Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

utrack.pw internet redirection issue


  • This topic is locked This topic is locked
21 replies to this topic

#1 skimo3

skimo3

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:28 PM

Posted 01 November 2015 - 01:32 PM

Hiya!
 
I am currently experiencing an issue with a browser redirect in chrome, firefox, and even in Steam. My problem seems like its the exact same issue as this user
 
 http://www.bleepingcomputer.com/forums/t/586409/utrackpw-internet-redirection-virus/?hl=+utrack
 
im hoping that i kind receive similar resolution as the user referenced above. ive tried using many removal tools to try and solve the issue myself to no avail(rkill, cccleaner, malwarebytes, adwcleaner. etc.)  so im humbly coming here to seek assistance.
 
as instructed, below is the FRST.txt log
 
Thank you in advance for your services :-) 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-10-2015
Ran by papa (administrator) on BAU5 (01-11-2015 08:40:07)
Running from C:\Users\papa\Downloads
Loaded Profiles: papa (Available Profiles: papa)
Platform: Windows 8.1 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Users\papa\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-26] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareTray.exe [9558752 2015-08-27] ()
HKLM\...\Run: [InstallerLauncher] => " /RUN:"C:\PROGRAM FILES\COMMON FILES\BITDEFENDER\SETUPINFORMATION\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\INSTALLER.EXE"
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585560 2014-06-23] (Razer Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2177431364-788801199-4247945438-1001\...\Run: [uTorrent] => C:\Users\papa\AppData\Roaming\uTorrent\uTorrent.exe [1822048 2015-10-23] (BitTorrent Inc.)
HKU\S-1-5-21-2177431364-788801199-4247945438-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3638256 2015-10-22] (Electronic Arts)
HKU\S-1-5-21-2177431364-788801199-4247945438-1001\...\Run: [Spotify Web Helper] => C:\Users\papa\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2030912 2015-10-16] (Spotify Ltd)
HKU\S-1-5-21-2177431364-788801199-4247945438-1001\...\Run: [BingSvc] => C:\Users\papa\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-04-07] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-2177431364-788801199-4247945438-1001\...\Run: [Spotify] => C:\Users\papa\AppData\Roaming\Spotify\Spotify.exe [7736128 2015-10-16] (Spotify Ltd)
HKU\S-1-5-21-2177431364-788801199-4247945438-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [55357464 2015-09-04] (Skype Technologies S.A.)
HKU\S-1-5-21-2177431364-788801199-4247945438-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8551848 2015-10-19] (Piriform Ltd)
HKU\S-1-5-21-2177431364-788801199-4247945438-1001\...\Run: [GoogleChromeAutoLaunch_D17F748014BF6F6F9E2AA470979A5F8A] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [811848 2015-10-20] (Google Inc.)
HKU\S-1-5-21-2177431364-788801199-4247945438-1001\...\MountPoints2: {bba7b7ed-3924-11e5-82b9-bcee7b8d9d21} - "F:\Setup.exe" 
HKU\S-1-5-21-2177431364-788801199-4247945438-1001\...\MountPoints2: {e68ceabe-696f-11e5-82d1-bcee7b8d9d21} - "H:\LG_PC_Programs.exe" 
HKU\S-1-5-18\...\Run: [Bitdefender Wallet Agent] => "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
HKU\S-1-5-18\...\Run: [Bitdefender Wallet] => "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
HKU\S-1-5-18\...\Run: [Bitdefender Wallet Application Agent] => "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-04-05]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3DB24BB0-4028-4517-990F-3A80098A60D4}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A266DCED-CBAD-4F81-A54D-08EDB76F2834}: [DhcpNameServer] 209.222.18.222 209.222.18.218
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-2177431364-788801199-4247945438-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2177431364-788801199-4247945438-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/1ewenusDefaultPack/SK2M_FRPage
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-10-27] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-10-27] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-10-27] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-10-27] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2015-08-21] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-08-21] (McAfee, Inc.)
 
