Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-11-2017
Ran by Ø±ÙØ§Ø¶ (29-11-2017 16:20:17)
Running from C:\Users\Ø±ÙØ§Ø¶\Desktop
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2011-07-11 08:23:06)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3488952640-1886036067-2608822963-500 - Administrator - Disabled)
Guest (S-1-5-21-3488952640-1886036067-2608822963-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3488952640-1886036067-2608822963-1006 - Limited - Enabled)
Ø±ÙØ§Ø¶ (S-1-5-21-3488952640-1886036067-2608822963-1000 - Administrator - Enabled) => C:\Users\Ø±ÙØ§Ø¶

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Smart Security (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Smart Security (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Ø¬Ø¯Ø§Ø± Ø§ÙØ­ÙØ§ÙØ© Ø§ÙØ´Ø®ØµÙ ESET (Disabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 23 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Baidu WiFi Hotspot (HKLM\...\Baidu WiFi Hotspot) (Version: 5.1.4.124910 - Baidu, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.37 - Piriform)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
ESET Smart Security (HKLM\...\{F0947421-BAE4-4B7D-AE30-7FE45945845B}) (Version: 10.1.204.2 - ESET, spol. s r.o.)
F.lux (HKU\S-1-5-21-3488952640-1886036067-2608822963-1000\...\Flux) (Version:  - )
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 8.3.0.14878 - Foxit Software Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 62.0.3202.94 - Google Incâ.â)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Internet Download Manager (HKLM\...\Internet Download Manager) (Version:  - Tonec Inc.)
Java 8 Update 131 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110401-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Ralink RT2870 Wireless LAN Card (HKLM\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.11.0 - Ralink)
Realtek AC'97 Audio (HKLM\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version:  - )
Realtek PCI Fast Ethernet Controller Driver (HKLM\...\{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}) (Version: 6.112.123.2014 - Realtek)
TuneUp Utilities 2014 (en-US) (HKLM\...\{14C8CE46-C68C-461B-BCA9-E276A85851C6}) (Version: 14.0.1000.221 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (en-US) (HKLM\...\{A6F5703D-A4B1-4857-9EDD-DC0ABBBB0D96}) (Version: 13.0.3020.7 - TuneUp Software) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Ø­Ø²ÙØ© Ø§ÙØªÙØ§ÙÙ ÙÙØ¸Ø§Ù Office 2007 (HKLM\...\{90120000-0020-0401-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3488952640-1886036067-2608822963-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3488952640-1886036067-2608822963-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3488952640-1886036067-2608822963-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3488952640-1886036067-2608822963-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3488952640-1886036067-2608822963-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3488952640-1886036067-2608822963-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2015-08-14] (Tonec Inc.)
