) 32-Bit Edition (HKLM...{90150000-012B-0409-0000-0000000FF1CE}Office15.PROPLUSR{9F6B3627-AF9E-40A5-AAD5-3497C4327616}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3141468) 32-Bit Edition (HKLM...{90150000-012B-0409-0000-0000000FF1CE}Office15.PROPLUSR{0BA3C700-ABED-4994-BB60-2FD66DFAF674}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3141468) 32-Bit Edition (HKLM...{91150000-0011-0000-0000-0000000FF1CE}Office15.PROPLUSR{0BA3C700-ABED-4994-BB60-2FD66DFAF674}) (Version: - Microsoft)
VLC media player (HKLM...\VLC media player) (Version: 2.2.4 - VideoLAN)
Wipe (HKLM...\wipe) (Version: 17.01 - PrivacyRoot.com)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {49598F83-B7CC-46EE-AC5A-F8A3DE4A93D7} - System32\Tasks\googleupdatetaskmachineua => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-08] (Google Inc.)
Task: {6E3259ED-2FF0-440C-AE2C-1C569025C142} - System32\Tasks\googleupdatetaskmachinecore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-08] (Google Inc.)
Task: {6E497CDA-EC10-4910-BD6E-C777866B92B3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {94CA72AF-2908-44E9-94F0-9A5D28EF121E} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\Windows\system32\EOSNotify.exe [2016-06-25] (Microsoft Corporation)
Task: {9A9B17DF-019E-456A-84FB-CDE223E0B834} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe [2016-09-22] (Adobe Systems Incorporated)
Task: {B7417245-362F-457F-B8C7-CFD59449A97C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {B8E9D92E-FEFF-484D-91CD-489CBF43FF17} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {C08EFDF1-0759-404F-AFE3-2703A3430F78} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\WatTask => C:\Windows Activation Technologies\wat.exe [2006-04-21] ()
Task: {CBD5497E-7C43-4BE0-A0A1-F323A9CA8AD5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAge ntFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {DBB78481-F438-4F2D-B671-960ECD61F7BD} - System32\Tasks{A197349C-5621-4226-9241-BB23616C7666} => Chrome.exe hxxp://ui.skype.com/ui/0/7.8.0.102/en/abandoninstall?source=lightinstaller&page=tsMain
Task: {F4D74208-2FCE-4EE7-A5C0-981152EB3634} - System32\Tasks\Microsoft\Office\OfficeTelemetryAge ntLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\sandra123\AppData\Roaming\Microsoft\Inter net Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Googl e Chrome.lnk → C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) → --profile-directory=“Profile 1”