FireFox:
========
FF ProfilePath: C:\Users\papa\AppData\Roaming\Mozilla\Firefox\Profiles\cfova2it.default
FF DefaultSearchEngine: Bing 
FF SearchEngineOrder.3: Bing 
FF SelectedSearchEngine: Bing 
FF Keyword.URL: hxxp://www.bing.com/search?FORM=SK2EDF&PC=SK2E&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-16] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-08-21] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-16] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-08-21] ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-08-25] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-08-25] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2015-10-22]
FF Extension: Bing Search - C:\Users\papa\AppData\Roaming\Mozilla\Firefox\Profiles\cfova2it.default\Extensions\bingsearch.full@microsoft.com [2015-05-08] [not signed]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-10-21]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-10-16] [not signed]
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\papa\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Flash Video Downloader) - C:\Users\papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2015-08-22]
CHR Extension: (Google Docs) - C:\Users\papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-20]
CHR Extension: (YouTube) - C:\Users\papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (HelloFax: 50 Free Fax Pages) - C:\Users\papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bocmleclimfnadgmcdgecijlblfcmfnm [2015-03-13]
CHR Extension: (Adblock Plus) - C:\Users\papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-09-23]
CHR Extension: (Pixsta) - C:\Users\papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijncchffkmlnfdbnkkfclcbnjcoegjc [2015-10-07]
CHR Extension: (Google Search) - C:\Users\papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Video Downloader professional) - C:\Users\papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2015-10-31]
CHR Extension: (SiteAdvisor) - C:\Users\papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-10-17]
CHR Extension: (Stylish) - C:\Users\papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2015-10-02]
CHR Extension: (Office Editing for Docs, Sheets & Slides) - C:\Users\papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj [2015-10-22]
CHR Extension: (Pricescout for Google Chrome™) - C:\Users\papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkjddnnlgmahpnjjkiolhoophlpibfn [2015-10-08]
CHR Extension: (Google Docs Offline) - C:\Users\papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-13]
CHR Extension: (AdBlock) - C:\Users\papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-10-13]
CHR Extension: (FlashBlock) - C:\Users\papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gofhjkjmkpinhpoiabjplobcaignabnl [2014-07-24]
CHR Extension: (SoundCloud Downloader Free) - C:\Users\papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\libedajeiljdoodmokbppgapcfbignci [2015-10-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-26]
CHR Extension: (AdBlock Pro) - C:\Users\papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2015-10-07]
CHR Extension: (Amazon Assistant for Chrome) - C:\Users\papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2015-10-31]
CHR Extension: (Gmail) - C:\Users\papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-10-31]
CHR HKU\S-1-5-21-2177431364-788801199-4247945438-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-10-31]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-04] ()
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155192 2015-08-26] (NVIDIA Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
S2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareService.exe [712432 2015-08-27] ()
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [157928 2015-10-27] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [782608 2015-08-21] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe [1694152 2015-07-23] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [639456 2015-07-17] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-06-29] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [373704 2015-07-15] (McAfee, Inc.)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2015-06-29] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-08-26] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544568 2015-08-26] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2099208 2015-10-22] (Electronic Arts)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [1050904 2013-12-11] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 007FA1C9; C:\Windows\System32\drivers\007FA1C9.sys [478392 2015-10-04] (Kaspersky Lab ZAO)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-04] ()
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [77536 2015-07-02] (McAfee, Inc.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2015-08-03] (LogMeIn Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-10-31] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [412440 2015-07-02] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [347800 2015-07-02] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80920 2015-07-02] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496888 2015-07-02] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [875928 2015-07-02] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [529080 2015-06-28] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [109728 2015-06-28] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-10-27] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344704 2015-07-02] (McAfee, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-08-26] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-10] (NVIDIA Corporation)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39080 2014-05-18] (Razer Inc)
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 xb1usb; C:\Windows\System32\drivers\xb1usb.sys [34016 2014-05-28] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-01 08:40 - 2015-11-01 08:40 - 00024497 _____ C:\Users\papa\Downloads\FRST.txt
2015-11-01 08:39 - 2015-11-01 08:40 - 00000000 ____D C:\FRST
2015-11-01 08:39 - 2015-11-01 08:39 - 02198016 _____ (Farbar) C:\Users\papa\Downloads\FRST64.exe
2015-10-31 19:57 - 2015-10-31 19:57 - 00000000 _____ C:\Windows\setuperr.log
2015-10-31 19:57 - 2015-10-31 19:57 - 00000000 _____ C:\Windows\setupact.log
2015-10-31 11:11 - 2015-10-31 11:11 - 00002107 _____ C:\Users\papa\Desktop\JRT.txt
2015-10-31 11:09 - 2015-11-01 08:38 - 00167498 _____ C:\Windows\WindowsUpdate.log
2015-10-31 11:03 - 2015-10-31 11:07 - 00000000 ____D C:\AdwCleaner
2015-10-31 11:03 - 2015-10-31 11:04 - 01801288 _____ (Malwarebytes) C:\Users\papa\Downloads\JRT.exe
2015-10-31 11:03 - 2015-10-31 11:03 - 01694208 _____ C:\Users\papa\Downloads\adwcleaner_5.015.exe
2015-10-31 10:57 - 2015-10-31 10:57 - 00002780 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-10-31 10:57 - 2015-10-31 10:57 - 00000834 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-10-31 10:57 - 2015-10-31 10:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-10-31 10:57 - 2015-10-31 10:57 - 00000000 ____D C:\Program Files\CCleaner
2015-10-31 10:55 - 2015-10-31 10:55 - 06762072 _____ (Piriform Ltd) C:\Users\papa\Downloads\ccsetup511.exe
2015-10-31 10:54 - 2015-10-31 10:55 - 05637361 _____ (Swearware) C:\Users\papa\Downloads\ComboFix.exe
2015-10-31 10:54 - 2015-10-31 10:54 - 00003714 _____ C:\Users\papa\Desktop\Rkill.txt
2015-10-31 10:53 - 2015-10-31 10:54 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\papa\Downloads\rkill.exe
2015-10-29 18:49 - 2015-10-29 18:49 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2015-10-25 10:31 - 2015-10-25 10:31 - 00003116 _____ C:\Windows\System32\Tasks\{6EA966D3-A473-4172-BB6A-415155F62AF7}
2015-10-25 10:29 - 2015-10-25 10:29 - 00033759 _____ C:\Users\papa\Downloads\Setup (1).exe
2015-10-23 17:45 - 2015-10-23 17:45 - 00001857 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-10-23 17:45 - 2015-10-23 17:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-10-23 17:45 - 2015-10-23 17:45 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-10-16 18:40 - 2015-10-16 18:40 - 00003080 _____ C:\Windows\System32\Tasks\McAfeeLogon
2015-10-16 18:40 - 2015-10-16 18:40 - 00001932 _____ C:\Users\Public\Desktop\McAfee Internet Security.lnk
2015-10-16 18:40 - 2015-10-16 18:40 - 00000000 ____D C:\Windows\System32\Tasks\McAfee
2015-10-16 18:40 - 2015-10-16 18:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-10-16 18:40 - 2015-10-16 18:40 - 00000000 ____D C:\Program Files (x86)\McAfee.com
2015-10-16 18:40 - 2015-05-19 12:59 - 00207208 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2015-10-16 18:39 - 2015-10-31 11:08 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-10-16 18:39 - 2015-10-16 19:39 - 00003348 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)
2015-10-16 18:39 - 2015-10-16 18:40 - 00000000 ____D C:\Program Files\McAfee
2015-10-16 18:39 - 2015-10-16 18:39 - 00000000 ____D C:\Program Files\McAfee.com
2015-10-14 19:16 - 2015-10-16 20:24 - 00000000 ____D C:\ProgramData\McAfee
2015-10-14 19:16 - 2015-10-16 18:40 - 00000000 ____D C:\Program Files\Common Files\McAfee
2015-10-14 19:16 - 2015-06-29 09:03 - 00254792 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2015-10-14 19:13 - 2015-10-14 19:14 - 08102800 _____ (McAfee, Inc.) C:\Users\papa\Downloads\McAfeeSetup.exe
2015-10-14 18:29 - 2015-09-18 18:18 - 00035384 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-10-14 18:29 - 2015-09-18 04:42 - 01290752 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-10-14 18:29 - 2015-09-18 04:42 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-10-14 18:29 - 2015-09-18 04:42 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-10-14 18:29 - 2015-09-18 04:42 - 00699904 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-10-14 18:29 - 2015-09-18 04:42 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-10-14 18:29 - 2015-09-18 04:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-10-13 20:30 - 2015-09-29 03:31 - 07457624 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-10-13 20:30 - 2015-09-29 03:31 - 01658536 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-10-13 20:30 - 2015-09-29 03:31 - 01519592 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-10-13 20:30 - 2015-09-29 03:31 - 01487008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-10-13 20:30 - 2015-09-29 03:31 - 01355848 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-10-13 20:30 - 2015-09-24 08:51 - 00130560 _____ (Microsoft Corporation) C:\Windows\system32\BdeHdCfg.exe
2015-10-13 20:30 - 2015-09-24 08:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\BdeHdCfgLib.dll
2015-10-13 20:30 - 2015-09-24 08:30 - 00322048 _____ (Microsoft Corporation) C:\Windows\system32\fvecpl.dll
2015-10-13 20:30 - 2015-09-24 07:42 - 00348672 _____ (Microsoft Corporation) C:\Windows\system32\bdesvc.dll
2015-10-13 20:30 - 2015-09-24 07:40 - 00737280 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2015-10-13 20:30 - 2015-08-26 17:43 - 22372152 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-10-13 20:30 - 2015-08-26 17:42 - 19795904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-10-13 20:30 - 2015-08-07 12:40 - 01736520 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-10-13 20:30 - 2015-08-07 12:40 - 01499920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-10-13 20:30 - 2015-08-07 12:40 - 01134752 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-10-13 20:30 - 2015-08-07 12:40 - 00686960 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-10-13 20:30 - 2015-08-07 12:40 - 00507176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-10-13 20:30 - 2015-08-07 05:13 - 00862720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-10-13 20:30 - 2015-08-06 07:47 - 04710400 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-10-13 20:30 - 2015-08-06 07:18 - 04068352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2015-10-13 20:29 - 2015-09-10 09:02 - 25851392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-10-13 20:29 - 2015-09-10 08:19 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-10-13 20:29 - 2015-09-10 08:18 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-10-13 20:29 - 2015-09-10 08:18 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-10-13 20:29 - 2015-09-10 08:14 - 05990400 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-10-13 20:29 - 2015-09-10 08:09 - 20358144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-10-13 20:29 - 2015-09-10 08:06 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-10-13 20:29 - 2015-09-10 08:04 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-10-13 20:29 - 2015-09-10 07:51 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-10-13 20:29 - 2015-09-10 07:39 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-10-13 20:29 - 2015-09-10 07:37 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-10-13 20:29 - 2015-09-10 07:37 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-10-13 20:29 - 2015-09-10 07:35 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-10-13 20:29 - 2015-09-10 07:33 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-10-13 20:29 - 2015-09-10 07:28 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-10-13 20:29 - 2015-09-10 07:28 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-10-13 20:29 - 2015-09-10 07:27 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-10-13 20:29 - 2015-09-10 07:24 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-10-13 20:29 - 2015-09-10 07:21 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-10-13 20:29 - 2015-09-10 07:19 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-10-13 20:29 - 2015-09-10 07:19 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-10-13 20:29 - 2015-09-10 07:19 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-10-13 20:29 - 2015-09-10 07:17 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-10-13 20:29 - 2015-09-10 07:17 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-10-13 20:29 - 2015-09-10 07:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-10-13 20:29 - 2015-09-10 07:05 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-10-13 20:29 - 2015-09-10 07:02 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-10-13 20:29 - 2015-09-10 07:01 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-10-13 20:29 - 2015-09-10 07:00 - 12853760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-10-13 20:29 - 2015-09-10 06:57 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-10-13 20:29 - 2015-09-10 06:57 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-10-13 20:29 - 2015-09-10 06:55 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-10-13 20:29 - 2015-09-10 06:55 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-10-13 20:29 - 2015-09-10 06:55 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-10-13 20:29 - 2015-09-10 06:45 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-10-13 20:29 - 2015-09-10 06:34 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-10-13 20:29 - 2015-09-10 06:31 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-10-13 20:29 - 2015-09-10 06:27 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-10-13 20:29 - 2015-09-10 06:26 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-10-13 20:29 - 2015-08-06 08:05 - 00669184 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx
2015-10-13 20:29 - 2015-08-06 07:37 - 00536576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhctrl.ocx
2015-10-13 20:28 - 2015-09-29 03:29 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-10-13 20:28 - 2015-09-28 09:45 - 03705344 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-10-13 20:28 - 2015-09-28 09:26 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-10-13 20:28 - 2015-09-28 09:25 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-10-13 20:28 - 2015-09-28 09:25 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-10-13 20:28 - 2015-09-28 09:25 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-10-13 20:28 - 2015-09-28 09:22 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-10-13 20:28 - 2015-09-28 09:22 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-10-13 20:28 - 2015-09-28 09:22 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-10-13 20:28 - 2015-09-28 09:15 - 02243072 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-10-13 20:28 - 2015-09-28 09:13 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-10-13 20:28 - 2015-09-28 09:12 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-10-13 20:28 - 2015-08-22 04:42 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2015-10-13 20:28 - 2015-08-22 04:42 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-13 20:28 - 2015-08-22 04:42 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-13 20:28 - 2015-08-22 04:42 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-13 20:28 - 2015-08-22 04:42 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-13 20:28 - 2015-08-22 04:42 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-13 20:28 - 2015-08-22 04:42 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-13 20:28 - 2015-08-22 04:42 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-13 20:28 - 2015-08-22 04:42 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-10-13 20:28 - 2015-08-22 04:42 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-13 20:28 - 2015-08-22 04:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-13 20:28 - 2015-08-22 04:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-13 20:28 - 2015-08-22 04:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-13 20:28 - 2015-08-22 04:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-13 20:28 - 2015-08-22 04:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-13 20:28 - 2015-08-22 04:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-13 20:28 - 2015-08-22 04:35 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-10-13 20:28 - 2015-08-22 04:35 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-13 20:28 - 2015-08-22 04:35 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-13 20:28 - 2015-08-22 04:35 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-13 20:28 - 2015-08-22 04:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-13 20:28 - 2015-08-22 04:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-13 20:28 - 2015-08-22 04:35 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-13 20:28 - 2015-08-22 04:35 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-13 20:28 - 2015-08-22 04:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-13 20:28 - 2015-08-22 04:35 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-13 20:28 - 2015-08-22 04:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-13 20:28 - 2015-08-22 04:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-13 20:28 - 2015-08-22 04:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-13 20:28 - 2015-08-22 04:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-13 20:28 - 2015-08-22 04:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-13 20:28 - 2015-08-22 04:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-13 20:28 - 2015-07-16 09:58 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\NcdAutoSetup.dll
2015-10-10 19:00 - 2015-10-30 21:29 - 00000000 ____D C:\Users\papa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2015-10-08 14:37 - 2015-10-08 14:37 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2015-10-08 14:37 - 2015-10-08 14:37 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2015-10-04 10:50 - 2015-10-04 10:50 - 00478392 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\007FA1C9.sys
2015-10-04 10:50 - 2015-10-04 10:50 - 00000000 ____D C:\KVRT_Data
2015-10-04 10:22 - 2015-10-04 10:50 - 92717208 _____ (Kaspersky Lab ZAO) C:\Users\papa\Downloads\KVRT.exe
2015-10-04 08:56 - 2015-10-04 08:57 - 02166516 _____ C:\Users\papa\Downloads\ogg-acm-0036.zip
2015-10-04 08:56 - 2015-10-04 08:56 - 00033021 _____ C:\Windows\SysWOW64\CoreVorbis-uninstall.exe
2015-10-04 08:53 - 2015-10-04 08:53 - 00168941 _____ C:\Users\papa\Downloads\CoreVorbis_1.1.0.79_20050813.zip
2015-10-04 08:45 - 2015-10-04 08:45 - 00000000 ____D C:\ProgramData\Sophos
2015-10-04 08:45 - 2015-10-04 08:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2015-10-04 08:45 - 2015-10-04 08:45 - 00000000 ____D C:\Program Files (x86)\Sophos
2015-10-04 08:37 - 2015-10-04 08:42 - 135185776 _____ (Sophos Limited) C:\Users\papa\Downloads\Sophos Virus Removal Tool.exe
2015-10-04 01:38 - 2015-10-04 01:38 - 00000218 _____ C:\Users\papa\AppData\Local\recently-used.xbel
2015-10-03 23:13 - 2015-10-03 23:13 - 14758443 _____ (Deluge Team) C:\Users\papa\Downloads\deluge-1.3.12-1-win32-py2.6-setup.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-01 08:38 - 2015-05-08 10:51 - 00000000 ____D C:\Users\papa\AppData\Roaming\Skype
2015-11-01 08:35 - 2015-03-18 10:42 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-01 08:31 - 2014-07-24 20:29 - 00003906 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{B793F813-F0E4-4C93-8164-BC6EB5463B6F}
2015-11-01 08:28 - 2013-08-22 06:36 - 00000000 ____D C:\Windows\system32\sru
2015-11-01 00:10 - 2014-07-24 20:30 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-31 19:57 - 2014-07-24 20:28 - 00014415 _____ C:\Windows\system32\lvcoinst.log
2015-10-31 19:36 - 2014-07-24 20:29 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2177431364-788801199-4247945438-1001
2015-10-31 19:10 - 2014-07-24 20:30 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-31 11:40 - 2014-07-26 23:09 - 00000000 ____D C:\Users\papa\AppData\Roaming\vlc
2015-10-31 11:32 - 2014-07-24 20:29 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-31 11:31 - 2014-07-24 20:23 - 00000000 ___DO C:\Users\papa\SkyDrive
2015-10-31 11:15 - 2015-08-28 18:05 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-31 11:09 - 2014-08-04 11:43 - 00000000 ____D C:\Users\papa\AppData\Roaming\Spotify
2015-10-31 11:09 - 2014-08-04 11:43 - 00000000 ____D C:\Users\papa\AppData\Local\Spotify
2015-10-31 11:09 - 2013-08-22 04:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-10-31 11:08 - 2015-08-28 17:11 - 00002345 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2015-10-31 11:08 - 2014-07-24 20:28 - 00000000 ____D C:\ProgramData\NVIDIA
2015-10-31 11:08 - 2013-08-22 05:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-31 10:59 - 2014-11-01 22:29 - 00000000 ____D C:\Windows\Minidump
2015-10-31 10:59 - 2014-07-26 05:39 - 00000000 ____D C:\Program Files (x86)\Steam
2015-10-31 10:59 - 2014-07-26 05:30 - 00000000 ____D C:\Users\papa\AppData\Roaming\uTorrent
2015-10-31 10:59 - 2014-07-24 19:59 - 00000000 ____D C:\Windows\Panther
2015-10-30 21:26 - 2014-08-28 21:52 - 00000000 ____D C:\ProgramData\Origin
2015-10-29 18:49 - 2014-07-26 23:11 - 00001082 _____ C:\Users\Public\Desktop\VLC media player.lnk
2015-10-25 01:35 - 2014-07-24 20:20 - 00000000 ____D C:\Users\papa
2015-10-24 09:50 - 2015-02-26 19:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-24 09:50 - 2013-08-22 04:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-10-23 17:46 - 2014-07-26 05:32 - 00000858 _____ C:\Users\papa\Desktop\µTorrent.lnk
2015-10-23 17:46 - 2014-07-26 05:32 - 00000838 _____ C:\Users\papa\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2015-10-23 17:42 - 2015-06-14 15:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-23 17:42 - 2015-02-26 19:26 - 00001171 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-10-23 17:42 - 2015-02-26 19:26 - 00001159 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-10-22 21:41 - 2013-08-22 06:36 - 00000000 ____D C:\Windows\AppReadiness
2015-10-22 21:31 - 2014-08-28 21:51 - 00000000 ____D C:\Program Files (x86)\Origin
2015-10-19 18:32 - 2013-08-22 06:20 - 00000000 ____D C:\Windows\CbsTemp
2015-10-16 21:35 - 2015-03-18 10:42 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-10-16 21:22 - 2013-08-22 06:36 - 00000000 ____D C:\Windows\rescache
2015-10-16 18:40 - 2013-08-22 06:36 - 00000000 ____D C:\Windows\ELAMBKUP
2015-10-16 18:39 - 2015-07-29 09:14 - 00000000 ____D C:\Program Files\Common Files\AV
2015-10-16 18:31 - 2015-08-28 17:24 - 00000000 ____D C:\ProgramData\AVG2015
2015-10-16 18:31 - 2015-08-28 17:24 - 00000000 ____D C:\Program Files (x86)\AVG
2015-10-16 18:31 - 2015-08-28 17:09 - 00000000 ____D C:\ProgramData\MFAData
2015-10-15 21:54 - 2014-12-12 11:26 - 00000000 ____D C:\Windows\system32\appraiser
2015-10-15 21:54 - 2014-08-02 23:33 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-10-15 21:54 - 2013-08-22 06:36 - 00000000 ___RD C:\Windows\ToastData
2015-10-15 19:51 - 2014-08-03 12:51 - 00810488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-10-15 19:51 - 2014-08-03 12:51 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-14 19:25 - 2015-08-28 17:24 - 00000000 ___HD C:\$AVG
2015-10-14 19:21 - 2015-08-28 17:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-10-14 18:56 - 2014-07-27 19:30 - 00000000 ____D C:\Windows\system32\MRT
2015-10-14 18:53 - 2014-07-27 19:30 - 143481208 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-10-14 18:25 - 2015-08-28 18:05 - 00001114 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-14 18:25 - 2015-08-28 18:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-14 18:25 - 2015-08-28 18:05 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-11 10:54 - 2015-07-30 19:51 - 00000000 ____D C:\Users\papa\AppData\Roaming\deluge
2015-10-11 10:46 - 2015-08-03 13:04 - 00000000 ____D C:\Users\papa\Desktop\Hyperrealist-FX
2015-10-08 14:37 - 2015-08-28 17:48 - 00000000 ____D C:\Users\papa\AppData\Local\Avg
2015-10-07 06:07 - 2015-05-08 10:50 - 00000000 ____D C:\ProgramData\Skype
2015-10-06 06:43 - 2015-04-03 22:00 - 00000000 ___SD C:\Windows\system32\GWX
2015-10-05 21:21 - 2015-04-03 22:00 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-10-05 08:50 - 2015-08-28 18:05 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-05 08:50 - 2015-08-28 18:05 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-10-05 08:50 - 2015-08-28 18:05 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-10-04 01:38 - 2015-07-30 19:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluge
2015-10-04 01:38 - 2015-07-30 19:51 - 00000000 ____D C:\Program Files (x86)\Deluge
2015-10-02 16:43 - 2014-11-18 00:22 - 00000000 ____D C:\ProgramData\Package Cache
 