ContextMenuHandlers1: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-10-26] (ESET)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x86.dll [2017-03-31] (Foxit Software Inc.)
ContextMenuHandlers2: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-10-26] (ESET)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers6: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-10-26] (ESET)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x86.dll [2017-03-31] (Foxit Software Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0163AEAE-7C31-472F-BCDF-3F29AEC39A0D} - \{AF16D54E-4F96-4C7F-BA20-6BFE7AFD3FB0} -> No File <==== ATTENTION
Task: {033B8299-7942-4201-892C-A2353BB1EBAD} - \{9A0F40E0-12B6-472C-A1B0-D6014F1DE58E} -> No File <==== ATTENTION
Task: {0F6C9246-A962-4902-9905-72902CADD37E} - \{5A31C8BC-9B44-4E3D-AE18-E620C4C7206D} -> No File <==== ATTENTION
Task: {18263BC2-698D-4259-892C-E1F52B10A775} - \{03473F93-B3D8-41DB-807C-961C16A96BF9} -> No File <==== ATTENTION
Task: {1C0FBFE1-483A-40F8-8E27-D86F23398601} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3488952640-1886036067-2608822963-1000
Task: {22563144-C73A-484F-9BE1-25597A833D13} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-05-03] (Google Inc.)
Task: {2C3FAF1F-3CC8-44D0-BFDC-B8A80FC5E1B7} - \{941D2BF0-F5F5-4B7F-B318-8CD8E53796F5} -> No File <==== ATTENTION
Task: {37E331EA-7B28-4EA9-82F0-F58B478DA335} - System32\Tasks\{657AFAFA-6AB9-4359-B81C-E79D2823BD89} => msiexec.exe /package "C:\Users\Ø±ÙØ§Ø¶\Downloads\Programs\BlueStacks_HD_AppPlayerPro_setup_0.7.4.786_REL.msi"
Task: {3C2C3CE2-EBF2-4CAF-9FA7-FD098F95CB4A} - \{322CDE2D-2D0F-4690-88EC-7E8229618D7F} -> No File <==== ATTENTION
Task: {424EFAC2-E2A3-43E4-AAD6-5E84888D0D88} - System32\Tasks\{ABE190F5-B82D-4E0A-86E4-C7C8F7E8719A} => C:\Program Files\Nox\bin\Nox.exe
Task: {45FB95C0-C286-4C9C-9F72-2C4897D0AB2B} - \{E761DA40-2737-419C-9C88-2D5DF6869B18} -> No File <==== ATTENTION
Task: {4D959301-2C26-4BC1-883E-BC6691B13F26} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-11-08] (Piriform Ltd)
Task: {4DF652BD-C02D-4B1E-B19C-E437BECB9536} - \{8AC063A1-0D9A-4C1F-950E-1156970A53C7} -> No File <==== ATTENTION
Task: {50CAC92A-3AA9-459E-9201-3E9B64682094} - System32\Tasks\{16F715E6-D8E5-42C9-9FF0-335C149C2F8C} => C:\Program Files\Nox\bin\Nox.exe
Task: {53947287-F61E-439B-ABC8-BD9182A0641E} - \{4F9BB62C-7C66-4FCB-96BB-F6805B21C68A} -> No File <==== ATTENTION
Task: {53CEF070-C81E-4700-92AD-819AA4BAFC3D} - \{ED5BADB1-F00F-4EA3-B6F1-9B386C3291E4} -> No File <==== ATTENTION
Task: {5733AF9A-5B67-49BD-9E7E-EBABCF2F9E1A} - System32\Tasks\{633971A3-B0AB-4A9E-87D7-8C41E7BA7B83} => C:\Windows\system32\pcalua.exe -a "C:\Users\Ø±ÙØ§Ø¶\Desktop\Tech 4 All Wi-Fi Hack\2jumpstart.exe" -d "C:\Users\Ø±ÙØ§Ø¶\Desktop\Tech 4 All Wi-Fi Hack"
Task: {593B0447-33BB-47BB-8127-005BA0F850D7} - \{CC96062A-BA16-46B6-9444-CC764E8AEC3E} -> No File <==== ATTENTION
Task: {5B2BAA8B-F86E-4001-A605-6D866FC62EE4} - System32\Tasks\{659D5E10-10E2-4462-B254-B258EB876CF5} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\Nox\bin\Nox_unload.exe"