==================== Loaded Modules (Whitelisted) ==============

2016-07-15 17:12 - 2013-03-19 10:07 - 00522136 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\sqlite3.dll
2016-07-15 17:12 - 2013-09-03 12:29 - 00105448 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\BDMetrics.dll
2016-10-05 18:18 - 2016-10-05 18:18 - 00080184 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 01041720 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-02-17 08:38 - 2016-02-01 08:32 - 01940032 _____ () C:\Program Files\GfK Internet-Monitor\GfK-Reporting.exe
2016-01-09 11:13 - 2015-08-24 11:43 - 01475776 _____ () C:\Program Files\GfK Internet-Monitor\GfK-Updater.exe
2016-01-09 11:13 - 2015-08-24 11:43 - 00617664 _____ () C:\Program Files\GfK Internet-Monitor\UpdateHelper.dll
2016-06-14 12:38 - 2016-06-14 12:38 - 08909504 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2017-02-07 08:05 - 2017-02-01 09:01 - 01870168 _____ () C:\Program Files\Google\Chrome\Application\56.0.2924.87\libgl esv2.dll
2017-02-07 08:05 - 2017-02-01 09:01 - 00085848 _____ () C:\Program Files\Google\Chrome\Application\56.0.2924.87\libeg l.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” value will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 04:17 - 2016-03-16 22:35 - 00000826 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-109433473-37108459-277044693-1001\Control Panel\Desktop\Wallpaper → C:\Users\sandra123\Downloads\Nrx5e0c.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [TCP Query User{CB6F1642-46DE-4185-84D6-595893CA0B17}C:\users\sandra123\appdata\roaming\bi ttorrent\bittorrent.exe] => (Block) C:\users\sandra123\appdata\roaming\bittorrent\bitt orrent.exe
FirewallRules: [UDP Query User{DF8EDB6E-693C-4061-9AF4-075C2C5B6918}C:\users\sandra123\appdata\roaming\bi ttorrent\bittorrent.exe] => (Block) C:\users\sandra123\appdata\roaming\bittorrent\bitt orrent.exe
FirewallRules: [TCP Query User{A46AF674-C41E-443D-B484-B12EF3B8958B}C:\users\sandra123\appdata\roaming\bi ttorrent\bittorrent.exe] => (Block) C:\users\sandra123\appdata\roaming\bittorrent\bitt orrent.exe
FirewallRules: [UDP Query User{38B04B07-616E-4507-B504-137491069BE1}C:\users\sandra123\appdata\roaming\bi ttorrent\bittorrent.exe] => (Block) C:\users\sandra123\appdata\roaming\bittorrent\bitt orrent.exe
FirewallRules: [TCP Query User{64110F94-848C-403A-9EE3-B3A3DAE4D525}C:\program files\secondlifeviewer\slvoice.exe] => (Allow) C:\program files\secondlifeviewer\slvoice.exe
FirewallRules: [UDP Query User{EBCEBC1A-9C4C-4DD5-BE2F-460E88DFEA71}C:\program files\secondlifeviewer\slvoice.exe] => (Allow) C:\program files\secondlifeviewer\slvoice.exe
FirewallRules: [{EEFEAE2C-1BA3-452D-8259-E9A3956CA859}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{D44661CE-15FE-4B36-A396-F52200CD5B7D}] => (Allow) C:\Program Files\360\Total Security\LiveUpdate360.exe
FirewallRules: [{070A819C-3A8A-4B35-A86A-915BF7A74470}] => (Allow) C:\Program Files\360\Total Security\LiveUpdate360.exe
FirewallRules: [{455580C9-E9FE-4FA9-AC6F-737F22C3E111}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{F0F15FCA-0C9E-4D57-9342-A16239E8D4BF}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{61D7BD7D-D278-4C23-8A03-9667E3F0B6B1}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{9BB4C1C7-B366-4B23-AE4F-5ACD22FFE24B}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{6C7E53A6-39DD-43B3-97E5-29FD7A2587D7}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{2B80132A-D307-4991-9677-62CDB0B60F02}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{C7F34E95-1F8C-467E-8122-DFFF350C67A0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{5ED4E109-8F49-4956-871B-064CAC0CB104}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{65D1BB57-4571-4258-B0ED-FB837B94935B}] => (Allow) C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.ex e
FirewallRules: [{B37A6FD9-0195-4FB2-A1E0-EC68BB251B95}] => (Allow) C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.ex e
FirewallRules: [{BB103B24-2FC3-4C1A-BC16-B6A3E7B3C032}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0A6AC48E-58D7-4377-9C3F-3194DFA787D7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BBD9171D-8001-4581-BC32-76F3D04DF787}] => (Allow) C:\Program Files\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{3835FFC3-6B9A-429E-BF03-4AA18113BE77}] => (Allow) C:\Program Files\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{ED392EBA-8F40-4E70-A7F3-32E410D432C3}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

01-02-2017 03:07:50 Naplánovaný kontrolní bod
08-02-2017 03:13:30 Naplánovaný kontrolní bod
16-02-2017 03:02:46 Naplánovaný kontrolní bod
20-02-2017 19:52:18 Removed Skype™ 7.14

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
[HEADING=1]Application errors:[/HEADING]
Error: (02/20/2017 11:10:33 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=Net workAvailable

Error: (02/20/2017 11:10:30 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=Use rLogon;SessionId=1

Error: (02/20/2017 10:47:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.2.9200.16628, time stamp: 0x51a942ac
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00006a66
Faulting process ID: 0xdf0
Faulting application start time: 0x01d28bc5292fe9fa
Faulting application path: C:\Windows\Explorer.EXE
Faulting module path: unknown
Report ID: 99646c03-f7be-11e6-b0c6-844bf591a338
Faulting package full name:
Faulting package-relative application ID:

Error: (02/20/2017 10:13:50 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=Net workAvailable