==================== Files in the root of some directories =======
 
2015-10-04 01:38 - 2015-10-04 01:38 - 0000218 _____ () C:\Users\papa\AppData\Local\recently-used.xbel
 
Some files in TEMP:
====================
C:\Users\papa\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-10-23 06:34
 
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:31-10-2015
Ran by papa (2015-11-01 08:40:43)
Running from C:\Users\papa\Downloads
Windows 8.1 Pro (X64) (2014-07-25 05:22:36)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2177431364-788801199-4247945438-500 - Administrator - Disabled)
Guest (S-1-5-21-2177431364-788801199-4247945438-501 - Limited - Disabled)
papa (S-1-5-21-2177431364-788801199-4247945438-1001 - Administrator - Enabled) => C:\Users\papa

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Ad-Aware Antivirus (Disabled - Out of date) {B0CC18C6-E527-6EE6-874C-9D19920E5619}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Ad-Aware Antivirus (Disabled - Out of date) {0BADF922-C31D-6168-BDFC-A66BE9891CA4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
FW: Ad-Aware Firewall (Disabled) {88F799E3-AF48-6FBE-AC13-342C6CDD1162}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

"XCOM - Enemy Within" (HKLM-x32\...\{EE377223-72A9-4995-B3B6-8A056CA4CE5D}_is1) (Version: 1.0.0.926 - )
µTorrent (HKU\S-1-5-21-2177431364-788801199-4247945438-1001\...\uTorrent) (Version: 3.4.5.41202 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Ad-Aware Antivirus (HKLM\...\{18A24EC3-2BA0-4438-AA5C-A3CF81194D22}_AdAwareUpdater) (Version: 11.8.586.8535 - Lavasoft)
AdAwareInstaller (Version: 11.8.586.8535 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.8.586.8535 - Lavasoft) Hidden
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Alternative Look for Triss (HKLM-x32\...\Alternative Look for Triss_is1) (Version: 1.0.0.0 - GOG.com)
Alternative Look for Yennefer (HKLM-x32\...\Alternative Look for Yennefer_is1) (Version: 1.0.0.0 - GOG.com)
Amnesia - The Dark Descent (HKLM-x32\...\GOGPACKAMNESIA_is1) (Version: 2.0.0.2 - GOG.com)
Amnesia (HKLM\...\{a48e983a-39ba-41bb-947f-9393b9081ca4}.sdb) (Version: - )
AntimalwareEngine (Version: 3.0.98.0 - Lavasoft) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)
Ballad Heroes - Neutral Gwent Card Set (HKLM-x32\...\Ballad Heroes - Neutral Gwent Card Set_is1) (Version: 1.0.0.0 - GOG.com)
Batman™: Arkham Knight (HKLM-x32\...\Steam App 208650) (Version: - Rocksteady Studios)
Beard and Hairstyle Set (HKLM-x32\...\Beard and Hairstyle Set_is1) (Version: 1.0.0.0 - GOG.com)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Call of Duty®: Black Ops 2 (HKLM-x32\...\Call of Duty®: Black Ops 2_is1) (Version: 1.0.5 - R.G. Revenants)
CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform)
CloneBD (HKLM-x32\...\CloneBD) (Version: 1.0.5.1 - Elaborate Bytes)
CoreVorbis Audio Decoder (remove only) (HKLM-x32\...\CoreVorbis Audio Decoder) (Version: - )
Dead Rising 3 v.1.0 (HKLM-x32\...\Dead Rising 3_is1) (Version: - )
Deluge 1.3.12 (HKLM-x32\...\Deluge) (Version: - )
Divinity - Original Sin (HKLM-x32\...\1207664853_is1) (Version: 2.3.0.6 - GOG.com)
Dragon Age™: Inquisition (HKLM-x32\...\{DC4C36DC-4E5B-4262-B0C7-157DF534B969}) (Version: 1.0.0.7 - Electronic Arts)
Dreamfall Chapters: Books 1-3 (HKLM-x32\...\Dreamfall Chapters: Books 1-3_is1) (Version: - )
Elite Crossbow Set (HKLM-x32\...\Elite Crossbow Set_is1) (Version: 1.0.0.0 - GOG.com)
Fairy Fencer F (HKLM-x32\...\Fairy Fencer F_is1) (Version: - )
Fallout (HKLM-x32\...\GOGPACKFALLOUT_is1) (Version: 2.0.0.14 - GOG.com)
Fallout 3 - NMC's Texture Pack (HKLM-x32\...\Fallout 3 - NMC's Texture Pack_R.G. Mechanics_is1) (Version: - R.G. Mechanics, spider91)
Fallout 3 - Wasteland Edition (HKLM-x32\...\Fallout 3 - Wasteland Edition_R.G. Mechanics_is1) (Version: - R.G. Mechanics, spider91)
Fallout Mod Manager 0.13.21 (HKLM-x32\...\Generic Mod Manager_is1) (Version: - Q, Timeslip)
Fallout New Vegas 1.4 (HKLM-x32\...\Fallout New Vegas_is1) (Version: 1.4 - Bethesda Softworks)
Far Cry 4 (HKLM-x32\...\Far Cry 4_is1) (Version: 1.0 - Релиз от R.G. Steamgames)
Five Nights at Freddy's (HKU\S-1-5-21-2177431364-788801199-4247945438-1001\...\Five Nights at Freddy's) (Version: - )
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version: - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version: - )
Fraps (HKLM-x32\...\Fraps) (Version: - )
Gods Will Be Watching (HKLM-x32\...\1207664883_is1) (Version: 2.0.0.1 - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line)
InputMapper (HKLM-x32\...\{1A44056A-C7D8-4561-BC43-A0AA7D7AAA64}) (Version: 1.5.31.0 - DSDCS)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Kentucky Route Zero (HKLM-x32\...\GOGPACKKENTUCKYROUTEZERO_is1) (Version: 2.1.0.3 - GOG.com)
KMSpico v9.1.3 (HKLM\...\KMSpico_is1) (Version: 9.1.3 - )
LEGO Batman 3 - Beyond Gotham (HKLM-x32\...\TEVHT0JhdG1hbjNCZXlvbmRHb3RoYW0=_is1) (Version: 1 - )
Life Is Strange™ (HKLM-x32\...\Steam App 319630) (Version: - DONTNOD Entertainment)
Limits and Demonstrations (HKLM-x32\...\GOGPACKKRZBONUS2_is1) (Version: 2.0.0.1 - GOG.com)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
McAfee Internet Security (HKLM-x32\...\MSC) (Version: 14.0.4121 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.192 - McAfee, Inc.)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Xbox One Controller for Windows (HKLM\...\{DC2CB48C-FD96-48EB-A36A-7D995BB587EB}) (Version: 1.0.2 - Microsoft Corporation)
Mozilla Firefox 41.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 en-US)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2 - Mozilla)
New Quest - Contract - Skellige's Most Wanted (HKLM-x32\...\New Quest - Contract: Skellige's Most Wanted_is1) (Version: 1.0.0.0 - GOG.com)
New Quest - Contract Missing Miners (HKLM-x32\...\New Quest - Contract Missing Miners_is1) (Version: 1.0.0.0 - GOG.com)
New Quest - Fool's Gold (HKLM-x32\...\New Quest - Fool's Gold_is1) (Version: 1.0.0.0 - GOG.com)
New Quest - Scavenger Hunt - Wolf School Gear (HKLM-x32\...\New Quest - Scavenger Hunt: Wolf School Gear_is1) (Version: 1.0.0.0 - GOG.com)
New Quest - Where the Cat and Wolf Play... (HKLM-x32\...\New Quest - Where the Cat and Wolf Play..._is1) (Version: 1.0.0.0 - GOG.com)
Nilfgaardian Armor Set (HKLM-x32\...\Nilfgaardian Armor Set_is1) (Version: 1.0.0.0 - GOG.com)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 355.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 355.82 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.14.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.14.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 355.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 355.82 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 355.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 355.82 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 9.4.21.2812 - Electronic Arts, Inc.)
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.15.20888 - Razer Inc.)
Scribblenauts Unmasked A DC Comics Adventure (HKLM-x32\...\Scribblenauts Unmasked A DC Comics Adventure_is1) (Version: - )
SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.14.5 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - Firaxis Games)
Skellige Armor Set (HKLM-x32\...\Skellige Armor Set_is1) (Version: 1.0.0.0 - GOG.com)
Skype™ 7.10 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.10.101 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
Spotify (HKU\S-1-5-21-2177431364-788801199-4247945438-1001\...\Spotify) (Version: 1.0.16.104.g3b776c9e - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Temerian Armor Set (HKLM-x32\...\Temerian Armor Set_is1) (Version: 1.0.0.0 - GOG.com)
The Divinity Engine (HKLM-x32\...\DIVTOOL_is1) (Version: 2.1.0.8 - GOG.com)
The Entertainment (HKLM-x32\...\GOGPACKKRZBONUS1_is1) (Version: 2.0.0.1 - GOG.com)
The Witcher 3 - Wild Hunt (HKLM-x32\...\1207664643_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher: Enhanced Edition (HKLM-x32\...\Steam App 20900) (Version: - CD Projekt RED)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.8.0 - Elaborate Bytes)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.2700 - Broadcom Corporation)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

14-10-2015 19:24:40 Removed AVG 2015
19-10-2015 18:32:37 Windows Update
23-10-2015 17:41:22 McAfee Vulnerability Scanner
29-10-2015 18:34:41 McAfee Vulnerability Scanner
31-10-2015 11:09:19 JRT Pre-Junkware Removal

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 04:25 - 2015-08-15 15:57 - 00002291 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 m.fr.a2dfp.net
127.0.0.1 mfr.a2dfp.net
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 static.a-ads.com
127.0.0.1 atlas.aamedia.ro
127.0.0.1 abcstats.com
127.0.0.1 ad4.abradio.cz
127.0.0.1 a.abv.bg
127.0.0.1 adserver.abv.bg
127.0.0.1 adv.abv.bg
127.0.0.1 bimg.abv.bg
127.0.0.1 ca.abv.bg
127.0.0.1 www2.a-counter.kiev.ua
127.0.0.1 track.acclaimnetwork.com
127.0.0.1 accuserveadsystem.com
127.0.0.1 www.accuserveadsystem.com
127.0.0.1 achmedia.com
127.0.0.1 csh.actiondesk.com
127.0.0.1 ads.activepower.net
127.0.0.1 app.activetrail.com