Task: {5C11522D-1C9C-4D0E-9B7A-5BA72D35130E} - \{032BC8D1-E903-442C-AD3D-663C978C3C89} -> No File <==== ATTENTION
Task: {61976A89-9FD1-4956-93B7-BC295A6CD108} - \{70A75179-EB46-4F0D-819C-1C5675BA0FCE} -> No File <==== ATTENTION
Task: {67094BA2-FECA-4F2B-A9C2-0EB45C849065} - System32\Tasks\{6D782A5C-9D63-4AC6-BAC0-13D6D060679B} => C:\Users\Ø±ÙØ§Ø¶\Desktop\Waircut V1.4\wAirCut.exe
Task: {691B6565-A31E-49C3-BFAC-E709BB6233EF} - \Java Update Scheduler -> No File <==== ATTENTION
Task: {6BA3813A-99F9-40BE-B2EA-55C636564D8C} - \{C4E1086F-5C8F-4B83-BCEF-AC2CE2C46D0C} -> No File <==== ATTENTION
Task: {6EDCEEB2-661F-4ABE-A892-7F16031A40EF} - \{78A82B56-A6F7-43AF-95BD-0A3A5936D939} -> No File <==== ATTENTION
Task: {727E3B41-3F56-42A8-BDE3-ED665791842C} - \{2B935064-2C4B-4E94-80BF-6CF1A8A59467} -> No File <==== ATTENTION
Task: {7419B812-D7A8-4E8B-ADD6-EBB1F4D63D22} - \SidebarExecute -> No File <==== ATTENTION
Task: {7D149F7C-3187-4F41-9863-CC2E40E4B11C} - \{D113C49F-8720-4AA8-92B2-01EB670E53D3} -> No File <==== ATTENTION
Task: {7E70318B-72DA-4E63-B71C-6971C11134CF} - \Google Updater and Installer -> No File <==== ATTENTION
Task: {81AF2E46-1AAF-4B4F-B693-4D950B505C86} - System32\Tasks\{0C2C8CD4-12CA-45B5-AD17-5838C1E65043} => C:\Windows\system32\pcalua.exe -a "C:\Users\Ø±ÙØ§Ø¶\Desktop\VGA Customized for QT10\IEGD_10_3_Windows\Utilities\Setup.exe" -d "C:\Users\Ø±ÙØ§Ø¶\Desktop\VGA Customized for QT10\IEGD_10_3_Windows\Utilities"
Task: {866EEBF8-A99C-4062-8549-B19F969320DF} - \{EF85664F-207D-4D40-85E1-988E27142DF7} -> No File <==== ATTENTION
Task: {8984E04A-8DF6-4366-8DF0-BEDFAE2BA1B5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-05-03] (Google Inc.)
Task: {89C86EB4-E708-49ED-944F-A82221AEF84C} - System32\Tasks\{AD245F7F-327B-4308-B637-3523FC182F92} => C:\Users\Ø±ÙØ§Ø¶\Desktop\airsnort-0.2.7e\bin\airsnort.exe
Task: {8F2181C5-0845-4C9C-957C-D925EE7D96B9} - \{56F02A15-328D-4EFF-BD66-44E861C19F7E} -> No File <==== ATTENTION
Task: {91316D64-78EC-4B95-8394-0607A0E7DA11} - \{3F83C32F-1F4D-4235-978A-3DF6E5AE9118} -> No File <==== ATTENTION
Task: {950E37CD-E8A8-45D6-8FB8-267286DB2B10} - \RealUpgradeScheduledTaskS-1-5-21-3488952640-1886036067-2608822963-1000 -> No File <==== ATTENTION
Task: {9AA37960-4D7B-4720-A11E-64A98E8F7A75} - \GlaryInitialize 5 -> No File <==== ATTENTION
Task: {A74C8925-0585-47EE-A3C6-1F33DEE428BC} - System32\Tasks\{606AEC81-1C21-46F2-8E01-DDC3A6F8CDBB} => C:\Users\Ø±ÙØ§Ø¶\Desktop\airsnort-0.2.7e\bin\airsnort.exe
Task: {AF484173-4666-4DBC-AE09-0EDDA6C5083F} - \{5204BD87-6A94-4F10-BD57-4A27EA6FECEF} -> No File <==== ATTENTION
Task: {B4FB8BE8-804A-4E62-95F7-75DEABC68E81} - System32\Tasks\Baidu LiveUpdate => C:\Program [Argument = Files\Baidu WiFiHotspot\liveupdate.exe]
Task: {B6C19619-952D-495E-AD1F-E53F6AE7B672} - \{21C72A91-079A-457A-8A16-327722DE3683} -> No File <==== ATTENTION
Task: {BADD67F3-0CF0-4B7E-94C8-85776DC02456} - System32\Tasks\{12D2E961-61E3-44C9-9F89-ACB4ECD23563} => C:\Program Files\Baidu WiFiHotspot\WifiHotspot.exe [2015-04-30] (Baidu, Inc.)
Task: {BCB8E5C0-9F28-40DB-B737-F9BFED18D568} - \{7DE0E98D-6DCC-43CD-A5E7-30B48962E5CD} -> No File <==== ATTENTION
Task: {BEE93C25-6F8D-4441-A021-2B3556BB1F37} - System32\Tasks\{3395D4F3-55A2-4E54-B11D-AC96738BBF0E} => C:\Windows\system32\pcalua.exe -a C:\Users\Ø±ÙØ§Ø¶\Downloads\Programs\DuOSInstaller.exe -d C:\Users\Ø±ÙØ§Ø¶\Downloads\Programs
Task: {BFDF6117-D59F-4CA8-B7F3-9946316A8641} - \{EB525EF4-EB7F-4AE1-80B1-17D7A17F20E1} -> No File <==== ATTENTION
Task: {C19B2E10-84D2-4C34-85A7-313571EBCEE0} - \{87896E32-7C92-4925-8FF9-08B7CAA383E6} -> No File <==== ATTENTION
Task: {C6888691-8AB5-480E-92A3-F2686FB51415} - \{A4A2A960-6BA9-4C49-A9F7-3C6BD32C586B} -> No File <==== ATTENTION
Task: {C89AF671-18F9-4DDA-B51E-95C733BD6D5E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-11-08] (Piriform Ltd)
Task: {CB8987FA-6DAA-4FBF-B810-AF5971D6327B} - \{5E5884D6-511D-476D-8FEE-4679E36B0AC4} -> No File <==== ATTENTION
Task: {CBC43EF5-11FA-48A5-9ED3-E50055688824} - \Real Player online update program -> No File <==== ATTENTION
Task: {D29BABA6-BB1C-467A-A19D-D031155C7902} - \{12EBF2BF-6DCF-470D-99E5-D35ABA35B42F} -> No File <==== ATTENTION
Task: {DA85C48F-6551-4776-A3A3-F7043908F799} - \{00F73461-0287-403E-9622-4686C1943159} -> No File <==== ATTENTION
Task: {DF1D2133-485C-4353-9219-1C9D87F841B9} - \{D5DBDEB0-62D0-4F6A-9F7C-3D322CBA4D41} -> No File <==== ATTENTION
Task: {E1424965-1DCD-4E92-BBE3-A9C09C1CD331} - \{4899A4A0-C77E-4243-9A11-7827047D88B0} -> No File <==== ATTENTION
Task: {E2FC7307-2C97-4A9D-A2BA-22C2486D6D66} - \{932CA38C-4745-468D-8D9A-798CAAA92E7B} -> No File <==== ATTENTION
Task: {EC244750-1DF3-4BC2-AA1D-BB6207D92644} - \{AD2250DA-7DD2-407F-A264-4D21856C57BA} -> No File <==== ATTENTION
Task: {EE11092A-EEAF-4C5F-BF87-69986E492855} - \{CF5B3E65-61BE-4798-9B18-DD90DA1970EB} -> No File <==== ATTENTION
Task: {F246901B-6DDD-4E15-937E-456CD736AF2C} - \SparkUpdater -> No File <==== ATTENTION
Task: {F2A7A843-563D-44D4-A8D7-A90E206581CB} - \{AD37C9E0-B25F-44AD-AFCA-B26DC87226A3} -> No File <==== ATTENTION
Task: {F961B6A0-7727-4A60-B24C-DB7D088E8629} - \{FCA782C9-EFC9-49C3-832C-5E30CC6D57CB} -> No File <==== ATTENTION
Task: {FF3E7136-D107-4E93-AC4A-93789813C025} - \{366537CB-DA3C-4D77-BD12-848353C22F91} -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2012-09-20 15:09 - 2010-03-15 10:28 - 000141824 _____ () C:\Program Files\WinRAR\rarext.dll
2017-11-24 18:53 - 2010-12-30 15:46 - 001033568 _____ () C:\Program Files\Ralink\Common\RaWLAPI.dll
2014-04-23 03:58 - 2014-04-23 03:58 - 001656416 _____ () C:\Program Files\My WIFI Router\bmser.exe
2014-04-23 03:58 - 2014-04-23 03:58 - 000193392 _____ () C:\Program Files\My WIFI Router\bmupdex.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\34106999.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\34106999.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7690 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2014-04-05 19:15 - 2017-11-25 17:13 - 000000168 __RSH C:\Windows\system32\Drivers\etc\hosts

127.0.0.1                   0.0.0.0 keystone-prod.elasticbeanstalk.com 
127.0.0.1                   0.0.0.0 serius.mwbsys.com 

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3488952640-1886036067-2608822963-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ø±ÙØ§Ø¶\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 77.88.8.7 - 77.88.8.3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A8DC8E4B-ECE8-4D42-A351-78AC99663ED3}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{849A153F-E24F-436B-8DB1-B91A92795A0C}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{6A31D732-9108-459B-BA96-F94DB97D52BB}] => (Allow) C:\Program Files\Baidu WiFiHotspot\WifiHotspot.exe
FirewallRules: [{9178B321-FBC5-48C7-A52A-84BA99B23CD5}] => (Allow) C:\Program Files\Baidu WiFiHotspot\WifiHotspot.exe

==================== Restore Points =========================

18-08-2017 07:05:47 Removed Jumpstart Installation Program
18-08-2017 07:09:56 Removed Ralink Wireless LAN
18-08-2017 07:22:28 Installed Jumpstart Installation Program
18-08-2017 07:29:06 Removed Jumpstart Installation Program
18-08-2017 10:17:03 Installed Jumpstart Installation Program
18-08-2017 11:00:31 Removed Jumpstart Installation Program
28-08-2017 17:28:20 Installed Jumpstart Installation Program
28-08-2017 17:42:42 Removed Jumpstart Installation Program
04-09-2017 23:32:18 Installed DriversCloud.com
05-09-2017 08:23:59 Ø§Ø¹Ø§Ø¯Ø© Ø§ÙÙØ¶Ø§Ù
05-09-2017 08:34:54 ØªØ«Ø¨ÙØª Ø­Ø²ÙØ© Ø¨Ø±ÙØ§ÙØ¬ ØªØ´ØºÙÙ Ø§ÙØ£Ø¬ÙØ²Ø©: Intel Corporation ÙØ­ÙÙØ§Øª Ø´Ø§Ø´Ø© Ø§ÙØ¹Ø±Ø¶
05-09-2017 08:37:28 Installed Realtek PCI Fast Ethernet Controller Driver
05-09-2017 17:21:50 Removed DriversCloud.com
07-09-2017 06:39:54 Installed Jumpstart Installation Program
07-09-2017 17:02:08 Installed BlueStacks
08-09-2017 07:23:57 Installed BlueStacks
09-09-2017 22:14:55 Removed Jumpstart Installation Program
11-09-2017 17:23:45 Installed Jumpstart Installation Program
11-09-2017 17:28:43 Removed Jumpstart Installation Program
18-09-2017 09:04:35 Installed Ralink Wireless LAN
19-10-2017 12:14:01 Installed Node.js
19-10-2017 15:59:38 Installed MalvaStyle Disk Repair.
19-10-2017 16:30:28 Removed MalvaStyle Disk Repair.
19-10-2017 20:20:51 Installed Oracle VM VirtualBox 5.1.10
20-10-2017 21:27:22 Removed Oracle VM VirtualBox 5.1.10
20-10-2017 21:33:51 Removed Node.js
26-10-2017 05:38:27 Removed Ralink Wireless LAN
26-10-2017 07:17:15 Installed Ralink Wireless LAN
08-11-2017 21:20:38 Installed Jumpstart Installation Program
09-11-2017 06:27:39 Removed Jumpstart Installation Program
15-11-2017 06:30:17 Installed Jumpstart Installation Program
15-11-2017 18:28:01 Removed Jumpstart Installation Program
21-11-2017 19:09:47 ØªØ«Ø¨ÙØª Ø­Ø²ÙØ© Ø¨Ø±ÙØ§ÙØ¬ ØªØ´ØºÙÙ Ø§ÙØ£Ø¬ÙØ²Ø©: Khalil Azzouzi Network Service
21-11-2017 20:24:51 Removed Ralink Wireless LAN
22-11-2017 06:37:42 Installed Ralink Wireless LAN
24-11-2017 18:16:36 Removed Ralink Wireless LAN
24-11-2017 18:50:00 Installed Ralink Wireless LAN
24-11-2017 20:56:23 Installed Maryfi - Arabic
24-11-2017 21:30:12 Removed Maryfi - Arabic
29-11-2017 06:39:53 zoek.exe restore point

==================== Faulty Device Manager Devices =============

Name: memudrv
Description: memudrv
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: memudrv
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/29/2017 03:57:15 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: ââÙØ´Ù Ø¥ÙØ´Ø§Ø¡ Ø³ÙØ§Ù Ø§ÙØªÙØ´ÙØ· ÙÙ "C:\Users\Ø±ÙØ§Ø¶\Downloads\delfix_1.013.exe". Ø­Ø¯Ø« Ø®Ø·Ø£ ÙÙ ÙÙÙ Ø§ÙØ¨ÙØ§Ù Ø£Ù ÙÙÙ Ø§ÙÙÙØ¬ C:\Users\Ø±ÙØ§Ø¶\Downloads\delfix_1.013.exe ÙÙ Ø§ÙØ³Ø·Ø± 0.
Ø¨ÙØ§Ø¡ Ø¬ÙÙØ© Xml ØºÙØ± ØµØ­ÙØ­.

Error: (11/29/2017 03:49:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ââØ§Ø³Ù ââØ§ÙØªØ·Ø¨ÙÙ Ø§ÙØ°Ù ÙØ­ØªÙÙ Ø¹ÙÙ Ø£Ø®Ø·Ø§Ø¡: mbamservice.exeØ Ø§ÙØ¥ØµØ¯Ø§Ø±: 3.1.0.556Ø Ø§ÙØ·Ø§Ø¨Ø¹ Ø§ÙØ²ÙÙÙ: 0x5988be8a
Ø§Ø³Ù Ø§ÙÙØ­Ø¯Ø© Ø§ÙÙÙØ·ÙØ© Ø§ÙØªÙ ØªØ­ØªÙÙ Ø¹ÙÙ Ø£Ø®Ø·Ø§Ø¡: mbamservice.exeØ Ø§ÙØ¥ØµØ¯Ø§Ø±: 3.1.0.556Ø Ø§ÙØ·Ø§Ø¨Ø¹ Ø§ÙØ²ÙÙÙ: 0x5988be8a
Ø±ÙØ² Ø§ÙØ§Ø³ØªØ«ÙØ§Ø¡: 0x40000015
Ø¥Ø²Ø§Ø­Ø© Ø§ÙØ®Ø·Ø£: 0x0022f878
ÙØ¹Ø±ÙÙ Ø§ÙØ¹ÙÙÙØ© Ø§ÙØªÙ ØªØ­ØªÙÙ Ø¹ÙÙ Ø®Ø·Ø£: 0x8e8
ÙÙØª Ø¨Ø¯Ø¡ ØªØ´ØºÙÙ Ø§ÙØªØ·Ø¨ÙÙ Ø§ÙØ°Ù ÙØ­ØªÙÙ Ø¹ÙÙ Ø®Ø·Ø£: 0x01d3691ed37792b1
ÙØ³Ø§Ø± Ø§ÙØªØ·Ø¨ÙÙ Ø§ÙØ°Ù ÙØ­ØªÙÙ Ø¹ÙÙ Ø®Ø·Ø£: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
 ÙØ³Ø§Ø± Ø§ÙÙØ­Ø¯Ø© Ø§ÙÙÙØ·ÙØ© Ø§ÙØªÙ ØªØ­ØªÙÙ Ø¹ÙÙ Ø®Ø·Ø£: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
ÙØ¹Ø±Ù Ø§ÙØªÙØ±ÙØ±: 7c9a4ccf-d514-11e7-ab4a-d8b6d67f26a5

Error: (11/28/2017 12:37:20 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={294C2F45-A410-4FBD-9255-C1ECD4841E48}: The user Ø±ÙØ§Ø¶-PC\Ø±ÙØ§Ø¶ dialed a connection named Ø§ØªØµØ§Ù ÙØ§Ø³Ø¹ Ø§ÙÙØ·Ø§Ù which has failed. The error code returned on failure is 651.

Error: (11/28/2017 06:09:37 AM) (Source: ESENT) (EventID: 454) (User: )
Description: taskhost (1888) WebCacheLocal: Database recovery/restore failed with unexpected error -551.

Error: (11/28/2017 06:09:37 AM) (Source: ESENT) (EventID: 517) (User: )
Description: taskhost (1888) WebCacheLocal: Database recovery failed with error -551 because it encountered references to a database, 'C:\Users\Ø±ÙØ§Ø¶\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat', which does not match the current set of logs. The database engine will not permit recovery to complete for this instance until the mismatching database is re-instated. If the database is truly no longer available or no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message.

Error: (11/28/2017 06:09:37 AM) (Source: ESENT) (EventID: 465) (User: )
Description: taskhost (1888) WebCacheLocal: Corruption was detected during soft recovery in logfile C:\Users\Ø±ÙØ§Ø¶\AppData\Local\Microsoft\Windows\WebCache\V01.log. The failing checksum record is located at position END. Data not matching the log-file fill pattern first appeared in sector 155 (0x0000009B). This logfile has been damaged and is unusable.

Error: (11/28/2017 06:09:37 AM) (Source: ESENT) (EventID: 465) (User: )
Description: taskhost (1888) WebCacheLocal: Corruption was detected during soft recovery in logfile C:\Users\Ø±ÙØ§Ø¶\AppData\Local\Microsoft\Windows\WebCache\V01.log. The failing checksum record is located at position END. Data not matching the log-file fill pattern first appeared in sector 155 (0x0000009B). This logfile has been damaged and is unusable.