Error: (02/20/2017 10:05:54 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007267C
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=Use rLogon;SessionId=1

Error: (02/20/2017 09:34:13 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=Net workAvailable

Error: (02/20/2017 09:34:10 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=Use rLogon;SessionId=1

Error: (02/20/2017 07:54:12 PM) (Source: MsiInstaller) (EventID: 10005) (User: sandra)
Description: Product: Skype Click to Call – The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2502. The arguments are: , ,

Error: (02/20/2017 07:54:10 PM) (Source: MsiInstaller) (EventID: 10005) (User: sandra)
Description: Product: Skype Click to Call – The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2503. The arguments are: , ,

Error: (02/20/2017 07:53:52 PM) (Source: MsiInstaller) (EventID: 10005) (User: sandra)
Description: Product: Skype™ 7.14 – The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2502. The arguments are: , ,
[HEADING=1]System errors:[/HEADING]
Error: (02/20/2017 11:06:07 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The specifické pro aplikaci permission settings do not grant Místní Aktivace permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (pomocí LRPC) running in the application container Není k dispozici SID (Není k dispozici). This security permission can be modified using the Component Services administrative tool.

Error: (02/20/2017 09:43:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Sledování umístění v síti (NLA) service depends on the Klient DHCP service which failed to start because of the following error:
After starting, the service hung in a start-pending state.

Error: (02/20/2017 09:43:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Automatická konfigurace sítě WLAN service depends on the Správce připojení systému Windows service which failed to start because of the following error:
After starting, the service hung in a start-pending state.

Error: (02/20/2017 09:43:19 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Správce připojení systému Windows service hung on starting.

Error: (02/20/2017 09:43:17 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Podpora rozhraní NetBIOS nad protokolem TCP/IP service hung on starting.

Error: (02/20/2017 09:43:15 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Klient DHCP service hung on starting.

Error: (02/20/2017 09:42:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Klient DNS service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (02/20/2017 09:42:23 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Klient DNS service to connect.

Error: (02/20/2017 09:41:04 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x000000e1 (0x814fdefa, 0x00000001, 0x853bd3b0, 0x853bd3b0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022017-28671-01.

Error: (02/20/2017 09:30:31 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 20:23:44 on ‎20. ‎2. ‎2017 was unexpected.

==================== Memory info ===========================

Processor: Intel(R) Celeron(R) CPU B820 @ 1.70GHz
Percentage of memory in use: 68%
Total physical RAM: 1919.51 MB
Available physical RAM: 605.82 MB
Total Virtual: 5375.51 MB
Available Virtual: 2896.55 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:285.9 GB) (Free:239.39 GB) NTFS

==================== MBR & Partition Table ==================

================================================== ======
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 36DC8300)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=12.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=285.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

**Malnutrition** · 02-21-2017, 02:37 AM

Remove the software below with Geek Uninstaller. If it will not un install, then use Force Mode.

SpyHunter 4 (HKLM...\SpyHunter) (Version: 4.25.6.4782 - Enigma Software Group, LLC)
SUPERAntiSpyware (HKLM...{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1204 - SUPERAntiSpyware.com)

Zemana Scan.

Please download Zemana AntiMalware and save it to your Desktop.
[ul]
[li]Install the program and once the installation is complete it will start automatically.[/li][li]Click the Cog/Sproket Wheel, https://pchelpforum.net/attachments/...3-19-png.1462/ at the top right of Zemana[/li][li]Select Advanced - I have read the warning and wish to proceed.[/li][li]Place a tick next to Detect Suspicious (Root CA) Certificates.[/li][li]Then click the house icon in Zemana.[/li][li]Then, press Scan to begin.[/li][li]After the short scan is finished, if threats are detected press Next to remove them.[/li][/ul]
Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn’t required, please restart your computer manually.
[ul]
[li]Open Zemana AntiMalware again.[/li][li]Click on http://i63.tinypic.com/4zu6vb.jpg icon and double click the latest report.[/li][li]Now click File > Save As and choose your Desktop before pressing Save.[/li][li]The only left thing is to Copy Paste saved report in your next message.[/li][/ul]
[ul]
[li]This will open a logfile, post that in your next reply[/li][/ul]
File Search With Everything Search Engine.