There are 48 more lines.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1AF280CA-7D5F-4DC4-85D1-F568B5F9457B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-10-19] (Piriform Ltd)
Task: {35A42905-6F9F-4D98-8D4B-06D0A558E3F2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {514AE8D7-702F-495D-AA39-4296C8AC6DF8} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {65EF4AB0-C1D9-4B0D-B8FE-3CFB2E5DAFFB} - System32\Tasks\{6EA966D3-A473-4172-BB6A-415155F62AF7} => pcalua.exe -a "C:\Users\papa\Downloads\Setup (1).exe" -d C:\Users\papa\Downloads
Task: {96BDB015-2A6D-41A8-BABC-D1F62C27402B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-10-14] (Microsoft Corporation)
Task: {9C9089F1-31D6-47B2-860E-11E878D43EAA} - System32\Tasks\{D2632BE1-2B44-46EE-AC6E-40A703E65DF7} => pcalua.exe -a "D:\Games\Fallout New Vegas\Fallout New Vegas\FalloutNVLauncher.exe" -d "D:\Games\Fallout New Vegas\Fallout New Vegas\"
Task: {AF9B6FCA-6640-4362-9ABF-83CB1C040AA4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {B0744153-B339-4EE2-891E-67EFB502CCEE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B7C8E7D5-31BD-4E1E-BDD7-8F950179F383} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-06-01] (McAfee, Inc.)
Task: {C23BDA28-7621-4365-AAE7-04A38AE09220} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2013-12-11] ()
Task: {C3246194-8BAE-45ED-85BA-AE332698351C} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2015-07-21] (McAfee, Inc.)
Task: {DC8D015F-52FD-464E-92FE-6BCB9770B4A3} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2015-01-04] ()
Task: {E0A35671-F354-4794-A880-065FFFA869F8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-16] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2010-01-09 19:17 - 2010-01-09 19:17 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 00:40 - 2010-01-21 00:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-09-27 23:52 - 2012-09-27 23:52 - 00047480 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\BtwLeAPI.dll
2015-08-27 14:57 - 2015-08-27 14:57 - 02794744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareShellExtension.dll
2015-08-27 14:57 - 2015-08-27 14:57 - 03549904 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\RCF.dll
2015-08-27 14:57 - 2015-08-27 14:57 - 00123656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_filesystem-vc120-mt-1_57.dll
2015-08-27 14:57 - 2015-08-27 14:57 - 00025856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_system-vc120-mt-1_57.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-07-24 20:28 - 2015-08-25 05:24 - 00116344 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-10-24 16:10 - 2015-10-20 05:08 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\libglesv2.dll
2015-10-24 16:10 - 2015-10-20 05:08 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\libegl.dll
2010-01-09 19:18 - 2010-01-09 19:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 00:34 - 2010-01-21 00:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-10-24 16:10 - 2015-10-20 05:08 - 16493384 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\PepperFlash\pepflashplayer.dll
2015-04-13 04:57 - 2015-04-13 04:57 - 00143296 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll
2015-04-13 05:00 - 2015-04-13 05:00 - 02631616 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll
2015-04-13 04:57 - 2015-04-13 04:57 - 00554944 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdshow_plugin.dll
2015-04-13 05:00 - 2015-04-13 05:00 - 00041920 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll
2015-04-13 05:00 - 2015-04-13 05:00 - 00039872 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll
2015-04-13 04:58 - 2015-04-13 04:58 - 00086464 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirect3d_plugin.dll
2015-04-13 04:56 - 2015-04-13 04:56 - 00070675 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll
2015-04-13 04:57 - 2015-04-13 04:57 - 02158528 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll
2015-04-13 04:57 - 2015-04-13 04:57 - 00114112 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll
2015-04-13 04:57 - 2015-04-13 04:57 - 00245184 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll
2015-04-13 04:57 - 2015-04-13 04:57 - 00089536 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libvdr_plugin.dll
2015-04-13 04:57 - 2015-04-13 04:57 - 00055744 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll
2015-04-13 04:57 - 2015-04-13 04:57 - 00072128 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libsmooth_plugin.dll
2015-04-13 04:57 - 2015-04-13 04:57 - 00593344 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libhttplive_plugin.dll
2015-04-13 04:57 - 2015-04-13 04:57 - 00771520 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libdash_plugin.dll
2015-04-13 04:57 - 2015-04-13 04:57 - 00131520 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libzip_plugin.dll
2015-04-13 04:57 - 2015-04-13 04:57 - 00052672 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\librar_plugin.dll
2015-04-13 04:57 - 2015-04-13 04:57 - 00023488 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\librecord_plugin.dll
2015-04-13 04:57 - 2015-04-13 04:57 - 00145856 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll
2015-04-13 04:59 - 2015-04-13 04:59 - 01566656 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll
2015-04-13 04:59 - 2015-04-13 04:59 - 00332736 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\lua\liblua_plugin.dll
2015-04-13 04:58 - 2015-04-13 04:58 - 01264064 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\misc\libxml_plugin.dll
2015-04-13 04:59 - 2015-04-13 04:59 - 00024512 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libwin_msg_plugin.dll
2015-04-13 04:59 - 2015-04-13 04:59 - 00069568 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll
2015-04-13 04:57 - 2015-04-13 04:57 - 00036800 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libes_plugin.dll
2015-04-13 04:59 - 2015-04-13 04:59 - 00048576 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libwin_hotkeys_plugin.dll
2015-04-13 05:00 - 2015-04-13 05:00 - 00344512 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll
2015-04-13 04:59 - 2015-04-13 04:59 - 00024512 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\librawvideo_plugin.dll
2015-04-13 04:59 - 2015-04-13 04:59 - 00157632 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll
2015-04-13 04:59 - 2015-04-13 04:59 - 00754624 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll
2015-04-13 05:00 - 2015-04-13 05:00 - 12001728 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll
2015-04-13 05:00 - 2015-04-13 05:00 - 00024512 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll
2015-04-13 04:59 - 2015-04-13 04:59 - 00031680 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll
2015-04-13 05:00 - 2015-04-13 05:00 - 00089024 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_h264_plugin.dll
2015-04-13 05:00 - 2015-04-13 05:00 - 00032192 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_flac_plugin.dll
2015-04-13 05:00 - 2015-04-13 05:00 - 00040384 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_dirac_plugin.dll
2015-04-13 05:00 - 2015-04-13 05:00 - 00030144 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_mlp_plugin.dll
2015-04-13 05:00 - 2015-04-13 05:00 - 00078272 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4audio_plugin.dll
2015-04-13 05:00 - 2015-04-13 05:00 - 00044992 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_vc1_plugin.dll
2015-04-13 04:59 - 2015-04-13 04:59 - 00026048 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libsvcdsub_plugin.dll
2015-04-13 04:59 - 2015-04-13 04:59 - 00028608 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll
2015-04-13 05:00 - 2015-04-13 05:00 - 00035264 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4video_plugin.dll
2015-04-13 05:00 - 2015-04-13 05:00 - 00037312 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpegvideo_plugin.dll
2015-04-13 05:00 - 2015-04-13 05:00 - 00028096 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libcvdsub_plugin.dll
2015-04-13 05:00 - 2015-04-13 05:00 - 00025536 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_hevc_plugin.dll
2015-04-13 04:57 - 2015-04-13 04:57 - 00127936 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libhttp_plugin.dll
2015-04-13 04:59 - 2015-04-13 04:59 - 13522368 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll
2015-04-13 05:00 - 2015-04-13 05:00 - 00028096 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libmpeg_audio_plugin.dll
2015-04-13 04:58 - 2015-04-13 04:58 - 00681408 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libupnp_plugin.dll
2015-04-13 04:58 - 2015-04-13 04:58 - 00137152 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libsap_plugin.dll
2015-04-13 04:58 - 2015-04-13 04:58 - 00030144 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libpodcast_plugin.dll
2015-04-13 04:58 - 2015-04-13 04:58 - 00026560 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libmediadirs_plugin.dll
2015-04-13 04:58 - 2015-04-13 04:58 - 00023488 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libwindrive_plugin.dll
2015-04-13 04:57 - 2015-04-13 04:57 - 00242112 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll
2015-04-13 04:57 - 2015-04-13 04:57 - 00108992 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libavi_plugin.dll
2015-04-13 04:57 - 2015-04-13 04:57 - 00096704 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libasf_plugin.dll
2015-04-13 04:57 - 2015-04-13 04:57 - 00091584 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libflacsys_plugin.dll
2015-04-13 05:00 - 2015-04-13 05:00 - 00261056 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libjpeg_plugin.dll
2015-04-13 05:00 - 2015-04-13 05:00 - 00027072 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll
2015-04-13 05:00 - 2015-04-13 05:00 - 00304576 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libpng_plugin.dll
2015-04-13 04:59 - 2015-04-13 04:59 - 01291200 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll
2015-04-13 05:00 - 2015-04-13 05:00 - 00028608 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libdts_plugin.dll
2015-04-13 04:59 - 2015-04-13 04:59 - 00036800 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll
2015-04-13 04:59 - 2015-04-13 04:59 - 00052160 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libsubstx3g_plugin.dll
2015-04-13 04:59 - 2015-04-13 04:59 - 00456128 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libflac_plugin.dll
2015-04-13 05:00 - 2015-04-13 05:00 - 00035776 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libg711_plugin.dll
2015-04-13 05:00 - 2015-04-13 05:00 - 01549248 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll
2015-04-13 04:59 - 2015-04-13 04:59 - 00356288 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll
2015-04-13 05:00 - 2015-04-13 05:00 - 00028096 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liba52_plugin.dll
2015-04-13 04:59 - 2015-04-13 04:59 - 00022464 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_mixer\libfloat_mixer_plugin.dll
2015-04-13 04:59 - 2015-04-13 04:59 - 00027072 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll
2015-04-13 04:59 - 2015-04-13 04:59 - 00140224 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libmpgatofixed32_plugin.dll
2015-04-13 04:59 - 2015-04-13 04:59 - 00176576 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstofloat32_plugin.dll
2015-04-13 04:59 - 2015-04-13 04:59 - 00067520 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tofloat32_plugin.dll
2015-04-13 04:59 - 2015-04-13 04:59 - 01504704 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll
2015-04-13 04:59 - 2015-04-13 04:59 - 00028096 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsimple_channel_mixer_plugin.dll
2015-04-13 04:59 - 2015-04-13 04:59 - 00022464 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tospdif_plugin.dll
2015-04-13 04:59 - 2015-04-13 04:59 - 00022976 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstospdif_plugin.dll
2015-04-13 04:59 - 2015-04-13 04:59 - 00029632 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll
2015-04-13 04:59 - 2015-04-13 04:59 - 00022464 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libugly_resampler_plugin.dll
2015-04-13 04:59 - 2015-04-13 04:59 - 00024512 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll
2015-04-13 04:59 - 2015-04-13 04:59 - 00034240 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll
2015-04-13 04:59 - 2015-04-13 04:59 - 00046528 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll
2015-04-13 04:57 - 2015-04-13 04:57 - 00088512 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_mms_plugin.dll
2015-04-10 10:35 - 2015-08-26 15:37 - 00011896 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\papa\Downloads\Firefox Setup Stub 36.0.exe:BDU
AlternateDataStreams: C:\Users\papa\Downloads\installer_win (1).exe:BDU
AlternateDataStreams: C:\Users\papa\Downloads\setup.exe:BDU
AlternateDataStreams: C:\Users\papa\Downloads\SkypeSetup.exe:BDU
AlternateDataStreams: C:\Users\papa\Downloads\SpotifySetup (1).exe:BDU

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\007FA1C9.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\007FA1C9.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2177431364-788801199-4247945438-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\papa\Desktop\f34e7a938d10f12d29aaf99b17659183.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Razer Synapse"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKU\S-1-5-21-2177431364-788801199-4247945438-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-2177431364-788801199-4247945438-1001\...\StartupApproved\Run: => "BingSvc"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{893E73A5-C861-4972-AC5C-3A62EA1FCD5B}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{577A665B-A062-4058-9CAC-DB192BE6F397}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{E002F21F-2758-4829-A210-418B80B2BEB9}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{43378FBE-1DD4-465C-9D75-7695B43E446D}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{4455DF68-759B-4234-A27C-39898D9E7621}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{25AEA337-EF29-4D85-B795-4E8BC583234A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{FC020A8D-2FEC-41AF-83DC-0F0B5D0A5019}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{87F77EDA-3049-43EF-AC6B-8A1863A45A22}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{F84F491C-26C1-4931-AE51-E944B2C43DE7}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{926D1AE9-E24B-4A84-B945-59F1BD2A67FF}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{C8F9256E-8FC3-46FD-9FC6-001BBC86FED3}] => (Allow) C:\Users\papa\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E4AE94C3-59F7-44F5-A1BE-25438BB245D5}] => (Allow) C:\Users\papa\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B14F27DB-6265-4589-B4DC-5B1F167CB3E7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{406A8AF1-E612-48E0-9B1F-784462A43B75}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{3032FE38-EEBE-484F-AEBB-3009CA8E330C}D:\games\divinity - original sin\divinity - original sin\shipping\eocapp.exe] => (Allow) D:\games\divinity - original sin\divinity - original sin\shipping\eocapp.exe
FirewallRules: [UDP Query User{9C29E915-8512-4799-96CA-800A793DF58C}D:\games\divinity - original sin\divinity - original sin\shipping\eocapp.exe] => (Allow) D:\games\divinity - original sin\divinity - original sin\shipping\eocapp.exe
FirewallRules: [{AB9843A5-2BB6-427E-8457-F955E76B595A}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{B890D16D-EF24-4E69-AF11-829639773021}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [TCP Query User{8C60C291-D8E3-4E89-BC45-73654EE25E04}C:\users\papa\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\papa\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{673A8B3A-F91E-4BD8-B5CD-C1A90689A5A3}C:\users\papa\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\papa\appdata\roaming\spotify\spotify.exe
FirewallRules: [{500D0C19-A58E-4C14-B1C2-FD9C45036A60}] => (Allow) C:\users\papa\appdata\roaming\spotify\spotify.exe
FirewallRules: [{208D194D-4817-4461-AD2C-677C7B0BE6CB}] => (Allow) C:\users\papa\appdata\roaming\spotify\spotify.exe
FirewallRules: [{53DCF7DF-0F9D-4830-94EC-EA2F7B293720}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8A23DE8B-9C99-4F65-A4FD-A54D652262D8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{00AA6314-F785-4FF4-9E99-BDACF92D86EE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6699B57C-6D2C-4C13-88D2-EAD83FE18505}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B7B8DA33-A278-4196-B8F5-D432776F811E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{4983B4BF-B12F-414D-8788-6E420B339849}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{4D7DA2E9-0508-493B-ACF9-2B38EA8C0C09}] => (Allow) D:\SteamLibrary\SteamApps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{9FC01D7D-A5FC-497E-B954-AF15E0EA47B7}] => (Allow) D:\SteamLibrary\SteamApps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{9AC6B862-AC3E-404D-9DC1-C2324DE3A49C}] => (Allow) D:\SteamLibrary\SteamApps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{E828F4BF-335E-4942-ADB4-549EAB08B9C9}] => (Allow) D:\SteamLibrary\SteamApps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{C130D97A-BF99-4A3E-BB64-E0F11324858A}] => (Allow) D:\Games\XCOM - Enemy Within\Binaries\Win32\XComEW.exe
FirewallRules: [{C58097CE-90B8-4195-88CA-DDCEEA71A3F9}] => (Allow) D:\Games\XCOM - Enemy Within\Binaries\Win32\XComEW.exe
FirewallRules: [TCP Query User{3F06602B-4A17-45A9-A981-9C651D801401}D:\games\far cry 4\bin\farcry4.exe] => (Allow) D:\games\far cry 4\bin\farcry4.exe
FirewallRules: [UDP Query User{C84A548B-E407-40F3-9E88-D71F6E984AD2}D:\games\far cry 4\bin\farcry4.exe] => (Allow) D:\games\far cry 4\bin\farcry4.exe
FirewallRules: [{5D65D3D4-DF08-4111-9755-2C3EBC21BCA5}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{B81F00B5-A2EA-4823-8AF3-D23D566C8AFB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{62E63871-BC9C-4FB6-A08D-460076500AAB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{C05E53EB-89FD-4800-A0D2-8DB7291113B6}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{37E84117-9EE4-4037-889E-5B0E3BBD4C76}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{15A6A37E-2DCE-425B-8ABB-BF111A60AFFC}] => (Allow) D:\Games\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{F8281ECB-0A57-4A9A-9FE1-827F1C711137}] => (Allow) D:\Games\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{BED9FB52-C049-4149-AE0D-6A326347E2F1}] => (Allow) D:\Games\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{B766E482-9C92-4D6E-BE71-1E6D06FEECEF}] => (Allow) D:\Games\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [TCP Query User{521DB401-C433-4683-93DF-AA2BBACF9266}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{3515D903-C94C-4632-B787-CF7D6F018473}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{A97A6B7C-7A16-4CDE-94AA-020C9B8A705C}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{6481CE33-266B-466D-89F9-FA8704CBE7FA}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{E851B498-3F1D-4892-8FBF-75F63F10C79F}] => (Allow) D:\SteamLibrary\SteamApps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{B92B78F6-44AB-4D22-9C87-27D29F2A28E6}] => (Allow) D:\SteamLibrary\SteamApps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{03F32C77-E326-4B11-9334-7A632F0657F4}] => (Allow) E:\SteamLibrary\steamapps\common\Batman Arkham Knight\Binaries\Win64\BatmanAK.exe
FirewallRules: [{95E7AE62-36AB-4EE0-8632-46799B9CCBB3}] => (Allow) E:\SteamLibrary\steamapps\common\Batman Arkham Knight\Binaries\Win64\BatmanAK.exe
FirewallRules: [TCP Query User{B65FA17E-B77E-4BF0-A5B0-1A693076A735}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [UDP Query User{9565105E-0239-4647-8D6D-58BBC0D63584}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [{25F89503-595A-4FA3-AAF3-30167D055786}] => (Block) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [{2A01392A-A2B1-4F2D-AC35-C79EAFA7400F}] => (Block) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [{AA54E433-E373-4556-AC74-4EE8EBA4CFA5}] => (Allow) E:\SteamLibrary\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{65219FB0-C5F1-499D-814A-92C178EA9181}] => (Allow) E:\SteamLibrary\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{6F74F1F3-1F82-4B54-A771-A0FBC93514A1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{C9EEE933-A80A-4EC3-9576-EC4FB0CF8C53}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{C4D05C73-F307-40EF-B1E3-0DA6C81C19E5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{1358BF1E-4CB2-4311-A2CA-568A20F55D5A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C4AF210F-E2A8-42C7-B3EF-A4DEF8418B12}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{2AA05F3A-1495-4C11-83A2-CCDB9359B1FF}] => (Allow) D:\SteamLibrary\SteamApps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{A6FDC5A9-2297-466C-9E79-E4AABE522382}] => (Allow) D:\SteamLibrary\SteamApps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{2ED90605-631F-42B7-8665-31E962306095}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{771BCEC4-675B-4AFF-9A9F-C065C5C23FBE}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{90C8720F-024B-482F-8457-7FEBCB55C77A}] => (Allow) LPort=1688
FirewallRules: [{79FCE026-0F54-4F4F-BD5D-18156295749B}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{44D628EB-DE83-4E55-A772-BDEF08C4AA3D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/31/2015 11:14:33 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-2177431364-788801199-4247945438-1001}/">.

