• Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Solved Broadcaster Channel pop-ups

Status
Not open for further replies.
Isorene

Isorene

PCHF Member
Feb 20, 2017
77
8
53
Gateshead, England
#1
Seond and aptop:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-02-2017
Ran by sandra123 (administrator) on SANDRA (20-02-2017 22:47:28)
Running from C:\Users\sandra123\Downloads
Loaded Profiles: sandra123 (Available Profiles: sandra123)
Platform: Microsoft Windows 8 Pro (X86) Language: Czech (Czech Republic)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Windows\System32\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\GfK Internet-Monitor\GfK-Reporting.exe
() C:\Program Files\GfK Internet-Monitor\GfK-Updater.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(PrivacyRoot.com) C:\Program Files\Wipe\Wipe.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(@@Manufacturer@@) C:\Program Files\GfK Internet-Monitor\Chrome Extension\GfKChromeHost.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(GfK SE) C:\Program Files\GfK Internet-Monitor\GfK-LoginInterface.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\update.exe
(Farbar) C:\Users\sandra123\Downloads\FRST (1).exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-21-109433473-37108459-277044693-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6828448 2017-02-08] (SUPERAntiSpyware)
HKU\S-1-5-21-109433473-37108459-277044693-1001\...\Run: [Wipe Maintance] => C:\Program Files\Wipe\net1.exe [880920 2016-12-26] (www.privacyroot.com)
HKU\S-1-5-21-109433473-37108459-277044693-1001\...\Run: [GoogleChromeAutoLaunch_72A44A76D81B451D279602D74567B17A] => C:\Program Files\Google\Chrome\Application\chrome.exe [945496 2017-02-01] (Google Inc.)
Startup: C:\Users\sandra123\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wipe Tray Agent.lnk [2016-12-04]
ShortcutTarget: Wipe Tray Agent.lnk -> C:\Program Files\Wipe\Wipe.exe (PrivacyRoot.com)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1E332B64-6BBF-45F0-AB2D-C43CD7E93446}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-109433473-37108459-277044693-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
SearchScopes: HKLM -> {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
SearchScopes: HKU\S-1-5-21-109433473-37108459-277044693-1001 -> DefaultScope {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
SearchScopes: HKU\S-1-5-21-109433473-37108459-277044693-1001 -> {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO: GfK Internet-Monitor -> {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} -> C:\Program Files\GfK Internet-Monitor\Gacela2.dll [2016-02-01] (GfK)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)

FireFox:


Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-02-2017
Ran by sandra123 (20-02-2017 22:49:22)
Running from C:\Users\sandra123\Downloads
Microsoft Windows 8 Pro (X86) (2015-08-08 14:05:03)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-109433473-37108459-277044693-500 - Administrator - Disabled)
Guest (S-1-5-21-109433473-37108459-277044693-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-109433473-37108459-277044693-1003 - Limited - Enabled)
sandra123 (S-1-5-21-109433473-37108459-277044693-1001 - Administrator - Enabled) => C:\Users\sandra123

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus Free Edition (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Antivirus Free Edition (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D9F3D66A-9885-4DDD-A800-9DDF488359A1}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1109 - Bitdefender)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (Version: 1.3.32.7 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 50.1.0 (x86 en-GB) (HKLM\...\Mozilla Firefox 50.1.0 (x86 en-GB)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
Skype™ 7.14 (HKLM\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.14.106 - Skype Technologies S.A.)
SpyHunter 4 (HKLM\...\SpyHunter) (Version: 4.25.6.4782 - Enigma Software Group, LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1204 - SUPERAntiSpyware.com)
Update for Skype for Business 2015 (KB3039776) 32-Bit Edition (HKLM\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{9F6B3627-AF9E-40A5-AAD5-3497C4327616}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3141468) 32-Bit Edition (HKLM\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{0BA3C700-ABED-4994-BB60-2FD66DFAF674}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3141468) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{0BA3C700-ABED-4994-BB60-2FD66DFAF674}) (Version: - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Wipe (HKLM\...\wipe) (Version: 17.01 - PrivacyRoot.com)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {49598F83-B7CC-46EE-AC5A-F8A3DE4A93D7} - System32\Tasks\googleupdatetaskmachineua => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-08] (Google Inc.)
Task: {6E3259ED-2FF0-440C-AE2C-1C569025C142} - System32\Tasks\googleupdatetaskmachinecore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-08] (Google Inc.)
Task: {6E497CDA-EC10-4910-BD6E-C777866B92B3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {94CA72AF-2908-44E9-94F0-9A5D28EF121E} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\Windows\system32\EOSNotify.exe [2016-06-25] (Microsoft Corporation)
Task: {9A9B17DF-019E-456A-84FB-CDE223E0B834} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-22] (Adobe Systems Incorporated)
Task: {B7417245-362F-457F-B8C7-CFD59449A97C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {B8E9D92E-FEFF-484D-91CD-489CBF43FF17} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {C08EFDF1-0759-404F-AFE3-2703A3430F78} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\WatTask => C:\Windows Activation Technologies\wat.exe [2006-04-21] ()
Task: {CBD5497E-7C43-4BE0-A0A1-F323A9CA8AD5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {DBB78481-F438-4F2D-B671-960ECD61F7BD} - System32\Tasks\{A197349C-5621-4226-9241-BB23616C7666} => Chrome.exe hxxp://ui.skype.com/ui/0/7.8.0.102/en/abandoninstall?source=lightinstaller&amp;page=tsMain
Task: {F4D74208-2FCE-4EE7-A5C0-981152EB3634} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\sandra123\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) ==============

