Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Downloded .SCR File but didnt open it


  • This topic is locked This topic is locked
5 replies to this topic

#1 lehameli

lehameli

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:34 AM

Posted 20 September 2015 - 02:14 PM

So someone on csgolounge.com sent me this link and as soon as i opened the link it started downloading the SCR file but i deleted when it got downloaded.

Well i did a scan on AVG, Malwarebytes, Emisoft emegrency kit,Roguekiller but no results so far, i have noticed some lags while playing i dont know is it a bad luck or it is the malware.

 

Here is the FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:15-09-2015
Ran by AlHameli (administrator) on SPEED-DEMON (20-09-2015 23:08:05)
Running from C:\Users\AlHameli\Downloads
Loaded Profiles: AlHameli (Available Profiles: AlHameli)
Platform: Windows 10 Pro (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\45.0.2454.17\remoting_host.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.04.01\AsusFanControlService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Scarlet.Crush Productions) C:\Program Files (x86)\DS#\ScpService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\45.0.2454.17\remoting_host.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe
() C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(http://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(http://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(juvlarN) C:\Users\AlHameli\Desktop\Vibrancegui\vibrance.GUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
(TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
(AVG Secure Search) C:\Program Files (x86)\AVG Web TuneUp\avgcefrend.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(ArenaNet) C:\Program Files (x86)\Guild Wars 2\Gw2.exe
(Coherent Labs) C:\Program Files (x86)\Guild Wars 2\bin\CoherentUI_Host.exe
(Coherent Labs) C:\Program Files (x86)\Guild Wars 2\bin\CoherentUI_Host.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Emsisoft Ltd) C:\EEK\bin\a2emergencykit.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-27] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3775912 2015-08-24] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [ASUS Ai Charger] => C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe [547984 2012-08-13] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2015-01-06] (Razer Inc.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [3175312 2015-08-24] ()
HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [550272 2013-01-28] (ASUSTek Computer Inc.)
HKU\S-1-5-21-1896754100-3327351372-1527681635-1001\...\Run: [uTorrent] => C:\Users\AlHameli\AppData\Roaming\uTorrent\uTorrent.exe [1694560 2015-07-18] (BitTorrent Inc.)
HKU\S-1-5-21-1896754100-3327351372-1527681635-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53288576 2015-06-30] (Skype Technologies S.A.)
HKU\S-1-5-21-1896754100-3327351372-1527681635-1001\...\Run: [vibranceGUI] => C:\Users\AlHameli\Desktop\Vibrancegui\vibrance.GUI.exe [1072128 2015-08-27] (juvlarN)
HKU\S-1-5-21-1896754100-3327351372-1527681635-1001\...\Run: [GoogleChromeAutoLaunch_A6E6D46F84B357BFC8953C36071CAC6C] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [815944 2015-09-12] (Google Inc.)
HKU\S-1-5-21-1896754100-3327351372-1527681635-1001\...\RunOnce: [Uninstall C:\Users\AlHameli\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\AlHameli\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\amd64"
HKU\S-1-5-21-1896754100-3327351372-1527681635-1001\...\RunOnce: [Uninstall C:\Users\AlHameli\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\AlHameli\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64"
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
Startup: C:\Users\AlHameli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2014-07-08] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE OC_GURU.lnk [2015-03-22]
ShortcutTarget: GIGABYTE OC_GURU.lnk -> C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe (GIGABYTE Technology Co.,Ltd.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{217d6ca6-2a81-494a-9eca-e665ae0faa05}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6ab57e92-13b7-4726-8336-717db855fa69}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{6ab57e92-13b7-4726-8336-717db855fa69}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a81d9c5f-fa7e-493c-a0a3-087291602282}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{a81d9c5f-fa7e-493c-a0a3-087291602282}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-1896754100-3327351372-1527681635-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.uk.msn.com/
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-08-04] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-07-08] (Oracle Corporation)
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.1.6.294\AVG Web TuneUp.dll [2015-08-24] (AVG)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-08-12] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-07-08] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2015-01-05] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2015-01-05] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-05-19] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-18] ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [No File]
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelogx64.dll [2015-03-10] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-07-08] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-18] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.1.6\\npsitesafety.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelog.dll [2015-03-10] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2015-01-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2015-01-05] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-05-19] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-08-25] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-08-25] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\AlHameli\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\AlHameli\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-09]
CHR Extension: (Google Docs) - C:\Users\AlHameli\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-07]
CHR Extension: (Google Drive) - C:\Users\AlHameli\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-07]
CHR Extension: (YouTube) - C:\Users\AlHameli\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-07]
CHR Extension: (Adblock Plus) - C:\Users\AlHameli\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-10-09]
CHR Extension: (Steam inventory helper) - C:\Users\AlHameli\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2015-08-26]
CHR Extension: (Google Search) - C:\Users\AlHameli\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-07]
CHR Extension: (Google Sheets) - C:\Users\AlHameli\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-09]
CHR Extension: (LoungeDestroyer) - C:\Users\AlHameli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghahcnmfjfckcedfajbhekgknjdplfcl [2015-08-10]
CHR Extension: (Google Docs Offline) - C:\Users\AlHameli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-05]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\AlHameli\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\AlHameli\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-07]
CHR Extension: (My Chrome Theme) - C:\Users\AlHameli\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2014-11-08]
CHR Extension: (Gmail) - C:\Users\AlHameli\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-07]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-04] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [954648 2013-08-01] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.04.01\AsusFanControlService.exe [1656464 2013-08-08] (ASUSTeK Computer Inc.) [File not signed]
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3637160 2015-08-24] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [335656 2015-08-24] (AVG Technologies CZ, s.r.o.)
S4 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2015-03-27] (Broadcom Corporation.)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\45.0.2454.17\remoting_host.exe [69448 2015-07-24] (Google Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2768472 2015-08-11] (Microsoft Corporation)
R2 Ds3Service; C:\Program Files (x86)\DS#\ScpService.exe [381952 2014-04-03] (Scarlet.Crush Productions) [File not signed]
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [249328 2015-06-24] (DTS, Inc)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155192 2015-08-27] (NVIDIA Corporation)
S4 HiPatchService; E:\Hirez\HiPatchService.exe [9216 2014-08-22] (Hi-Rez Studios) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-08-27] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544568 2015-08-27] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-03-06] (Electronic Arts)
R4 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2015-03-07] ()
R4 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76152 2015-03-20] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [186048 2014-12-10] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1205136 2015-08-24] ()
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14848 2012-03-22] (ASUSTek Computer Inc.)
R3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2013-01-28] (ASUSTek Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-04] ()
R3 ASMTFilter; C:\Windows\SysWow64\drivers\asmtufdriver.sys [21400 2013-01-28] (http://www.asmedia.com.tw) [File not signed]
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2012-09-14] ()
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21152 2015-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [313264 2015-08-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [297904 2015-08-19] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [250800 2015-08-04] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [304560 2015-08-04] (AVG Technologies CZ, s.r.o.)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [173312 2015-03-27] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7593176 2015-07-10] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [237568 2015-07-10] (Microsoft Corporation)
S3 btwpanfl; C:\WINDOWS\system32\drivers\btwpanfl.sys [44912 2013-01-20] (Broadcom Corporation.)
R1 epp64; C:\EEK\bin\epp64.sys [136456 2015-09-20] (Emsisoft GmbH)
S3 GPCIDrv; C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [14376 2014-01-08] ()
R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 LGSUsbFilt; C:\Windows\system32\DRIVERS\LGSUsbFilt.Sys [41752 2013-05-30] (Logitech Inc.)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [193336 2015-09-08] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-08-27] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [895256 2015-06-29] (Realtek                                            )
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39592 2014-12-30] (Razer Inc)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2014-12-10] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [129600 2014-12-11] (Razer, Inc.)
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-20 23:08 - 2015-09-20 23:08 - 00029387 _____ C:\Users\AlHameli\Downloads\FRST.txt
2015-09-20 22:56 - 2015-09-20 23:08 - 00000000 ____D C:\FRST
2015-09-20 22:51 - 2015-09-20 22:56 - 02191360 _____ (Farbar) C:\Users\AlHameli\Downloads\FRST64.exe
2015-09-20 22:50 - 2015-09-20 22:50 - 00000793 _____ C:\Users\AlHameli\Desktop\Start Emsisoft Emergency Kit.lnk
2015-09-20 22:50 - 2015-09-20 22:50 - 00000000 ____D C:\EEK
2015-09-20 22:46 - 2015-09-20 22:50 - 166992304 _____ C:\Users\AlHameli\Downloads\EmsisoftEmergencyKit.exe
2015-09-20 22:44 - 2015-09-20 22:45 - 00991232 _____ C:\Users\AlHameli\Downloads\MicrosoftFixit50267.msi