Error: (10/31/2015 11:09:20 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (10/31/2015 11:09:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Service_KMS.exe, version: 11.0.0.0, time stamp: 0x52a8d15d
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x00007ffd06260565
Faulting process id: 0xae8
Faulting application start time: 0xService_KMS.exe0
Faulting application path: Service_KMS.exe1
Faulting module path: Service_KMS.exe2
Report Id: Service_KMS.exe3
Faulting package full name: Service_KMS.exe4
Faulting package-relative application ID: Service_KMS.exe5

Error: (10/31/2015 10:59:12 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-2177431364-788801199-4247945438-1001}/">.

Error: (10/31/2015 12:42:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NvStreamUserAgent.exe, version: 4.1.1990.344, time stamp: 0x55dda97b
Faulting module name: ntdll.dll, version: 6.3.9600.18007, time stamp: 0x55c4c16b
Exception code: 0xc0000005
Fault offset: 0x000000000003b189
Faulting process id: 0x14c8
Faulting application start time: 0xNvStreamUserAgent.exe0
Faulting application path: NvStreamUserAgent.exe1
Faulting module path: NvStreamUserAgent.exe2
Report Id: NvStreamUserAgent.exe3
Faulting package full name: NvStreamUserAgent.exe4
Faulting package-relative application ID: NvStreamUserAgent.exe5

Error: (10/30/2015 09:26:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Service_KMS.exe, version: 11.0.0.0, time stamp: 0x52a8d15d
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x00007ffda81f0565
Faulting process id: 0xad8
Faulting application start time: 0xService_KMS.exe0
Faulting application path: Service_KMS.exe1
Faulting module path: Service_KMS.exe2
Report Id: Service_KMS.exe3
Faulting package full name: Service_KMS.exe4
Faulting package-relative application ID: Service_KMS.exe5

Error: (10/29/2015 06:34:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (10/29/2015 06:16:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Service_KMS.exe, version: 11.0.0.0, time stamp: 0x52a8d15d
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x00007ffd7ab90565
Faulting process id: 0xc18
Faulting application start time: 0xService_KMS.exe0
Faulting application path: Service_KMS.exe1
Faulting module path: Service_KMS.exe2
Report Id: Service_KMS.exe3
Faulting package full name: Service_KMS.exe4
Faulting package-relative application ID: Service_KMS.exe5

Error: (10/29/2015 02:52:10 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x8898008d)

Error: (10/29/2015 07:07:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1219


System errors:
=============
Error: (10/31/2015 11:11:47 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Modules Installer service, but this action failed with the following error:
%%1056

Error: (10/31/2015 11:09:47 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (10/31/2015 11:09:44 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Office Software Protection Platform service terminated unexpectedly. It has done this 1 time(s).

Error: (10/31/2015 11:09:44 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Skype Updater service terminated unexpectedly. It has done this 1 time(s).

Error: (10/31/2015 11:09:44 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Streamer Service service terminated unexpectedly. It has done this 1 time(s).

Error: (10/31/2015 11:09:44 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Network Service service terminated unexpectedly. It has done this 1 time(s).

Error: (10/31/2015 11:09:43 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s).

Error: (10/31/2015 11:09:43 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s).

Error: (10/31/2015 11:09:43 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Ad-Aware Service 11 service terminated unexpectedly. It has done this 1 time(s).

Error: (10/31/2015 11:09:43 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA GeForce Experience Service service terminated unexpectedly. It has done this 1 time(s).


CodeIntegrity:
===================================
Date: 2015-09-30 20:14:09.168
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-09-30 20:14:09.104
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-09-30 20:14:09.004
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-09-30 20:14:08.938
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-09-30 20:14:08.864
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-09-30 20:14:08.798
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-09-30 20:14:08.710
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-09-30 20:14:08.645
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-09-30 20:14:08.579
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-09-30 20:14:08.515
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i5-4670K CPU @ 3.40GHz
Percentage of memory in use: 17%
Total physical RAM: 16321.61 MB
Available physical RAM: 13430.71 MB
Total Virtual: 32705.61 MB
Available Virtual: 27896.75 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:72.25 GB) (Free:11.27 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Shared ssd) (Fixed) (Total:476.81 GB) (Free:180.54 GB) NTFS
Drive e: (Shared) (Fixed) (Total:1397.26 GB) (Free:280.93 GB) NTFS
Drive h: () (Removable) (Total:15 GB) (Free:15 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 476.9 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 1 (Size: 111.8 GB) (Disk ID: 0008EC04)
Partition 1: (Active) - (Size=72.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=39.5 GB) - (Type=05)

========================================================
Disk: 2 (Size: 1397.3 GB) (Disk ID: 4F550A4E)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 15 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=15 GB) - (Type=0C)

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 05 November 2015 - 08:08 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,572 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:28 PM

Posted 05 November 2015 - 08:19 PM

reetings skimo3 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Unfortunately there is evidence of illegal software on your computer. If you would like assistance I am going to request you remove Microsoft Office Professional Plus 2010 and any other programs for which you do not have a legal copy with a valid Product Key. If you are willing to remove the program please let me know when it has been done and we will continue on. If you prefer to not do that let me know that as well so that I may close the Topic.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 skimo3

skimo3
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:28 PM

Posted 05 November 2015 - 11:26 PM

okay! that program along with others have been removed. whats next?



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,572 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:28 PM

Posted 06 November 2015 - 10:00 AM

Thank you, please consider and do this.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Multiple Antivirus Programs

-------------------

I do not recommend that you have more than one anti virus product installed on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please remove all but one of the Antivirus programs currently on your computer, even if only one is running. You can do this via Add/Remove Programs, or Programs and Features in the Control Panel.
 

Ad-Aware Antivirus
McAfee Anti-Virus and Anti-Spyware


===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [1050904 2013-12-11] () [File not signed]
C:\Program Files\KMSpico
2015-10-25 10:31 - 2015-10-25 10:31 - 00003116 _____ C:\Windows\System32\Tasks\{6EA966D3-A473-4172-BB6A-415155F62AF7}
Task: {C23BDA28-7621-4365-AAE7-04A38AE09220} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2013-12-11] ()
FirewallRules: [{893E73A5-C861-4972-AC5C-3A62EA1FCD5B}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{577A665B-A062-4058-9CAC-DB192BE6F397}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{E002F21F-2758-4829-A210-418B80B2BEB9}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{43378FBE-1DD4-465C-9D75-7695B43E446D}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{FC020A8D-2FEC-41AF-83DC-0F0B5D0A5019}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{87F77EDA-3049-43EF-AC6B-8A1863A45A22}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{F84F491C-26C1-4931-AE51-E944B2C43DE7}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{926D1AE9-E24B-4A84-B945-59F1BD2A67FF}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{AB9843A5-2BB6-427E-8457-F955E76B595A}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{B890D16D-EF24-4E69-AF11-829639773021}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure only the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries

  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
===================================================

RogueKiller by Tigzy

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • Right click on the icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • The program will conduct a prescan and when finished you wlll see Prescan Finished. Please hit the scan button
  • Click Scan
  • If, during the scan, you receive a request to upload a file to Virustotal please click Yes
  • A report should open and a copy of the report will be placed on your desktop. If not, hit the Report button.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it winlogon.exe (or winlogon.com) and try again
  • Copy and paste the contents of the report in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 skimo3

skimo3
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:28 PM

Posted 06 November 2015 - 07:31 PM

the summary attachment :-)

Attached Files



#6 skimo3

skimo3
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:28 PM

Posted 06 November 2015 - 07:36 PM

as suggested, all mentioned programs have been removed. below are the logs requested. the attachment i accidentally posted first
 
Fix result of Farbar Recovery Scan Tool (x64) Version:05-11-2015
Ran by papa (2015-11-06 06:57:48) Run:1
Running from C:\Users\papa\Desktop
Loaded Profiles: papa (Available Profiles: papa)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [1050904 2013-12-11] () [File not signed]
C:\Program Files\KMSpico
2015-10-25 10:31 - 2015-10-25 10:31 - 00003116 _____ C:\Windows\System32\Tasks\{6EA966D3-A473-4172-BB6A-415155F62AF7}
Task: {C23BDA28-7621-4365-AAE7-04A38AE09220} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2013-12-11] ()
FirewallRules: [{893E73A5-C861-4972-AC5C-3A62EA1FCD5B}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{577A665B-A062-4058-9CAC-DB192BE6F397}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{E002F21F-2758-4829-A210-418B80B2BEB9}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{43378FBE-1DD4-465C-9D75-7695B43E446D}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{FC020A8D-2FEC-41AF-83DC-0F0B5D0A5019}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{87F77EDA-3049-43EF-AC6B-8A1863A45A22}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{F84F491C-26C1-4931-AE51-E944B2C43DE7}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{926D1AE9-E24B-4A84-B945-59F1BD2A67FF}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{AB9843A5-2BB6-427E-8457-F955E76B595A}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{B890D16D-EF24-4E69-AF11-829639773021}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
*****************
 
Service KMSELDI => service removed successfully
C:\Program Files\KMSpico => moved successfully
C:\Windows\System32\Tasks\{6EA966D3-A473-4172-BB6A-415155F62AF7} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C23BDA28-7621-4365-AAE7-04A38AE09220}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C23BDA28-7621-4365-AAE7-04A38AE09220}" => key removed successfully
C:\Windows\System32\Tasks\AutoPico Daily Restart => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart" => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{893E73A5-C861-4972-AC5C-3A62EA1FCD5B} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{577A665B-A062-4058-9CAC-DB192BE6F397} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPoAClicy\FirewallRules\\{E002F21F-2758-4829-A210-418B80B2BEB9} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{43378FBE-1DD4-465C-9D75-7695B43E446D} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FC020A8D-2FEC-41AF-83DC-0F0B5D0A5019} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{87F77EDA-3049-43EF-AC6B-8A1863A45A22} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F84F491C-26C1-4931-AE51-E944B2C43DE7} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{926D1AE9-E24B-4A84-B945-59F1BD2A67FF} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AB9843A5-2BB6-427E-8457-F955E76B595A} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B890D16D-EF24-4E69-AF11-829639773021} => value removed successfully
 
==== End of Fixlog 06:57:49 ====
 
MiniToolBox by Farbar  Version: 02-11-2015
Ran by papa (administrator) on 06-11-2015 at 07:01:16
Running from "C:\Users\papa\Desktop"
Microsoft Windows 8.1 Pro  (X64)
Model: All Series Manufacturer: ASUS
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 m.fr.a2dfp.net
127.0.0.1 mfr.a2dfp.net
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 static.a-ads.com
127.0.0.1 atlas.aamedia.ro
127.0.0.1 abcstats.com
127.0.0.1 ad4.abradio.cz
127.0.0.1 a.abv.bg
127.0.0.1 adserver.abv.bg
127.0.0.1 adv.abv.bg
127.0.0.1 bimg.abv.bg
127.0.0.1 ca.abv.bg
127.0.0.1 www2.a-counter.kiev.ua
127.0.0.1 track.acclaimnetwork.com
127.0.0.1 accuserveadsystem.com
127.0.0.1 www.accuserveadsystem.com
127.0.0.1 achmedia.com
127.0.0.1 csh.actiondesk.com
127.0.0.1 ads.activepower.net
127.0.0.1 app.activetrail.com
 
There are 48 entries.
 