2016-07-15 17:12 - 2013-03-19 10:07 - 00522136 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\sqlite3.dll
2016-07-15 17:12 - 2013-09-03 12:29 - 00105448 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\BDMetrics.dll
2016-10-05 18:18 - 2016-10-05 18:18 - 00080184 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 01041720 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-02-17 08:38 - 2016-02-01 08:32 - 01940032 _____ () C:\Program Files\GfK Internet-Monitor\GfK-Reporting.exe
2016-01-09 11:13 - 2015-08-24 11:43 - 01475776 _____ () C:\Program Files\GfK Internet-Monitor\GfK-Updater.exe
2016-01-09 11:13 - 2015-08-24 11:43 - 00617664 _____ () C:\Program Files\GfK Internet-Monitor\UpdateHelper.dll
2016-06-14 12:38 - 2016-06-14 12:38 - 08909504 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2017-02-07 08:05 - 2017-02-01 09:01 - 01870168 _____ () C:\Program Files\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-07 08:05 - 2017-02-01 09:01 - 00085848 _____ () C:\Program Files\Google\Chrome\Application\56.0.2924.87\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 04:17 - 2016-03-16 22:35 - 00000826 ____N C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-109433473-37108459-277044693-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\sandra123\Downloads\Nrx5e0c.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [TCP Query User{CB6F1642-46DE-4185-84D6-595893CA0B17}C:\users\sandra123\appdata\roaming\bittorrent\bittorrent.exe] => (Block) C:\users\sandra123\appdata\roaming\bittorrent\bittorrent.exe
FirewallRules: [UDP Query User{DF8EDB6E-693C-4061-9AF4-075C2C5B6918}C:\users\sandra123\appdata\roaming\bittorrent\bittorrent.exe] => (Block) C:\users\sandra123\appdata\roaming\bittorrent\bittorrent.exe
FirewallRules: [TCP Query User{A46AF674-C41E-443D-B484-B12EF3B8958B}C:\users\sandra123\appdata\roaming\bittorrent\bittorrent.exe] => (Block) C:\users\sandra123\appdata\roaming\bittorrent\bittorrent.exe
FirewallRules: [UDP Query User{38B04B07-616E-4507-B504-137491069BE1}C:\users\sandra123\appdata\roaming\bittorrent\bittorrent.exe] => (Block) C:\users\sandra123\appdata\roaming\bittorrent\bittorrent.exe
FirewallRules: [TCP Query User{64110F94-848C-403A-9EE3-B3A3DAE4D525}C:\program files\secondlifeviewer\slvoice.exe] => (Allow) C:\program files\secondlifeviewer\slvoice.exe
FirewallRules: [UDP Query User{EBCEBC1A-9C4C-4DD5-BE2F-460E88DFEA71}C:\program files\secondlifeviewer\slvoice.exe] => (Allow) C:\program files\secondlifeviewer\slvoice.exe
FirewallRules: [{EEFEAE2C-1BA3-452D-8259-E9A3956CA859}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{D44661CE-15FE-4B36-A396-F52200CD5B7D}] => (Allow) C:\Program Files\360\Total Security\LiveUpdate360.exe
FirewallRules: [{070A819C-3A8A-4B35-A86A-915BF7A74470}] => (Allow) C:\Program Files\360\Total Security\LiveUpdate360.exe
FirewallRules: [{455580C9-E9FE-4FA9-AC6F-737F22C3E111}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{F0F15FCA-0C9E-4D57-9342-A16239E8D4BF}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{61D7BD7D-D278-4C23-8A03-9667E3F0B6B1}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{9BB4C1C7-B366-4B23-AE4F-5ACD22FFE24B}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{6C7E53A6-39DD-43B3-97E5-29FD7A2587D7}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{2B80132A-D307-4991-9677-62CDB0B60F02}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{C7F34E95-1F8C-467E-8122-DFFF350C67A0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{5ED4E109-8F49-4956-871B-064CAC0CB104}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{65D1BB57-4571-4258-B0ED-FB837B94935B}] => (Allow) C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
FirewallRules: [{B37A6FD9-0195-4FB2-A1E0-EC68BB251B95}] => (Allow) C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
FirewallRules: [{BB103B24-2FC3-4C1A-BC16-B6A3E7B3C032}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0A6AC48E-58D7-4377-9C3F-3194DFA787D7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BBD9171D-8001-4581-BC32-76F3D04DF787}] => (Allow) C:\Program Files\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{3835FFC3-6B9A-429E-BF03-4AA18113BE77}] => (Allow) C:\Program Files\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{ED392EBA-8F40-4E70-A7F3-32E410D432C3}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

01-02-2017 03:07:50 Naplánovaný kontrolní bod
08-02-2017 03:13:30 Naplánovaný kontrolní bod
16-02-2017 03:02:46 Naplánovaný kontrolní bod
20-02-2017 19:52:18 Removed Skype™ 7.14

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/20/2017 10:47:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.2.9200.16628, time stamp: 0x51a942ac
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00006a66
Faulting process ID: 0xdf0
Faulting application start time: 0x01d28bc5292fe9fa
Faulting application path: C:\Windows\Explorer.EXE
Faulting module path: unknown
Report ID: 99646c03-f7be-11e6-b0c6-844bf591a338
Faulting package full name:
Faulting package-relative application ID:

Error: (02/20/2017 10:13:50 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (02/20/2017 10:05:54 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007267C
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (02/20/2017 09:34:13 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (02/20/2017 09:34:10 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (02/20/2017 07:54:12 PM) (Source: MsiInstaller) (EventID: 10005) (User: sandra)
Description: Product: Skype Click to Call -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2502. The arguments are: , ,

Error: (02/20/2017 07:54:10 PM) (Source: MsiInstaller) (EventID: 10005) (User: sandra)
Description: Product: Skype Click to Call -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2503. The arguments are: , ,

Error: (02/20/2017 07:53:52 PM) (Source: MsiInstaller) (EventID: 10005) (User: sandra)
Description: Product: Skype™ 7.14 -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2502. The arguments are: , ,

Error: (02/20/2017 07:53:50 PM) (Source: MsiInstaller) (EventID: 10005) (User: sandra)
Description: Product: Skype™ 7.14 -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2503. The arguments are: , ,

Error: (02/20/2017 07:48:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.2.9200.16628, time stamp: 0x51a942ac
Faulting module name: twinui.dll, version: 6.2.9200.17464, time stamp: 0x55bb21a2
Exception code: 0xc0000005
Fault offset: 0x0001bcc9
Faulting process ID: 0xd40
Faulting application start time: 0x01d2893f473e28ce
Faulting application path: C:\Windows\Explorer.EXE
Faulting module path: C:\Windows\System32\twinui.dll
Report ID: 7b9645e4-f7a5-11e6-b0c4-844bf591a338
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (02/20/2017 09:43:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Sledování umístění v síti (NLA) service depends on the Klient DHCP service which failed to start because of the following error:
After starting, the service hung in a start-pending state.

Error: (02/20/2017 09:43:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Automatická konfigurace sítě WLAN service depends on the Správce připojení systému Windows service which failed to start because of the following error:
After starting, the service hung in a start-pending state.

Error: (02/20/2017 09:43:19 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Správce připojení systému Windows service hung on starting.

Error: (02/20/2017 09:43:17 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Podpora rozhraní NetBIOS nad protokolem TCP/IP service hung on starting.

Error: (02/20/2017 09:43:15 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Klient DHCP service hung on starting.

Error: (02/20/2017 09:42:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Klient DNS service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (02/20/2017 09:42:23 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Klient DNS service to connect.

Error: (02/20/2017 09:41:04 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x000000e1 (0x814fdefa, 0x00000001, 0x853bd3b0, 0x853bd3b0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022017-28671-01.

Error: (02/20/2017 09:30:31 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 20:23:44 on ‎20. ‎2. ‎2017 was unexpected.

Error: (02/20/2017 03:57:38 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 70.


==================== Memory info ===========================

Processor: Intel(R) Celeron(R) CPU B820 @ 1.70GHz
Percentage of memory in use: 70%
Total physical RAM: 1919.51 MB
Available physical RAM: 572.6 MB
Total Virtual: 5375.51 MB
Available Virtual: 3846.06 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:285.9 GB) (Free:239.64 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 36DC8300)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=12.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=285.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 
#2
Hello, @Isorene the FRST log is incomplete, can you post the entire log for me please. :)

Dobrý den, @Isorene FRST log je neúplný, můžete po celý protokol pro mě prosím.

Auto logger scan!


Disable your Antivirus & Anti spyware applications!!
Download Autologger to your desktop.
Unzip it there. -- If you are unsure how to unzip a program, then use ---- http://www.7-zip.org/ ----
Right click Autologger and run as admin. (Xp user double click)
AVZ4 will open and scan your machine, allow this to complete.
Upload Collectionlog.zip to your next reply.
 
Last edited:
#3
Hi
This is the first:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-02-2017
Ran by sandra123 (administrator) on SANDRA (21-02-2017 01:51:49)
Running from C:\Users\sandra123\Downloads
Loaded Profiles: sandra123 (Available Profiles: sandra123)
Platform: Microsoft Windows 8 Pro (X86) Language: Czech (Czech Republic)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Windows\System32\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\GfK Internet-Monitor\GfK-Reporting.exe
() C:\Program Files\GfK Internet-Monitor\GfK-Updater.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(GfK SE) C:\Program Files\GfK Internet-Monitor\GfK-LoginInterface.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(PrivacyRoot.com) C:\Program Files\Wipe\Wipe.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(@@Manufacturer@@) C:\Program Files\GfK Internet-Monitor\Chrome Extension\GfKChromeHost.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-21-109433473-37108459-277044693-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6828448 2017-02-08] (SUPERAntiSpyware)
HKU\S-1-5-21-109433473-37108459-277044693-1001\...\Run: [Wipe Maintance] => C:\Program Files\Wipe\net1.exe [880920 2016-12-26] (www.privacyroot.com)
HKU\S-1-5-21-109433473-37108459-277044693-1001\...\Run: [GoogleChromeAutoLaunch_72A44A76D81B451D279602D74567B17A] => C:\Program Files\Google\Chrome\Application\chrome.exe [945496 2017-02-01] (Google Inc.)
Startup: C:\Users\sandra123\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wipe Tray Agent.lnk [2016-12-04]
ShortcutTarget: Wipe Tray Agent.lnk -> C:\Program Files\Wipe\Wipe.exe (PrivacyRoot.com)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1E332B64-6BBF-45F0-AB2D-C43CD7E93446}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-109433473-37108459-277044693-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
SearchScopes: HKLM -> {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
SearchScopes: HKU\S-1-5-21-109433473-37108459-277044693-1001 -> DefaultScope {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
SearchScopes: HKU\S-1-5-21-109433473-37108459-277044693-1001 -> {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO: GfK Internet-Monitor -> {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} -> C:\Program Files\GfK Internet-Monitor\Gacela2.dll [2016-02-01] (GfK)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 4p6mfa8j.default
FF ProfilePath: C:\Users\sandra123\AppData\Roaming\Mozilla\Firefox\Profiles\4p6mfa8j.default [2017-02-20]
FF Extension: (QuickJava) - C:\Users\sandra123\AppData\Roaming\Mozilla\Firefox\Profiles\4p6mfa8j.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2016-10-17]
FF HKLM\...\Firefox\Extensions: [gacela2@nurago.com] - C:\Program Files\GfK Internet-Monitor\FirefoxAddon.xpi
FF Extension: (GfK Internet) - C:\Program Files\GfK Internet-Monitor\FirefoxAddon.xpi [2017-02-21]
FF HKLM\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files\NetRatingsNetSight\NetSight\meter2\FirefoxAddOns\netsight@nielsen.xpi => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-22] ()
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-19] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Profile 1
CHR HomePage: Profile 1 -> hxxp://www.google.com/
CHR StartupUrls: Profile 1 -> "hxxp://www.google.com/",""
CHR Profile: C:\Users\sandra123\AppData\Local\Google\Chrome\User Data\Default [2017-02-08]
CHR Extension: (Google Slides) - C:\Users\sandra123\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-08]
CHR Extension: (Google Docs) - C:\Users\sandra123\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-08]
CHR Extension: (Google Drive) - C:\Users\sandra123\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (VouchShare - UK Voucher Codes) - C:\Users\sandra123\AppData\Local\Google\Chrome\User Data\Default\Extensions\bghnjgpffphlfnbdgcpgbnbkibekpcak [2016-05-07]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\sandra123\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2016-08-10]
CHR Extension: (Yahoo Partner) - C:\Users\sandra123\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjicifbhnpakmaekfnphojjehhnifkmc [2017-01-18]
CHR Extension: (YouTube) - C:\Users\sandra123\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Users\sandra123\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30]
CHR Extension: (Adobe Acrobat) - C:\Users\sandra123\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-18]
CHR Extension: (Quidco Cashback Reminder) - C:\Users\sandra123\AppData\Local\Google\Chrome\User Data\Default\Extensions\elfdpdgmnodokhbiabbcjabmhpdajcog [2016-05-20]
CHR Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\sandra123\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2016-11-28]
CHR Extension: (Google Sheets) - C:\Users\sandra123\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-08]
CHR Extension: (GfK Internet-Monitor) - C:\Users\sandra123\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggfendnnkdmkiegggcbdpcmpfiincaap [2016-02-26]
CHR Extension: (Google Docs Offline) - C:\Users\sandra123\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (Skype) - C:\Users\sandra123\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-11-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\sandra123\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\sandra123\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-08]
CHR Extension: (Chrome Media Router) - C:\Users\sandra123\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-08]
CHR Profile: C:\Users\sandra123\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-02-21]
CHR Extension: (Google Slides) - C:\Users\sandra123\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-14]
CHR Extension: (Google Docs) - C:\Users\sandra123\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-14]
CHR Extension: (Google Drive) - C:\Users\sandra123\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-14]
CHR Extension: (BeFunky Photo Editor) - C:\Users\sandra123\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apfkepiiddolifkgjmfdgpnipgnfejab [2016-11-09]
CHR Extension: (ButtonBeats DubCube) - C:\Users\sandra123\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bdijiampoihanablcndnakhfbgfciogm [2016-11-09]
CHR Extension: (YouTube) - C:\Users\sandra123\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-14]
CHR Extension: (Fun Switcher) - C:\Users\sandra123\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ddeoimiimmmfddbiggnbipkjomlalanb [2016-11-09]
CHR Extension: (B.S. Detector) - C:\Users\sandra123\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dlcgkekjiopopabcifhebmphmfmdbjod [2017-02-09]
CHR Extension: (Adobe Acrobat) - C:\Users\sandra123\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-02-01]
CHR Extension: (¿Qué cocino hoy?) - C:\Users\sandra123\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\enadeelnincmhhilgbiphjbjnnagnhmh [2016-11-09]
CHR Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\sandra123\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2016-11-18]
CHR Extension: (Google Sheets) - C:\Users\sandra123\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-14]
CHR Extension: (GfK Internet-Monitor) - C:\Users\sandra123\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ggfendnnkdmkiegggcbdpcmpfiincaap [2016-09-14]
CHR Extension: (Google Docs Offline) - C:\Users\sandra123\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-14]
CHR Extension: (Awesome Weather Widget [ANTP]) - C:\Users\sandra123\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\goeepbfnllchoihkoiecpkkekbpfiboc [2016-11-09]
CHR Extension: (Pixlr Express) - C:\Users\sandra123\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hojmjpdlmjopaeginhldhiokeidchjid [2016-11-09]
CHR Extension: (ButtonBass Dubstep Balls) - C:\Users\sandra123\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\icmjadonkmcblbkocpaaefjbceiijfdg [2016-11-09]
CHR Extension: (Yahoo Homepage) - C:\Users\sandra123\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jccfgghhbihbhomnlnadpjhkhmmboanj [2017-01-15]
CHR Extension: (Until AM Web App) - C:\Users\sandra123\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kodigjkcpaoeodlnmcnekemakpnmegnk [2016-11-09]
CHR Extension: (Webcam Toy) - C:\Users\sandra123\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lfbgimoladefibpklnfmkpknadbklade [2016-11-09]
CHR Extension: (Sketchpad) - C:\Users\sandra123\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lkllajgbhondgjjnhmmgbjndmogapinp [2016-11-09]
CHR Extension: (ButtonBass Player Piano) - C:\Users\sandra123\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lkmkonkgohgomnnkaclbiammkcjenfdi [2016-11-09]
CHR Extension: (3D Solar System Web) - C:\Users\sandra123\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mdaaepplopehigjgkolniddiadbbkphd [2016-11-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\sandra123\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18]
CHR Extension: (Gmail) - C:\Users\sandra123\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-14]
CHR Extension: (Chrome Media Router) - C:\Users\sandra123\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-08]
CHR Extension: (Writer) - C:\Users\sandra123\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pnengefjfhgcceajaepbjhanoojifmog [2016-11-09]
CHR Profile: C:\Users\sandra123\AppData\Local\Google\Chrome\User Data\System Profile [2016-11-29]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [143776 2017-02-08] (SUPERAntiSpyware.com)
R2 AtherosSvc; C:\Windows\system32\AdminService.exe [174080 2012-08-29] (Atheros Commnucations)
S3 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
S3 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [290224 2015-06-01] (Intel Corporation)
R2 GfK-Reporting-Service; C:\Program Files\GfK Internet-Monitor\GfK-Reporting.exe [1940032 2016-02-01] ()
R2 GfK-Update-Service; C:\Program Files\GfK Internet-Monitor\GfK-Updater.exe [1475776 2015-08-24] ()
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [67592 2016-03-02] (Bitdefender)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14480 2015-07-06] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athr.sys [2273280 2012-06-02] (Qualcomm Atheros Communications, Inc.)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [633344 2013-04-17] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [486536 2013-04-17] (BitDefender)
R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [108008 2013-07-02] (Bitdefender SRL)
R1 bdselfpr; C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys [135472 2013-07-16] (BitDefender LLC)
R3 BtFilter; C:\Windows\system32\DRIVERS\btfilter.sys [480256 2012-08-29] (Qualcomm Atheros)
R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [164952 2013-04-22] (BitDefender LLC)
R3 MEI; C:\Windows\System32\drivers\HECI.sys [55104 2012-07-17] (Intel Corporation)
S1 qutmipc; C:\Windows\system32\drivers\qutmipc.sys [64872 2016-06-03] (360.cn)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [355744 2013-05-28] (BitDefender S.R.L.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [38928 2015-07-06] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [244600 2015-07-06] (Microsoft Corporation)
R3 WUDFWpdMtp; C:\Windows\System32\drivers\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-20 22:53 - 2017-02-20 22:53 - 00242504 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2017-02-20 22:49 - 2017-02-20 22:50 - 00022313 _____ C:\Users\sandra123\Downloads\Addition.txt
2017-02-20 22:47 - 2017-02-21 01:52 - 00019071 _____ C:\Users\sandra123\Downloads\FRST.txt
2017-02-20 22:47 - 2017-02-21 01:51 - 00000000 ____D C:\FRST
2017-02-20 22:46 - 2017-02-20 22:46 - 01764864 _____ (Farbar) C:\Users\sandra123\Downloads\FRST.exe
2017-02-20 22:46 - 2017-02-20 22:46 - 01764864 _____ (Farbar) C:\Users\sandra123\Downloads\FRST (1).exe
2017-02-20 21:40 - 2017-02-20 21:40 - 00155312 _____ C:\Windows\Minidump\022017-28671-01.dmp
2017-02-20 20:25 - 2017-02-20 20:25 - 04615856 _____ (Enigma Software Group USA, LLC.) C:\Users\sandra123\Downloads\SpyHunter-Installer.exe
2017-02-20 19:48 - 2017-02-20 22:48 - 00000000 ____D C:\Users\sandra123\AppData\Local\CrashDumps
2017-02-07 13:28 - 2017-02-07 13:32 - 00002799 ____T C:\Windows\system32\lic2tmp.xml13096
2017-02-03 12:38 - 2017-02-03 12:38 - 01199723 _____ C:\Users\sandra123\Downloads\classic_account_welcome_pack.pdf
2017-02-03 12:38 - 2017-02-03 12:38 - 00469438 _____ C:\Users\sandra123\Downloads\personal_banking_terms_and_conditions.pdf
2017-02-03 12:35 - 2017-02-03 12:35 - 00083401 _____ C:\Users\sandra123\Downloads\fscs_information_sheet.pdf
2017-02-02 18:59 - 2017-02-02 18:59 - 01463048 _____ C:\Users\sandra123\Downloads\NWB-3-in-1-Terms.pdf
2017-01-27 09:06 - 2017-01-27 09:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wipe
2017-01-24 14:48 - 2017-01-24 14:56 - 00002799 ____T C:\Windows\system32\lic2tmp.xml10824
2017-01-22 21:23 - 2017-01-22 21:27 - 00002900 _____ C:\Windows\system32\lic2.xml16339
2017-01-22 03:13 - 2017-01-22 03:13 - 00000000 ____T C:\Windows\system32\lic2tmp.xml31106

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-21 01:39 - 2016-02-12 16:41 - 00000000 ____D C:\Users\sandra123\AppData\Roaming\Wipe
2017-02-21 01:28 - 2015-08-08 14:49 - 00000000 ____D C:\Program Files\Windows 8 - 8.1 KMS Activator Ultimate 2014 v1.5.1
2017-02-20 23:07 - 2012-07-26 06:04 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-20 23:06 - 2016-01-09 11:13 - 00000000 ____D C:\Program Files\GfK Internet-Monitor
2017-02-20 22:10 - 2015-10-24 10:22 - 00000000 ____D C:\Users\sandra123\AppData\Local\ElevatedDiagnostics
2017-02-20 22:10 - 2012-07-26 06:53 - 00000000 ____D C:\Windows\system32\NDF
2017-02-20 21:40 - 2016-07-01 21:45 - 250104248 _____ C:\Windows\MEMORY.DMP
2017-02-20 21:40 - 2015-08-08 22:18 - 00000000 ____D C:\Windows\Minidump
2017-02-20 21:39 - 2015-08-08 14:05 - 00000000 ____D C:\Users\sandra123
2017-02-20 19:53 - 2015-08-23 10:11 - 00000000 ____D C:\ProgramData\Skype
2017-02-16 09:53 - 2015-09-04 21:25 - 00146432 ___SH C:\Users\sandra123\Desktop\Thumbs.db
2017-02-15 18:18 - 2015-08-16 09:52 - 07500800 ___SH C:\Users\sandra123\Downloads\Thumbs.db
2017-02-10 08:43 - 2015-08-08 18:21 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-02-09 07:52 - 2012-07-26 04:43 - 00000000 ____D C:\Windows\inf
2017-02-07 08:05 - 2015-08-08 14:22 - 00002141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-02 21:55 - 2012-07-26 04:17 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-02-02 16:08 - 2015-08-16 14:13 - 00000000 ____D C:\Users\sandra123\AppData\Roaming\vlc
2017-01-27 12:45 - 2015-11-11 15:12 - 00000000 ____D C:\Windows\system32\MRT
2017-01-27 12:29 - 2015-08-08 20:22 - 133456224 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-01-27 09:06 - 2016-02-12 16:42 - 00001755 _____ C:\Users\sandra123\Desktop\Wipe.lnk
2017-01-27 09:06 - 2016-02-12 16:41 - 00000000 ____D C:\Program Files\Wipe