Error: (11/28/2017 06:09:36 AM) (Source: ESENT) (EventID: 465) (User: )
Description: taskhost (1888) WebCacheLocal: Corruption was detected during soft recovery in logfile C:\Users\Ø±ÙØ§Ø¶\AppData\Local\Microsoft\Windows\WebCache\V01.log. The failing checksum record is located at position END. Data not matching the log-file fill pattern first appeared in sector 155 (0x0000009B). This logfile has been damaged and is unusable.

Error: (11/28/2017 05:59:00 AM) (Source: ESENT) (EventID: 492) (User: )
Description: DllHost (3088) WebCacheLocal: The logfile sequence in "C:\Users\Ø±ÙØ§Ø¶\AppData\Local\Microsoft\Windows\WebCache\" has been halted due to a fatal error.  No further updates are possible for the databases that use this logfile sequence.  Please correct the problem and restart or restore from backup.

Error: (11/28/2017 05:59:00 AM) (Source: ESENT) (EventID: 413) (User: )
Description: DllHost (3088) WebCacheLocal: Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.


System errors:
=============
Error: (11/29/2017 03:34:36 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: ââÙÙ ÙØªÙ Ø¨Ø¯Ø¡ ØªØ´ØºÙÙ Ø§ÙØ®Ø¯ÙØ© 'WMPNetworkSvc' Ø¨Ø´ÙÙÙ ØµØ­ÙØ­ ÙØ£Ù CoCreateInstance(CLSID_UPnPDeviceFinder)â ÙØ§Ø¬Ù Ø§ÙØ®Ø·Ø£ '0x80070422'. ØªØ­ÙÙ ÙÙ ØªØ´ØºÙÙ Ø®Ø¯ÙØ© UPnPHost ÙÙÙ ØªØ«Ø¨ÙØª ÙÙÙÙ UPnPHost ÙÙ Windows Ø¨Ø´ÙÙÙ ØµØ­ÙØ­.

Error: (11/29/2017 03:33:16 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: ââØªÙ Ø§ÙÙØµÙÙ Ø¥ÙÙ ÙÙØ§ÙØ© Ø§ÙÙÙÙØ© (30000 ÙÙÙÙ Ø«Ø§ÙÙØ©) Ø£Ø«ÙØ§Ø¡ Ø§ÙØªØ¸Ø§Ø± Ø§Ø³ØªØ¬Ø§Ø¨Ø© ÙØ¹Ø§ÙÙØ© ÙÙ Ø§ÙØ®Ø¯ÙØ© Browser.

Error: (11/29/2017 03:32:09 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: ââÙØ´Ù ØªØ­ÙÙÙ Ø¨Ø±ÙØ§ÙØ¬ Ø§ÙØªØ´ØºÙÙ Ø§ÙØªØ§ÙÙ Ø§ÙØ®Ø§Øµ Ø¨Ø¨Ø¯Ø¡ ØªØ´ØºÙÙ Ø§ÙÙØ¸Ø§Ù Ø£Ù ØªÙÙÙØ¯ ÙÙØªØ´ØºÙÙ: 
VBoxNetAdp

Error: (11/29/2017 03:31:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: ââÙØ´Ù Ø¨Ø¯Ø¡ ØªØ´ØºÙÙ Ø§ÙØ®Ø¯ÙØ© memudrv Ø¨Ø³Ø¨Ø¨ Ø§ÙØ®Ø·Ø£ Ø§ÙØªØ§ÙÙ: 
ââÙØªØ¹Ø°Ø± Ø¹ÙÙ Ø§ÙÙØ¸Ø§Ù Ø§ÙØ¹Ø«ÙØ± Ø¹ÙÙ Ø§ÙÙØ³Ø§Ø± Ø§ÙÙØ­Ø¯Ø¯.

Error: (11/29/2017 03:31:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: ââÙØ´Ù Ø¨Ø¯Ø¡ ØªØ´ØºÙÙ Ø§ÙØ®Ø¯ÙØ© Intel AGP Bus Filter Ø¨Ø³Ø¨Ø¨ Ø§ÙØ®Ø·Ø£ Ø§ÙØªØ§ÙÙ: 
ââÙØªØ¹Ø°Ø± Ø¨Ø¯Ø¡ ØªØ´ØºÙÙ Ø§ÙØ®Ø¯ÙØ©Ø Ø¥ÙØ§ ÙÙÙÙÙØ§ ÙØ¹Ø·ÙØ© Ø£Ù ÙØ¹Ø¯Ù ÙØ¬ÙØ¯ Ø£Ù Ø£Ø¬ÙØ²Ø© ÙÙÙÙÙØ© ÙØ±ÙÙØ© Ø¨ÙØ§.