========================= IP Configuration: ================================
 
Realtek PCIe GBE Family Controller = Ethernet (Connected)
TAP-Win32 Adapter V9 = Local Area Connection (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set subinterface interface= subinterface=ethernet_12 mtu=1477
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Bau5
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : TAP-Win32 Adapter V9
   Physical Address. . . . . . . . . : 00-FF-A2-66-DC-ED
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Ethernet:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : BC-EE-7B-8D-9D-21
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::8438:a285:e1bc:8aba%3(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.9(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Friday, November 6, 2015 6:50:34 AM
   Lease Expires . . . . . . . . . . : Saturday, November 7, 2015 6:50:34 AM
   Default Gateway . . . . . . . . . : 2620:9b::1900:1
                                       192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 62713467
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-63-8E-AD-BC-EE-7B-8D-9D-21
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter isatap.{3DB24BB0-4028-4517-990F-3A80098A60D4}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:804:2ce3:ba4d:cc16(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::804:2ce3:ba4d:cc16%5(Preferred) 
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 134217728
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-63-8E-AD-BC-EE-7B-8D-9D-21
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  UnKnown
Address:  192.168.1.1
 
Name:    google.com
Addresses:  2607:f8b0:400a:802::1003
 66.58.255.59
 66.58.255.29
 66.58.255.19
 66.58.255.44
 66.58.255.30
 66.58.255.53
 66.58.255.34
 66.58.255.23
 66.58.255.45
 66.58.255.27
 66.58.255.57
 66.58.255.49
 66.58.255.42
 66.58.255.38
 66.58.255.15
 
 
Pinging google.com [66.58.255.29] with 32 bytes of data:
Reply from 66.58.255.29: bytes=32 time=14ms TTL=57
Reply from 66.58.255.29: bytes=32 time=13ms TTL=57
 
Ping statistics for 66.58.255.29:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 13ms, Maximum = 14ms, Average = 13ms
Server:  UnKnown
Address:  192.168.1.1
 
Name:    yahoo.com
Addresses:  2001:4998:58:c02::a9
 2001:4998:44:204::a7
 2001:4998:c:a06::2:4008
 206.190.36.45
 98.138.253.109
 98.139.183.24
 
 
Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=100ms TTL=43
Reply from 98.138.253.109: bytes=32 time=94ms TTL=43
 
Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 94ms, Maximum = 100ms, Average = 97ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  9...00 ff a2 66 dc ed ......TAP-Win32 Adapter V9
  3...bc ee 7b 8d 9d 21 ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
  4...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
  5...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.9     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.9    276
      192.168.1.9  255.255.255.255         On-link       192.168.1.9    276
    192.168.1.255  255.255.255.255         On-link       192.168.1.9    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.9    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.9    276
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  5    306 ::/0                     On-link
  3   9020 ::/0                     2620:9b::1900:1
  1    306 ::1/128                  On-link
  5    306 2001::/32                On-link
  5    306 2001:0:9d38:6ab8:804:2ce3:ba4d:cc16/128
                                    On-link
  3    276 fe80::/64                On-link
  5    306 fe80::/64                On-link
  5    306 fe80::804:2ce3:ba4d:cc16/128
                                    On-link
  3    276 fe80::8438:a285:e1bc:8aba/128
                                    On-link
  1    306 ff00::/8                 On-link
  5    306 ff00::/8                 On-link
  3    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
 If Metric Network Destination      Gateway
  0   9000 ::/0                     2620:9b::1900:1
===========================================================================
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [55296] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [65536] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [23040] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 08 C:\Windows\SysWOW64\wshbth.dll [50688] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [69120] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30720] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 08 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
 
**** End of log ****
 
 
RogueKiller V10.11.4.0 [Nov  2 2015] (Free) by Adlice Software
 
Operating System : Windows 8.1 (6.3.9600) 64 bits version
Started in : Normal mode
User : papa [Administrator]
Started from : C:\Users\papa\Desktop\RogueKiller.exe
Mode : Scan -- Date : 11/06/2015 07:23:31
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 0 ¤¤¤
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 79 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 0.0.0.0.0
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 0.0.0.0.0
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 0.0.0.0.0
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 0.0.0.0.0
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 0.0.0.0.0
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 0.0.0.0.0
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 0.0.0.0.0
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 0.0.0.0.0
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 0.0.0.0.0
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 m.fr.a2dfp.net
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 mfr.a2dfp.net
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ad.a8.net
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 asy.a8ww.net
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 static.a-ads.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 atlas.aamedia.ro
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 abcstats.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ad4.abradio.cz
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 a.abv.bg
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 adserver.abv.bg
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 adv.abv.bg
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 bimg.abv.bg
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ca.abv.bg
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 www2.a-counter.kiev.ua
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 track.acclaimnetwork.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 accuserveadsystem.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 www.accuserveadsystem.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 achmedia.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 csh.actiondesk.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ads.activepower.net
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 app.activetrail.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 traffic.acwebconnecting.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 office.ad1.ru
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 cms.ad2click.nl
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ad2games.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ads.ad2games.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 content.ad20.net
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 core.ad20.net
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 banner.ad.nu
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 cl21.v4.adaction.se
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 adadvisor.net
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 tag1.adaptiveads.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 www.adbanner.ro
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 wad.adbasket.net
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ad.pop1.adbn.ru
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ad.top1.adbn.ru
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ad.rich1.adbn.ru
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 james.adbutler.de #[Tracking.Cookie]
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 www.adbutler.de
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 www.adchimp.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 static.adclick.lt
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 engine.adclick.lv
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 show.adclick.lv
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 static.adclick.lv
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 www.adclick.lv
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ad-clix.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 www.ad-clix.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 servedby.adcombination.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 adcomplete.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 www.adcomplete.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 adhall.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 pool.adhese.be
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 adhitzads.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ads.static.adhood.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 app.pubserver.adhood.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 app.winwords.adhood.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ssl3.adhost.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 www2.adhost.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 adfarm1.adition.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 imagesrv.adition.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 adblockplus.org
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 easylist.adblockplus.org
[C:\Windows\System32\drivers\etc\hosts] 158.255.238.129 google-analytics.com
[C:\Windows\System32\drivers\etc\hosts] 158.255.238.129 www.google-analytics.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 adk2cdn.cpmrocket.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 c1.popads.net
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 yieldmanager.adbooth.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 www.adcash.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ads.adjalauto.com
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] 0086f36f0b7bc8b257f89fc226376c3d
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
Partition table:
0 - Microsoft reserved partition | Offset (sectors): 34 | Size: 128 MB
1 - Basic data partition | Offset (sectors): 264192 | Size: 488257 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1:  +++++
--- User ---
[MBR] 6d2f9b0fc62523f7247973f8bc5a5665
[BSP] 6f3642564451a620c66e6c0be43ed8e9 : Linux|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 73986 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] EXTEN (0x5) [VISIBLE] Offset (sectors): 151527422 | Size: 40485 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive2:  +++++
--- User ---
[MBR] f2c641cb70fe46563c4f4bfcf0e763a1
[BSP] 39fb99824a7152dbcf5525bc16b03729 : Linux|HP|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1430797 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive3:  +++++
--- User ---
[MBR] 59e3ae7cc5fd3186cc190cd383dba242
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 112 | Size: 15375 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
 


#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,572 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:28 PM

Posted 06 November 2015 - 09:02 PM

Thank you for the information. Please do this.

===================================================

Zoek by Smeenk

--------------------
  • Download Zoek and save it to your Desktop
  • Right click the icon, select Run as Admistrator, and wait for the Program to appear on your Desktop (may take 15 seconds or so)
  • Copy and paste the following into the main box

createsrpoint;
autoclean;
emptyalltemp;

  • Verify Scan All Users is selected then click Run Script
  • Do not use your computer while the scan is running
  • Copy and paste C:\zoek-results.txt in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Zoek report
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 skimo3

skimo3
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:28 PM

Posted 06 November 2015 - 11:00 PM

 
Zoek.exe v5.0.0.1 Updated 05-November-2015
Tool run by papa on Fri 11/06/2015 at 17:52:41.87.
Microsoft Windows 8.1 Pro 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\papa\Desktop\zoek.exe [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
11/6/2015 5:55:28 PM Zoek.exe System Restore Point Created Successfully.
 
==== Empty Folders Check ======================
 
C:\PROGRA~2\Origin Games deleted successfully
C:\Program Files\Bitdefender deleted successfully
C:\Users\papa\AppData\Roaming\QuickScan deleted successfully
C:\Users\papa\AppData\Local\Adobe deleted successfully
C:\Users\papa\AppData\Local\PackageStaging deleted successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== Deleting Files \ Folders ======================
 
C:\PROGRA~2\Origin Games not found
C:\PROGRA~2\VstPlugins deleted
C:\PROGRA~3\DivX deleted
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Users\papa\AppData\Roaming\Mozilla\Firefox\Profiles\cfova2it.default\extensions\bingsearch.full@microsoft.com deleted
 
==== Firefox Start and Search pages ======================
 
ProfilePath: C:\Users\papa\AppData\Roaming\Mozilla\Firefox\Profiles\cfova2it.default
user_pref("browser.search.defaultenginename", "Bing ");
user_pref("browser.search.selectedEngine", "Bing ");
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"="C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi" [11/03/2015 04:39 PM]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"="C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi" [11/03/2015 04:39 PM]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"MFVersion"="MF37.0.1 (x86 en-US)" []
 
==== Firefox Extensions ======================
 
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
==== Firefox Plugins ======================
 
Profilepath: C:\Users\papa\AppData\Roaming\Mozilla\Firefox\Profiles\cfova2it.default
863AF0003392FEBC2667A8A790DED955 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll - Shockwave Flash
 
 
==== Chromium Look ======================
 
Google Chrome Version: 46.0.2490.80
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
fheoggkfdfchfphceeifdbepaooicaho - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx[11/03/2015 05:51 PM]
 
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
bmkckgpgekmanipelfidlhmkfcjicion - No path found[]
 
Video Downloader - papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc
Pixsta - papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijncchffkmlnfdbnkkfclcbnjcoegjc
SiteAdvisor - papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho
Stylish - papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe
AdBlock - papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
FlashBlock - papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gofhjkjmkpinhpoiabjplobcaignabnl
 
==== Chromium Fix ======================
 
C:\Users\papa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_cdncache-a.akamaihd.net_0.localstorage deleted successfully
C:\Users\papa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_cdncache-a.akamaihd.net_0.localstorage-journal deleted successfully
C:\Users\papa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.cmptch.com_0.localstorage deleted successfully
C:\Users\papa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.cmptch.com_0.localstorage-journal deleted successfully
C:\Users\papa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage deleted successfully
C:\Users\papa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage-journal deleted successfully
C:\Users\papa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markit00.re-markit.co_0.localstorage deleted successfully
C:\Users\papa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markit00.re-markit.co_0.localstorage-journal deleted successfully
C:\Users\papa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\papa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\papa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully
C:\Users\papa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\papa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_deals.kinja.com_0.localstorage deleted successfully
C:\Users\papa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_deals.kinja.com_0.localstorage-journal deleted successfully
C:\Users\papa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_slickdeals.net_0.localstorage deleted successfully
C:\Users\papa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_slickdeals.net_0.localstorage-journal deleted successfully
C:\Users\papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc deleted successfully
C:\Users\papa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_aiimdkdngfcipjohbjenkahhlhccpdbc_0.localstorage deleted successfully
C:\Users\papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj deleted successfully
C:\Users\papa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gbkeegbaiigmenfmjfclcdgdpimamgkj_0.localstorage deleted successfully
C:\Users\papa\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gbkeegbaiigmenfmjfclcdgdpimamgkj deleted successfully
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Empty IE Cache ======================
 
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\papa\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\papa\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\papa\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\papa\AppData\Local\Microsoft\Windows\INetCache\IE\1RBGHHY5 will be deleted at reboot
C:\Users\papa\AppData\Local\Microsoft\Windows\INetCache\IE\37WO92VK will be deleted at reboot
C:\Users\papa\AppData\Local\Microsoft\Windows\INetCache\IE\644KFNKV will be deleted at reboot
C:\Users\papa\AppData\Local\Microsoft\Windows\INetCache\IE\6PV5B174 will be deleted at reboot
C:\Users\papa\AppData\Local\Microsoft\Windows\INetCache\IE\80UBZYZ3 will be deleted at reboot
C:\Users\papa\AppData\Local\Microsoft\Windows\INetCache\IE\CTZMSDPY will be deleted at reboot
C:\Users\papa\AppData\Local\Microsoft\Windows\INetCache\IE\GP842OYR will be deleted at reboot
C:\Users\papa\AppData\Local\Microsoft\Windows\INetCache\IE\J470LKIB will be deleted at reboot
C:\Users\papa\AppData\Local\Microsoft\Windows\INetCache\IE\KD2ZZ3MQ will be deleted at reboot
C:\Users\papa\AppData\Local\Microsoft\Windows\INetCache\IE\OUM207IG will be deleted at reboot
C:\Users\papa\AppData\Local\Microsoft\Windows\INetCache\IE\PPV19E13 will be deleted at reboot
C:\Users\papa\AppData\Local\Microsoft\Windows\INetCache\IE\QDXTOPR9 will be deleted at reboot
 