==================== Files in the root of some directories =======

2016-07-15 17:13 - 2016-07-15 17:13 - 0215559 _____ () C:\ProgramData\1468602465.bdinstall.bin

Some files in TEMP:
====================
2017-02-20 19:54 - 2017-02-20 19:54 - 0090112 _____ () C:\Users\sandra123\AppData\Local\Temp\certutil.exe
2017-02-20 21:39 - 2017-02-20 21:39 - 0237736 _____ (Enigma Software Group USA, LLC.) C:\Users\sandra123\AppData\Local\Temp\esg_cleanup.exe
2017-02-20 19:54 - 2017-02-20 19:54 - 0348160 _____ (Microsoft Corporation) C:\Users\sandra123\AppData\Local\Temp\msvcr71.dll
2017-02-20 19:54 - 2017-02-20 19:54 - 0159744 _____ (Netscape Communications Corporation) C:\Users\sandra123\AppData\Local\Temp\nspr4.dll
2017-02-20 19:54 - 2017-02-20 19:54 - 0364544 _____ (Netscape Communications Corporation) C:\Users\sandra123\AppData\Local\Temp\nss3.dll
2017-02-20 19:54 - 2017-02-20 19:54 - 0013312 _____ (Netscape Communications Corporation) C:\Users\sandra123\AppData\Local\Temp\plc4.dll
2017-02-20 19:54 - 2017-02-20 19:54 - 0009216 _____ (Netscape Communications Corporation) C:\Users\sandra123\AppData\Local\Temp\plds4.dll
2017-02-20 19:54 - 2017-02-20 19:54 - 0106496 _____ (Netscape Communications Corporation) C:\Users\sandra123\AppData\Local\Temp\smime3.dll
2017-02-20 19:54 - 2017-02-20 19:54 - 0372736 _____ (Netscape Communications Corporation) C:\Users\sandra123\AppData\Local\Temp\softokn3.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-14 07:59

==================== End of FRST.txt ============================
 
#4
Second one:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-02-2017
Ran by sandra123 (21-02-2017 01:52:57)
Running from C:\Users\sandra123\Downloads
Microsoft Windows 8 Pro (X86) (2015-08-08 14:05:03)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-109433473-37108459-277044693-500 - Administrator - Disabled)
Guest (S-1-5-21-109433473-37108459-277044693-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-109433473-37108459-277044693-1003 - Limited - Enabled)
sandra123 (S-1-5-21-109433473-37108459-277044693-1001 - Administrator - Enabled) => C:\Users\sandra123

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus Free Edition (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Antivirus Free Edition (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D9F3D66A-9885-4DDD-A800-9DDF488359A1}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1109 - Bitdefender)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (Version: 1.3.32.7 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 50.1.0 (x86 en-GB) (HKLM\...\Mozilla Firefox 50.1.0 (x86 en-GB)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
Skype™ 7.14 (HKLM\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.14.106 - Skype Technologies S.A.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1204 - SUPERAntiSpyware.com)
Update for Skype for Business 2015 (KB3039776) 32-Bit Edition (HKLM\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{9F6B3627-AF9E-40A5-AAD5-3497C4327616}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3141468) 32-Bit Edition (HKLM\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{0BA3C700-ABED-4994-BB60-2FD66DFAF674}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3141468) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{0BA3C700-ABED-4994-BB60-2FD66DFAF674}) (Version: - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Wipe (HKLM\...\wipe) (Version: 17.01 - PrivacyRoot.com)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {49598F83-B7CC-46EE-AC5A-F8A3DE4A93D7} - System32\Tasks\googleupdatetaskmachineua => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-08] (Google Inc.)
Task: {6E3259ED-2FF0-440C-AE2C-1C569025C142} - System32\Tasks\googleupdatetaskmachinecore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-08] (Google Inc.)
Task: {6E497CDA-EC10-4910-BD6E-C777866B92B3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {94CA72AF-2908-44E9-94F0-9A5D28EF121E} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\Windows\system32\EOSNotify.exe [2016-06-25] (Microsoft Corporation)
Task: {9A9B17DF-019E-456A-84FB-CDE223E0B834} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-22] (Adobe Systems Incorporated)
Task: {B7417245-362F-457F-B8C7-CFD59449A97C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {B8E9D92E-FEFF-484D-91CD-489CBF43FF17} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {C08EFDF1-0759-404F-AFE3-2703A3430F78} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\WatTask => C:\Windows Activation Technologies\wat.exe [2006-04-21] ()
Task: {CBD5497E-7C43-4BE0-A0A1-F323A9CA8AD5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {DBB78481-F438-4F2D-B671-960ECD61F7BD} - System32\Tasks\{A197349C-5621-4226-9241-BB23616C7666} => Chrome.exe hxxp://ui.skype.com/ui/0/7.8.0.102/en/abandoninstall?source=lightinstaller&amp;page=tsMain
Task: {F4D74208-2FCE-4EE7-A5C0-981152EB3634} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\sandra123\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) ==============

2016-07-15 17:12 - 2013-03-19 10:07 - 00522136 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\sqlite3.dll
2016-07-15 17:12 - 2013-09-03 12:29 - 00105448 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\BDMetrics.dll
2016-10-05 18:18 - 2016-10-05 18:18 - 00080184 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 01041720 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-02-17 08:38 - 2016-02-01 08:32 - 01940032 _____ () C:\Program Files\GfK Internet-Monitor\GfK-Reporting.exe
2016-01-09 11:13 - 2015-08-24 11:43 - 01475776 _____ () C:\Program Files\GfK Internet-Monitor\GfK-Updater.exe
2016-01-09 11:13 - 2015-08-24 11:43 - 00617664 _____ () C:\Program Files\GfK Internet-Monitor\UpdateHelper.dll
2016-06-14 12:38 - 2016-06-14 12:38 - 08909504 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2017-02-07 08:05 - 2017-02-01 09:01 - 01870168 _____ () C:\Program Files\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-07 08:05 - 2017-02-01 09:01 - 00085848 _____ () C:\Program Files\Google\Chrome\Application\56.0.2924.87\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 04:17 - 2016-03-16 22:35 - 00000826 ____N C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-109433473-37108459-277044693-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\sandra123\Downloads\Nrx5e0c.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [TCP Query User{CB6F1642-46DE-4185-84D6-595893CA0B17}C:\users\sandra123\appdata\roaming\bittorrent\bittorrent.exe] => (Block) C:\users\sandra123\appdata\roaming\bittorrent\bittorrent.exe
FirewallRules: [UDP Query User{DF8EDB6E-693C-4061-9AF4-075C2C5B6918}C:\users\sandra123\appdata\roaming\bittorrent\bittorrent.exe] => (Block) C:\users\sandra123\appdata\roaming\bittorrent\bittorrent.exe
FirewallRules: [TCP Query User{A46AF674-C41E-443D-B484-B12EF3B8958B}C:\users\sandra123\appdata\roaming\bittorrent\bittorrent.exe] => (Block) C:\users\sandra123\appdata\roaming\bittorrent\bittorrent.exe
FirewallRules: [UDP Query User{38B04B07-616E-4507-B504-137491069BE1}C:\users\sandra123\appdata\roaming\bittorrent\bittorrent.exe] => (Block) C:\users\sandra123\appdata\roaming\bittorrent\bittorrent.exe
FirewallRules: [TCP Query User{64110F94-848C-403A-9EE3-B3A3DAE4D525}C:\program files\secondlifeviewer\slvoice.exe] => (Allow) C:\program files\secondlifeviewer\slvoice.exe
FirewallRules: [UDP Query User{EBCEBC1A-9C4C-4DD5-BE2F-460E88DFEA71}C:\program files\secondlifeviewer\slvoice.exe] => (Allow) C:\program files\secondlifeviewer\slvoice.exe
FirewallRules: [{EEFEAE2C-1BA3-452D-8259-E9A3956CA859}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{D44661CE-15FE-4B36-A396-F52200CD5B7D}] => (Allow) C:\Program Files\360\Total Security\LiveUpdate360.exe
FirewallRules: [{070A819C-3A8A-4B35-A86A-915BF7A74470}] => (Allow) C:\Program Files\360\Total Security\LiveUpdate360.exe
FirewallRules: [{455580C9-E9FE-4FA9-AC6F-737F22C3E111}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{F0F15FCA-0C9E-4D57-9342-A16239E8D4BF}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{61D7BD7D-D278-4C23-8A03-9667E3F0B6B1}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{9BB4C1C7-B366-4B23-AE4F-5ACD22FFE24B}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{6C7E53A6-39DD-43B3-97E5-29FD7A2587D7}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{2B80132A-D307-4991-9677-62CDB0B60F02}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{C7F34E95-1F8C-467E-8122-DFFF350C67A0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{5ED4E109-8F49-4956-871B-064CAC0CB104}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{65D1BB57-4571-4258-B0ED-FB837B94935B}] => (Allow) C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
FirewallRules: [{B37A6FD9-0195-4FB2-A1E0-EC68BB251B95}] => (Allow) C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
FirewallRules: [{BB103B24-2FC3-4C1A-BC16-B6A3E7B3C032}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0A6AC48E-58D7-4377-9C3F-3194DFA787D7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BBD9171D-8001-4581-BC32-76F3D04DF787}] => (Allow) C:\Program Files\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{3835FFC3-6B9A-429E-BF03-4AA18113BE77}] => (Allow) C:\Program Files\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{ED392EBA-8F40-4E70-A7F3-32E410D432C3}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

01-02-2017 03:07:50 Naplánovaný kontrolní bod
08-02-2017 03:13:30 Naplánovaný kontrolní bod
16-02-2017 03:02:46 Naplánovaný kontrolní bod
20-02-2017 19:52:18 Removed Skype™ 7.14

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/20/2017 11:10:33 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (02/20/2017 11:10:30 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (02/20/2017 10:47:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.2.9200.16628, time stamp: 0x51a942ac
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00006a66
Faulting process ID: 0xdf0
Faulting application start time: 0x01d28bc5292fe9fa
Faulting application path: C:\Windows\Explorer.EXE
Faulting module path: unknown
Report ID: 99646c03-f7be-11e6-b0c6-844bf591a338
Faulting package full name:
Faulting package-relative application ID:

Error: (02/20/2017 10:13:50 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (02/20/2017 10:05:54 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007267C
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (02/20/2017 09:34:13 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (02/20/2017 09:34:10 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (02/20/2017 07:54:12 PM) (Source: MsiInstaller) (EventID: 10005) (User: sandra)
Description: Product: Skype Click to Call -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2502. The arguments are: , ,

Error: (02/20/2017 07:54:10 PM) (Source: MsiInstaller) (EventID: 10005) (User: sandra)
Description: Product: Skype Click to Call -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2503. The arguments are: , ,

Error: (02/20/2017 07:53:52 PM) (Source: MsiInstaller) (EventID: 10005) (User: sandra)
Description: Product: Skype™ 7.14 -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2502. The arguments are: , ,


System errors:
=============
Error: (02/20/2017 11:06:07 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The specifické pro aplikaci permission settings do not grant Místní Aktivace permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (pomocí LRPC) running in the application container Není k dispozici SID (Není k dispozici). This security permission can be modified using the Component Services administrative tool.

