Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

pum.dns always comes back


  • This topic is locked This topic is locked
17 replies to this topic

#1 AtlasK

AtlasK

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 11 January 2016 - 01:19 AM

Hello,

 

I have been trying to clean up my computer and roguekiller keeps on returning me with a bunch of pum.dns always located at some variation of system/currentcontrolset//services/tcpip/parameters. I have run many suggested removal tools but these always return no matter what I try. Should i be worried? 

 

Thanks for any help with this.



BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,293 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:21 PM

Posted 11 January 2016 - 03:50 PM

:welcome: to BleepingComputer.

Hi there,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / music / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


Please post your latest roguekiller log!
 

***


:step1: Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


:step2: Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step3: Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    The actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


:step4: Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 AtlasK

AtlasK
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 11 January 2016 - 10:54 PM

This is the Roguekiller file and Security Check, both malwarebytes and adwcleaner came back saying everything was clean. 
 
 
RogueKiller V11.0.6.0 (x64) [Jan  4 2016] (Free) by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Kevin [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 01/11/2016 22:37:49
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 6 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.0.1.1 ([X])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.1.1 ([X])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.0.1.1 ([X])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A46A65D1-2FC7-44E2-A554-5AF701E1982A} | DhcpNameServer : 10.0.1.1 ([X])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{A46A65D1-2FC7-44E2-A554-5AF701E1982A} | DhcpNameServer : 10.0.1.1 ([X])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{A46A65D1-2FC7-44E2-A554-5AF701E1982A} | DhcpNameServer : 10.0.1.1 ([X])  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST3000DM 001-1ER166 SCSI Disk Device +++++
--- User ---
[MBR] 8d2eb791c346ea69fc24063f142f8322
[BSP] fa4f9e767ed24fc424303d3a32a77045 : Empty|VT.Unknown MBR Code
Partition table:
0 - Microsoft reserved partition | Offset (sectors): 34 | Size: 128 MB
1 - Basic data partition | Offset (sectors): 264192 | Size: 2861459 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: Samsung SSD 840 EVO 250G SCSI Disk Device +++++
--- User ---
[MBR] 822cf30f75ce9ff38a814cb82157fc53
[BSP] 8ebb2a3293d0c0cea4ff3d445509c03e : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 238373 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 

Results of screen317's Security Check version 1.009  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Java 8 Update 25  
 Java version 32-bit out of Date!
 Adobe Reader XI  
 Google Chrome (47.0.2526.106) 
````````Process Check: objlist.exe by Laurent````````
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastUi.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 23% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

 



#4 Jo*

Jo*

  • Malware Response Team
  • 3,293 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:21 PM

Posted 12 January 2016 - 04:24 AM


[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{A46A65D1-2FC7-44E2-A554-5AF701E1982A} | DhcpNameServer : 10.0.1.1 ([X]) -> Found


IP-Adress 10.0.1.1
http://10.0.1.1.ipaddress.com/

OK, now we are waiting for the FRST log:

:step4: Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.


Edited by Jo*, 12 January 2016 - 05:14 AM.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 AtlasK

AtlasK
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 12 January 2016 - 03:18 PM

So is there anything to worry about from those roguekiller logs? Sorry about forgetting to post the FRST logs here they are:

Also for the addition.txt file, I ran FRST earlier and I believe this addition.txt is from the first time whereas the FRST.txt is more recent. I don't know if this is relevant but just thought I should tell you.

 

Thanks for all your help!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01
Ran by Kevin (administrator) on KEVIN-PC (12-01-2016 14:52:40)
Running from C:\Users\Kevin\Desktop\New folder (2)
Loaded Profiles: Kevin (Available Profiles: Kevin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Windows\SysWOW64\ASGT.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUS) C:\Program Files (x86)\ASUS\GPU Tweak\GPUTweak.exe
(ASUS) C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe
(Flux Software LLC) C:\Users\Kevin\AppData\Local\FluxSoftware\Flux\flux.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\X-Chat 2\xchat.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2016-01-11] (AVAST Software)
HKU\S-1-5-21-3160086116-3863526864-1649153606-1000\...\Run: [f.lux] => C:\Users\Kevin\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-3160086116-3863526864-1649153606-1000\...\MountPoints2: H - H:\autorun.exe
HKU\S-1-5-21-3160086116-3863526864-1649153606-1000\...\MountPoints2: {2544cccf-4b0f-11e4-a950-806e6f6e6963} - D:\Run.exe
HKU\S-1-5-21-3160086116-3863526864-1649153606-1000\...\MountPoints2: {ee3fa1e2-4bd7-11e4-a18f-74d435eb8455} - H:\setup.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-10-07] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [panda] => reg.exe delete "HKCU\Software\AppDataLow\Software\panda" /f
HKU\S-1-5-18\...\RunOnce: [panda_XP] => reg.exe delete "HKCU\Software\panda" /f
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-01-11] (AVAST Software)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{A46A65D1-2FC7-44E2-A554-5AF701E1982A}: [DhcpNameServer] 10.0.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.ca
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.ca
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-3160086116-3863526864-1649153606-1000\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.ca
SearchScopes: HKLM -> DefaultScope {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
SearchScopes: HKLM -> {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
SearchScopes: HKLM-x32 -> {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3160086116-3863526864-1649153606-1000 -> DefaultScope {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3160086116-3863526864-1649153606-1000 -> {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-01-11] (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-01-11] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\zvEuGAOR.default
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-10-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-10-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-05-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-05-27] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\zvEuGAOR.default\Extensions\abs@avira.com [2015-06-10] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-01-11]
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll => No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Profile: C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (AdBlock) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-01-08]
CHR Extension: (AlienTube for YouTube™) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\opgodjgjgojjkhlmmhdlojfehcemknnp [2015-11-18]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3160086116-3863526864-1649153606-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Kevin\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx <not found>
CHR HKU\S-1-5-21-3160086116-3863526864-1649153606-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-01-11]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2016-01-11] (AVAST Software)
S3 celavimushost; C:\Program Files (x86)\CEVO\CSGO Client Beta\CelavimusClientHelper.exe [123608 2015-06-10] (altPUG LLC)
S3 DAUpdaterSvc; G:\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [25832 2014-10-06] (BioWare)
S3 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-22] (NVIDIA Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [296432 2014-04-08] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-05-22] (NVIDIA Corporation)
S3 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23006864 2015-05-22] (NVIDIA Corporation)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [38200 2016-01-04] (The OpenVPN Project)
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [343040 2013-08-08] (Qualcomm Atheros) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2010-05-29] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2016-01-11] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2016-01-11] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2016-01-11] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2016-01-11] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1055560 2016-01-11] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [451040 2016-01-11] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2016-01-11] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2016-01-11] (AVAST Software)
R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [67888 2013-02-13] (Qualcomm Atheros, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-10-05] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-04-11] (Intel Corporation)
R3 IOMap; C:\Windows\system32\drivers\IOMap64.sys [24824 2013-07-02] (ASUSTeK Computer Inc.)
R3 Ke2200; C:\Windows\System32\DRIVERS\e22w7x64.sys [154320 2013-03-20] (Qualcomm Atheros, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation)
R3 netr28x; C:\Windows\System32\DRIVERS\Dnetr28x.sys [1885792 2012-08-24] (Ralink Technology, Corp.)
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [147088 2016-01-11] (AVAST Software)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-22] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-04-03] (NVIDIA Corporation)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-12 14:43 - 2013-07-02 18:29 - 00024824 _____ (ASUSTeK Computer Inc.) C:\Windows\system32\Drivers\IOMap64.sys
2016-01-11 22:46 - 2016-01-11 22:50 - 210145320 _____ (Emsisoft Ltd. ) C:\Users\Kevin\Downloads\EmsisoftAntiMalwareSetup.exe
2016-01-11 22:37 - 2016-01-11 22:37 - 00147088 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys
2016-01-11 22:37 - 2016-01-11 22:36 - 00386096 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-01-11 22:36 - 2016-01-11 22:37 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-01-11 22:36 - 2016-01-11 22:36 - 01055560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-01-11 22:36 - 2016-01-11 22:36 - 00451040 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-01-11 22:36 - 2016-01-11 22:36 - 00273784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-01-11 22:36 - 2016-01-11 22:36 - 00155304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-01-11 22:36 - 2016-01-11 22:36 - 00097648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-01-11 22:36 - 2016-01-11 22:36 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-01-11 22:36 - 2016-01-11 22:36 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-01-11 22:36 - 2016-01-11 22:36 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-01-11 22:36 - 2016-01-11 22:36 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-01-11 22:36 - 2016-01-11 22:36 - 00001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-01-11 22:36 - 2016-01-11 22:36 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-01-11 22:36 - 2016-01-11 22:36 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\AVAST Software
2016-01-11 22:36 - 2016-01-11 22:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-01-11 22:36 - 2016-01-11 22:36 - 00000000 ____D C:\Program Files\Common Files\AV
2016-01-11 22:35 - 2016-01-11 22:35 - 00000000 ____D C:\ProgramData\AVAST Software
2016-01-11 22:35 - 2016-01-11 22:35 - 00000000 ____D C:\Program Files\AVAST Software
2016-01-11 22:33 - 2016-01-11 22:33 - 05066104 _____ (AVAST Software) C:\Users\Kevin\Downloads\avast_free_antivirus_setup_online_cnet1.exe
2016-01-11 22:09 - 2016-01-11 22:09 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Kevin\Downloads\mbar-1.09.3.1001 (1).exe
2016-01-11 21:45 - 2016-01-11 21:45 - 01754112 _____ C:\Users\Kevin\Downloads\AdwCleaner.exe
2016-01-11 21:31 - 2016-01-11 21:31 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Kevin\Downloads\mbar-1.09.3.1001.exe
2016-01-11 21:25 - 2016-01-11 21:25 - 00000000 ____D C:\Users\Kevin\Documents\scans
2016-01-11 01:04 - 2016-01-11 22:47 - 00000000 ____D C:\AdwCleaner
2016-01-11 01:04 - 2016-01-11 01:04 - 00001962 _____ C:\Users\Kevin\Desktop\JRT.txt
2016-01-11 01:02 - 2016-01-11 01:02 - 01749504 _____ C:\Users\Kevin\Downloads\adwcleaner_5.028.exe
2016-01-11 01:01 - 2016-01-11 01:01 - 01600184 _____ (Malwarebytes) C:\Users\Kevin\Downloads\JRT.exe
2016-01-11 00:51 - 2016-01-11 00:51 - 00409848 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-11 00:38 - 2016-01-12 14:52 - 00000000 ____D C:\FRST
2016-01-11 00:35 - 2016-01-11 00:50 - 00000000 ____D C:\Users\Kevin\Desktop\New folder (2)
2016-01-11 00:34 - 2016-01-11 00:34 - 00000000 ____D C:\Users\Kevin\Desktop\New folder
2016-01-11 00:29 - 2016-01-11 00:29 - 04186180 _____ C:\Users\Kevin\Downloads\RegWatcher.zip
2016-01-11 00:28 - 2016-01-11 00:28 - 00852720 _____ C:\Users\Kevin\Desktop\SecurityCheck.exe
2016-01-11 00:15 - 2016-01-11 00:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-01-11 00:15 - 2016-01-11 00:15 - 00000000 ____D C:\Program Files\RogueKiller
2016-01-11 00:14 - 2016-01-11 00:14 - 31162664 _____ (Adlice Software ) C:\Users\Kevin\Downloads\setup.exe
2016-01-11 00:02 - 2016-01-11 00:02 - 00110104 _____ C:\Users\Kevin\AppData\Local\GDIPFONTCACHEV1.DAT
2016-01-10 23:45 - 2016-01-10 23:45 - 00001768 _____ C:\Users\Kevin\Documents\School 2016 - Shortcut.lnk
2016-01-10 21:49 - 2016-01-11 21:48 - 00000000 ____D C:\ProgramData\360safe
2016-01-09 16:34 - 2016-01-10 23:47 - 00000000 ____D C:\Users\Kevin\Documents\School 2016
2016-01-07 14:23 - 2016-01-10 21:54 - 00003770 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-01-07 14:23 - 2015-01-06 22:15 - 00104896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mup.sys
2016-01-07 14:23 - 2015-01-06 22:10 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-01-07 14:23 - 2015-01-06 21:44 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2016-01-07 14:23 - 2015-01-06 20:49 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2016-01-07 14:23 - 2015-01-06 20:48 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2016-01-06 15:28 - 2014-08-21 12:29 - 00004027 _____ C:\Users\Kevin\Desktop\vpnbook-ca1-udp25000.ovpn
2016-01-06 15:28 - 2014-08-21 12:29 - 00004023 _____ C:\Users\Kevin\Desktop\vpnbook-ca1-udp53.ovpn
2016-01-06 15:28 - 2014-08-21 12:29 - 00004023 _____ C:\Users\Kevin\Desktop\vpnbook-ca1-tcp443.ovpn
2016-01-06 15:28 - 2014-08-21 12:29 - 00004021 _____ C:\Users\Kevin\Desktop\vpnbook-ca1-tcp80.ovpn
2016-01-06 15:26 - 2016-01-06 15:26 - 00000915 _____ C:\Users\Public\Desktop\OpenVPN GUI.lnk
2016-01-06 15:26 - 2016-01-06 15:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2016-01-06 15:26 - 2016-01-06 15:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
2016-01-06 15:26 - 2016-01-06 15:26 - 00000000 ____D C:\Program Files\TAP-Windows
2016-01-06 15:26 - 2016-01-06 15:26 - 00000000 ____D C:\Program Files\OpenVPN
2016-01-06 15:25 - 2016-01-06 15:25 - 01827536 _____ C:\Users\Kevin\Downloads\openvpn-install-2.3.10-I601-x86_64.exe
2016-01-06 15:24 - 2016-01-06 15:24 - 00009226 _____ C:\Users\Kevin\Downloads\VPNBook.com-OpenVPN-CA1 (2).zip
2016-01-06 15:23 - 2016-01-06 15:23 - 00009226 _____ C:\Users\Kevin\Downloads\VPNBook.com-OpenVPN-CA1 (1).zip
2016-01-04 21:06 - 2016-01-04 21:18 - 00000000 __SHD C:\$360Section
2016-01-03 19:44 - 2016-01-03 19:44 - 00000000 ____D C:\Users\Kevin\Documents\Banished
2016-01-03 19:02 - 2016-01-11 00:51 - 00000000 ____D C:\Windows\Tasks\360Disabled
2016-01-03 19:02 - 2016-01-04 21:18 - 00000000 ____D C:\ProgramData\360Quarant
2016-01-03 19:01 - 2016-01-03 19:01 - 00000000 ____D C:\Program Files (x86)\360
2016-01-03 19:01 - 2015-12-16 22:14 - 00077904 _____ (360.cn) C:\Windows\SysWOW64\Drivers\360AvFlt.sys
2015-12-21 17:41 - 2015-12-21 17:41 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-12-21 17:41 - 2015-12-21 17:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-12-16 08:41 - 2015-12-16 08:41 - 03266706 _____ C:\Users\Kevin\Downloads\12.01 and 12.02 Solids and Liquids combined.pdf
2015-12-16 08:34 - 2015-12-16 08:34 - 02097932 _____ C:\Users\Kevin\Downloads\11.01 and 11.02 Proteins combined.pdf