==== Empty FireFox Cache ======================
 
No FireFox Cache found
 
==== Empty Chrome Cache ======================
 
C:\Users\papa\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
No Java Cache Found
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=1144 folders=324 49880145 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\papa\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\Windows\Temp successfully emptied
C:\Users\papa\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== Deleting Files / Folders ======================
 
"C:\Users\papa\AppData\Local\Microsoft\Windows\INetCache\IE\1RBGHHY5" not found
"C:\Users\papa\AppData\Local\Microsoft\Windows\INetCache\IE\37WO92VK" not found
"C:\Users\papa\AppData\Local\Microsoft\Windows\INetCache\IE\644KFNKV" not found
"C:\Users\papa\AppData\Local\Microsoft\Windows\INetCache\IE\6PV5B174" not found
"C:\Users\papa\AppData\Local\Microsoft\Windows\INetCache\IE\80UBZYZ3" not found
"C:\Users\papa\AppData\Local\Microsoft\Windows\INetCache\IE\CTZMSDPY" not found
"C:\Users\papa\AppData\Local\Microsoft\Windows\INetCache\IE\GP842OYR" not found
"C:\Users\papa\AppData\Local\Microsoft\Windows\INetCache\IE\J470LKIB" not found
"C:\Users\papa\AppData\Local\Microsoft\Windows\INetCache\IE\KD2ZZ3MQ" not found
"C:\Users\papa\AppData\Local\Microsoft\Windows\INetCache\IE\OUM207IG" not found
"C:\Users\papa\AppData\Local\Microsoft\Windows\INetCache\IE\PPV19E13" not found
"C:\Users\papa\AppData\Local\Microsoft\Windows\INetCache\IE\QDXTOPR9" not found
 
==== EOF on Fri 11/06/2015 at 18:10:05.19 ======================
 
I havent seen any utrack redirects (yay!), however i am now receiving random  new tabs whenever i click on an empty space within a webpage, much like the utrack redirects. they are also still appearing in Steam as well.  some of the websites that have pop up are as follows: 
 


#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,572 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:28 PM

Posted 06 November 2015 - 11:23 PM

Thank you,

I may not be online much longer but would like you to run this for me.

===================================================

Running a Zoek Script

--------------------
  • Double click ZOEK.exe
  • Click More Options
  • Place a check mark in the following boxes

Do a Deep Scan
Installed Programs
Firefox Look
Chrome Look

  • Click Run Script and wait patiently for the program to run
  • Upon completion copy and paste the contents of the report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Zoek report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 skimo3

skimo3
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:28 PM

Posted 06 November 2015 - 11:33 PM

 
Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by papa on Fri 11/06/2015 at 19:26:47.08.
Microsoft Windows 8.1 Pro 6.3.9600  x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\papa\Desktop\zoek.exe [Scan all users]  [Checkboxes used]
 
==== Older Logs ======================
 
C:\zoek-results2015-11-07-031005.log 12118 bytes
 
==== Installed Programs ======================
 
7-Zip 9.20 (x64 edition)  
Adobe Flash Player 19 NPAPI  
Alternative Look for Triss  
Alternative Look for Yennefer  
Amnesia - The Dark Descent  
Apple Application Support (32-bit)  
Apple Application Support (64-bit)  
Apple Mobile Device Support  
Apple Software Update  
ASIO4ALL  
Ballad Heroes - Neutral Gwent Card Set  
BatmanT: Arkham Knight  
Beard and Hairstyle Set  
Bonjour  
CCleaner  
CloneBD  
CoreVorbis Audio Decoder (remove only)  
Deluge 1.3.12  
Divinity - Original Sin  
Dragon AgeT: Inquisition  
Elite Crossbow Set  
Fallout Mod Manager 0.13.21  
FL Studio 11  
FlowStone FL 3.0  
Fraps  
Google Chrome  
Google Update Helper  
IL Download Manager  
InputMapper  
iTunes  
Kentucky Route Zero  
KMSpico v9.1.3  
Life Is StrangeT  
Limits and Demonstrations  
Malwarebytes Anti-Malware version 2.2.0.1024  
McAfee Internet Security  
McAfee WebAdvisor  
Microsoft Visual C++ 2005 Redistributable  
Microsoft Visual C++ 2005 Redistributable (x64)  
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17  
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161  
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219  
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219  
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030  
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030  
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030  
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030  
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030  
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030  
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501  
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501  
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005  
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005  
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005  
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005  
Microsoft Xbox One Controller for Windows  
Mozilla Firefox 41.0.2 (x86 en-US)  
Mozilla Maintenance Service  
New Quest - Contract - Skellige's Most Wanted  
New Quest - Contract Missing Miners  
New Quest - Fool's Gold  
New Quest - Scavenger Hunt - Wolf School Gear  
New Quest - Where the Cat and Wolf Play...  
Nilfgaardian Armor Set  
NVIDIA 3D Vision Controller Driver 352.65  
NVIDIA 3D Vision Driver 355.82  
NVIDIA Control Panel 355.82  
NVIDIA GeForce Experience 2.5.14.5  
NVIDIA GeForce Experience Service  
NVIDIA Graphics Driver 355.82  
NVIDIA HD Audio Driver 1.3.34.3  
NVIDIA Install Application  
NVIDIA LED Visualizer 1.0  
NVIDIA Miracast Virtual Audio 355.82  
NVIDIA Network Service  
NVIDIA Optimus Update 15.3.33  
NVIDIA PhysX System Software 9.15.0428  
NVIDIA ShadowPlay 2.5.14.5  
NVIDIA Stereoscopic 3D Driver  
NVIDIA Update 2.5.14.5  
NVIDIA Update Core  
NVIDIA Virtual Audio 1.2.31  
OpenAL  
Origin  
Private Internet Access Support Files  
QuickTime 7  
Razer Synapse 2.0  
Scribblenauts Unmasked A DC Comics Adventure  
SHIELD Streaming  
SHIELD Wireless Controller Driver  
Sid Meier's Civilization V  
Skellige Armor Set  
SkypeT 7.10  
Sophos Virus Removal Tool  
Spotify  
Steam  
Temerian Armor Set  
The Divinity Engine  
The Entertainment  
The Witcher 3 - Wild Hunt  
The Witcher: Enhanced Edition  
VirtualCloneDrive  
Visual Studio 2012 x64 Redistributables  
Visual Studio 2012 x86 Redistributables  
VLC media player  
WIDCOMM Bluetooth Software  
Windows 7 USB/DVD Download Tool  
 
==== Running Processes ======================
 
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
C:\Program Files\pia_manager\pia_manager.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Windows\SysWOW64\svchost.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\papa\AppData\Local\Temp\ocr37F8.tmp\bin\rubyw.exe
C:\Program Files\pia_manager\pia_manager.exe
C:\Program Files (x86)\Origin\Origin.exe
C:\Users\papa\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Users\papa\AppData\Roaming\Spotify\Spotify.exe
C:\Users\papa\AppData\Roaming\Spotify\SpotifyCrashService.exe
C:\Users\papa\AppData\Roaming\Spotify\Spotify.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Users\papa\AppData\Local\Temp\ocrAE70.tmp\bin\rubyw.exe
C:\Program Files\pia_manager\pia_tray\pia_tray.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\notepad.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\papa\Desktop\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
 
==== System Specs ======================
 
Windows: Windows Version 6.2 (Build 9200)
Memory (RAM): 16322 MB
CPU Info: Intel® Core™ i5-4670K CPU @ 3.40GHz
CPU Speed: 3404.5 MHz
Sound Card: Speakers (2- High Definition Au | 
Digital Audio (S/PDIF) (2- High | 
Digital Audio (S/PDIF) (2- High | 
Display Adapters: NVIDIA GeForce GTX 770 | NVIDIA GeForce GTX 770 | NVIDIA GeForce GTX 770 | NVIDIA GeForce GTX 770
Monitors: 2x; Generic PnP Monitor | Generic PnP Monitor | 
Screen Resolution: 1920 X 1080 - 32 bit
Network: Network Present
Network Adapters: TAP-Win32 Adapter V9 | Realtek PCIe GBE Family Controller
CD / DVD Drives: 2x (F: | G: | ) F: ELBY    CLONEDRIVE       | G: ASUS    DRW-24B1ST   i
Ports: COM1 LPT Port NOT Present. 
Mouse: 16 Button Wheel Mouse Present
Hard Disks: C:  72.3GB | D:  476.8GB | E:  1397.3GB
Hard Disks - Free: C:  13.4GB | D:  224.8GB | E:  283.9GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 10/29/13 | ALASKA - 1072009
Time Zone: Alaskan Standard Time
Motherboard *: ASUSTeK COMPUTER INC. Z87-A
Country: United States 
Language: ENU 
 
==== System Specs (Software) ======================
 
Anti-Virus: Windows Defender On-access scanning disabled (Outdated)
Anti-Virus: McAfee Anti-Virus and Anti-Spyware On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: McAfee Anti-Virus and Anti-Spyware disabled (Outdated)
Firewall: McAfee Firewall disabled
Default Browser: Google Chrome 46.0.2490.80
Internet Explorer Version: 11.0.9600.18053 
Mozilla Firefox version: 41.0.2 (x86 en-US)
Google Chrome version: 46.0.2490.80
Flash Player version: 19.0.0.226
 
==== Files Recently Created / Modified ======================
 
====== C:\Windows ====
====== C:\Users\papa\AppData\Local\Temp ====
2015-11-07 03:10:17 F47CE903B5464F9CBD4ACC66D1369880 340992 ----a-w- C:\Users\papa\AppData\Local\Temp\ocrAE70.tmp\bin\SSLEAY32.dll
2015-11-07 03:10:17 D4AAB247A300230A8AE2D035A0977798 127316 ----a-w- C:\Users\papa\AppData\Local\Temp\ocrAE70.tmp\bin\libffi-6.dll
2015-11-07 03:10:16 FD8B4821B62CF212AB5C054D11E511F7 83968 ----a-w- C:\Users\papa\AppData\Local\Temp\ocrAE70.tmp\bin\zlib1.dll
2015-11-07 03:10:16 ACA9CC399CAC869CEFC34EABF8450A29 1486336 ----a-w- C:\Users\papa\AppData\Local\Temp\ocrAE70.tmp\bin\LIBEAY32.dll
2015-11-07 03:10:16 8259E9D39B76FC64BA8B3C009D9ACD16 70239 ----a-w- C:\Users\papa\AppData\Local\Temp\ocrAE70.tmp\bin\rubyw.exe
2015-11-07 03:10:16 2723D5E743239D5D282DE7EDEF69032B 2141184 ----a-w- C:\Users\papa\AppData\Local\Temp\ocrAE70.tmp\bin\msvcrt-ruby191.dll
2015-11-07 03:09:46 D4AAB247A300230A8AE2D035A0977798 127316 ----a-w- C:\Users\papa\AppData\Local\Temp\ocr37F8.tmp\bin\libffi-6.dll
2015-11-07 03:09:45 8259E9D39B76FC64BA8B3C009D9ACD16 70239 ----a-w- C:\Users\papa\AppData\Local\Temp\ocr37F8.tmp\bin\rubyw.exe
2015-11-07 03:09:45 2723D5E743239D5D282DE7EDEF69032B 2141184 ----a-w- C:\Users\papa\AppData\Local\Temp\ocr37F8.tmp\bin\msvcrt-ruby191.dll
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
2015-11-06 16:10:34 FD44FA80DA03EA144153A76DEBBB61B4 35064 ----a-w- C:\Windows\Sysnative\drivers\TrueSight.sys
2015-10-17 03:40:29 E7AF59F1E0352F5EBEC4ECD32103D405 207208 ----a-w- C:\Windows\Sysnative\drivers\HipShieldK.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2015-10-30 03:49:27 -------- d-----w- C:\PROGRA~2\VideoLAN
2015-10-24 02:45:20 -------- d-----w- C:\PROGRA~2\QuickTime
======= C: =====
====== C:\Users\papa\AppData\Roaming ======
2015-11-07 03:08:45 -------- d-----w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp
2015-11-07 03:08:45 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp
2015-11-07 03:08:45 -------- d-----w- C:\Users\papa\AppData\Local\Temp
2015-11-07 03:08:45 -------- d-----w- C:\Users\Default\AppData\Local\Temp
2015-11-07 03:08:45 -------- d-----w- C:\Users\Default User\AppData\Local\Temp
2015-11-07 02:57:04 -------- d-----w- C:\Users\papa\AppData\Local\CrashDumps
2015-10-24 02:45:17 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Locallow\Apple Computer
2015-10-11 04:00:37 -------- d-----w- C:\Users\papa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2015-10-08 23:37:35 -------- d-----w- C:\Users\Default\AppData\Roaming\TuneUp Software
2015-10-08 23:37:35 -------- d-----w- C:\Users\Default User\AppData\Roaming\TuneUp Software
====== C:\Users\papa ======
2015-11-06 16:10:31 -------- d-----w- C:\ProgramData\RogueKiller
2015-11-06 16:02:03 D240C2728488187CFA3DB55214D9075E 18969672 ----a-w- C:\Users\papa\Desktop\RogueKiller.exe
2015-11-06 16:00:35 2723697065B733FCAE91765B70CEBA8C 891392 ----a-w- C:\Users\papa\Downloads\MiniToolBox (1).exe
2015-11-06 15:58:43 2723697065B733FCAE91765B70CEBA8C 891392 ----a-w- C:\Users\papa\Desktop\MiniToolBox.exe
2015-11-06 05:30:02 55CDF1851D3BF1C53F4F89F42D576F22 232872 ----a-w- C:\Users\papa\Downloads\SpotifySetup (2).exe
2015-11-01 17:39:41 3CA39EF0A1D9EF5C600B735C99A27597 2198528 ----a-w- C:\Users\papa\Desktop\FRST64.exe
2015-10-31 20:03:59 38BE4E69AED17CFF7C001E56C4AC95A0 1801288 ----a-w- C:\Users\papa\Downloads\JRT.exe
2015-10-31 20:03:34 B49E7BE8381F46D30B765FC2BDBC823F 1694208 ----a-w- C:\Users\papa\Downloads\adwcleaner_5.015.exe
2015-10-31 19:55:50 B7B4656E0DB41DB4C677A324CC0F5DE5 6762072 ----a-w- C:\Users\papa\Downloads\ccsetup511.exe
2015-10-31 19:53:59 456FD750BA7349202281AF7729ECD987 2019656 ----a-w- C:\Users\papa\Downloads\rkill.exe
2015-10-25 19:29:09 ECC98DF78B31CDD95971E3DECE95D39D 33759 ----a-w- C:\Users\papa\Downloads\Setup (1).exe
2015-10-24 02:45:22 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
 