Error: (02/20/2017 09:43:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Sledování umístění v síti (NLA) service depends on the Klient DHCP service which failed to start because of the following error:
After starting, the service hung in a start-pending state.

Error: (02/20/2017 09:43:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Automatická konfigurace sítě WLAN service depends on the Správce připojení systému Windows service which failed to start because of the following error:
After starting, the service hung in a start-pending state.

Error: (02/20/2017 09:43:19 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Správce připojení systému Windows service hung on starting.

Error: (02/20/2017 09:43:17 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Podpora rozhraní NetBIOS nad protokolem TCP/IP service hung on starting.

Error: (02/20/2017 09:43:15 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Klient DHCP service hung on starting.

Error: (02/20/2017 09:42:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Klient DNS service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (02/20/2017 09:42:23 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Klient DNS service to connect.

Error: (02/20/2017 09:41:04 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x000000e1 (0x814fdefa, 0x00000001, 0x853bd3b0, 0x853bd3b0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022017-28671-01.

Error: (02/20/2017 09:30:31 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 20:23:44 on ‎20. ‎2. ‎2017 was unexpected.


==================== Memory info ===========================

Processor: Intel(R) Celeron(R) CPU B820 @ 1.70GHz
Percentage of memory in use: 68%
Total physical RAM: 1919.51 MB
Available physical RAM: 605.82 MB
Total Virtual: 5375.51 MB
Available Virtual: 2896.55 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:285.9 GB) (Free:239.39 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 36DC8300)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=12.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=285.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 
#5
Remove the software below with Geek Uninstaller. If it will not un install, then use Force Mode.

SpyHunter 4 (HKLM\...\SpyHunter) (Version: 4.25.6.4782 - Enigma Software Group, LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1204 - SUPERAntiSpyware.com)

Zemana Scan.

Please download Zemana AntiMalware and save it to your Desktop.
  • Install the program and once the installation is complete it will start automatically.
  • Click the Cog/Sproket Wheel,
    upload_2017-1-29_21-3-19-png.1462
    at the top right of Zemana
  • Select Advanced - I have read the warning and wish to proceed.
  • Place a tick next to Detect Suspicious (Root CA) Certificates.
  • Then click the house icon in Zemana.
  • Then, press Scan to begin.
  • After the short scan is finished, if threats are detected press Next to remove them.
Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please restart your computer manually.
  • Open Zemana AntiMalware again.
  • Click on
    4zu6vb.jpg
    icon and double click the latest report.
  • Now click File > Save As and choose your Desktop before pressing Save.
  • The only left thing is to Copy Paste saved report in your next message.
  • This will open a logfile, post that in your next reply
File Search With Everything Search Engine.

Download and install the Everything Search Engine
Right Click Run As Admin. Type or Copy Paste SpyHunter into search window.
Then Click Edit. >>>Select all.
Right Click highlighted items>>>>>>>> Copy full name to clipboard.
Paste content of clipboard, here in your next reply.

FRST Fix.



Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    17.3 KB · Views: 16
#6
You are running FRST from your downloads folder, the program and the fixlist need to be on your desktop in order to work properly.

Running from C:\Users\sandra123\Downloads

67-png.904
 
#11
Zemana AntiMalware 2.72.2.101 (Installed)

-------------------------------------------------------
Scan Result : Completed
Scan Date : 2017/2/21
Operating System : Windows 8 32-bit
Processor : 2X Intel(R) Celeron(R) CPU B820 @ 1.70GHz
BIOS Mode : Legacy
CUID : 122D478FDAEC122BE5FA0F
Scan Type : System Scan
Duration : 16m 45s
Scanned Objects : 37949
Detected Objects : 1
Excluded Objects : 0
Read Level : SCSI
Auto Upload : Enabled
Detect All Extensions : Disabled
Scan Documents : Disabled
Domain Info : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

{a197349c-5621-4226-9241-bb23616c7666}
Status : Scanned
Object : NE->c:\windows\system32\tasks\{a197349c-5621-4226-9241-bb23616c7666}
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Adware:Win32/CHR.TASKSCHD.GEN.A!Neng
Cleaning Action : Quarantine
Related Objects :
(null) - (null)


Cleaning Result
-------------------------------------------------------
Cleaned : 1
Reported as safe : 0
Failed : 0
 
Last edited by a moderator:
#13
FRST Fix.



Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


Click here to download Fixlist
 
#15
No problem. :)

Since you have the Everything Search Engine installed this will be easy....

  • Start the Everything Search Engine Type FRST into the search box.
  • Left click and hold on FRST.
  • Drag your copy of FRST onto the desktop.
  • Next clear the search box.
  • Type or copy paste fixlist* into the search box.
  • Left click and hold on the fixlist.txt and drag to your desktop.
  • Then Right click on FRST and run as administrator.
  • Click the fix button.
  • Your machine will reboot.
  • Upon completion of the reboot a log will appear on your desktop.
  • Post that new log here in your next reply.
 
#16
#17
I am sorry to be this dumb pertaining to computers, but I did put FRST and the other one on desktop with Everything but when I right clicked, did not show run as adm option so I clicked open but then it shows 3 files, don't know what to do.
 
#18
Ok, lets do this.

Right click FRST and select properties.
Then Compatibility tab
Then run this program as admin.
Click Apply then OK.

upload_2017-2-22_3-15-0.png


Now double click FRST and push the fix button. :)
 
Last edited:
Status
Not open for further replies.
Top Bottom
Back
Forums
Resources
Menu