2015-09-20 22:38 - 2015-09-20 22:43 - 00000000 ____D C:\Users\AlHameli\Documents\Guild Wars 2
2015-09-20 20:22 - 2015-09-20 20:22 - 00000000 ___HD C:\OneDriveTemp
2015-09-20 20:21 - 2015-09-20 20:21 - 00016148 _____ C:\WINDOWS\system32\SPEED-DEMON_AlHameli_HistoryPrediction.bin
2015-09-20 13:06 - 2015-09-20 13:06 - 00003396 _____ C:\Users\AlHameli\Desktop\JRT.txt
2015-09-20 12:55 - 2015-09-20 13:00 - 00000000 ____D C:\ProgramData\HitmanPro
2015-09-20 12:55 - 2015-09-20 12:55 - 11352032 _____ (SurfRight B.V.) C:\Users\AlHameli\Downloads\HitmanPro_x64.exe
2015-09-20 12:54 - 2015-09-20 12:54 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\AlHameli\Downloads\iExplore.exe
2015-09-20 12:54 - 2015-09-20 12:54 - 00002366 _____ C:\Users\AlHameli\Desktop\Rkill.txt
2015-09-20 12:53 - 2015-09-20 12:53 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\AlHameli\Downloads\tdsskiller.exe
2015-09-20 12:45 - 2015-09-20 13:27 - 01662976 _____ C:\Users\AlHameli\Downloads\AdwCleaner.exe
2015-09-20 12:45 - 2015-09-20 13:03 - 01798976 _____ (Malwarebytes) C:\Users\AlHameli\Downloads\JRT.exe
2015-09-16 19:51 - 2015-09-16 19:54 - 00000000 ____D C:\Users\AlHameli\Desktop\SSKnife
2015-09-16 19:47 - 2015-09-16 19:47 - 02126264 _____ (Irfan Skiljan) C:\Users\AlHameli\Downloads\iview440_setup.exe
2015-09-16 19:47 - 2015-09-16 19:47 - 00001972 _____ C:\Users\AlHameli\Desktop\IrfanView Thumbnails.lnk
2015-09-16 19:47 - 2015-09-16 19:47 - 00001080 _____ C:\Users\AlHameli\Desktop\IrfanView.lnk
2015-09-16 19:47 - 2015-09-16 19:47 - 00000000 ____D C:\Users\AlHameli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2015-09-16 19:47 - 2015-09-16 19:47 - 00000000 ____D C:\Users\AlHameli\AppData\Roaming\IrfanView
2015-09-16 19:47 - 2015-09-16 19:47 - 00000000 ____D C:\Program Files (x86)\IrfanView
2015-09-16 19:43 - 2015-09-16 19:43 - 00000000 ____D C:\Users\AlHameli\Documents\Screenshots
2015-09-16 13:19 - 2015-09-16 13:19 - 00000000 ___RD C:\Users\AlHameli\3D Objects
2015-09-15 23:43 - 2015-09-15 23:43 - 02096028 _____ C:\Users\AlHameli\Downloads\GW2Skins.ts3_style
2015-09-13 20:36 - 2015-09-13 20:36 - 00000000 ____D C:\Users\AlHameli\AppData\Local\Epix
2015-09-12 20:44 - 2015-09-12 20:45 - 03223335 _____ C:\Users\AlHameli\Downloads\elvui-8.29.zip
2015-09-10 22:06 - 2015-09-10 22:07 - 00000000 ____D C:\Users\AlHameli\Desktop\Scammer
2015-09-09 01:18 - 2015-09-09 01:19 - 41850935 _____ C:\Users\AlHameli\Downloads\simc-622-01-win64 (1).7z
2015-09-09 00:50 - 2015-09-02 05:20 - 00077400 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-09-09 00:50 - 2015-09-02 04:25 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-09-09 00:50 - 2015-09-02 04:25 - 01382912 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-09-09 00:50 - 2015-08-27 10:36 - 03620736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-09-09 00:50 - 2015-08-27 10:32 - 00608936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-09-09 00:50 - 2015-08-27 10:04 - 21874688 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-09-09 00:50 - 2015-08-27 09:59 - 02880032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-09-09 00:50 - 2015-08-27 09:55 - 24594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-09-09 00:50 - 2015-08-27 09:54 - 00541248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-09-09 00:50 - 2015-08-27 09:54 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-09-09 00:50 - 2015-08-27 09:51 - 02350592 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-09-09 00:50 - 2015-08-27 09:51 - 01774592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-09-09 00:50 - 2015-08-27 09:49 - 01008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-09-09 00:50 - 2015-08-27 09:47 - 12503552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-09-09 00:50 - 2015-08-27 09:43 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-09-09 00:50 - 2015-08-27 09:43 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-09-09 00:50 - 2015-08-27 09:42 - 00596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-09-09 00:50 - 2015-08-27 09:42 - 00578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-09-09 00:50 - 2015-08-27 09:42 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.PicturePassword.dll
2015-09-09 00:50 - 2015-08-27 09:42 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2015-09-09 00:50 - 2015-08-27 09:39 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-09-09 00:50 - 2015-08-27 09:23 - 19324416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-09-09 00:50 - 2015-08-27 09:23 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-09-09 00:50 - 2015-08-27 09:16 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-09-09 00:50 - 2015-08-27 09:16 - 02153472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-09-09 00:50 - 2015-08-27 09:16 - 01612288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2015-09-09 00:50 - 2015-08-27 09:12 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-09-09 00:50 - 2015-08-27 09:12 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-09-09 00:50 - 2015-08-27 09:11 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2015-09-09 00:50 - 2015-08-27 09:11 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2015-09-09 00:50 - 2015-08-27 09:09 - 11262464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-09-09 00:50 - 2015-08-27 09:08 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-09-08 16:09 - 2015-09-08 16:09 - 00193336 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\TeeDriverW8x64.sys
2015-09-04 18:29 - 2015-09-04 18:29 - 00000222 _____ C:\Users\AlHameli\Desktop\Act of Aggression.url
2015-09-02 21:43 - 2015-09-02 21:43 - 00729535 _____ C:\Users\AlHameli\Desktop\11results_html.html
2015-09-02 21:22 - 2015-09-09 01:22 - 00000000 ____D C:\Users\AlHameli\Desktop\simc-622-01-win64
2015-09-02 21:21 - 2015-09-02 21:21 - 40336191 _____ C:\Users\AlHameli\Downloads\simc-622-01-win64.7z
2015-09-02 16:14 - 2015-09-02 16:14 - 03220484 _____ C:\Users\AlHameli\Downloads\elvui-8.28.zip
2015-09-01 19:15 - 2015-09-01 19:15 - 01731848 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01009.dll
2015-09-01 17:59 - 2015-09-01 17:59 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2015-09-01 16:14 - 2015-09-01 16:14 - 00002219 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2015-09-01 16:14 - 2015-08-25 18:18 - 00574072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2015-09-01 16:13 - 2015-08-25 22:38 - 42840184 _____ C:\WINDOWS\system32\nvcompiler.dll
2015-09-01 16:13 - 2015-08-25 22:38 - 37819184 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-09-01 16:13 - 2015-08-25 22:38 - 22559352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-09-01 16:13 - 2015-08-25 22:38 - 18569336 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-09-01 16:13 - 2015-08-25 22:38 - 16646624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-09-01 16:13 - 2015-08-25 22:38 - 15630616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-09-01 16:13 - 2015-08-25 22:38 - 14945552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-09-01 16:13 - 2015-08-25 22:38 - 13667032 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-09-01 16:13 - 2015-08-25 22:38 - 12192048 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-09-01 16:13 - 2015-08-25 22:38 - 02354808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-09-01 16:13 - 2015-08-25 22:38 - 02105976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-09-01 16:13 - 2015-08-25 22:38 - 01898104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435582.dll
2015-09-01 16:13 - 2015-08-25 22:38 - 01558648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435582.dll
2015-09-01 16:13 - 2015-08-25 22:38 - 01178576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2015-09-01 16:13 - 2015-08-25 22:38 - 01075320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-09-01 16:13 - 2015-08-25 22:38 - 01064752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-09-01 16:13 - 2015-08-25 22:38 - 01001440 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2015-09-01 16:13 - 2015-08-25 22:38 - 00986232 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-09-01 16:13 - 2015-08-25 22:38 - 00945272 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-09-01 16:13 - 2015-08-25 22:38 - 00787200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2015-09-01 16:13 - 2015-08-25 22:38 - 00785152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2015-09-01 16:13 - 2015-08-25 22:38 - 00632848 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2015-09-01 16:13 - 2015-08-25 22:38 - 00631312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2015-09-01 16:13 - 2015-08-25 22:38 - 00601240 _____ C:\WINDOWS\system32\nvmcumd.dll
2015-09-01 16:13 - 2015-08-25 22:38 - 00408368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2015-09-01 16:13 - 2015-08-25 22:38 - 00387536 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2015-09-01 16:13 - 2015-08-25 22:38 - 00376440 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2015-09-01 16:13 - 2015-08-25 22:38 - 00364152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2015-09-01 16:13 - 2015-08-25 22:38 - 00339576 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2015-09-01 16:13 - 2015-08-25 22:38 - 00316120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2015-09-01 16:13 - 2015-08-25 22:38 - 00176904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2015-09-01 16:13 - 2015-08-25 22:38 - 00155976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2015-09-01 16:13 - 2015-08-25 22:38 - 00150648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2015-09-01 16:13 - 2015-08-25 22:38 - 00128512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2015-08-29 15:53 - 2015-08-20 10:07 - 08019296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-08-29 15:53 - 2015-08-20 10:06 - 00609592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-08-29 15:53 - 2015-08-20 10:02 - 22324656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-08-29 15:53 - 2015-08-20 09:26 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-08-29 15:53 - 2015-08-20 09:21 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2015-08-29 15:53 - 2015-08-20 09:16 - 20857848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-08-29 15:53 - 2015-08-20 09:13 - 02235904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-08-29 15:53 - 2015-08-20 09:09 - 00929280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2015-08-29 15:53 - 2015-08-18 11:56 - 02498808 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-08-29 15:53 - 2015-08-18 11:55 - 00373072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-08-29 15:53 - 2015-08-18 11:54 - 01396064 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-08-29 15:53 - 2015-08-18 11:27 - 01771592 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-08-29 15:53 - 2015-08-18 11:24 - 00963920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-08-29 15:53 - 2015-08-18 11:13 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2015-08-29 15:53 - 2015-08-18 11:13 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2015-08-29 15:53 - 2015-08-18 11:12 - 02225664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-08-29 15:53 - 2015-08-18 11:07 - 02226688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2015-08-29 15:53 - 2015-08-18 11:04 - 01234944 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2015-08-29 15:53 - 2015-08-18 11:04 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-08-29 15:53 - 2015-08-18 10:59 - 01294336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcnwiz.dll
2015-08-29 15:53 - 2015-08-18 10:59 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2015-08-29 15:53 - 2015-08-18 10:58 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2015-08-29 15:53 - 2015-08-18 10:58 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWCN.dll
2015-08-29 15:53 - 2015-08-18 10:58 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWCN.dll
2015-08-29 15:53 - 2015-08-18 10:58 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnNetsh.dll
2015-08-29 15:53 - 2015-08-18 10:57 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2015-08-29 15:53 - 2015-08-18 10:56 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2015-08-29 15:53 - 2015-08-18 10:55 - 02178560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-08-29 15:53 - 2015-08-18 10:54 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2015-08-29 15:53 - 2015-08-18 10:54 - 00247296 _____ C:\WINDOWS\system32\facecredentialprovider.dll
2015-08-29 15:53 - 2015-08-18 10:52 - 01888768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-08-29 15:53 - 2015-08-18 10:50 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-08-29 15:53 - 2015-08-18 10:49 - 01061888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2015-08-29 15:53 - 2015-08-18 10:49 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2015-08-29 15:53 - 2015-08-18 10:49 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2015-08-29 15:53 - 2015-08-18 10:36 - 01226752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcnwiz.dll
2015-08-29 15:53 - 2015-08-18 10:35 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
2015-08-29 15:53 - 2015-08-18 10:35 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdWCN.dll
2015-08-29 15:53 - 2015-08-18 10:34 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2015-08-29 15:53 - 2015-08-18 10:29 - 01593344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-08-29 15:53 - 2015-08-18 10:26 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2015-08-29 15:53 - 2015-08-18 08:44 - 00008847 _____ C:\WINDOWS\system32\ResPriHMImageList
2015-08-28 16:02 - 2015-08-28 16:02 - 08147469 _____ C:\Users\AlHameli\Downloads\ArenaHelper.v0.5.1.zip
2015-08-28 16:02 - 2015-08-28 16:02 - 00040538 _____ C:\Users\AlHameli\Downloads\HearthstoneCollectionTracker.rar
2015-08-28 16:02 - 2015-08-28 16:02 - 00031046 _____ C:\Users\AlHameli\Downloads\hdt-plugin-endgame_0.3.0.zip
2015-08-28 15:35 - 2015-09-20 22:50 - 00000000 ____D C:\Users\AlHameli\AppData\Roaming\HearthstoneDeckTracker
2015-08-28 15:35 - 2015-08-28 15:35 - 14736930 _____ C:\Users\AlHameli\Downloads\Hearthstone.Deck.Tracker-v0.10.16.zip
2015-08-27 23:15 - 2015-08-27 23:16 - 00000000 ____D C:\Users\AlHameli\AppData\Roaming\vibranceGUI
2015-08-27 23:15 - 2015-08-27 23:15 - 00000000 ____D C:\Users\AlHameli\Desktop\Vibrancegui
2015-08-27 23:14 - 2015-08-27 23:14 - 00507503 _____ C:\Users\AlHameli\Downloads\vibranceGUI.zip
2015-08-27 18:42 - 2015-08-07 15:07 - 01898288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435560.dll
2015-08-27 18:42 - 2015-08-07 15:07 - 01558832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435560.dll
2015-08-27 02:56 - 2015-08-11 08:52 - 00069416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2015-08-26 19:41 - 2015-09-13 16:54 - 00000000 ____D C:\Users\AlHameli\Desktop\Hearthstone Deck Tracker
2015-08-25 23:57 - 2015-08-25 23:57 - 00181076 _____ C:\Users\AlHameli\Downloads\viewtopic (1).htm
2015-08-24 20:18 - 2015-08-24 20:18 - 01824443 _____ C:\Users\AlHameli\Downloads\DS4Tool 1.2.2 (1).zip
2015-08-23 21:06 - 2015-08-23 21:07 - 03211531 _____ C:\Users\AlHameli\Downloads\elvui-8.26.zip
2015-08-23 18:11 - 2015-08-23 18:11 - 00003218 _____ C:\WINDOWS\System32\Tasks\{C4320990-E96D-4979-B383-F8A02483A82A}
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-20 22:55 - 2014-07-08 07:12 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-20 22:49 - 2014-12-04 14:29 - 00000000 ____D C:\Users\AlHameli\AppData\Roaming\TS3Client
2015-09-20 22:37 - 2014-07-22 23:14 - 00000000 ____D C:\Program Files (x86)\Guild Wars 2
2015-09-20 22:36 - 2015-07-10 16:22 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-20 22:33 - 2014-07-10 17:20 - 00000000 ____D C:\ProgramData\MFAData
2015-09-20 22:25 - 2015-07-10 15:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-09-20 22:22 - 2014-07-30 19:36 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-09-20 20:45 - 2014-10-06 20:49 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-09-20 20:27 - 2015-08-06 15:48 - 00875126 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-09-20 20:27 - 2014-07-28 19:28 - 00000000 _____ C:\WINDOWS\Path.idx
2015-09-20 20:26 - 2014-07-07 08:58 - 00000000 ____D C:\Program Files (x86)\Steam
2015-09-20 20:22 - 2014-07-29 22:34 - 00000000 ___DO C:\Users\AlHameli\OneDrive
2015-09-20 20:22 - 2014-07-28 19:23 - 01048576 _____ C:\WINDOWS\PE_Rom.dll
2015-09-20 20:21 - 2015-07-10 16:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-20 20:21 - 2015-05-23 21:27 - 00000000 ____D C:\Program Files (x86)\DS#
2015-09-20 20:21 - 2014-08-15 12:35 - 00000000 ____D C:\Users\AlHameli\AppData\Local\TSVNCache
2015-09-20 20:21 - 2014-07-29 22:27 - 00000000 ____D C:\ProgramData\NVIDIA
2015-09-20 20:21 - 2014-07-08 07:12 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-20 20:20 - 2015-07-10 13:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-09-20 20:20 - 2014-07-07 09:01 - 00000000 ____D C:\Users\AlHameli\AppData\Local\Battle.net
2015-09-20 20:19 - 2014-07-07 09:01 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-09-20 19:36 - 2014-08-01 00:22 - 00004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A4568038-F4F6-4CA6-B94E-522DE6AA61BD}
2015-09-20 19:33 - 2015-07-10 15:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-09-20 13:55 - 2014-12-04 22:05 - 00001049 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-09-20 13:55 - 2014-07-07 09:04 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-09-20 13:35 - 2015-08-06 15:35 - 00012080 _____ C:\WINDOWS\PFRO.log
2015-09-20 13:28 - 2014-10-09 17:12 - 00000000 ____D C:\AdwCleaner
