Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2017 Ran by hp (08-11-2017 11:29:06) Running from C:\Users\hp\Desktop Windows 7 Professional Service Pack 1 (X64) (2017-05-10 17:19:15) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-504977819-1237746315-2494449549-500 - Administrator - Disabled) Guest (S-1-5-21-504977819-1237746315-2494449549-501 - Limited - Disabled) hp (S-1-5-21-504977819-1237746315-2494449549-1000 - Administrator - Enabled) => C:\Users\hp ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: AVG Antivirus (Disabled - Out of date) {4D41356F-32AD-7C42-C820-63775EE4F413} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG Antivirus (Disabled - Out of date) {F620D48B-1497-73CC-F290-58052563BEAE} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated) Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated) Apple Application Support (32-bit) (HKLM-x32\...\{3D1290E6-1F77-46D5-A715-A56679C8D4E3}) (Version: 6.0.2 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{D0E45DEC-F4B9-4370-A9DF-66837789C2EF}) (Version: 6.0.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{E3C4B99B-BE71-4C27-8E3C-4FAE3C46E1D5}) (Version: 11.0.0.30 - Apple Inc.) Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.) AVG (HKLM\...\{BA40B3B4-7707-437E-84FF-8C18BE5AD9B6}) (Version: 1.211.2 - AVG Technologies) Hidden AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 17.7.3032 - AVG Technologies) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) ByteFence Anti-Malware (HKLM-x32\...\ByteFence) (Version: 3.16.0.1 - Byte Technologies LLC) <==== ATTENTION CCleaner (HKLM\...\CCleaner) (Version: 5.36 - Piriform) Chromium (HKLM-x32\...\{2E64C6A4-7EE4-1724-CF64-67A41FE4B424}) (Version: - ) ÊÍÏíË áÜ Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0401-0000-0000000FF1CE}_OMUI.ar-sa_{77A2A458-985F-490F-A258-D6B612F6E8BF}) (Version: - Microsoft) ÊÍÏíË áÜ Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0401-0000-0000000FF1CE}_OMUI.ar-sa_{0A800271-844D-4C58-8954-809C424462AF}) (Version: - Microsoft) ÊÍÏíË áÜ Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0401-0000-0000000FF1CE}_OMUI.ar-sa_{543B51B2-9613-45A1-AAE4-329D821E94AF}) (Version: - Microsoft) FMW 1 (HKLM\...\{36133E9F-B129-4206-9FB4-13F707787542}) (Version: 1.226.3 - AVG Technologies) Hidden FormatFactory 2.30 (HKLM-x32\...\FormatFactory) (Version: 2.30 - Free Time) Foxit Reader 6.0.6.722 (HKLM\...\Foxit Reader) (Version: v 6.0.6.722 - oszone.net) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.89 - Google Inc‎.‎) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.123 - Google Inc.) Hidden Hex Workshop v4.23 (HKLM-x32\...\Hex Workshop v4.20) (Version: - ) iBackupBot 5.4.4 (HKLM-x32\...\iBackupBot) (Version: 5.4.4 - VOWSoft, Ltd.) iCloud (HKLM\...\{C510BB61-AE0B-4420-87AF-9CF646E86364}) (Version: 6.2.3.17 - Apple Inc.) Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.11.1193 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3325 - Intel Corporation) Intel® Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden iTunes (HKLM\...\{94E81D4F-FB5A-4B29-B385-33896CC9BE7E}) (Version: 12.7.0.166 - Apple Inc.) Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle) K-Lite Codec Pack 8.9.5 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 8.9.5 - ) Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation) Microsoft .NET Framework 4.7 (العربية) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1025) (Version: 4.7.02053 - Microsoft Corporation) Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0100-0401-0000-0000000FF1CE}_OMUI.ar-sa_{EC74604A-5842-4FE1-8933-76D68C5FA677}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Language Pack 2007 - Arabic العربية (HKLM-x32\...\OMUI.ar-sa) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable - x64 8.0.61000 (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{dde2682b-961a-41ea-8d44-6005991b7947}) (Version: 11.0.60610.1 - Корпорация Майкрософт) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{01db25f3-1b76-4d97-88c8-1c90634d88fb}) (Version: 11.0.60610.1 - Корпорация Майкрософт) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{51adbf11-493f-431c-a862-967a0fae2944}) (Version: 12.0.21005.1 - Корпорация Майкрософт) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}) (Version: 12.0.21005.1 - Корпорация Майкрософт) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation) Mozilla Firefox 56.0.2 (x64 ar) (HKLM\...\Mozilla Firefox 56.0.2 (x64 ar)) (Version: 56.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 56.0.1 - Mozilla) PowerISO (HKLM-x32\...\PowerISO) (Version: 6.7 - Power Software Ltd) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8254 - Realtek Semiconductor Corp.) Revo Uninstaller 2.0.3 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.3 - VS Revo Group, Ltd.) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN) WinRAR 5.50 (64-بت) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH) حزمة برامج تشغيل Windows - Silicon Laboratories Inc. (silabser) Ports (11/30/2016 6.7.4.261) (HKLM\...\E1147FA244B18EE02F4294E28EB7EA5D477F56F7) (Version: 11/30/2016 6.7.4.261 - Silicon Laboratories Inc.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-504977819-1237746315-2494449549-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2017-11-06] (AVG Technologies CZ, s.r.o.) ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2013-04-06] (Foxit Corporation) ContextMenuHandlers1-x32: [HexWorkshopContextMenu] -> {DB34D5DC-D41A-482E-A5EF-8FA0F88761DA} => C:\Program Files (x86)\BreakPoint Software\Hex Workshop 4.2\hwext.dll [2004-02-16] (BreakPoint Software, Inc.) ContextMenuHandlers1-x32: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2017-07-14] (Apple Inc.) ContextMenuHandlers1-x32: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2016-10-02] (Power Software Ltd) ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal) ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal) ContextMenuHandlers2-x32: [HexWorkshopContextMenu] -> {DB34D5DC-D41A-482E-A5EF-8FA0F88761DA} => C:\Program Files (x86)\BreakPoint Software\Hex Workshop 4.2\hwext.dll [2004-02-16] (BreakPoint Software, Inc.) ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2016-10-02] (Power Software Ltd) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2017-05-18] (Intel Corporation) ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\Windows\system32\igfxOSP.dll [2017-05-18] (Intel Corporation) ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2017-11-06] (AVG Technologies CZ, s.r.o.) ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2016-10-02] (Power Software Ltd) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {1AECA0C8-3007-4892-881D-B50DF5DB67E4} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2017-09-14] (Realtek Semiconductor) Task: {1F949C59-E363-4576-B9BB-033FC4D79C88} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation) Task: {374C1872-AAF9-435E-8457-F1D68A3B3FA1} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe [2017-10-03] (Byte Technologies LLC) <==== ATTENTION Task: {38AC2F42-94BC-473C-AFBF-7E0F7B27BB3D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-11-07] (Google Inc.) Task: {3E7B18DC-F140-44D0-A314-2ACEC47267B5} - System32\Tasks\{09EFE65B-EEAC-1578-6D4F-262652E9D19F} => C:\Users\hp\AppData\Roaming\09EFE65B-EEAC-1578-6D4F-262652E9D19F\Sync.exe [2013-04-09] () <==== ATTENTION Task: {4521B1CD-2B7B-4F9C-A960-6F9B28BC6177} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2017-11-06] (AVG Technologies CZ, s.r.o.) Task: {454EC784-C086-4B05-8F56-CE52DEC1CE49} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft) Task: {51BBDCD8-A5E7-4DCA-8268-56CFA8B0FE42} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-27] (Adobe Systems Incorporated) Task: {54AB3F55-9A4B-4256-A5C2-D210011ADF69} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation) Task: {5E0ED458-043D-4DE7-B9C6-F7DD544D9ABE} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe Task: {64EC5A95-FE85-472A-8640-31F8E30375AF} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-10-18] (Piriform Ltd) Task: {691C7CCD-B349-45A2-B2F8-82B68B740844} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-02-19] (Intel(R) Corporation) Task: {821FBEBE-E1F4-4CAA-BB86-B8F21864DB54} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.) Task: {90D1400E-91E2-43A4-A8E5-02344C6A7F1D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-11-07] (Google Inc.) Task: {A014F30B-0AFA-4B2A-B408-0A79606AA029} - System32\Tasks\Chromium lonos => "wscript.exe" "C:\ProgramData\{A6266345-2C64-E983-AAA2-77C130E0FC0F}\dole.txt" "68747470733a2f2f6b6174756e61712e636f6d" "433a5c50726f6772616d446174615c7b41363236363334352d324336342d453938332d414141322d3737433133304530464330467d5c6d69726f7365" "433a5c50726f6772616d446174615c7b41363236363334352d324336342d453938332d (the data entry has 84 more characters). <==== ATTENTION Task: {AA154975-BE68-49F6-BEF2-0F7C3573F638} - System32\Tasks\{616EA7A6-ED42-4B76-90E4-C81BD7468EF7} => C:\Users\hp\Desktop\Hi3796Mv100_Ott950_Recovery_tbstn\Hi3796Mv100_Ott950_Recovery_tbstn\Hi3796Mv100_Recovery.exe Task: {AD0D1FF1-9376-47A5-84E7-85FA1E101EE1} - System32\Tasks\Driver Booster SkipUAC (hp) => C:\Program Files (x86)\IObit\Driver Booster\5.0.3\DriverBooster.exe Task: {B70971D0-6B56-4FBB-953F-E7AF6D19B068} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-10-18] (Piriform Ltd) Task: {D68303C5-84F3-466D-87FE-14225F2027BF} - System32\Tasks\{62B62CAF-BC56-4E95-B2BA-8456F54E49A7} => C:\Windows\system32\pcalua.exe -a C:\Users\hp\Desktop\MPALL_F1_7F00_DL07_v503_0A\MPALL_F1_7F00_DL07_v503_0A.exe -d C:\Users\hp\Desktop\MPALL_F1_7F00_DL07_v503_0A Task: {DE80F1EF-2A3D-4EEE-851E-8725FE2C2B92} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\5.0.3\Scheduler.exe Task: {E77BAA9A-A4F8-4348-8AB3-295FDC452D45} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation) Task: {E7A9C840-5321-44CA-B199-8C0450251EA7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated) Task: {EABD1B32-7F2D-4906-AF65-1BACAA69CD2C} - System32\Tasks\{FB5528F6-3F72-43B8-B505-C1B64E5A3E2B} => C:\Windows\system32\pcalua.exe -a C:\Users\hp\Desktop\Zyzoom_CyberScrub_Privacy_Suite_2.exe -d C:\Users\hp\Desktop Task: {EB02381F-D652-4B1C-894A-712498C62C51} - \Microsoft\Windows\MUI\LPRemove -> No File <==== ATTENTION Task: {ED66644A-2BA4-43EC-9A20-EC6482519F38} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation) Task: {F594797D-22F3-45EF-BA03-24E921FCE6E7} - System32\Tasks\{6817B800-EA8A-4031-AB9A-3036026D888A} => C:\Windows\system32\pcalua.exe -a C:\Users\hp\Desktop\OnLineRecovery_v1.0.0.31\OnLineRecovery_v1.0.0.31.exe -d C:\Users\hp\Desktop\OnLineRecovery_v1.0.0.31 (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\PC Health Advisor Defrag.job => C:\Program Files (x86)\ParetoLogic\PCHA\PCHA.exe <==== ATTENTION Task: C:\Windows\Tasks\PC Health Advisor Update.job => C:\Program Files (x86)\ParetoLogic\PCHA\PCHA.exe <==== ATTENTION Task: C:\Windows\Tasks\PC Health Advisor.job => C:\Program Files (x86)\ParetoLogic\PCHA\PCHA.exe <==== ATTENTION Task: C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - hp).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe Task: C:\Windows\Tasks\{09EFE65B-EEAC-1578-6D4F-262652E9D19F}.job => C:\Users\hp\AppData\Roaming\09EFE6~1\Sync.exe <==== ATTENTION ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\hp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d03375a51f69e710\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=wutelereeacultgrujent ==================== Loaded Modules (Whitelisted) ============== 2017-09-01 02:49 - 2017-09-01 02:49 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2017-05-09 00:44 - 2017-05-09 00:44 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2017-03-07 21:18 - 2017-03-07 21:18 - 000582936 ____C () C:\Program Files\ByteFence\rsLggr.exe 2017-11-08 10:30 - 2017-11-08 10:31 - 000302920 ____C () C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe 2017-11-08 10:30 - 2017-11-08 10:31 - 000620872 ____C () C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe 2017-11-06 11:02 - 2017-11-06 11:02 - 000060160 ____C () C:\Program Files (x86)\AVG\Antivirus\module_lifetime.dll 2017-11-06 11:02 - 2017-11-06 11:02 - 000168216 ____C () C:\Program Files (x86)\AVG\Antivirus\JsonRpcServer.dll 2017-11-06 11:02 - 2017-11-06 11:02 - 000218208 ____C () C:\Program Files (x86)\AVG\Antivirus\event_routing_rpc.dll 2017-11-06 11:02 - 2017-11-06 11:02 - 000245704 ____C () C:\Program Files (x86)\AVG\Antivirus\tasks_core.dll 2017-11-06 11:02 - 2017-11-06 11:02 - 000152224 ____C () C:\Program Files (x86)\AVG\Antivirus\network_notifications.dll 2017-11-07 12:51 - 2017-11-07 12:51 - 005878624 ____C () C:\Program Files (x86)\AVG\Antivirus\defs\17110700\algo.dll 2017-11-06 11:02 - 2017-11-06 11:03 - 000704456 ____C () C:\Program Files (x86)\AVG\Antivirus\ffl2.dll 2017-11-06 11:02 - 2017-11-06 11:02 - 000242568 ____C () C:\Program Files (x86)\AVG\Antivirus\streamback.dll 2017-11-06 10:58 - 2017-11-06 10:58 - 048920064 ____C () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll 2016-05-09 22:57 - 2016-05-09 22:57 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2017-11-08 10:20 - 2017-08-04 09:49 - 003511808 ____C () C:\Users\hp\AppData\Local\chromium\Application\62.0.3177.0\libglesv2.dll 2017-11-08 10:20 - 2017-08-04 09:49 - 000079872 ____C () C:\Users\hp\AppData\Local\chromium\Application\62.0.3177.0\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{0CBD4F48-3751-475D-BE88-4F271385B672} => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 05:34 - 2017-11-08 10:31 - 000002138 _____ C:\Windows\system32\Drivers\etc\hosts 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com 0.0.0.0 media.opencandy.com 0.0.0.0 cdn.opencandy.com 0.0.0.0 tracking.opencandy.com 0.0.0.0 api.opencandy.com 0.0.0.0 api.recommendedsw.com 0.0.0.0 rp.yefeneri2.com 0.0.0.0 os.yefeneri2.com 0.0.0.0 os2.yefeneri2.com 0.0.0.0 installer.betterinstaller.com 0.0.0.0 installer.filebulldog.com 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net 0.0.0.0 inno.bisrv.com 0.0.0.0 nsis.bisrv.com 0.0.0.0 cdn.file2desktop.com 0.0.0.0 cdn.goateastcach.us 0.0.0.0 cdn.guttastatdk.us 0.0.0.0 cdn.inskinmedia.com 0.0.0.0 cdn.insta.oibundles2.com 0.0.0.0 cdn.insta.playbryte.com 0.0.0.0 cdn.llogetfastcach.us 0.0.0.0 cdn.montiera.com 0.0.0.0 cdn.msdwnld.com 0.0.0.0 cdn.mypcbackup.com 0.0.0.0 cdn.ppdownload.com 0.0.0.0 cdn.riceateastcach.us 0.0.0.0 cdn.shyapotato.us 0.0.0.0 cdn.solimba.com 0.0.0.0 cdn.tuto4pc.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-504977819-1237746315-2494449549-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\hp\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 8.8.8.8 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\startupreg: iCloudDrive => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe MSCONFIG\startupreg: iCloudPhotos => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{D863CF06-E230-42DE-B637-92EB07F2DC00}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{ED43E4C2-E5C5-493E-907A-24D8AF92C6C5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{9801E36B-5513-47AE-8CBA-5B272D7B99EA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{3E4F84DB-8F80-43BF-8E34-2F10E2C970F9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{CBA19945-AF75-4AA0-B4F0-10F43A2C6E8B}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{FA77D51A-FC4A-4318-A9CF-C9C7F91ED404}] => (Allow) C:\Users\hp\Desktop\Tech tool store tools\TechToolStore64.exe FirewallRules: [{1590857A-4D8B-4A5C-BD0F-5E6C0F8B29D8}] => (Allow) C:\Users\hp\Desktop\Tech tool store tools\TechToolStore64.exe FirewallRules: [{6D435DDE-78D7-41E0-AED3-51654923C266}] => (Allow) C:\Users\hp\Desktop\Tech tool store tools\TechToolStore64.exe FirewallRules: [{4EA0A876-E74E-4449-BC36-C303180AB0F2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{F1A283D8-1A8A-4A88-9A70-ED1FDA81761F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{93B55ADD-9EA6-4412-8A07-E29EB8802C72}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{17FCDD24-C295-47B8-ABB4-4053EAB49400}] => (Allow) C:\Users\hp\AppData\Local\Chromium\Application\chrome.exe ==================== Restore Points ========================= 07-11-2017 10:34:10 zoek.exe restore point 07-11-2017 10:52:20 Installed Google Chrome 07-11-2017 10:52:57 Installed Google Chrome 07-11-2017 11:28:09 zoek.exe restore point 07-11-2017 12:37:50 Revo Uninstaller's restore point - Spy Emergency 2017-24.0.600 07-11-2017 12:51:50 Revo Uninstaller's restore point - Spy Emergency 2017-24.0.600 07-11-2017 12:55:48 Revo Uninstaller's restore point - Avast Free Antivirus 07-11-2017 12:59:51 Revo Uninstaller's restore point - SharewareOnSale Notifier 07-11-2017 13:01:04 Revo Uninstaller's restore point - MyPhoneExplorer 07-11-2017 13:02:24 Revo Uninstaller's restore point - Panda Cloud Cleaner 07-11-2017 13:03:46 Revo Uninstaller's restore point - McAfee WebAdvisor 07-11-2017 13:07:36 Revo Uninstaller's restore point - Malwarebytes version 3.3.1.2183 08-11-2017 10:48:01 Revo Uninstaller's restore point - AIMP Classic ==================== Faulty Device Manager Devices ============= Name: 802.11n USB Wireless LAN Card #2 Description: 802.11n USB Wireless LAN Card Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Ralink Technology, Corp. Service: rt2870 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (11/08/2017 10:48:01 AM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, ‏‏تم رفض الوصول. . This is often caused by incorrect security settings in either the writer or requestor process. العملية: تجميع بيانات الكاتب السياق: معرف فئة الكاتب: {e8132975-6f93-4464-a53e-1050253ae220} اسم الكاتب: System Writer معرف مثيل الكاتب: {2541e9fd-0adb-4261-a7d0-26fcc7f1e107} Error: (11/08/2017 09:14:20 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (11/07/2017 01:23:02 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (11/07/2017 01:19:26 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (11/07/2017 01:07:37 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: فشلت "خدمات التشفير" أثناء معالجة استدعاء OnIdentity() الموجود في كائن "كاتب النظام". Details: AddWin32ServiceFiles: Unable to back up image of service Avast Antivirus since QueryServiceConfig API failed System Error: ‏‏يتعذر على النظام العثور على الملف المحدد. . Error: (11/07/2017 01:07:37 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: فشلت "خدمات التشفير" أثناء معالجة استدعاء OnIdentity() الموجود في كائن "كاتب النظام". Details: AddWin32ServiceFiles: Unable to back up image of service aswbIDSAgent since QueryServiceConfig API failed System Error: ‏‏يتعذر على النظام العثور على الملف المحدد. . Error: (11/07/2017 01:07:37 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: فشلت "خدمات التشفير" أثناء معالجة استدعاء OnIdentity() الموجود في كائن "كاتب النظام". Details: AddLegacyDriverFiles: Unable to back up image of binary aswSP. System Error: ‏‏يتعذر على النظام العثور على الملف المحدد. . Error: (11/07/2017 01:07:37 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: فشلت "خدمات التشفير" أثناء معالجة استدعاء OnIdentity() الموجود في كائن "كاتب النظام". Details: AddLegacyDriverFiles: Unable to back up image of binary aswRvrt. System Error: ‏‏يتعذر على النظام العثور على الملف المحدد. . Error: (11/07/2017 01:07:37 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: فشلت "خدمات التشفير" أثناء معالجة استدعاء OnIdentity() الموجود في كائن "كاتب النظام". Details: AddLegacyDriverFiles: Unable to back up image of binary aswMonFlt. System Error: ‏‏يتعذر على النظام العثور على الملف المحدد. . Error: (11/07/2017 01:03:48 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: فشلت "خدمات التشفير" أثناء معالجة استدعاء OnIdentity() الموجود في كائن "كاتب النظام". Details: AddWin32ServiceFiles: Unable to back up image of service Avast Antivirus since QueryServiceConfig API failed System Error: ‏‏يتعذر على النظام العثور على الملف المحدد. . System errors: ============= Error: (11/08/2017 11:27:56 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: ‏‏تعتمد الخدمة Computer Browser على الخدمة Workstation التي فشلت في بدء التشغيل بسبب الخطأ التالي: ‏‏فشل في بدء تشغيل خدمة أو مجموعة التبعية. Error: (11/08/2017 11:27:56 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: ‏‏تعتمد الخدمة Workstation على الخدمة SMB 1.x MiniRedirector التي فشلت في بدء التشغيل بسبب الخطأ التالي: ‏‏يتعذر بدء تشغيل الخدمة، إما لكونها معطلة أو لعدم وجود أي أجهزة ممكّنة مرفقة بها. Error: (11/08/2017 11:27:56 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: ‏‏تعتمد الخدمة Computer Browser على الخدمة Workstation التي فشلت في بدء التشغيل بسبب الخطأ التالي: ‏‏فشل في بدء تشغيل خدمة أو مجموعة التبعية. Error: (11/08/2017 11:27:56 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: ‏‏تعتمد الخدمة Workstation على الخدمة SMB 1.x MiniRedirector التي فشلت في بدء التشغيل بسبب الخطأ التالي: ‏‏يتعذر بدء تشغيل الخدمة، إما لكونها معطلة أو لعدم وجود أي أجهزة ممكّنة مرفقة بها. Error: (11/08/2017 11:27:56 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: ‏‏تعتمد الخدمة Computer Browser على الخدمة Workstation التي فشلت في بدء التشغيل بسبب الخطأ التالي: ‏‏فشل في بدء تشغيل خدمة أو مجموعة التبعية. Error: (11/08/2017 11:27:56 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: ‏‏تعتمد الخدمة Workstation على الخدمة SMB 1.x MiniRedirector التي فشلت في بدء التشغيل بسبب الخطأ التالي: ‏‏يتعذر بدء تشغيل الخدمة، إما لكونها معطلة أو لعدم وجود أي أجهزة ممكّنة مرفقة بها. Error: (11/08/2017 11:27:14 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: ‏‏تعتمد الخدمة Computer Browser على الخدمة Workstation التي فشلت في بدء التشغيل بسبب الخطأ التالي: ‏‏فشل في بدء تشغيل خدمة أو مجموعة التبعية. Error: (11/08/2017 11:27:14 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: ‏‏تعتمد الخدمة Workstation على الخدمة SMB 1.x MiniRedirector التي فشلت في بدء التشغيل بسبب الخطأ التالي: ‏‏يتعذر بدء تشغيل الخدمة، إما لكونها معطلة أو لعدم وجود أي أجهزة ممكّنة مرفقة بها. Error: (11/08/2017 11:27:14 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: ‏‏تعتمد الخدمة Computer Browser على الخدمة Workstation التي فشلت في بدء التشغيل بسبب الخطأ التالي: ‏‏فشل في بدء تشغيل خدمة أو مجموعة التبعية. Error: (11/08/2017 11:27:14 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: ‏‏تعتمد الخدمة Workstation على الخدمة SMB 1.x MiniRedirector التي فشلت في بدء التشغيل بسبب الخطأ التالي: ‏‏يتعذر بدء تشغيل الخدمة، إما لكونها معطلة أو لعدم وجود أي أجهزة ممكّنة مرفقة بها. CodeIntegrity: =================================== Date: 2017-10-05 11:24:40.563 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-10-05 11:24:40.532 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-10-05 11:24:40.501 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-10-05 11:24:40.470 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-10-05 11:24:25.197 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-10-05 11:24:25.166 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-10-05 11:24:25.135 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-10-05 11:24:25.104 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-10-05 11:24:00.518 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-10-05 11:24:00.502 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3-3240 CPU @ 3.40GHz Percentage of memory in use: 73% Total physical RAM: 3983.76 MB Available physical RAM: 1064.89 MB Total Virtual: 7965.71 MB Available Virtual: 3587.9 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:244.04 GB) (Free:169.55 GB) NTFS Drive d: () (Fixed) (Total:221.62 GB) (Free:144.49 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 4ADCD1B0) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=244 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=221.6 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================