Error: (11/29/2017 12:03:54 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: ââÙÙ ÙØªÙ Ø¨Ø¯Ø¡ ØªØ´ØºÙÙ Ø§ÙØ®Ø¯ÙØ© 'WMPNetworkSvc' Ø¨Ø´ÙÙÙ ØµØ­ÙØ­ ÙØ£Ù CoCreateInstance(CLSID_UPnPDeviceFinder)â ÙØ§Ø¬Ù Ø§ÙØ®Ø·Ø£ '0x80070422'. ØªØ­ÙÙ ÙÙ ØªØ´ØºÙÙ Ø®Ø¯ÙØ© UPnPHost ÙÙÙ ØªØ«Ø¨ÙØª ÙÙÙÙ UPnPHost ÙÙ Windows Ø¨Ø´ÙÙÙ ØµØ­ÙØ­.

Error: (11/29/2017 12:02:55 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: ââØªÙ Ø§ÙÙØµÙÙ Ø¥ÙÙ ÙÙØ§ÙØ© Ø§ÙÙÙÙØ© (30000 ÙÙÙÙ Ø«Ø§ÙÙØ©) Ø£Ø«ÙØ§Ø¡ Ø§ÙØªØ¸Ø§Ø± Ø§Ø³ØªØ¬Ø§Ø¨Ø© ÙØ¹Ø§ÙÙØ© ÙÙ Ø§ÙØ®Ø¯ÙØ© Browser.

Error: (11/29/2017 12:01:50 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: ââÙØ´Ù ØªØ­ÙÙÙ Ø¨Ø±ÙØ§ÙØ¬ Ø§ÙØªØ´ØºÙÙ Ø§ÙØªØ§ÙÙ Ø§ÙØ®Ø§Øµ Ø¨Ø¨Ø¯Ø¡ ØªØ´ØºÙÙ Ø§ÙÙØ¸Ø§Ù Ø£Ù ØªÙÙÙØ¯ ÙÙØªØ´ØºÙÙ: 
VBoxNetAdp

Error: (11/29/2017 12:01:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: ââÙØ´Ù Ø¨Ø¯Ø¡ ØªØ´ØºÙÙ Ø§ÙØ®Ø¯ÙØ© memudrv Ø¨Ø³Ø¨Ø¨ Ø§ÙØ®Ø·Ø£ Ø§ÙØªØ§ÙÙ: 
ââÙØªØ¹Ø°Ø± Ø¹ÙÙ Ø§ÙÙØ¸Ø§Ù Ø§ÙØ¹Ø«ÙØ± Ø¹ÙÙ Ø§ÙÙØ³Ø§Ø± Ø§ÙÙØ­Ø¯Ø¯.

Error: (11/29/2017 12:01:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: ââÙØ´Ù Ø¨Ø¯Ø¡ ØªØ´ØºÙÙ Ø§ÙØ®Ø¯ÙØ© Intel AGP Bus Filter Ø¨Ø³Ø¨Ø¨ Ø§ÙØ®Ø·Ø£ Ø§ÙØªØ§ÙÙ: 
ââÙØªØ¹Ø°Ø± Ø¨Ø¯Ø¡ ØªØ´ØºÙÙ Ø§ÙØ®Ø¯ÙØ©Ø Ø¥ÙØ§ ÙÙÙÙÙØ§ ÙØ¹Ø·ÙØ© Ø£Ù ÙØ¹Ø¯Ù ÙØ¬ÙØ¯ Ø£Ù Ø£Ø¬ÙØ²Ø© ÙÙÙÙÙØ© ÙØ±ÙÙØ© Ø¨ÙØ§.


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) Dual CPU E2160 @ 1.80GHz
Percentage of memory in use: 71%
Total physical RAM: 1014.49 MB
Available physical RAM: 293.22 MB
Total Virtual: 2632.35 MB
Available Virtual: 1004.55 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:78.13 GB) (Free:15 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:78.13 GB) (Free:77.98 GB) NTFS
Drive e: () (Fixed) (Total:78.13 GB) (Free:72.08 GB) NTFS
Drive f: () (Fixed) (Total:231.37 GB) (Free:227.05 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 18931892)
Partition 1: (Active) - (Size=78.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=387.6 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================