2015-09-20 12:55 - 2014-08-01 20:29 - 00005613 _____ C:\WINDOWS\MB.idx
2015-09-20 12:31 - 2015-03-16 11:46 - 00001184 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-20 12:31 - 2014-10-06 20:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-20 12:31 - 2014-10-06 20:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-09-20 10:32 - 2015-08-06 15:55 - 00000000 ____D C:\Users\AlHameli\AppData\Local\Comms
2015-09-19 18:30 - 2014-07-07 09:02 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2015-09-19 03:44 - 2015-07-10 13:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-09-17 20:22 - 2015-07-10 15:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-09-17 18:16 - 2014-07-10 17:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-09-17 00:50 - 2014-07-08 07:12 - 00003988 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-17 00:50 - 2014-07-08 07:12 - 00003756 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-16 19:48 - 2015-05-23 21:26 - 00000000 ____D C:\Temp
2015-09-16 13:19 - 2015-08-06 15:41 - 00000000 ____D C:\Users\AlHameli
2015-09-16 13:18 - 2014-07-07 08:37 - 00000000 ____D C:\Users\AlHameli\AppData\Local\Packages
2015-09-15 12:11 - 2015-05-19 16:49 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-09-13 23:46 - 2015-08-10 23:10 - 00000000 ____D C:\Users\AlHameli\AppData\Local\Deployment
2015-09-13 16:46 - 2014-07-07 08:56 - 00000000 ____D C:\Users\AlHameli\AppData\Local\Google
2015-09-11 19:42 - 2015-08-06 15:58 - 00002396 _____ C:\Users\AlHameli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-09-11 16:00 - 2014-07-27 23:54 - 00000000 ____D C:\Users\AlHameli\AppData\Roaming\vlc
2015-09-10 03:44 - 2014-07-07 09:30 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-09-10 03:31 - 2015-07-10 16:20 - 00248384 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-10 03:30 - 2015-07-10 20:29 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-10 03:30 - 2015-07-10 15:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-09-10 01:01 - 2014-07-07 21:51 - 00000000 ____D C:\Users\AlHameli\AppData\Roaming\Skype
2015-09-09 04:53 - 2015-07-10 14:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-09-09 01:14 - 2015-07-05 20:29 - 00000000 ____D C:\Users\AlHameli\AppData\Roaming\SimulationCraft
2015-09-06 19:42 - 2015-07-10 15:04 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-09-04 18:29 - 2014-07-07 21:39 - 00000000 ____D C:\Users\AlHameli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-09-01 19:59 - 2015-07-10 16:20 - 00019381 _____ C:\WINDOWS\setupact.log
2015-09-01 19:15 - 2015-07-13 09:34 - 00202952 _____ (Razer Inc) C:\WINDOWS\system32\Drivers\rzudd.sys
2015-09-01 17:59 - 2014-01-22 08:52 - 00718440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinUSBCoInstaller.dll
2015-09-01 16:25 - 2014-07-08 07:13 - 00000000 ____D C:\Users\AlHameli\AppData\Roaming\Battle.net
2015-09-01 16:14 - 2015-08-06 15:37 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-09-01 16:14 - 2014-10-14 18:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-09-01 16:08 - 2015-08-06 16:04 - 00001463 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2015-08-31 17:09 - 2015-07-10 15:04 - 00000000 ____D C:\WINDOWS\rescache
2015-08-31 02:47 - 2015-08-06 16:09 - 11188880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-08-30 01:12 - 2015-07-10 15:04 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-08-27 04:37 - 2014-10-14 18:17 - 01423120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2015-08-27 04:37 - 2014-10-14 18:17 - 01316000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2015-08-27 04:36 - 2014-10-14 18:17 - 01756424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2015-08-27 04:36 - 2014-10-14 18:17 - 01710568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2015-08-26 19:24 - 2014-07-08 00:20 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2015-08-26 18:37 - 2014-07-10 16:57 - 134753440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-25 22:38 - 2015-08-06 16:09 - 17932648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-08-25 22:38 - 2015-08-06 16:09 - 15334976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-08-25 22:38 - 2015-08-06 16:09 - 12611824 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2015-08-25 22:38 - 2015-08-06 16:09 - 03480792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2015-08-25 22:38 - 2015-08-06 16:09 - 03074776 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2015-08-25 22:38 - 2015-07-23 04:02 - 00034044 _____ C:\WINDOWS\system32\nvinfo.pb
2015-08-25 22:38 - 2014-07-07 21:31 - 00112760 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2015-08-25 22:38 - 2014-07-07 21:31 - 00105080 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2015-08-25 19:57 - 2014-07-29 22:27 - 06884984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-08-25 19:57 - 2014-07-29 22:27 - 03496752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-08-25 19:57 - 2014-07-29 22:27 - 02558584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-08-25 19:57 - 2014-07-29 22:27 - 00937592 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-08-25 19:57 - 2014-07-29 22:27 - 00385144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-08-25 19:57 - 2014-07-29 22:27 - 00062584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-08-25 17:02 - 2014-07-29 22:27 - 05165808 _____ C:\WINDOWS\system32\nvcoproc.bin
2015-08-24 19:26 - 2015-03-04 17:43 - 00000000 ____D C:\Program Files\AVG Web TuneUp
2015-08-24 19:26 - 2014-11-08 15:17 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp
2015-08-23 18:11 - 2014-07-07 21:17 - 00000000 ____D C:\ProgramData\Skype
2015-08-23 03:25 - 2015-04-29 23:06 - 00890880 _____ (Microsoft) C:\Users\AlHameli\Desktop\Matchmaking Server Picker.exe
2015-08-23 03:02 - 2015-07-10 15:04 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2015-08-21 04:30 - 2015-07-10 15:04 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
 
==================== Files in the root of some directories =======
 
2015-01-02 13:21 - 2015-01-03 03:33 - 0000134 _____ () C:\Users\AlHameli\AppData\Roaming\CSharpAnalytics-MeasurementQueue
2015-01-02 13:21 - 2015-01-03 02:15 - 0000443 _____ () C:\Users\AlHameli\AppData\Roaming\CSharpAnalytics-MeasurementSession
2015-03-13 02:11 - 2015-03-13 02:11 - 0000010 ____H () C:\Users\AlHameli\AppData\Roaming\iPodAccess_Time
2014-07-30 16:13 - 2015-05-30 20:18 - 1065984 _____ () C:\Users\AlHameli\AppData\Local\file__0.localstorage
2015-08-06 15:36 - 2015-08-06 15:36 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\AlHameli\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\AlHameli\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\AlHameli\AppData\Local\Temp\nvStereoApiI64.dll
C:\Users\AlHameli\AppData\Local\Temp\nvStInst.exe
C:\Users\AlHameli\AppData\Local\Temp\SkypeSetup.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-09-13 20:03
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:34 PM

Posted 21 September 2015 - 07:52 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [3175312 2015-08-24] ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [No File]
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.1.6\\npsitesafety.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [No File]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [No File]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
Task: {16D9286C-2A32-4E04-9C44-BD03951959E8} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {1B40F5E5-B4BE-4B01-BA5C-32FC7E18EAC0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {205CC79A-32F1-4AD6-8A6B-E7D285FDEFFD} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {29AC1BCD-ED55-481E-84CC-B10A928C52FA} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {4C8B51DF-9476-4DD6-942E-5436980C2656} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {63681EC2-99DE-43DA-AB15-EB2D4CC3B2EC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {67994E90-D7E3-4111-98CC-CB6F83379229} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {72858162-459A-4181-BAFB-5E89416DA30D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {A71C93A2-2ECA-455D-98F8-4A9A0D81941C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {AE14980B-55EF-4F5F-81C8-3B3A99E7C745} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {E56AD621-E328-442B-94E3-81629F4548DB} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en
Select "From the beginning of time"

Restart Chrome

How is the computer running now?