Download and install the Everything Search Engine
Right Click Run As Admin. Type or Copy Paste SpyHunter into search window.
Then Click Edit. >>>Select all.
Right Click highlighted items>>>>>>>> Copy full name to clipboard.
Paste content of clipboard, here in your next reply.

FRST Fix.

Download attached fixlist.txt file and save it to the Desktop. NOTE. It’s important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

**Malnutrition** · 02-21-2017, 02:46 AM

You are running FRST from your downloads folder, the program and the fixlist need to be on your desktop in order to work properly.

Running from C:\Users\sandra123\Downloads

Forums - PC Help Forum

https://pchelpforum.net/attachments/67-png.904/

PCHF Forums

**Isorene** · 02-21-2017, 07:19 AM

I could not uninstall Spy Hunter 4 because it doesn’t appear on the list of installed programs.

**Malnutrition** · 02-21-2017, 07:56 AM

Just skip that step and move onto the next, post all requested logs.

**Isorene** · 02-21-2017, 01:42 PM

I am sorry, but I am confused, do I have to do all the pre-work plus the other scans that you tell me here? I really appreciate your help!

**Malnutrition** · 02-21-2017, 01:47 PM

Do everything in the post below. Zemana – Everything – FRST

Forums - PC Help Forum

https://pchelpforum.net/t/broadaster-cannel.16200/#post-23509

PCHF Forums

**Isorene** · 02-21-2017, 05:30 PM

[SPOILER=“Zemana AntiMalware 2.72.2.101 (Installed)”]Zemana AntiMalware 2.72.2.101 (Installed)

Scan Result : Completed
Scan Date : 2017/2/21
Operating System : Windows 8 32-bit
Processor : 2X Intel(R) Celeron(R) CPU B820 @ 1.70GHz
BIOS Mode : Legacy
CUID : 122D478FDAEC122BE5FA0F
Scan Type : System Scan
Duration : 16m 45s
Scanned Objects : 37949
Detected Objects : 1
Excluded Objects : 0
Read Level : SCSI
Auto Upload : Enabled
Detect All Extensions : Disabled
Scan Documents : Disabled
Domain Info : WORKGROUP,0,2
[HEADING=1]Detected Objects[/HEADING]
{a197349c-5621-4226-9241-bb23616c7666}
Status : Scanned
Object : NE->c:\windows\system32\tasks{a197349c-5621-4226-9241-bb23616c7666}
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Adware:Win32/CHR.TASKSCHD.GEN.A!Neng
Cleaning Action : Quarantine
Related Objects :
(null) - (null)
[HEADING=1]Cleaning Result[/HEADING]
Cleaned : 1
Reported as safe : 0
Failed : 0[/SPOILER]

**Isorene** · 02-21-2017, 06:13 PM

C:\Users\sandra123\Downloads\SpyHunter-Installer.exe
C:\Windows\Prefetch\SPYHUNTER-INSTALLER.EXE-BE2B3F9D.pf
C:\Windows\Prefetch\SPYHUNTER4.EXE-5B920D84.pf

**Malnutrition** · 02-21-2017, 07:01 PM

FRST Fix.

Download attached fixlist.txt file and save it to the Desktop. NOTE. It’s important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Click here to download Fixlist

**Isorene** · 02-21-2017, 08:13 PM

Sorry again, how do I download both to desktop, when I click on it it goes automatically to downloads folder.

**Malnutrition** · 02-21-2017, 10:03 PM

No problem.

Since you have the Everything Search Engine installed this will be easy…

[ul]
[li]Start the Everything Search Engine Type FRST into the search box.[/li][li]Left click and hold on FRST.[/li][li]Drag your copy of FRST onto the desktop.[/li][li]Next clear the search box.[/li][li]Type or copy paste fixlist* into the search box.[/li][li]Left click and hold on the fixlist.txt and drag to your desktop.[/li][li]Then Right click on FRST and run as administrator.[/li][li]Click the fix button.[/li][li]Your machine will reboot.[/li][li]Upon completion of the reboot a log will appear on your desktop.[/li][li]Post that new log here in your next reply.[/li][/ul]

Broadcaster Channel pop-ups

Broadcaster Channel pop-ups

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment