Solved How to remove rundll32.exe virus.

  • Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Welcome to our Community
Wanting to join the rest of our members? Feel free to sign up today.
Sign up
Status
Not open for further replies.

toreee

PCHF Member
PCHF Member
Feb 4, 2017
68
2
36
Kuala Lumpur
hi. I have a problem with my pc..everytime I click it will pop up this message
"Windows cannot find 'C:\windows\system32\rundll32.exe'. Make sure you typed the name correctly, and athaen try again.

please assist what should I do to overcome this issue.
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,395
551
Welcome to PCHF :)

Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.

If you are unsure if your operating system is 32 or 64 Bit please go HERE.

Once downloaded right click the FRST desktop icon and select "Run as administrator" from the menu"



If you receive any security warnings, or the User Account Control warning opens at any time whilst using FRST you can safely allow FRST to proceed.
FRST will open with two dialogue boxes, accept the disclaimer.


  1. Accept the default whitelist options,
  2. If the additions.txt options box is not checked please select it.
  3. Then select Scan



Frst will take a few minutes to scan your computer, and when finished will produce two log files on your desktop, FRST.txt, and Addition.txt. They will display immediately on the desktop, but can be reopened later as a notepad file.



Please Copy and Paste the contents of these logs in your next post for review by our Security Team
 

toreee

PCHF Member
PCHF Member
Feb 4, 2017
68
2
36
Kuala Lumpur
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-01-2017
Ran by MSI CR-460 (administrator) on MSICR-460-PC (04-02-2017 12:16:35)
Running from C:\Users\MSI CR-460\Downloads
Loaded Profiles: MSI CR-460 (Available Profiles: MSI CR-460)
Platform: Microsoft Windows 7 Starter Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(CANON INC.) C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
() C:\Program Files\FileHippo.com\FileHippo.AppManager.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_24_0_0_194_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2010-09-09] (CANON INC.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1002984 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6868696 2016-08-26] (Piriform Ltd)
HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation)
HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\Run: [FileHippo.com] => C:\Program Files\FileHippo.com\FileHippo.AppManager.exe [10566352 2015-09-02] ()
HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\MountPoints2: {32c033ac-75c5-11e2-aec8-6c626d3204fe} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\MountPoints2: {46a3229d-95ab-11e4-9103-6c626d3204fe} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\MountPoints2: {4be725d7-b18a-11e4-90cc-6c626d3204fe} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\MountPoints2: {9c900631-f06e-11e3-bf7f-6c626d3204fe} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\MountPoints2: {f50eb002-73f8-11e2-ae07-6c626d3204fe} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:52737;https=127.0.0.1:52737
AutoConfigURL: [.DEFAULT] => http=127.0.0.1:52737;https=127.0.0.1:52737
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{50C8F833-76C7-43D8-93AB-4E6D4052CA40}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{7AB6315B-63F6-4765-A409-9CE4DD5F8126}: [DhcpNameServer] 213.132.63.25

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131143353588811013&GUID=BF1AA34E-2E28-4C77-B926-8AA831FCD452
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-590680974-46065942-2644484873-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}
SearchScopes: HKLM -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-590680974-46065942-2644484873-1000 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://www.bing.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-590680974-46065942-2644484873-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://www.bing.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-590680974-46065942-2644484873-1000 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.searchtotal.info/?l=1&q={searchTerms}&pid=23391&r=2015/05/23&hid=17666899825539764074&lg=EN&cc=MY&unqvl=88
SearchScopes: HKU\S-1-5-21-590680974-46065942-2644484873-1000 -> {C8E8F212-E403-4628-81AE-710844E09B08} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: No Name -> {1E2F5CB7-A0E9-4D7A-8260-BA9251C4D122} -> C:\Program Files\DownloadYoutubeIE\DownloadYoutubeIE.dll [2012-08-09] ()
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-10-18] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-02-04] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-10-09] (Google Inc.)
BHO: FlashGetBHO -> {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} -> No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-04] (Oracle Corporation)
Toolbar: HKLM - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
Toolbar: HKLM - No Name - !{EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-10-09] (Google Inc.)
Toolbar: HKU\S-1-5-21-590680974-46065942-2644484873-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-10-09] (Google Inc.)
IE Session Restore: HKU\S-1-5-21-590680974-46065942-2644484873-1000 -> is enabled.
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.mystartsearch.com/?type=sc&ts=1432356548&z=d02aecf618ecb11fe923485g6z7cdo6c2waq3w0z2q&from=wpc&uid=WDCXWD3200BPVT-22ZEST0_WD-WX21A91A8355A8355

FireFox:
========
FF ProfilePath: C:\Users\MSI CR-460\AppData\Roaming\Mozilla\Firefox\Profiles\n6sg4hyy.default [2017-02-04]
FF user.js: detected! => C:\Users\MSI CR-460\AppData\Roaming\Mozilla\Firefox\Profiles\n6sg4hyy.default\user.js [2015-09-08]
FF NetworkProxy: Mozilla\Firefox\Profiles\n6sg4hyy.default -> type", 0
FF Homepage: Mozilla\Firefox\Profiles\n6sg4hyy.default -> hxxp://websearch.searchtotal.info/?pid=23391&r=2015/05/23&hid=17666899825539764074&lg=EN&cc=MY&unqvl=88
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\n6sg4hyy.default -> WebSearch
FF Keyword.URL: Mozilla\Firefox\Profiles\n6sg4hyy.default -> hxxp://websearch.searchtotal.info/?pid=23391&r=2015/05/23&hid=17666899825539764074&lg=EN&cc=MY&unqvl=88&l=1&q=
FF NewTab: Mozilla\Firefox\Profiles\n6sg4hyy.default -> about:blank
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\n6sg4hyy.default -> WebSearch
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\n6sg4hyy.default -> WebSearch
FF SearchEngineOrder.1,S: Mozilla\Firefox\Profiles\n6sg4hyy.default -> WebSearch
FF DefaultSearchEngine,S: Mozilla\Firefox\Profiles\n6sg4hyy.default -> WebSearch
FF SelectedSearchEngine,S: Mozilla\Firefox\Profiles\n6sg4hyy.default -> WebSearch
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\n6sg4hyy.default -> hxxp://websearch.searchtotal.info/?pid=23391&r=2015/05/23&hid=17666899825539764074&lg=EN&cc=MY&unqvl=88&l=1&q=
FF Extension: (Steelhead Mobile Certificate Manager) - C:\Users\MSI CR-460\AppData\Roaming\Mozilla\Firefox\Profiles\n6sg4hyy.default\Extensions\[email protected] [2014-11-02] [not signed]
FF Extension: (Test Pilot) - C:\Users\MSI CR-460\AppData\Roaming\Mozilla\Firefox\Profiles\n6sg4hyy.default\Extensions\[email protected] [2013-05-01] [not signed]
FF SearchPlugin: C:\Users\MSI CR-460\AppData\Roaming\Mozilla\Firefox\Profiles\n6sg4hyy.default\searchplugins\WebSearch.xml [2015-05-23]
FF HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\MSI CR-460\AppData\Roaming\IDM\idmmzcc5 => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-23] ()
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-04] (Oracle Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-10-18] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-590680974-46065942-2644484873-1000: @tools.google.com/Google Update;version=3 -> C:\Users\MSI CR-460\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2016-07-23] (Google Inc.)
FF Plugin HKU\S-1-5-21-590680974-46065942-2644484873-1000: @tools.google.com/Google Update;version=9 -> C:\Users\MSI CR-460\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2016-07-23] (Google Inc.)
FF Plugin HKU\S-1-5-21-590680974-46065942-2644484873-1000: www.mydlink.com/Uplayer -> C:\Users\MSI CR-460\AppData\Roaming\dlink\Uplayer\1.0.0.33\npUplayer.dll [2015-09-30] (D-LINK CORPORATION)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-10-18] (Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://www.google.com/
CHR DefaultSearchURL: Default -> hxxp://www.mystartsearch.com/web/?type=ds&ts=1432356548&z=d02aecf618ecb11fe923485g6z7cdo6c2waq3w0z2q&from=wpc&uid=WDCXWD3200BPVT-22ZEST0_WD-WX21A91A8355A8355&q={searchTerms}
CHR DefaultSearchKeyword: Default -> mystartsearch
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\52.0.2743.116\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\52.0.2743.116\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\52.0.2743.116\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll => No File
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll => No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll => No File
CHR Plugin: (Java(TM) Platform SE 7 U17) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Liveà Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll => No File
CHR Plugin: (Shockwave Flash) - C:\windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\windows\system32\npDeployJava1.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll => No File
CHR Profile: C:\Users\MSI CR-460\AppData\Local\Google\Chrome\User Data\Default [2016-11-18]
CHR Extension: (YouTube) - C:\Users\MSI CR-460\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-26]
CHR Extension: (Google Search) - C:\Users\MSI CR-460\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-23]
CHR Extension: (Baboom Search) - C:\Users\MSI CR-460\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnligehkhogpcngalffdoomehjcbecna [2016-08-28]
CHR Extension: (Baboom Search) - C:\Users\MSI CR-460\AppData\Local\Google\Chrome\User Data\Default\Extensions\gehmndecgbcffhmfjkenpamdgechcgpe [2016-08-28]
CHR Extension: (Google Wallet) - C:\Users\MSI CR-460\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-21] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Gmail) - C:\Users\MSI CR-460\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-23]
CHR HKLM\...\Chrome\Extension: [dnligehkhogpcngalffdoomehjcbecna] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gehmndecgbcffhmfjkenpamdgechcgpe] - hxxps://clients2.google.com/service/update2/crx

Opera:
=======
OPR Extension: (Opera Bookmarks Share Portal) - C:\Users\MSI CR-460\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi [2015-08-22]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 cphs; C:\windows\system32\IntelCpHeciSvc.exe [276248 2012-03-19] (Intel Corporation)
S4 HTCMonitorService; C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
S4 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-29] (IObit)
S4 Micro Star SCM; C:\Program Files\S-Bar\MSIService.exe [160768 2011-10-28] (Micro-Star International Co., Ltd.) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [103696 2016-11-14] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280864 2016-11-14] (Microsoft Corporation)
S4 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
S4 ptsysexec; C:\windows\ptsysexec.exe [357472 2015-07-01] (Pismo Technic Inc.)
S4 RVBD_SH_Mobile_Logger; C:\Program Files\Riverbed\Steelhead Mobile\rbtlogger.exe [1124864 2013-10-07] (Riverbed Technology, Inc) [File not signed]
S4 RVBD_SH_Mobile_Monitor; C:\Program Files\Riverbed\Steelhead Mobile\rbtmon.exe [6487040 2013-10-07] (Riverbed Technology, Inc) [File not signed]
S4 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
S4 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [558480 2013-08-31] (Cisco Systems, Inc.)
S4 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-07-22] (Western Digital Technologies, Inc.)
S4 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [307064 2015-07-31] (Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S4 WinVNC4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [1492344 2009-07-24] (RealVNC Ltd.)
S2 avgwd; no ImagePath
S2 TuneUp.UtilitiesSvc; no ImagePath

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 acsock; C:\windows\System32\DRIVERS\acsock.sys [92112 2013-08-31] (Cisco Systems, Inc.)
R0 AVGIDSHX; C:\windows\System32\DRIVERS\avgidshx.sys [222640 2015-08-19] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\windows\System32\DRIVERS\avglogx.sys [290272 2015-05-07] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\windows\System32\DRIVERS\avgtdix.sys [230832 2015-08-04] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\windows\system32\drivers\avgtpx86.sys [37664 2013-11-18] (AVG Technologies)
S3 HtcVCom32; C:\windows\System32\DRIVERS\HtcVComV32.sys [105984 2009-10-27] (QUALCOMM Incorporated)
R1 HWiNFO32; C:\windows\system32\drivers\HWiNFO32.SYS [23840 2015-09-08] (REALiX(tm))
S3 ivusb; C:\windows\System32\DRIVERS\ivusb.sys [25112 2010-07-28] (Initio Corporation)
R3 MEI; C:\windows\System32\DRIVERS\HECI.sys [41088 2010-10-20] (Intel Corporation)
R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [252808 2016-08-25] (Microsoft Corporation)
S3 netr28u; C:\windows\System32\DRIVERS\netr28u.sys [827904 2009-11-14] (Ralink Technology Corp.)
S3 pfmfs_178; C:\windows\System32\Drivers\pfmfs_178.sys [266120 2015-07-01] (Pismo Technic Inc.)
R1 rbtnfd_srv; C:\windows\System32\DRIVERS\rbtnfd.sys [400896 2013-10-07] (Riverbed Technology, Inc)
S3 RSUSBVSTOR; C:\windows\System32\Drivers\RtsUVStor.sys [229480 2011-03-15] (Realtek Semiconductor Corp.)
S3 USBAAPL; C:\windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
R3 vncmirror; C:\windows\System32\DRIVERS\vncmirror.sys [4608 2009-07-24] (RealVNC Ltd.)
S3 vpnva; C:\windows\System32\DRIVERS\vpnva-6.sys [43120 2013-08-31] (Cisco Systems, Inc.)
U0 SR; no ImagePath
U2 srservice; no ImagePath
S3 TuneUpUtilitiesDrv; no ImagePath
S1 wadyyazr; \??\C:\windows\system32\drivers\wadyyazr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-04 11:15 - 2017-02-04 11:15 - 00004961 _____ C:\Users\MSI CR-460\Documents\Jenderami.pdf
2017-02-04 11:11 - 2017-02-04 11:11 - 00004959 _____ C:\Users\MSI CR-460\Documents\Receipt TNB.pdf
2017-02-04 10:50 - 2017-02-04 10:58 - 00045708 _____ C:\Users\MSI CR-460\Downloads\Addition.txt
2017-02-04 10:47 - 2017-02-04 12:19 - 00031860 _____ C:\Users\MSI CR-460\Downloads\FRST.txt
2017-02-04 10:47 - 2017-02-04 12:16 - 00000000 ____D C:\FRST
2017-02-04 10:46 - 2017-02-04 10:46 - 01762816 _____ (Farbar) C:\Users\MSI CR-460\Downloads\FRST.exe
2017-02-04 10:22 - 2017-02-04 10:22 - 00000000 ____D C:\Program Files\Common Files\Java
2017-02-04 10:18 - 2017-02-04 10:18 - 00095808 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
2017-02-04 10:18 - 2017-02-04 10:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-02-04 09:42 - 2017-02-04 09:42 - 00000000 ____D C:\Users\MSI CR-460\Documents\My Filehippo Downloads
2017-02-04 07:52 - 2017-02-04 08:24 - 00216556 _____ C:\windows\ntbtlog.txt
2017-02-04 07:45 - 2017-02-04 07:45 - 00003304 ____N C:\bootsqm.dat
2017-02-04 07:10 - 2017-02-03 20:07 - 00116056 _____ (Valve Corporation) C:\windows\system32\steam_api.dll
2017-02-04 07:08 - 2017-02-04 07:08 - 00056201 _____ C:\Users\MSI CR-460\Downloads\steam_api.zip
2017-01-27 07:35 - 2017-01-27 07:38 - 00015514 _____ C:\Users\MSI CR-460\Documents\Account for SAW Family Gatherig 2014 - Sungkai.xlsx

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-04 12:11 - 2009-07-14 08:34 - 00016752 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-04 12:11 - 2009-07-14 08:34 - 00016752 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-04 12:09 - 2012-02-28 00:30 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2017-02-04 11:59 - 2009-07-14 08:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2017-02-04 10:41 - 2016-11-18 17:40 - 00000000 ____D C:\AdwCleaner
2017-02-04 10:36 - 2016-07-23 20:31 - 00000928 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-590680974-46065942-2644484873-1000UA.job
2017-02-04 10:22 - 2013-11-19 20:18 - 00000000 ____D C:\ProgramData\Oracle
2017-02-04 10:17 - 2012-07-01 08:31 - 00000000 ____D C:\Program Files\Java
2017-02-04 09:41 - 2010-11-21 01:01 - 00783400 _____ C:\windows\system32\PerfStringBackup.INI
2017-02-04 09:41 - 2009-07-14 06:37 - 00000000 ____D C:\windows\inf
2017-02-04 07:54 - 2016-10-30 04:23 - 00170200 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2017-02-04 07:00 - 2016-07-28 17:40 - 00000000 ____D C:\Users\MSI CR-460\AppData\Roaming\Telegram Desktop
2017-02-04 07:00 - 2014-06-22 15:05 - 00000000 ____D C:\Users\MSI CR-460\AppData\Local\Adobe
2017-02-04 07:00 - 2012-02-28 00:30 - 00802904 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2017-02-04 07:00 - 2012-02-28 00:30 - 00144472 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2017-02-04 06:59 - 2012-02-28 00:30 - 00000000 ____D C:\windows\system32\Macromed
2017-02-04 06:48 - 2016-07-23 20:31 - 00000876 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-590680974-46065942-2644484873-1000Core.job
2017-01-28 14:53 - 2013-02-25 13:02 - 00002148 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-27 08:09 - 2016-07-28 17:43 - 00000000 ____D C:\Users\MSI CR-460\Downloads\Telegram Desktop
2017-01-27 07:57 - 2013-01-06 07:43 - 00000000 ____D C:\Users\MSI CR-460\Downloads\[JWG] Office 2010 Toolkit and EZ-Activator v 2.1.6 Final
2017-01-06 12:57 - 2009-07-14 06:37 - 00000000 ____D C:\windows\system32\NDF

==================== Files in the root of some directories =======

2016-12-17 08:14 - 2016-12-17 08:14 - 7680000 _____ () C:\Program Files\GUT8A17.tmp
2012-08-21 11:39 - 2013-10-12 17:48 - 0000204 _____ () C:\Users\MSI CR-460\AppData\Roaming\default.rss
2013-01-03 18:24 - 2013-01-03 18:24 - 0000000 _____ () C:\Users\MSI CR-460\AppData\Roaming\downloads.m3u
2013-10-06 11:54 - 2013-11-05 12:23 - 0002048 _____ () C:\Users\MSI CR-460\AppData\Roaming\ILOVEPHOTOBOOK v2.5.4 Prefs
2015-04-19 16:20 - 2015-04-19 16:20 - 0005872 _____ () C:\Users\MSI CR-460\AppData\Roaming\nPjp3vhoiCRat
2014-01-01 07:13 - 2015-01-11 10:11 - 0003072 _____ () C:\Users\MSI CR-460\AppData\Roaming\Photobook Designer Prefsv3
2013-10-12 14:41 - 2015-01-13 20:20 - 0003072 _____ () C:\Users\MSI CR-460\AppData\Roaming\PIXAJOY Editor Prefsv3
2015-08-22 16:44 - 2015-08-22 16:44 - 0000187 _____ () C:\Users\MSI CR-460\AppData\Local\Bamtechno.exe.config
2012-06-20 19:34 - 2015-09-23 02:52 - 0065024 _____ () C:\Users\MSI CR-460\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-06 13:53

==================== End of FRST.txt ============================
 
Last edited by a moderator:

toreee

PCHF Member
PCHF Member
Feb 4, 2017
68
2
36
Kuala Lumpur
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-01-2017
Ran by MSI CR-460 (04-02-2017 12:19:55)
Running from C:\Users\MSI CR-460\Downloads
Microsoft Windows 7 Starter Service Pack 1 (X86) (2012-04-12 20:06:10)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-590680974-46065942-2644484873-500 - Administrator - Disabled)
Guest (S-1-5-21-590680974-46065942-2644484873-501 - Limited - Disabled)
MSI CR-460 (S-1-5-21-590680974-46065942-2644484873-1000 - Administrator - Enabled) => C:\Users\MSI CR-460

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\uTorrent) (Version: 1.8.1 - )
Adobe Flash Player 22 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 24 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM\...\AmUStor) (Version: 1.2.0117.08443 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (Version: 1.2.0117.08443 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader (Version: 1.2.42.68439 - Alcor Micro Corp.) Hidden
Atheros Client Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
Atheros Client Installation Program (HKLM\...\{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}) (Version: 7.0 - Atheros)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
AVG PC TuneUp 2015 (en-US) (Version: 15.0.1001.604 - AVG Technologies) Hidden
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.100.82.63 - Broadcom Corporation)
Canon IJ Network Scanner Selector EX (HKLM\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - )
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon MX420 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX420_series) (Version: - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.22 - Piriform)
Cisco AnyConnect Secure Mobility Client (HKLM\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04066 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (Version: 3.1.04066 - Cisco Systems, Inc.) Hidden
Cisco EAP-FAST Module (Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (Version: 1.1.6 - Cisco Systems, Inc.) Hidden
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.0.0820 - CyberLink Corp.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Family Tree Maker 2012 (HKLM\...\Family Tree Maker 2012) (Version: 21.0.388 - Ancestry.com, Inc.)
Family Tree Maker 2012 (Version: 21.0.388 - Ancestry.com, Inc.) Hidden
FileHippo App Manager (HKLM\...\FileHippo.com) (Version: - FileHippo.com)
FlashGet3.7 (HKLM\...\FlashGet3.7) (Version: 3.7.0.1195 - hxxp://www.FlashGet.com)
FormatFactory 2.20 (HKLM\...\FormatFactory) (Version: 2.20 - Free Time)
GOM Player (HKLM\...\GOM Player) (Version: 2.3.6.5260 - Gretech Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Photos Backup (HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\Google Photos Backup) (Version: 1.1.2.13 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.32.7 - Google Inc.) Hidden
HTC Driver Installer (HKLM\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.16.0.001 - HTC Corporation)
HTC Sync Manager (HKLM\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.46.0 - HTC)
ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden
Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2342 - Intel Corporation)
IPTInstaller (HKLM\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
Java 8 Update 121 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 8.3.2 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 8.3.2 - )
Lenovo_Wireless_Driver (HKLM\...\{28ABE740-47F3-441B-9437-852F6A64EFF8}) (Version: 3.1.14.0 - Lenovo)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Master PDF Editor 2.1.65 (HKLM\...\Master PDF Editor 2.1.65_is1) (Version: - Code Industry Ltd.)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visio Professional 2013 (HKLM\...\Office15.VISPRO) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Photo Creations (Photobookmart Edition) (HKLM\...\{111FC0F4-F93D-4FB1-A91D-B0258A8A1BA5}) (Version: 8.7.8288 - Digilabs)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Password Remover (HKLM\...\PDF Password Remover) (Version: - Tenorshare, Inc.)
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 11.0 - PlotSoft LLC)
Photobook Designer (HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\Photobook Designer) (Version: Photobook Designer 4.1.0 - Photobook Malaysia)
Pismo File Mount Audit Package (HKLM\...\PismoFileMountAuditPackage) (Version: - )
PIXAJOY Editor (HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\PIXAJOY Editor) (Version: PIXAJOY Editor 3.5.0 - Pixajoy )
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.37.1229.2010 - Realtek)
Realtek USB 2.0 Reader Driver (HKLM\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10010 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.0178 - REALTEK Semiconductor Corp.)
Riverbed Steelhead Mobile (HKLM\...\{09D86FD5-EA7E-4072-997F-4E88AE25ACA2}) (Version: 49.10.4101.10 - Riverbed Technology, Inc.)
S-Bar (HKLM\...\{4E18A842-A084-46E0-81BA-31C7EB96B26C}) (Version: 21.011.10272 - MSI)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{90150000-0051-0000-0000-0000000FF1CE}_Office15.VISPRO_{8D2E04ED-3350-4ECE-9D6E-3BC9A9A93A47}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
TeamViewer 10 (HKLM\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
Telegram Desktop version 0.10.19 (HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 0.10.19 - Telegram Messenger LLP)
TuneUp Utilities 2014 (en-US) (Version: 14.0.1000.340 - TuneUp Software) Hidden
Update for Skype for Business 2015 (KB3039776) 32-Bit Edition (HKLM\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{9F6B3627-AF9E-40A5-AAD5-3497C4327616}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3127976) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7CBB5B61-6821-4B11-9640-A04ABF78630F}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3127976) 32-Bit Edition (HKLM\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{7CBB5B61-6821-4B11-9640-A04ABF78630F}) (Version: - Microsoft)
Uplayer (HKLM\...\{246F5A8A-ADB1-4ED9-BE01-C4118E7DB3A5}) (Version: 1.0.0.33 - D-LINK CORPORATION)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VNC Enterprise Edition E4.5.1 (HKLM\...\RealVNC_is1) (Version: E4.5.1 - RealVNC Ltd.)
VNC Mirror Driver 1.8.0 (HKLM\...\VNCMirror_is1) (Version: 1.8.0 - RealVNC Ltd.)
VNC Printer Driver 1.6.0 (HKLM\...\VNCPrinter_is1) (Version: 1.6.0 - RealVNC Ltd.)
WD Drive Utilities (HKLM\...\{E61CFDDA-40DD-4400-95CA-12819C50B5C2}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.)
WD Security (HKLM\...\{429a42d7-4c55-44d4-b38a-5872a0d70495}) (Version: 1.3.0.18 - Western Digital Technologies, Inc.)
WD Security (Version: 1.3.0.18 - Western Digital Technologies, Inc.) Hidden
WD SES Driver Setup (Version: 1.1.0.51 - Western Digital) Hidden
WD SmartWare (HKLM\...\{6EE644CD-FC7F-424C-83EA-9C0285C4FB7F}) (Version: 2.4.2.26 - Western Digital Technologies, Inc.)
Win7codecs (HKLM\...\{8C0CAA7A-3272-4991-A808-2C7559DE3409}) (Version: 3.4.7 - Shark007)
Windows 7 USB/DVD Download Tool (HKLM\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Driver Package - ENE (EUCR) USB (12/04/2009 5.89.0.64) (HKLM\...\7F523D4F8E191139525DC0260B06BF68E4E581EE) (Version: 12/04/2009 5.89.0.64 - ENE)
Windows Driver Package - Intel (NETw5s32) net (03/18/2010 13.2.0.30) (HKLM\...\5B1D8E9CE6F89F5466353F3E5A7084A126505FEA) (Version: 03/18/2010 13.2.0.30 - Intel)
Windows Driver Package - Intel (NETw5s32) net (09/15/2009 13.0.0.107) (HKLM\...\261F972493946CC8B32688E5247ADD2EE612DEB9) (Version: 09/15/2009 13.0.0.107 - Intel)
Windows Driver Package - Intel (NETw5v32) net (03/18/2010 13.2.0.30) (HKLM\...\DA556C9045FE4065F487AF1C9B3992A6AD4C8A66) (Version: 03/18/2010 13.2.0.30 - Intel)
Windows Driver Package - Intel (NETw5v32) net (09/15/2009 13.0.0.107) (HKLM\...\FB8C5A1BB9B0EB1DBE21E5BBBF6942439C4FB2F9) (Version: 09/15/2009 13.0.0.107 - Intel)
Windows Driver Package - Ralink (netr28u) Net (11/13/2009 3.00.09.0000) (HKLM\...\AB8CA567F16EA6E1DF917E5D13C2A15AD9BB4B14) (Version: 11/13/2009 3.00.09.0000 - Ralink)
Windows Driver Package - Ralink Technology, Corp. (netr28) Net (02/09/2010 3.00.17.0000) (HKLM\...\DA9E83E3434B0A377F6C3573D30A3E6E692E31F2) (Version: 02/09/2010 3.00.17.0000 - Ralink Technology, Corp.)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version: - )
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: 4.10.0 - win.rar GmbH)
WinZip 15.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}) (Version: 15.0.9302 - WinZip Computing, S.L. )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-590680974-46065942-2644484873-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\MSI CR-460\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-590680974-46065942-2644484873-1000_Classes\CLSID\{202B524F-841E-5A9D-8D3F-1010FA1A469E}\InprocServer32 -> C:\Users\MSI CR-460\AppData\Roaming\dlink\Uplayer\1.0.0.33\npUplayer.dll (D-LINK CORPORATION)
CustomCLSID: HKU\S-1-5-21-590680974-46065942-2644484873-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\MSI CR-460\AppData\Local\Google\Update\1.3.22.3\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-590680974-46065942-2644484873-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\MSI CR-460\AppData\Local\Google\Update\1.3.22.3\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-590680974-46065942-2644484873-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\MSI CR-460\AppData\Local\Google\Update\1.3.22.3\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-590680974-46065942-2644484873-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\MSI CR-460\AppData\Local\Google\Update\1.3.22.3\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-590680974-46065942-2644484873-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\MSI CR-460\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-590680974-46065942-2644484873-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\MSI CR-460\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-590680974-46065942-2644484873-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\MSI CR-460\AppData\Local\Google\Update\1.3.22.3\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-590680974-46065942-2644484873-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\MSI CR-460\AppData\Local\Google\Update\1.3.22.3\psuser.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {105FB9EB-2CB3-4A40-855C-4D9CC56C5307} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-590680974-46065942-2644484873-1000UA => C:\Users\MSI CR-460\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-23] (Google Inc.)
Task: {263B3821-B41B-463B-9133-B29AB4A227DC} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {2AD45847-5134-4C85-AF64-CC47E0F852F1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-07] (Google Inc.)
Task: {2EA447BB-D06A-4A92-A6C9-CF4DCBB5C14F} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files\AVG\AVG PC TuneUp\OneClick.exe
Task: {5BB67B3B-E846-4BBB-9DCD-56EB60ECCEB9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-26] (Piriform Ltd)
Task: {5E92DD2A-80E1-4B30-97BF-BD371F8BAD9C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {618AAA27-A314-474A-99BD-34A57D8F3ECD} - \TweakBit\PCRepairKit\Start PCRepairKit оn logon -> No File <==== ATTENTION
Task: {6A44FA77-9DE9-4D03-9E05-5880ED4F213D} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2016-12-12] (Oracle Corporation)
Task: {9BEDC262-8A71-4D0F-A2B0-29F5168D7E3D} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {B2FF45A1-1F99-4CC1-AB99-D4F5F4BB379E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-07] (Google Inc.)
Task: {C07CED92-ACC4-43CA-B8F1-9058C905FC13} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-590680974-46065942-2644484873-1000Core => C:\Users\MSI CR-460\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-23] (Google Inc.)
Task: {C692AC12-9B74-46CE-BE7E-CCB6EBD9BFF4} - \TweakBit\PCRepairKit\Time for deal -> No File <==== ATTENTION
Task: {C84F885C-89F6-4165-8330-57EAF51D87AD} - System32\Tasks\Driver Booster SkipUAC (MSI CR-460) => C:\Program Files\IObit\Driver Booster\DriverBooster.exe
Task: {CCFED744-CC54-4558-87D1-030457994CEE} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {D17E1CAE-E13D-4BF7-894B-7D1A5A1D4F90} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {DE10208F-9684-49FD-A7FA-500862703DE5} - System32\Tasks\Uninstaller_SkipUac_MSI_CR-460 => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: {DFB79B3A-D2FC-4280-B545-476FADD32DD0} - System32\Tasks\mpdaqe => C:\windows\system32\config\systemprofile\AppData\Local\Cansing [Argument = /t 2291 3440] <==== ATTENTION
Task: {E7D46F78-E89D-41B6-BBA5-9E84155F84CE} - System32\Tasks\Adobe online update program => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {F7FAC57A-51A1-4FB7-BF19-D51B743EF666} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {F8ECBD7B-A265-4C19-8A20-A480FD2371E9} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-04] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-590680974-46065942-2644484873-1000Core.job => C:\Users\MSI CR-460\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-590680974-46065942-2644484873-1000UA.job => C:\Users\MSI CR-460\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-06-22 15:04 - 2009-07-24 20:21 - 00026624 _____ () C:\windows\System32\VNCpm.dll
2016-06-14 13:38 - 2016-06-14 13:38 - 08909504 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-09-04 20:14 - 2013-09-04 20:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 11:45 - 2010-10-20 11:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-12-08 04:48 - 2012-08-09 15:55 - 00482304 _____ () C:\Program Files\DownloadYoutubeIE\DownloadYoutubeIE.dll
2012-02-27 09:53 - 2009-12-13 02:12 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2015-09-02 15:00 - 2015-09-02 15:00 - 10566352 _____ () C:\Program Files\FileHippo.com\FileHippo.AppManager.exe
2015-04-01 23:51 - 2014-12-19 18:08 - 00020288 _____ () C:\Program Files\CCleaner\branding.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-21-590680974-46065942-2644484873-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-21-590680974-46065942-2644484873-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\petronas.com.my -> hxxps://eva.petronas.com.my
IE restricted site: HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\100sexlinks.com -> 100sexlinks.com

There are 4608 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 06:04 - 2015-08-01 15:51 - 00000854 ____A C:\windows\system32\Drivers\etc\hosts

0.0.0.1 mssplus.mcafee.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-590680974-46065942-2644484873-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: ) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HTCMonitorService => 2
MSCONFIG\Services: IMFservice => 2
MSCONFIG\Services: LiveUpdateSvc => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: Micro Star SCM => 2
MSCONFIG\Services: PassThru Service => 2
MSCONFIG\Services: ptsysexec => 3
MSCONFIG\Services: RVBD_SH_Mobile_Logger => 2
MSCONFIG\Services: RVBD_SH_Mobile_Monitor => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: UNS => 2
MSCONFIG\Services: vpnagent => 2
MSCONFIG\Services: WDBackup => 2
MSCONFIG\Services: WDDriveService => 2
MSCONFIG\Services: WinVNC4 => 2
MSCONFIG\Services: WRSVC => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AmIcoSinglun => C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BitTorrent => "C:\Users\MSI CR-460\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZED
MSCONFIG\startupreg: CCleaner => "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: DriveUtilitiesHelper => C:\Program Files\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
MSCONFIG\startupreg: FileHippo.com => "C:\Program Files\FileHippo.com\FileHippo.AppManager.exe" /background
MSCONFIG\startupreg: FlashGet 3 => "C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" -minimize
MSCONFIG\startupreg: Google Photos Backup => "C:\Users\MSI CR-460\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe" /autostart
MSCONFIG\startupreg: Google Update => "C:\Users\MSI CR-460\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HotKeysCmds => C:\windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\windows\system32\igfxtray.exe
MSCONFIG\startupreg: IObit Malware Fighter => "C:\Program Files\IObit\IObit Malware Fighter\IMF.exe" /autostart
MSCONFIG\startupreg: iTunesHelper =>
MSCONFIG\startupreg: Lync => "C:\Program Files\Microsoft Office\Office15\lync.exe" /fromrunkey
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: MRT => "C:\windows\system32\MRT.exe" /R
MSCONFIG\startupreg: Onboard => C:\Program Files\Western Digital\WD SmartWare\BackupTask.exe /Onboard "C:\Program Files\Western Digital\WD SmartWare\WDSmartWare.exe"
MSCONFIG\startupreg: PC Booster => C:\Program Files\inKline Global\PC Booster\pcbooster.exe
MSCONFIG\startupreg: PDF Converter Elite Print Dispatcher => C:\Program Files\pdfconverter.com\PDF Converter Elite\3.0\pcSONPrnDisp.exe
MSCONFIG\startupreg: Persistence => C:\windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RemoteControl11 =>
MSCONFIG\startupreg: S-Bar => %PROGRAMFILES%\S-Bar\S-Bar.exe
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
MSCONFIG\startupreg: Steelhead Mobile => C:\Program Files\Riverbed\Steelhead Mobile\shmobile.exe
MSCONFIG\startupreg: WD Drive Unlocker => C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe
MSCONFIG\startupreg: WD Quick View => C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
MSCONFIG\startupreg: WRSVC => "C:\Program Files\Webroot\WRSA.exe" -ul
MSCONFIG\startupreg: YouCam Mirage => "C:\Program Files\CyberLink\YouCam\YCMMirage.exe"
MSCONFIG\startupreg: YouCam Tray => "C:\Program Files\CyberLink\YouCam\YouCamTray.exe" /s

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C5B4AF29-119F-4051-904B-8A49DD8362AF}] => C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{00439C20-5C33-4B26-BCC5-D1ACE90DF8B9}] => LPort=2869
FirewallRules: [{04A334D9-77DA-4BE7-A1C9-0CB753349904}] => LPort=1900
FirewallRules: [{C2B7491A-F99A-4810-863C-004E41FD17A4}] => C:\Program Files\Windows Live\Mesh\MOE.exe
FirewallRules: [TCP Query User{D953E4DC-8C62-4205-A38F-1A4A2F41D7DF}C:\program files\flashget network\flashget 3\flashget3.exe] => C:\program files\flashget network\flashget 3\flashget3.exe
FirewallRules: [UDP Query User{A8462E1D-3ECA-4C42-8F06-F38041A8F232}C:\program files\flashget network\flashget 3\flashget3.exe] => C:\program files\flashget network\flashget 3\flashget3.exe
FirewallRules: [TCP Query User{6E0E6AC4-115C-425F-A634-B935206DF9E3}C:\program files\flashget network\flashget 3\flashget3.exe] => C:\program files\flashget network\flashget 3\flashget3.exe
FirewallRules: [UDP Query User{0C7B591C-0DEA-4925-8D9C-0FA5BAFE3A0A}C:\program files\flashget network\flashget 3\flashget3.exe] => C:\program files\flashget network\flashget 3\flashget3.exe
FirewallRules: [{D613068E-2470-4E18-B9E4-50C8D8471030}] => C:\Program Files\uTorrent\uTorrent.exe
FirewallRules: [{ADF02B3B-A16A-4AEA-9EDB-D6CF25C93C18}] => C:\Program Files\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{6354AE3F-B769-4DF4-9782-00E0715A06CF}C:\program files\utorrent\utorrent.exe] => C:\program files\utorrent\utorrent.exe
FirewallRules: [UDP Query User{77E5DBE9-B21D-4B23-A3BE-D62A090843EC}C:\program files\utorrent\utorrent.exe] => C:\program files\utorrent\utorrent.exe
FirewallRules: [{3065DD48-1F0D-4586-99A6-07792945BAA4}] => C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{36017C51-0DE0-4C39-AEA0-979B1A874D3A}] => C:\Program Files\RealVNC\VNC4\winvnc4.exe
FirewallRules: [{66256667-4061-40FF-A382-3EE0833C99E7}] => C:\Program Files\RealVNC\VNC4\winvnc4.exe
FirewallRules: [{B302449F-6580-4659-988D-391FD4FF8A47}] => C:\Program Files\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [TCP Query User{C1267526-5765-46FC-B341-27833229BA88}C:\program files\realvnc\vnc4\vncviewer.exe] => C:\program files\realvnc\vnc4\vncviewer.exe
FirewallRules: [UDP Query User{C747B7DC-4869-40B8-BDEC-9AC272E12C64}C:\program files\realvnc\vnc4\vncviewer.exe] => C:\program files\realvnc\vnc4\vncviewer.exe
FirewallRules: [{7F74447F-59B6-4161-91B6-B9D8D81B6C89}] => C:\program files\realvnc\vnc4\vncviewer.exe
FirewallRules: [{B10A3F56-F670-4175-95DD-F2A3C1A5B6A6}] => C:\program files\realvnc\vnc4\vncviewer.exe
FirewallRules: [{2B432B9B-DE20-4B9F-AF9D-F83F2DDED610}] => C:\Program Files\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{68FB0709-56D1-4AEA-82E3-E8D1787EBCF8}] => C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{A0C06B91-0BCC-473C-AD17-366744A75820}] => C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{B02E9839-D7C7-4DD9-AEA2-5564F1C5F1C8}] => C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{7B856D9D-5489-48C6-A738-F68FAB45B2CD}] => C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{1ADBE753-B638-4048-8FB1-77E2255BCC08}] => C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{869B9BD9-D820-4314-814B-6851C573EAD4}] => C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{7D64ABCD-B0CF-44A8-B41F-7EC6EED95A91}] => C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{7AB7110C-7E95-4FCB-9605-D9157FA8C77A}] => C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{2964EF2B-60E5-4FB5-80E5-E962495796A7}] => C:\Program Files\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe] => Enabled:Flashget3

==================== Restore Points =========================

23-11-2016 15:52:15 Windows Update
24-11-2016 03:00:57 Windows Update
26-11-2016 07:15:49 Windows Update
01-12-2016 07:11:14 Windows Update
01-12-2016 08:38:07 Windows Update
11-12-2016 20:16:36 Windows Update
15-12-2016 11:18:55 Windows Update
16-12-2016 08:09:59 Windows Update
17-12-2016 07:54:28 Windows Update
27-01-2017 07:57:02 Windows Update
04-02-2017 07:01:55 Windows Update

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/04/2017 12:05:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.18538 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: cb0

Start Time: 01d27ebcd3474c9c

Termination Time: 30

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (02/04/2017 12:01:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/04/2017 08:26:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/04/2017 08:24:14 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.
.

Error: (02/04/2017 07:54:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/04/2017 07:47:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/04/2017 07:15:55 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/04/2017 06:52:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/28/2017 02:48:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CompatTelRunner.exe, version: 10.0.14913.1002, time stamp: 0x57d102c7
Faulting module name: devinv.dll, version: 10.0.14913.1002, time stamp: 0x57d1049e
Exception code: 0xc0000005
Fault offset: 0x0002ec20
Faulting process id: 0xf68
Faulting application start time: 0x01d2784ce7fb16cf
Faulting application path: C:\windows\system32\CompatTelRunner.exe
Faulting module path: C:\windows\system32\devinv.dll
Report Id: 55255b6c-e547-11e6-9817-6c626d3204fe

Error: (01/27/2017 07:28:25 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.18538 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: fe0

Start Time: 01d2784d0f80800f

Termination Time: 273

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:


System errors:
=============
Error: (02/04/2017 12:02:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (02/04/2017 11:59:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AVG PC TuneUp Service service failed to start due to the following error:
The system cannot find the path specified.

Error: (02/04/2017 11:59:51 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (02/04/2017 11:59:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AVG WatchDog service failed to start due to the following error:
The system cannot find the path specified.

Error: (02/04/2017 08:27:58 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (02/04/2017 08:25:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AVG PC TuneUp Service service failed to start due to the following error:
The system cannot find the path specified.

Error: (02/04/2017 08:25:16 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (02/04/2017 08:25:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AVG WatchDog service failed to start due to the following error:
The system cannot find the path specified.

Error: (02/04/2017 08:23:10 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (02/04/2017 08:13:49 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.


CodeIntegrity:
===================================
Date: 2015-10-21 22:16:57.424
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-10-15 16:21:07.044
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-10-15 16:21:07.014
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-10-15 16:21:06.994
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-10-14 19:24:58.626
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-10-14 19:24:58.606
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-10-14 19:24:58.596
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-10-07 22:19:00.786
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-10-07 22:19:00.746
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-09-12 10:16:29.553
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU B940 @ 2.00GHz
Percentage of memory in use: 54%
Total physical RAM: 2048 MB
Available physical RAM: 934.43 MB
Total Virtual: 4096 MB
Available Virtual: 2817.29 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:298.09 GB) (Free:46.71 GB) NTFS ==>[drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: D21CB07A)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,395
551
Remove µTorrent from your machine.. You may reinstall it after we are done here. Just at least refrain from using i it while we work on your machine please. :)


Clean up temp files and reduce startup load with CCleaner.


  • Download CCleaner from here.
  • After install Click Options.
  • Go to monitoring.
  • Uncheck All Monitoring items.
  • Go to advanced -- Click close program after cleaning.
  • Go to settings -- click run ccleaner when the computer starts.
  • Now that you have ccleaner installed and set-up:
  • Open the program.
  • Go to Tools
  • Go to Startup
  • Now double click each item. To Disable.
  • Leave only your antivirus enabled.
  • Then disable All items in your scheduled task as well.
  • Unless they are related to windows defender.Or your antivirus.
  • Reboot the machine.

FRST Fix.

Click Here To Download Fixlist.


Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Eliminate Bad Settings with this nice tool.
  • Download SupRestric.exe save to your desktop.
  • Close all running programs.
  • Temporarily disable the antivirus
  • Double click the file to launch it.
  • Windows: 7/8/10 Vista and run as administrator
  • Click Yes at any prompt.
  • The analysis takes only a few moments.
  • The report is on the desktop ( CTR.txt )
  • Copy paste report in next reply.
  • A reboot is needed to complete the repairs.

Adware Cleaner Scan.

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


After you have posted the FRST fix.

Disable your Antivirus & Anti spyware applications!!
Download Autologger to your desktop.
Create a new folder on desktop.
Unzip it there.
Right click Autologger and run as admin.
AVZ4 will open and scan your machine, allow this to complete.
Upload Collectionlog.zip to your next reply.
 

Attachments

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,395
551
On a side note. You are Running from C:\Users\MSI CR-460\Downloads
The program is designed to work from the Desktop.
Make sure and have FRST & the Fixlist on the deskop, prior to pressing fix.

 

toreee

PCHF Member
PCHF Member
Feb 4, 2017
68
2
36
Kuala Lumpur
i cannot run suprestric as administrator..it pop up message "windows cannot access the specified device, path, or file. you may not have the appropriate permission to access the item.
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,395
551
Delete the copy you have of it, then reboot your machine. Re download it, if you still can not run it then skip it. That may also be due to MicrosoftSecurity Essentials deleting it, uninstall MSE while we work on your machine. :)
 
Last edited:

toreee

PCHF Member
PCHF Member
Feb 4, 2017
68
2
36
Kuala Lumpur
# AdwCleaner v6.043 - Logfile created 05/02/2017 at 13:12:26
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-03.2 [Local]
# Operating System : Windows 7 Starter Service Pack 1 (X86)
# Username : MSI CR-460 - MSICR-460-PC
# Running from : C:\Users\MSI CR-460\Desktop\adwcleaner_6.043.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****



***** [ Files ] *****

[-] File deleted: C:\Users\MSI CR-460\Downloads\SysInfo.exe


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Auslogics


***** [ Web browsers ] *****

[-] [C:\Users\MSI CR-460\AppData\Local\Google\Chrome\User Data\Default] [favicon_url] Deleted: hxxp://www.mystartsearch.com/webfavicon.ico


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [18632 Bytes] - [18/11/2016 18:32:33]
C:\AdwCleaner\AdwCleaner[C2].txt - [1392 Bytes] - [18/11/2016 18:47:41]
C:\AdwCleaner\AdwCleaner[C3].txt - [1169 Bytes] - [05/02/2017 13:12:26]
C:\AdwCleaner\AdwCleaner[S0].txt - [18892 Bytes] - [18/11/2016 17:41:52]
C:\AdwCleaner\AdwCleaner[S1].txt - [1530 Bytes] - [18/11/2016 18:47:24]
C:\AdwCleaner\AdwCleaner[S2].txt - [1883 Bytes] - [04/02/2017 10:41:31]
C:\AdwCleaner\AdwCleaner[S3].txt - [1670 Bytes] - [05/02/2017 13:08:05]
C:\AdwCleaner\AdwCleaner[S4].txt - [1743 Bytes] - [05/02/2017 13:12:00]

########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [1608 Bytes] ##########
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,395
551
The FRST fixlog and the Autologger files?
How is the machine running?
 

toreee

PCHF Member
PCHF Member
Feb 4, 2017
68
2
36
Kuala Lumpur
Fix result of Farbar Recovery Scan Tool (x86) Version: 29-01-2017
Ran by MSI CR-460 (05-02-2017 12:40:33) Run:2
Running from C:\Users\MSI CR-460\Desktop
Loaded Profiles: MSI CR-460 (Available Profiles: MSI CR-460)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start
CloseProcesses:
CreateRestorePoint:
Emptytemp:
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6868696 2016-08-26] (Piriform Ltd)
HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\MountPoints2: {32c033ac-75c5-11e2-aec8-6c626d3204fe} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\MountPoints2: {46a3229d-95ab-11e4-9103-6c626d3204fe} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\MountPoints2: {4be725d7-b18a-11e4-90cc-6c626d3204fe} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\MountPoints2: {9c900631-f06e-11e3-bf7f-6c626d3204fe} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\MountPoints2: {f50eb002-73f8-11e2-ae07-6c626d3204fe} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:52737;https=127.0.0.1:52737
AutoConfigURL: [.DEFAULT] => http=127.0.0.1:52737;https=127.0.0.1:52737
Hosts:
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{50C8F833-76C7-43D8-93AB-4E6D4052CA40}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{7AB6315B-63F6-4765-A409-9CE4DD5F8126}: [DhcpNameServer] 213.132.63.25
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131143353588811013&GUID=BF1AA34E-2E28-4C77-B926-8AA831FCD452
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-590680974-46065942-2644484873-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}
SearchScopes: HKLM -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-590680974-46065942-2644484873-1000 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://www.bing.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-590680974-46065942-2644484873-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://www.bing.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-590680974-46065942-2644484873-1000 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.searchtotal.info/?l=1&q={searchTerms}&pid=23391&r=2015/05/23&hid=17666899825539764074&lg=EN&cc=MY&unqvl=88
SearchScopes: HKU\S-1-5-21-590680974-46065942-2644484873-1000 -> {C8E8F212-E403-4628-81AE-710844E09B08} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: No Name -> {1E2F5CB7-A0E9-4D7A-8260-BA9251C4D122} -> C:\Program Files\DownloadYoutubeIE\DownloadYoutubeIE.dll [2012-08-09] ()
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-10-09] (Google Inc.)
BHO: FlashGetBHO -> {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} -> No File
Toolbar: HKLM - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
Toolbar: HKLM - No Name - !{EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-10-09] (Google Inc.)
Toolbar: HKU\S-1-5-21-590680974-46065942-2644484873-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-10-09] (Google Inc.)
IE Session Restore: HKU\S-1-5-21-590680974-46065942-2644484873-1000 -> is enabled.
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.mystartsearch.com/?type=sc&ts=1432356548&z=d02aecf618ecb11fe923485g6z7cdo6c2waq3w0z2q&from=wpc&uid=WDCXWD3200BPVT-22ZEST0_WD-WX21A91A8355A8355
FF user.js: detected! => C:\Users\MSI CR-460\AppData\Roaming\Mozilla\Firefox\Profiles\n6sg4hyy.default\user.js [2015-09-08]
FF NetworkProxy: Mozilla\Firefox\Profiles\n6sg4hyy.default -> type", 0
FF Homepage: Mozilla\Firefox\Profiles\n6sg4hyy.default -> hxxp://websearch.searchtotal.info/?pid=23391&r=2015/05/23&hid=17666899825539764074&lg=EN&cc=MY&unqvl=88
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\n6sg4hyy.default -> WebSearch
FF Keyword.URL: Mozilla\Firefox\Profiles\n6sg4hyy.default -> hxxp://websearch.searchtotal.info/?pid=23391&r=2015/05/23&hid=17666899825539764074&lg=EN&cc=MY&unqvl=88&l=1&q=
FF NewTab: Mozilla\Firefox\Profiles\n6sg4hyy.default -> about:blank
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\n6sg4hyy.default -> WebSearch
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\n6sg4hyy.default -> WebSearch
FF SearchEngineOrder.1,S: Mozilla\Firefox\Profiles\n6sg4hyy.default -> WebSearch
FF DefaultSearchEngine,S: Mozilla\Firefox\Profiles\n6sg4hyy.default -> WebSearch
FF SelectedSearchEngine,S: Mozilla\Firefox\Profiles\n6sg4hyy.default -> WebSearch
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\n6sg4hyy.default -> hxxp://websearch.searchtotal.info/?pid=23391&r=2015/05/23&hid=17666899825539764074&lg=EN&cc=MY&unqvl=88&l=1&q=
FF HKU\S-1-5-21-590680974-46065942-2644484873-1000\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\MSI CR-460\AppData\Roaming\IDM\idmmzcc5 => not found
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll
FF Plugin HKU\S-1-5-21-590680974-46065942-2644484873-1000: @tools.google.com/Google Update;version=3 -> C:\Users\MSI CR-460\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2016-07-23] (Google Inc.)
FF Plugin HKU\S-1-5-21-590680974-46065942-2644484873-1000: @tools.google.com/Google Update;version=9 -> C:\Users\MSI CR-460\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2016-07-23] (Google Inc.)
CHR DefaultSearchURL: Default -> hxxp://www.mystartsearch.com/web/?type=ds&ts=1432356548&z=d02aecf618ecb11fe923485g6z7cdo6c2waq3w0z2q&from=wpc&uid=WDCXWD3200BPVT-22ZEST0_WD-WX21A91A8355A8355&q={searchTerms}
CHR DefaultSearchKeyword: Default -> mystartsearch
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\52.0.2743.116\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\52.0.2743.116\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\52.0.2743.116\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll => No File
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll => No File
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll => No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll => No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll => No File
CHR Plugin: (Shockwave Flash) - C:\windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\windows\system32\npDeployJava1.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll => No File
CHR Extension: (Google Wallet) - C:\Users\MSI CR-460\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-21] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR HKLM\...\Chrome\Extension: [dnligehkhogpcngalffdoomehjcbecna] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gehmndecgbcffhmfjkenpamdgechcgpe] - hxxps://clients2.google.com/service/update2/crx
S4 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-29] (IObit)
C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
S2 avgwd; no ImagePath
S2 TuneUp.UtilitiesSvc; no ImagePath
R0 AVGIDSHX; C:\windows\System32\DRIVERS\avgidshx.sys [222640 2015-08-19] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\windows\System32\DRIVERS\avglogx.sys [290272 2015-05-07] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\windows\System32\DRIVERS\avgtdix.sys [230832 2015-08-04] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\windows\system32\drivers\avgtpx86.sys [37664 2013-11-18] (AVG Technologies)
C:\windows\System32\DRIVERS\avgidshx.sys
C:\windows\System32\DRIVERS\avglogx.sys
C:\windows\system32\drivers\avgtpx86.sys
U0 SR; no ImagePath
C:\Program Files\GUT8A17.tmp
U2 srservice; no ImagePath
S3 TuneUpUtilitiesDrv; no ImagePath
S1 wadyyazr; \??\C:\windows\system32\drivers\wadyyazr.sys [X]
C:\windows\Tasks\Adobe Flash Player Updater.job
C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-590680974-46065942-2644484873-1000UA.job
C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-590680974-46065942-2644484873-1000Core.job
2016-12-17 08:14 - 2016-12-17 08:14 - 7680000 _____ () C:\Program Files\GUT8A17.tmp
2012-08-21 11:39 - 2013-10-12 17:48 - 0000204 _____ () C:\Users\MSI CR-460\AppData\Roaming\default.rss
2013-01-03 18:24 - 2013-01-03 18:24 - 0000000 _____ () C:\Users\MSI CR-460\AppData\Roaming\downloads.m3u
2013-10-06 11:54 - 2013-11-05 12:23 - 0002048 _____ () C:\Users\MSI CR-460\AppData\Roaming\ILOVEPHOTOBOOK v2.5.4 Prefs
2015-04-19 16:20 - 2015-04-19 16:20 - 0005872 _____ () C:\Users\MSI CR-460\AppData\Roaming\nPjp3vhoiCRat
2014-01-01 07:13 - 2015-01-11 10:11 - 0003072 _____ () C:\Users\MSI CR-460\AppData\Roaming\Photobook Designer Prefsv3
2013-10-12 14:41 - 2015-01-13 20:20 - 0003072 _____ () C:\Users\MSI CR-460\AppData\Roaming\PIXAJOY Editor Prefsv3
2015-08-22 16:44 - 2015-08-22 16:44 - 0000187 _____ () C:\Users\MSI CR-460\AppData\Local\Bamtechno.exe.config
2012-06-20 19:34 - 2015-09-23 02:52 - 0065024 _____ () C:\Users\MSI CR-460\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Task: {105FB9EB-2CB3-4A40-855C-4D9CC56C5307} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-590680974-46065942-2644484873-1000UA => C:\Users\MSI CR-460\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-23] (Google Inc.)
Task: {2AD45847-5134-4C85-AF64-CC47E0F852F1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-07] (Google Inc.)
Task: {5E92DD2A-80E1-4B30-97BF-BD371F8BAD9C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {618AAA27-A314-474A-99BD-34A57D8F3ECD} - \TweakBit\PCRepairKit\Start PCRepairKit оn logon -> No File <==== ATTENTION
Task: {6A44FA77-9DE9-4D03-9E05-5880ED4F213D} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2016-12-12] (Oracle Corporation)
Task: {B2FF45A1-1F99-4CC1-AB99-D4F5F4BB379E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-07] (Google Inc.)
Task: {C07CED92-ACC4-43CA-B8F1-9058C905FC13} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-590680974-46065942-2644484873-1000Core => C:\Users\MSI CR-460\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-23] (Google Inc.)
Task: {C692AC12-9B74-46CE-BE7E-CCB6EBD9BFF4} - \TweakBit\PCRepairKit\Time for deal -> No File <==== ATTENTION
Task: {C84F885C-89F6-4165-8330-57EAF51D87AD} - System32\Tasks\Driver Booster SkipUAC (MSI CR-460) => C:\Program Files\IObit\Driver Booster\DriverBooster.exe
Task: {DE10208F-9684-49FD-A7FA-500862703DE5} - System32\Tasks\Uninstaller_SkipUac_MSI_CR-460 => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: {DFB79B3A-D2FC-4280-B545-476FADD32DD0} - System32\Tasks\mpdaqe => C:\windows\system32\config\systemprofile\AppData\Local\Cansing [Argument = /t 2291 3440] <==== ATTENTION
Task: {E7D46F78-E89D-41B6-BBA5-9E84155F84CE} - System32\Tasks\Adobe online update program => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {F8ECBD7B-A265-4C19-8A20-A480FD2371E9} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-04] (Adobe Systems Incorporated)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-590680974-46065942-2644484873-1000Core.job => C:\Users\MSI CR-460\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-590680974-46065942-2644484873-1000UA.job => C:\Users\MSI CR-460\AppData\Local\Google\Update\GoogleUpdate.exe
2015-04-01 23:51 - 2014-12-19 18:08 - 00020288 _____ () C:\Program Files\CCleaner\branding.dll
2013-12-08 04:48 - 2012-08-09 15:55 - 00482304 _____ () C:\Program Files\DownloadYoutubeIE\DownloadYoutubeIE.dll
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-21-590680974-46065942-2644484873-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-21-590680974-46065942-2644484873-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HTCMonitorService => 2
MSCONFIG\Services: IMFservice => 2
MSCONFIG\Services: LiveUpdateSvc => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: Micro Star SCM => 2
MSCONFIG\Services: PassThru Service => 2
MSCONFIG\Services: ptsysexec => 3
MSCONFIG\Services: RVBD_SH_Mobile_Logger => 2
MSCONFIG\Services: RVBD_SH_Mobile_Monitor => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: UNS => 2
MSCONFIG\Services: vpnagent => 2
MSCONFIG\Services: WDBackup => 2
MSCONFIG\Services: WDDriveService => 2
MSCONFIG\Services: WinVNC4 => 2
MSCONFIG\Services: WRSVC => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AmIcoSinglun => C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BitTorrent => "C:\Users\MSI CR-460\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZED
MSCONFIG\startupreg: CCleaner => "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: DriveUtilitiesHelper => C:\Program Files\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
MSCONFIG\startupreg: FileHippo.com => "C:\Program Files\FileHippo.com\FileHippo.AppManager.exe" /background
MSCONFIG\startupreg: FlashGet 3 => "C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" -minimize
MSCONFIG\startupreg: Google Photos Backup => "C:\Users\MSI CR-460\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe" /autostart
MSCONFIG\startupreg: Google Update => "C:\Users\MSI CR-460\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HotKeysCmds => C:\windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\windows\system32\igfxtray.exe
MSCONFIG\startupreg: IObit Malware Fighter => "C:\Program Files\IObit\IObit Malware Fighter\IMF.exe" /autostart
MSCONFIG\startupreg: iTunesHelper =>
MSCONFIG\startupreg: Lync => "C:\Program Files\Microsoft Office\Office15\lync.exe" /fromrunkey
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: MRT => "C:\windows\system32\MRT.exe" /R
MSCONFIG\startupreg: Onboard => C:\Program Files\Western Digital\WD SmartWare\BackupTask.exe /Onboard "C:\Program Files\Western Digital\WD SmartWare\WDSmartWare.exe"
MSCONFIG\startupreg: PC Booster => C:\Program Files\inKline Global\PC Booster\pcbooster.exe
MSCONFIG\startupreg: PDF Converter Elite Print Dispatcher => C:\Program Files\pdfconverter.com\PDF Converter Elite\3.0\pcSONPrnDisp.exe
MSCONFIG\startupreg: Persistence => C:\windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RemoteControl11 =>
MSCONFIG\startupreg: S-Bar => %PROGRAMFILES%\S-Bar\S-Bar.exe
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
MSCONFIG\startupreg: Steelhead Mobile => C:\Program Files\Riverbed\Steelhead Mobile\shmobile.exe
MSCONFIG\startupreg: WD Drive Unlocker => C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe
MSCONFIG\startupreg: WD Quick View => C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
MSCONFIG\startupreg: WRSVC => "C:\Program Files\Webroot\WRSA.exe" -ul
MSCONFIG\startupreg: YouCam Mirage => "C:\Program Files\CyberLink\YouCam\YCMMirage.exe"
MSCONFIG\startupreg: YouCam Tray => "C:\Program Files\CyberLink\YouCam\YouCamTray.exe" /s
CMD: RD /S /Q %WinDir%\System32\GroupPolicyUsers
CMD: RD /S /Q %WinDir%\System32\GroupPolicy
CMD: RD /S /Q %WinDir%\SysWOW64\GroupPolicyUsers
CMD: RD /S /Q %WinDir%\SysWOW64\GroupPolicy
CMD: RD /S /Q %WinDir%\SysNative\GroupPolicyUsers
CMD: RD /S /Q %WinDir%\SysNative\GroupPolicy
CMD: gpupdate /force
CMD: bitsadmin /reset /allusers
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
EmptyTemp:
reboot:
end



*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewOnDrive => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRun => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRunOnce => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRun => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRunOnce => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewContextMenu => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoShellSearchButton => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFind => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFile => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideClock => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayContextMenu => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayItemsDisplay => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetFolders => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDevMgrUpdate => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetTaskbar => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDeletePrinter => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDFSTab => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeStartMenu => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogoff => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWindowsUpdate => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoEncryptOnMove => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRunasInstallPrompt => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSaveSettings => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoHardwareTab => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartMenuSubFolders => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDesktop => value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableCMD => value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispAppearancePage => value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispBackgroundPage => value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispSettingsPage => value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewOnDrive => value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRun => value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRunOnce => value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRun => value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRunOnce => value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewContextMenu => value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoShellSearchButton => value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFind => value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFile => value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideClock => value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayContextMenu => value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayItemsDisplay => value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetFolders => value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDevMgrUpdate => value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetTaskbar => value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDeletePrinter => value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDFSTab => value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeStartMenu => value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogoff => value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWindowsUpdate => value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoEncryptOnMove => value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRunasInstallPrompt => value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSaveSettings => value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoHardwareTab => value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartMenuSubFolders => value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableCMD => value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispAppearancePage => value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispBackgroundPage => value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispSettingsPage => value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewOnDrive => value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRun => value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRunOnce => value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRun => value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRunOnce => value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewContextMenu => value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoShellSearchButton => value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFind => value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFile => value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideClock => value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayContextMenu => value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayItemsDisplay => value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetFolders => value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDevMgrUpdate => value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetTaskbar => value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDeletePrinter => value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDFSTab => value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeStartMenu => value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogoff => value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWindowsUpdate => value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoEncryptOnMove => value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRunasInstallPrompt => value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSaveSettings => value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoHardwareTab => value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartMenuSubFolders => value not found.
HKU\S-1-5-21-590680974-46065942-2644484873-1000\Software\Microsoft\Windows\CurrentVersion\Run\\CCleaner Monitoring => value not found.
HKU\S-1-5-21-590680974-46065942-2644484873-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableCMD => value not found.
HKU\S-1-5-21-590680974-46065942-2644484873-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispAppearancePage => value not found.
HKU\S-1-5-21-590680974-46065942-2644484873-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispBackgroundPage => value not found.
HKU\S-1-5-21-590680974-46065942-2644484873-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispSettingsPage => value not found.
HKU\S-1-5-21-590680974-46065942-2644484873-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewOnDrive => value not found.
HKU\S-1-5-21-590680974-46065942-2644484873-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRun => value not found.
HKU\S-1-5-21-590680974-46065942-2644484873-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRunOnce => value not found.
HKU\S-1-5-21-590680974-46065942-2644484873-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRun => value not found.
HKU\S-1-5-21-590680974-46065942-2644484873-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRunOnce => value not found.
HKU\S-1-5-21-590680974-46065942-2644484873-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewContextMenu => value not found.
HKU\S-1-5-21-590680974-46065942-2644484873-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoShellSearchButton => value not found.
HKU\S-1-5-21-590680974-46065942-2644484873-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFind => value not found.
HKU\S-1-5-21-590680974-46065942-2644484873-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFile => value not found.
HKU\S-1-5-21-590680974-46065942-2644484873-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideClock => value not found.
HKU\S-1-5-21-590680974-46065942-2644484873-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayContextMenu => value not found.
HKU\S-1-5-21-590680974-46065942-2644484873-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayItemsDisplay => value not found.
HKU\S-1-5-21-590680974-46065942-2644484873-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetFolders => value not found.
HKU\S-1-5-21-590680974-46065942-2644484873-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDevMgrUpdate => value not found.
HKU\S-1-5-21-590680974-46065942-2644484873-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetTaskbar => value not found.
HKU\S-1-5-21-590680974-46065942-2644484873-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDeletePrinter => value not found.
HKU\S-1-5-21-590680974-46065942-2644484873-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDFSTab => value not found.
HKU\S-1-5-21-590680974-46065942-2644484873-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeStartMenu => value not found.
HKU\S-1-5-21-590680974-46065942-2644484873-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogoff => value not found.
HKU\S-1-5-21-590680974-46065942-2644484873-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWindowsUpdate => value not found.
HKU\S-1-5-21-590680974-46065942-2644484873-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoEncryptOnMove => value not found.
HKU\S-1-5-21-590680974-46065942-2644484873-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRunasInstallPrompt => value not found.
HKU\S-1-5-21-590680974-46065942-2644484873-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => value not found.
HKU\S-1-5-21-590680974-46065942-2644484873-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSaveSettings => value not found.
HKU\S-1-5-21-590680974-46065942-2644484873-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoHardwareTab => value not found.
HKU\S-1-5-21-590680974-46065942-2644484873-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartMenuSubFolders => value not found.
HKU\S-1-5-21-590680974-46065942-2644484873-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{32c033ac-75c5-11e2-aec8-6c626d3204fe} => key not found.
HKCR\CLSID\{32c033ac-75c5-11e2-aec8-6c626d3204fe} => key not found.
HKU\S-1-5-21-590680974-46065942-2644484873-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{46a3229d-95ab-11e4-9103-6c626d3204fe} => key not found.
HKCR\CLSID\{46a3229d-95ab-11e4-9103-6c626d3204fe} => key not found.
HKU\S-1-5-21-590680974-46065942-2644484873-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4be725d7-b18a-11e4-90cc-6c626d3204fe} => key not found.
HKCR\CLSID\{4be725d7-b18a-11e4-90cc-6c626d3204fe} => key not found.
HKU\S-1-5-21-590680974-46065942-2644484873-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c900631-f06e-11e3-bf7f-6c626d3204fe} => key not found.
HKCR\CLSID\{9c900631-f06e-11e3-bf7f-6c626d3204fe} => key not found.
HKU\S-1-5-21-590680974-46065942-2644484873-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f50eb002-73f8-11e2-ae07-6c626d3204fe} => key not found.
HKCR\CLSID\{f50eb002-73f8-11e2-ae07-6c626d3204fe} => key not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableCMD => value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispAppearancePage => value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispBackgroundPage => value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispSettingsPage => value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewOnDrive => value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRun => value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRunOnce => value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRun => value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRunOnce => value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewContextMenu => value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoShellSearchButton => value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFind => value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFile => value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideClock => value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayContextMenu => value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayItemsDisplay => value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetFolders => value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDevMgrUpdate => value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetTaskbar => value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDeletePrinter => value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDFSTab => value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeStartMenu => value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogoff => value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWindowsUpdate => value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoEncryptOnMove => value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRunasInstallPrompt => value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSaveSettings => value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoHardwareTab => value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartMenuSubFolders => value not found.
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE => value not found.
HKLM\SOFTWARE\Policies\Google => key not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL => value not found.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer => value removed successfully.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{50C8F833-76C7-43D8-93AB-4E6D4052CA40}\\DhcpNameServer => value removed successfully.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7AB6315B-63F6-4765-A409-9CE4DD5F8126}\\DhcpNameServer => value not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\S-1-5-21-590680974-46065942-2644484873-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE} => key not found.
HKCR\CLSID\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE} => key not found.
HKU\S-1-5-21-590680974-46065942-2644484873-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-21-590680974-46065942-2644484873-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => key removed successfully.
HKCR\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => key not found.
HKU\S-1-5-21-590680974-46065942-2644484873-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE} => key not found.
HKCR\CLSID\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE} => key not found.
HKU\S-1-5-21-590680974-46065942-2644484873-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C8E8F212-E403-4628-81AE-710844E09B08} => key not found.
HKCR\CLSID\{C8E8F212-E403-4628-81AE-710844E09B08} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E2F5CB7-A0E9-4D7A-8260-BA9251C4D122} => key not found.
HKCR\CLSID\{1E2F5CB7-A0E9-4D7A-8260-BA9251C4D122} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7} => key not found.
HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} => key not found.
HKCR\CLSID\{b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\!{2318C2B1-4965-11d4-9B18-009027A5CD4F} => value not found.
HKCR\CLSID\!{2318C2B1-4965-11d4-9B18-009027A5CD4F} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\!{EF99BD32-C1FB-11D2-892F-0090271D4F88} => value not found.
HKCR\CLSID\!{EF99BD32-C1FB-11D2-892F-0090271D4F88} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => value not found.
HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => key not found.
HKU\S-1-5-21-590680974-46065942-2644484873-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value not found.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
HKU\S-1-5-21-590680974-46065942-2644484873-1000\Software\Microsoft\Internet Explorer\ContinuousBrowsing => key not found.
HKCR\PROTOCOLS\Handler\osf => key not found.
HKCR\CLSID\{D924BDC6-C83A-4BD5-90D0-095128A113D1} => key not found.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => value restored successfully
C:\Users\MSI CR-460\AppData\Roaming\Mozilla\Firefox\Profiles\n6sg4hyy.default\user.js => not found.
C:\Users\MSI CR-460\AppData\Roaming\Mozilla\Firefox\Profiles\n6sg4hyy.default\user.js => not found.
FF NetworkProxy: Mozilla\Firefox\Profiles\n6sg4hyy.default -> type", 0 => not found
FF Homepage: Mozilla\Firefox\Profiles\n6sg4hyy.default -> hxxp://websearch.searchtotal.info/?pid=23391&r=2015/05/23&hid=17666899825539764074&lg=EN&cc=MY&unqvl=88 => not found
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\n6sg4hyy.default -> WebSearch => not found
FF Keyword.URL: Mozilla\Firefox\Profiles\n6sg4hyy.default -> hxxp://websearch.searchtotal.info/?pid=23391&r=2015/05/23&hid=17666899825539764074&lg=EN&cc=MY&unqvl=88&l=1&q= => not found
FF NewTab: Mozilla\Firefox\Profiles\n6sg4hyy.default -> about:blank => not found
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\n6sg4hyy.default -> WebSearch => not found
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\n6sg4hyy.default -> WebSearch => not found
FF SearchEngineOrder.1,S: Mozilla\Firefox\Profiles\n6sg4hyy.default -> WebSearch => not found
FF DefaultSearchEngine,S: Mozilla\Firefox\Profiles\n6sg4hyy.default -> WebSearch => not found
FF SelectedSearchEngine,S: Mozilla\Firefox\Profiles\n6sg4hyy.default -> WebSearch => not found
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\n6sg4hyy.default -> hxxp://websearch.searchtotal.info/?pid=23391&r=2015/05/23&hid=17666899825539764074&lg=EN&cc=MY&unqvl=88&l=1&q= => not found
HKU\S-1-5-21-590680974-46065942-2644484873-1000\Software\Mozilla\SeaMonkey\Extensions\\[email protected] => value not found.
HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3 => key not found.
"C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll" => not found.
HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9 => key not found.
"C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll" => not found.
"C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll" => not found.
HKU\S-1-5-21-590680974-46065942-2644484873-1000\Software\MozillaPlugins\@tools.google.com/Google Update;version=3 => key not found.
C:\Users\MSI CR-460\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll => not found.
HKU\S-1-5-21-590680974-46065942-2644484873-1000\Software\MozillaPlugins\@tools.google.com/Google Update;version=9 => key not found.
C:\Users\MSI CR-460\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll => not found.
Chrome DefaultSearchURL => not found.
Chrome DefaultSearchKeyword => not found.
C:\Program Files\Google\Chrome\Application\52.0.2743.116\PepperFlash\pepflashplayer.dll => not found.
C:\Program Files\Google\Chrome\Application\52.0.2743.116\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files\Google\Chrome\Application\52.0.2743.116\pdf.dll => not found.
C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => not found.
C:\Program Files\QuickTime\plugins\npqtplugin6.dll => not found.
C:\Program Files\QuickTime\plugins\npqtplugin7.dll => not found.
C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll => not found.
C:\Program Files\Google\Picasa3\npPicasa3.dll => not found.
C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll => not found.
C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll => not found.
C:\windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll => not found.
C:\windows\system32\npDeployJava1.dll => not found.
c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll => not found.
C:\Users\MSI CR-460\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda <==== ATTENTION => not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\dnligehkhogpcngalffdoomehjcbecna => key not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\gehmndecgbcffhmfjkenpamdgechcgpe => key not found.
LiveUpdateSvc => service not found.
"C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe" => not found.
avgwd => service not found.
TuneUp.UtilitiesSvc => service not found.
AVGIDSHX => service not found.
Avglogx => service not found.
Avgtdix => service not found.
avgtp => service not found.
"C:\windows\System32\DRIVERS\avgidshx.sys" => not found.
"C:\windows\System32\DRIVERS\avglogx.sys" => not found.
"C:\windows\system32\drivers\avgtpx86.sys" => not found.
SR => service not found.
"C:\Program Files\GUT8A17.tmp" => not found.
srservice => service not found.
TuneUpUtilitiesDrv => service not found.
wadyyazr => service not found.
"C:\windows\Tasks\Adobe Flash Player Updater.job" => not found.
"C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-590680974-46065942-2644484873-1000UA.job" => not found.
"C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-590680974-46065942-2644484873-1000Core.job" => not found.
"C:\Program Files\GUT8A17.tmp" => not found.
"C:\Users\MSI CR-460\AppData\Roaming\default.rss" => not found.
"C:\Users\MSI CR-460\AppData\Roaming\downloads.m3u" => not found.
"C:\Users\MSI CR-460\AppData\Roaming\ILOVEPHOTOBOOK v2.5.4 Prefs" => not found.
"C:\Users\MSI CR-460\AppData\Roaming\nPjp3vhoiCRat" => not found.
"C:\Users\MSI CR-460\AppData\Roaming\Photobook Designer Prefsv3" => not found.
"C:\Users\MSI CR-460\AppData\Roaming\PIXAJOY Editor Prefsv3" => not found.
"C:\Users\MSI CR-460\AppData\Local\Bamtechno.exe.config" => not found.
"C:\Users\MSI CR-460\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{105FB9EB-2CB3-4A40-855C-4D9CC56C5307} => key not found.
C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-590680974-46065942-2644484873-1000UA => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-590680974-46065942-2644484873-1000UA => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2AD45847-5134-4C85-AF64-CC47E0F852F1} => key not found.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5E92DD2A-80E1-4B30-97BF-BD371F8BAD9C} => key not found.
C:\Windows\System32\Tasks\Adobe Acrobat Update Task => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{618AAA27-A314-474A-99BD-34A57D8F3ECD} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TweakBit\PCRepairKit\Start PCRepairKit оn logon => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6A44FA77-9DE9-4D03-9E05-5880ED4F213D} => key not found.
C:\Windows\System32\Tasks\Java Platform SE Auto Updater => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Java Platform SE Auto Updater => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B2FF45A1-1F99-4CC1-AB99-D4F5F4BB379E} => key not found.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C07CED92-ACC4-43CA-B8F1-9058C905FC13} => key not found.
C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-590680974-46065942-2644484873-1000Core => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-590680974-46065942-2644484873-1000Core => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C692AC12-9B74-46CE-BE7E-CCB6EBD9BFF4} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TweakBit\PCRepairKit\Time for deal => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C84F885C-89F6-4165-8330-57EAF51D87AD} => key not found.
C:\Windows\System32\Tasks\Driver Booster SkipUAC (MSI CR-460) => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (MSI CR-460) => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DE10208F-9684-49FD-A7FA-500862703DE5} => key not found.
C:\Windows\System32\Tasks\Uninstaller_SkipUac_MSI_CR-460 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Uninstaller_SkipUac_MSI_CR-460 => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DFB79B3A-D2FC-4280-B545-476FADD32DD0} => key not found.
C:\Windows\System32\Tasks\mpdaqe => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\mpdaqe => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E7D46F78-E89D-41B6-BBA5-9E84155F84CE} => key not found.
C:\Windows\System32\Tasks\Adobe online update program => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe online update program => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8ECBD7B-A265-4C19-8A20-A480FD2371E9} => key not found.
C:\Windows\System32\Tasks\Adobe Flash Player Updater => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater => key not found.
C:\windows\Tasks\Adobe Flash Player Updater.job => not found.
C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-590680974-46065942-2644484873-1000Core.job => not found.
C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-590680974-46065942-2644484873-1000UA.job => not found.
"C:\Program Files\CCleaner\branding.dll" => not found.
"C:\Program Files\DownloadYoutubeIE\DownloadYoutubeIE.dll" => not found.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\WRkrn => key not found.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\WRSVC => key not found.
HKU\.DEFAULT\Software\Classes\exefile => key not found.
HKU\.DEFAULT\Software\Classes\.exe => key not found.
HKU\S-1-5-21-590680974-46065942-2644484873-1000\Software\Classes\exefile => key not found.
HKU\S-1-5-21-590680974-46065942-2644484873-1000\Software\Classes\.exe => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeARMservice => key not found.
HKLM\System\CurrentControlSet\Services\AdobeARMservice => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeFlashPlayerUpdateSvc => key not found.
HKLM\System\CurrentControlSet\Services\AdobeFlashPlayerUpdateSvc => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\cphs => key not found.
HKLM\System\CurrentControlSet\Services\cphs => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdate => key not found.
HKLM\System\CurrentControlSet\Services\gupdate => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdatem => key not found.
HKLM\System\CurrentControlSet\Services\gupdatem => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\HTCMonitorService => key not found.
HKLM\System\CurrentControlSet\Services\HTCMonitorService => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\IMFservice => key not found.
HKLM\System\CurrentControlSet\Services\IMFservice => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\LiveUpdateSvc => key not found.
HKLM\System\CurrentControlSet\Services\LiveUpdateSvc => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\LMS => key not found.
HKLM\System\CurrentControlSet\Services\LMS => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Micro Star SCM => key not found.
HKLM\System\CurrentControlSet\Services\Micro Star SCM => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\PassThru Service => key not found.
HKLM\System\CurrentControlSet\Services\PassThru Service => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\ptsysexec => key not found.
HKLM\System\CurrentControlSet\Services\ptsysexec => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\RVBD_SH_Mobile_Logger => key not found.
HKLM\System\CurrentControlSet\Services\RVBD_SH_Mobile_Logger => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\RVBD_SH_Mobile_Monitor => key not found.
HKLM\System\CurrentControlSet\Services\RVBD_SH_Mobile_Monitor => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SkypeUpdate => key not found.
HKLM\System\CurrentControlSet\Services\SkypeUpdate => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\TeamViewer => key not found.
HKLM\System\CurrentControlSet\Services\TeamViewer => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\UNS => key not found.
HKLM\System\CurrentControlSet\Services\UNS => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\vpnagent => key not found.
HKLM\System\CurrentControlSet\Services\vpnagent => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\WDBackup => key not found.
HKLM\System\CurrentControlSet\Services\WDBackup => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\WDDriveService => key not found.
HKLM\System\CurrentControlSet\Services\WDDriveService => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\WinVNC4 => key not found.
HKLM\System\CurrentControlSet\Services\WinVNC4 => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\WRSVC => key not found.
HKLM\System\CurrentControlSet\Services\WRSVC => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AmIcoSinglun => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\BCSSync => key not found.
HKLM\System\CurrentControlSet\Services\BCSSync => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BitTorrent => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CCleaner => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CCleaner Monitoring => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Cisco AnyConnect Secure Mobility Agent for Windows => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DriveUtilitiesHelper => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FileHippo.com => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FlashGet 3 => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Photos Backup => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HotKeysCmds => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IgfxTray => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IObit Malware Fighter => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSCONFIG\startupreg: iTunesHelper => => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Lync => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Messenger (Yahoo!) => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MRT => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Onboard => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PC Booster => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PDF Converter Elite Print Dispatcher => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Persistence => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSCONFIG\startupreg: RemoteControl11 => => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\S-Bar => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Steelhead Mobile => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WD Drive Unlocker => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WD Quick View => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WRSVC => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YouCam Mirage => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YouCam Tray => key not found.

========= RD /S /Q %WinDir%\System32\GroupPolicyUsers =========

The system cannot find the file specified.

========= End of CMD: =========


========= RD /S /Q %WinDir%\System32\GroupPolicy =========

The system cannot find the file specified.

========= End of CMD: =========


========= RD /S /Q %WinDir%\SysWOW64\GroupPolicyUsers =========

The system cannot find the path specified.

========= End of CMD: =========


========= RD /S /Q %WinDir%\SysWOW64\GroupPolicy =========

The system cannot find the path specified.

========= End of CMD: =========


========= RD /S /Q %WinDir%\SysNative\GroupPolicyUsers =========

The system cannot find the path specified.

========= End of CMD: =========


========= RD /S /Q %WinDir%\SysNative\GroupPolicy =========

The system cannot find the path specified.

========= End of CMD: =========


========= gpupdate /force =========

Updating Policy...



User Policy update has completed successfully.

Computer Policy update has completed successfully.




========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========


========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Ok.


========= End of CMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 1508947 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 9956369 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
LocalService => 0 B
NetworkService => 3698 B
MSI CR-460 => 14684554 B

RecycleBin => 135499 B
EmptyTemp: => 33.1 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 12:44:21 ====
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,395
551
Step 1: HijackThis Fix.

Locate the HijackThis file from within the Autologger Folder.
Close all other open programs prior to running this tool!!
Right Click Run as Administrator.
Click Scan.
Then checkmark the items listed below.


O4 - HKLM\..\Run: [IObit Malware Fighter] "C:\Program Files\IObit\IObit Malware Fighter\IMF.exe" /autostart
O4 - HKU\S-1-5-19\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe /autoRun
O4 - HKU\S-1-5-20\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe /autoRun
O4 - MSConfig\startupreg: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices (2016/08/08)
O4 - MSConfig\startupreg: [IJNetworkScannerSelectorEX] C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE (2017/02/04)
O4 - MSConfig\startupreg: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" (2017/02/04)
O4 - MSConfig\startupreg: [RemoteControl11] (2017/02/04) (no file)
O4 - MSConfig\startupreg: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" (2017/02/04)
O4 - MSConfig\startupreg: [iTunesHelper] (2012/02/27) (no file)
O23 - Service S3: Google Software Updater - (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O22 - ScheduledTask: (Disabled) TuneUpUtilities_Task_BkGndMaintenance2013 - {root} - C:\Program Files\AVG\AVG PC TuneUp\OneClick.exe $(Arg0) (file missing)



Now click on fix checked.
After the fix is complete, then reboot your machine.


Step 2: ClearLNK

Download ClearLNK save it to your desktop.
Drag the file Check_Browsers_LNK from your Collection log made earlier.
As per picture.
A report on the work as a file ClearLNK- <date> .log
Will be produced, post that log.




Step 3: AVZ Fix
Copy the content of the code box below.


Code:
begin
SetAVZGuardStatus(True);
 DelCLSID('{189F1E63-33A7-404B-B2F6-8C76A452CC54}');
 DelCLSID('{B19ED566-D419-470b-B111-3C89040BC027}');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','IObit Malware Fighter');
 DeleteFile('C:\windows\system32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013','32');
 DeleteFile('C:\Program Files\AVG\AVG PC TuneUp\OneClick.exe','32');
ExecuteSysClean;
RebootWindows(true);
end.
Open the folder you unzipped Autologger in. Double click the AVZ4 folder Right click AVZ run as admin.
Go to file -- Custom Scripts.

Paste the content of your clipboard into the Custom Script Area.
Click the Run Button.

The program will reboot your machine.
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,395
551
Hello @toreee how are you moving along with the instructions? Have you got an update for us?

Please update this thread within 48 hours, or it will be closed. You can however have it re-opened at any time, by sending a private message to a staff member. :)
 

toreee

PCHF Member
PCHF Member
Feb 4, 2017
68
2
36
Kuala Lumpur
attached is the file requested

ClearLNK by Alex Dragokas ver. 2.9.0.11

OS: x32 Windows 7 Starter, 6.1.7601, Service Pack: 1
Time: 25.02.2017 - 12:24
Language: OS: EN (0x409). Display: EN (0x409). Non-Unicode: unknown (0x4409)
Elevated: Yes
User: MSI CR-460 (group: Administrator)

_____________________________ Begin of Log ______________________________
.
[DEL ] 1 "C:\Users\MSI CR-460\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\µTorrent.lnk" (target was not recovered)
.
______________________________ Statistics _______________________________
Cure ran per today: 1 times.

Total processed: 1

Deleted: 1
______________________________ End of Log _______________________________CRC32: C51D6EFA
 

Attachments

toreee

PCHF Member
PCHF Member
Feb 4, 2017
68
2
36
Kuala Lumpur
ok already done everything as per your guide. when I click time to change the setting im still getting the same message.
 
Status
Not open for further replies.