#3 lehameli

lehameli
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:34 AM

Posted 21 September 2015 - 09:37 AM

Fix result of Farbar Recovery Scan Tool (x64) Version:15-09-2015
Ran by AlHameli (2015-09-21 17:24:29) Run:1
Running from C:\Users\AlHameli\Desktop\FRST
Loaded Profiles: AlHameli (Available Profiles: AlHameli)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [3175312 2015-08-24] ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [No File]
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.1.6\\npsitesafety.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [No File]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [No File]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
Task: {16D9286C-2A32-4E04-9C44-BD03951959E8} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {1B40F5E5-B4BE-4B01-BA5C-32FC7E18EAC0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {205CC79A-32F1-4AD6-8A6B-E7D285FDEFFD} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {29AC1BCD-ED55-481E-84CC-B10A928C52FA} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {4C8B51DF-9476-4DD6-942E-5436980C2656} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {63681EC2-99DE-43DA-AB15-EB2D4CC3B2EC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {67994E90-D7E3-4111-98CC-CB6F83379229} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {72858162-459A-4181-BAFB-5E89416DA30D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {A71C93A2-2ECA-455D-98F8-4A9A0D81941C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {AE14980B-55EF-4F5F-81C8-3B3A99E7C745} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {E56AD621-E328-442B-94E3-81629F4548DB} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Program Files (x86)\AVG Web TuneUp\vprot.exe => No running process found
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\vProt => value removed successfully
"HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.5.1" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@esn/npbattlelog,version=2.5.1" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@t.garena.com/garenatalk" => key removed successfully
wfpcapture => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{16D9286C-2A32-4E04-9C44-BD03951959E8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{16D9286C-2A32-4E04-9C44-BD03951959E8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1B40F5E5-B4BE-4B01-BA5C-32FC7E18EAC0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1B40F5E5-B4BE-4B01-BA5C-32FC7E18EAC0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{205CC79A-32F1-4AD6-8A6B-E7D285FDEFFD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{205CC79A-32F1-4AD6-8A6B-E7D285FDEFFD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{29AC1BCD-ED55-481E-84CC-B10A928C52FA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{29AC1BCD-ED55-481E-84CC-B10A928C52FA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4C8B51DF-9476-4DD6-942E-5436980C2656}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C8B51DF-9476-4DD6-942E-5436980C2656}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{63681EC2-99DE-43DA-AB15-EB2D4CC3B2EC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{63681EC2-99DE-43DA-AB15-EB2D4CC3B2EC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{67994E90-D7E3-4111-98CC-CB6F83379229}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{67994E90-D7E3-4111-98CC-CB6F83379229}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{72858162-459A-4181-BAFB-5E89416DA30D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{72858162-459A-4181-BAFB-5E89416DA30D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A71C93A2-2ECA-455D-98F8-4A9A0D81941C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A71C93A2-2ECA-455D-98F8-4A9A0D81941C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AE14980B-55EF-4F5F-81C8-3B3A99E7C745}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE14980B-55EF-4F5F-81C8-3B3A99E7C745}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E56AD621-E328-442B-94E3-81629F4548DB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E56AD621-E328-442B-94E3-81629F4548DB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
EmptyTemp: => 409.6 MB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 18:31:02 ====
 
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
# AdwCleaner v5.008 - Logfile created 21/09/2015 at 18:35:19
# Updated 18/09/2015 by Xplode
# Database : 2015-09-20.1 [Server]
# Operating system : Windows 10 Pro  (x64)
# Username : AlHameli - SPEED-DEMON
# Running from : C:\Users\AlHameli\Downloads\adwcleaner_5.008.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
[-] Folder Deleted : C:\ProgramData\AVG Secure Search
[-] Folder Deleted : C:\ProgramData\Avg_Update_0215tb
[-] Folder Deleted : C:\ProgramData\Avg_Update_0814tb
 
***** [ Files ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKU\.DEFAULT\Software\AVG SafeGuard toolbar
[-] Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update
[-] Key Deleted : HKCU\Software\distromatic
[-] Key Deleted : HKCU\Software\Avg Secure Update
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\World of Warcraft Beta
[!] Key Not Deleted : [x64] HKCU\Software\distromatic
[!] Key Not Deleted : [x64] HKCU\Software\Avg Secure Update
[-] Key Deleted : [x64] HKLM\SOFTWARE\AVG Secure Search
 
***** [ Web browsers ] *****
 
 
*************************
 
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [2790 bytes] ##########


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:34 PM

Posted 21 September 2015 - 12:10 PM

Looking good.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#5 lehameli

lehameli
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:34 AM

Posted 21 September 2015 - 12:26 PM

Looking good.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

Thanks for your help nasdaq,

Have a good day =)



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:34 PM

Posted 21 September 2015 - 12:38 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users