====== C: exe-files ==
2015-11-07 04:04:08 785AC1AD8D716C0A35CC8CCDBA10D2AC 6758232 ----a-w- C:\Users\papa\AppData\Local\NVIDIA\NvBackend\Packages\00008253\DAO.20144599.exe
2015-11-07 03:10:16 8259E9D39B76FC64BA8B3C009D9ACD16 70239 ----a-w- C:\Users\papa\AppData\Local\Temp\ocrAE70.tmp\bin\rubyw.exe
2015-11-07 03:09:45 8259E9D39B76FC64BA8B3C009D9ACD16 70239 ----a-w- C:\Users\papa\AppData\Local\Temp\ocr37F8.tmp\bin\rubyw.exe
2015-11-06 16:02:03 D240C2728488187CFA3DB55214D9075E 18969672 ----a-w- C:\Users\papa\Desktop\RogueKiller.exe
2015-11-06 16:00:35 2723697065B733FCAE91765B70CEBA8C 891392 ----a-w- C:\Users\papa\Downloads\MiniToolBox (1).exe
2015-11-06 15:58:43 2723697065B733FCAE91765B70CEBA8C 891392 ----a-w- C:\Users\papa\Desktop\MiniToolBox.exe
2015-11-06 11:37:22 FE1100B141E1D4BF41F72BA9F8666272 630200 ----a-w- C:\Users\papa\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
2015-11-06 11:37:20 42DDAB35C69CDC97548C99621CC6C057 172984 ----a-w- C:\Users\papa\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\OAWrapper.exe
2015-11-06 05:30:02 55CDF1851D3BF1C53F4F89F42D576F22 232872 ----a-w- C:\Users\papa\Downloads\SpotifySetup (2).exe
2015-11-05 03:14:56 9CFEB031831003C174CCA3FFE8DBDE7E 300325552 ----a-w- C:\ProgramData\NVIDIA Corporation\NetService\f8ecbcdf-699d-4ad7-85bc-5387c57bc04a\358.87-desktop-win8-win7-winvista-64bit-international-whql-g.exe
2015-11-01 20:10:13 9F1AE66D7954FE2E0909A5EBC6B94798 67072 ----a-w- C:\Program Files (x86)\Steam\bin\wow_helper.exe
2015-11-01 17:39:41 3CA39EF0A1D9EF5C600B735C99A27597 2198528 ----a-w- C:\Users\papa\Desktop\FRST64.exe
2015-11-01 17:39:41 33A3664CFB2F39421C01363D1A0976E2 2198016 ----a-w- C:\Users\papa\Downloads\FRST-OlderVersion\FRST64.exe
2015-10-31 20:03:59 38BE4E69AED17CFF7C001E56C4AC95A0 1801288 ----a-w- C:\Users\papa\Downloads\JRT.exe
2015-10-31 20:03:34 B49E7BE8381F46D30B765FC2BDBC823F 1694208 ----a-w- C:\Users\papa\Downloads\adwcleaner_5.015.exe
2015-10-31 19:55:50 B7B4656E0DB41DB4C677A324CC0F5DE5 6762072 ----a-w- C:\Users\papa\Downloads\ccsetup511.exe
2015-10-31 19:53:59 456FD750BA7349202281AF7729ECD987 2019656 ----a-w- C:\Users\papa\Downloads\rkill.exe
=== C: other files ==
2015-11-07 00:28:18 E6BBA74A37AE62FF2002E92607F6FD2A 259917 ----a-w- C:\Users\papa\Downloads\Summary.zip
2015-11-07 00:27:10 E6BBA74A37AE62FF2002E92607F6FD2A 259917 ----a-w- C:\Users\papa\Desktop\Summary.zip
2015-11-06 16:10:34 FD44FA80DA03EA144153A76DEBBB61B4 35064 ----a-w- C:\Windows\System32\drivers\TrueSight.sys
2015-11-05 17:01:54 DC54232C4F1EA6C8F21DCFA2F079D30C 625264 ----a-w- C:\Users\papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam\10.1511.4.1051_0\amazon-assistant-chrome-prod-amazon1-all.crx
 
==== Startup Registry Enabled ======================
 
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Bitdefender Wallet Agent"="C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
"Bitdefender Wallet"="C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe --hidden --nowizard"
"Bitdefender Wallet Application Agent"="C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
 
[HKEY_USERS\S-1-5-21-2177431364-788801199-4247945438-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"EADM"="C:\Program Files (x86)\Origin\Origin.exe -AutoStart"
"Spotify Web Helper"="C:\Users\papa\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
"BingSvc"="C:\Users\papa\AppData\Local\Microsoft\BingSvc\BingSvc.exe"
"Spotify"="C:\Users\papa\AppData\Roaming\Spotify\Spotify.exe -autostart -minimized"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"
"GoogleChromeAutoLaunch_D17F748014BF6F6F9E2AA470979A5F8A"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window"
 
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"Bitdefender Wallet Agent"="C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
"Bitdefender Wallet"="C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe --hidden --nowizard"
"Bitdefender Wallet Application Agent"="C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Razer Synapse"="C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"VirtualCloneDrive"="C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe /s"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EADM"="C:\Program Files (x86)\Origin\Origin.exe -AutoStart"
"Spotify Web Helper"="C:\Users\papa\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
"BingSvc"="C:\Users\papa\AppData\Local\Microsoft\BingSvc\BingSvc.exe"
"Spotify"="C:\Users\papa\AppData\Roaming\Spotify\Spotify.exe -autostart -minimized"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"
"GoogleChromeAutoLaunch_D17F748014BF6F6F9E2AA470979A5F8A"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window"
 
==== Startup Registry Enabled x64 ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"ShadowPlay"="C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"InstallerLauncher"=" /RUN:C:\PROGRAM FILES\COMMON FILES\BITDEFENDER\SETUPINFORMATION\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\INSTALLER.EXE"
"Logitech Download Assistant"="C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch"
 
==== Startup Folders ======================
 
2015-04-06 01:59:09 850 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
 
==== Task Scheduler Jobs ======================
 
C:\Windows\tasks\Adobe Flash Player Updater.job --a-------- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [10/16/2015 09:35 PM]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [08/27/2015 12:00 PM]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [08/27/2015 12:00 PM]
 
==== Other Scheduled Tasks ======================
 
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\McAfee Remediation (Prepare)" [C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe]
"C:\Windows\SysNative\tasks\McAfeeLogon" [C:\PROGRA~1\COMMON~1\McAfee\Platform\McUICnt.exe]
"C:\Windows\SysNative\tasks\Private Internet Access Startup" ["C:\Program Files\pia_manager\pia_manager.exe"]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{B793F813-F0E4-4C93-8164-BC6EB5463B6F}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
 
==== Firefox Start and Search pages ======================
 
ProfilePath: C:\Users\papa\AppData\Roaming\Mozilla\Firefox\Profiles\cfova2it.default
user_pref("browser.search.defaultenginename", "Bing ");
user_pref("browser.search.selectedEngine", "Bing ");
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"="C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi" [11/03/2015 04:39 PM]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"="C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi" [11/03/2015 04:39 PM]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"MFVersion"="MF37.0.1 (x86 en-US)" []
 
==== Firefox Extensions ======================
 
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
==== Firefox Plugins ======================
 
Profilepath: C:\Users\papa\AppData\Roaming\Mozilla\Firefox\Profiles\cfova2it.default
863AF0003392FEBC2667A8A790DED955 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll - Shockwave Flash
 
 
==== Chromium Look ======================
 
Google Chrome Version: 46.0.2490.80
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
fheoggkfdfchfphceeifdbepaooicaho - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx[11/03/2015 05:51 PM]
 
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
bmkckgpgekmanipelfidlhmkfcjicion - No path found[]
 
Google Docs - papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
HelloFax 50 Free Fax Pages - papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bocmleclimfnadgmcdgecijlblfcmfnm
selector is not a valid CSS selector - papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb
Pixsta - papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijncchffkmlnfdbnkkfclcbnjcoegjc
Google Search - papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Video Downloader professional - papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil
SiteAdvisor - papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho
Stylish - papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe
Pricescout for Google Chrome - papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkjddnnlgmahpnjjkiolhoophlpibfn
Google Docs Offline - papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
AdBlock - papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
FlashBlock - papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gofhjkjmkpinhpoiabjplobcaignabnl
SoundCloud Downloader Free - papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\libedajeiljdoodmokbppgapcfbignci
Chrome Web Store Payments - papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Last updated at time on date - papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch
Amazon Assistant for Chrome - papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam
Gmail - papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
 
==== IE Start and Search Settings ======================
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
 
==== HijackThis Entries ======================
 
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: 158.255.238.129 google-analytics.com
O1 - Hosts: 158.255.238.129 www.google-analytics.com
O4 - HKLM\..\Run: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\papa\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [BingSvc] C:\Users\papa\AppData\Local\Microsoft\BingSvc\BingSvc.exe
O4 - HKCU\..\Run: [Spotify] "C:\Users\papa\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_D17F748014BF6F6F9E2AA470979A5F8A] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKUS\S-1-5-18\..\Run: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Bitdefender Wallet Application Agent] "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
O23 - Service: @oem114.inf,%BlueBcmBtRSupport.SVCNAME%;Bluetooth Driver Management Service (BcmBtRSupport) - Unknown owner - C:\Windows\system32\BtwRSupportService.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: McAfee Home Network (HomeNetSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee AP Service (McAPExe) - McAfee, Inc. - C:\Program Files\McAfee\MSC\McAPExe.exe
O23 - Service: McAfee CSP Service (mccspsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\CSP\1.6.1180.0\McCSPServiceHost.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Platform Services (mcpltsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Service Controller (mfemms) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=1144 folders=324 49880145 bytes)
 
==== EOF on Fri 11/06/2015 at 19:29:29.33 ======================


#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,572 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:28 PM

Posted 06 November 2015 - 11:42 PM

Thanks,

It is going to take a bit of time to sift through this so I won't be replying until tomorrow.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,572 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:28 PM

Posted 07 November 2015 - 10:34 AM

Thank you for your patience. Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
hosts:
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click Run ESET Online Scanner.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Click Enable detection of potentially unwanted applications
  • Accept any security warnings from your browser.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Check Uninstall application on close and Delete quarantined files
  • Click the Finish button.
  • Close the ESET window and reboot your computer
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • ESET log
  • Security Check log
  • How is your computer running?

Edited by Oh My!, 07 November 2015 - 10:40 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 skimo3

skimo3
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:28 PM

Posted 07 November 2015 - 03:30 PM

Fix result of Farbar Recovery Scan Tool (x64) Version:05-11-2015
Ran by papa (2015-11-07 09:13:46) Run:3
Running from C:\Users\papa\Desktop
Loaded Profiles: papa (Available Profiles: papa)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
hosts:
*****************
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
==== End of Fixlog 09:13:46 ====
 
Eset results: 
 
C:\Users\papa\Downloads\uTorrent.exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application cleaned by deleting - quarantined
E:\uTorrent.exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application cleaned by deleting - quarantined
E:\found.002\Ass Effect 2.exe NSIS/TrojanDownloader.Adload.R trojan cleaned by deleting - quarantined
 
 Results of screen317's Security Check version 1.009  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender                     
McAfee Anti-Virus and Anti-Spyware   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Flash Player  19.0.0.226  
 Mozilla Firefox (41.0.2) 
 Google Chrome (46.0.2490.71) 
 Google Chrome (46.0.2490.80) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 
 
 
After this last round  of scans and fixes, it appears as though the problem has fixed on chrome and i have yet to see any pop-ups within steam. firefox,however, is still plagued by random new tabs  with the same url's that i previously mentioned. we're almost there!


#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,572 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:28 PM

Posted 07 November 2015 - 10:02 PM

Making progress. :thumbsup2:

Please do this.

===================================================

Running Firefox in Browser Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Copy and paste the following into the run box and press Enter

firefox --safe-mode

  • Select Start in Safe Mode
  • Please report how Firefox is running
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Firefox pop ups?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 skimo3

skimo3
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:28 PM

Posted 07 November 2015 - 11:02 PM

firefox is still being affected by the redirects and pop ups in safe mode unfortunately






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users