2015-12-16 02:27 - 2016-01-11 22:27 - 00036608 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-12-16 02:26 - 2015-12-16 03:07 - 00000000 ____D C:\ProgramData\RogueKiller
2015-12-16 01:30 - 2016-01-11 22:09 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-16 01:30 - 2016-01-11 22:09 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-12-16 01:30 - 2015-12-16 01:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-16 01:30 - 2015-12-16 01:30 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-16 01:30 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-12-16 01:30 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-12-16 01:29 - 2015-12-16 01:29 - 22908888 _____ (Malwarebytes ) C:\Users\Kevin\Downloads\mbam-setup-2.2.0.1024.exe
2015-12-14 13:29 - 2015-12-14 13:29 - 01050800 _____ C:\Users\Kevin\Downloads\CHEM112 Quantum2 2.02.pdf
2015-12-14 13:28 - 2015-12-14 13:29 - 01931441 _____ C:\Users\Kevin\Downloads\CHEM112 Quantum 1 2.01.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-12 14:48 - 2009-07-13 23:45 - 00015024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-12 14:48 - 2009-07-13 23:45 - 00015024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-12 14:46 - 2009-07-14 00:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-12 14:46 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-01-12 14:40 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-11 22:37 - 2009-07-13 22:20 - 00000000 ____D C:\Windows
2016-01-11 22:22 - 2014-10-03 10:16 - 00000000 ____D C:\Users\Kevin
2016-01-11 22:17 - 2015-04-22 07:11 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-01-11 22:17 - 2015-04-22 07:08 - 00000000 ____D C:\Users\Kevin\Desktop\mbar
2016-01-11 21:54 - 2014-10-05 14:02 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\vlc
2016-01-11 01:21 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2016-01-11 00:51 - 2014-11-25 14:30 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-01-11 00:50 - 2009-07-13 22:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-01-11 00:02 - 2014-10-04 13:12 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\Skype
2016-01-10 23:42 - 2014-10-04 19:12 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\uTorrent
2016-01-10 22:37 - 2015-03-07 04:08 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\qBittorrent
2016-01-10 21:54 - 2014-10-03 10:20 - 00003906 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-01-10 21:54 - 2014-10-03 10:20 - 00003654 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-01-09 16:39 - 2014-10-04 03:06 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\X-Chat 2
2016-01-09 12:05 - 2014-10-03 10:43 - 00000000 ____D C:\ProgramData\NVIDIA
2016-01-07 14:23 - 2015-09-12 15:37 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2016-01-07 14:23 - 2015-05-14 18:10 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-07 14:23 - 2015-05-14 18:10 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-06 15:10 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2016-01-04 22:18 - 2015-08-25 02:57 - 00000000 ____D C:\Program Files (x86)\Panda Security
2016-01-04 22:17 - 2015-08-25 02:57 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\Panda Security
2016-01-04 22:17 - 2015-08-25 02:56 - 00000000 ____D C:\ProgramData\Panda Security
2016-01-03 19:31 - 2014-10-15 21:37 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2016-01-03 19:31 - 2014-10-03 11:07 - 00000000 ____D C:\Windows\Panther
2016-01-03 19:30 - 2015-01-06 12:02 - 00003888 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-01-03 19:11 - 2014-10-03 11:44 - 00000000 ____D C:\Users\Kevin\AppData\Local\ElevatedDiagnostics
2015-12-21 17:41 - 2014-10-04 13:12 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2015-12-21 17:41 - 2014-10-04 13:12 - 00000000 ____D C:\Users\Kevin\AppData\Local\Skype
2015-12-21 17:41 - 2014-10-04 13:11 - 00000000 ____D C:\ProgramData\Skype
2015-12-17 11:45 - 2014-12-05 22:08 - 00000897 _____ C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2015-12-17 11:45 - 2014-12-05 22:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2015-12-17 11:44 - 2014-12-05 22:08 - 00000000 ____D C:\Program Files\Nexus Mod Manager
2015-12-16 16:46 - 2015-06-10 23:08 - 00002190 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-16 02:47 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\TAPI
 
==================== Files in the root of some directories =======
 
2015-05-21 18:51 - 2015-05-21 18:51 - 0000000 _____ () C:\Users\Kevin\AppData\Local\Temp.dat
 
Some files in TEMP:
====================
C:\Users\Kevin\AppData\Local\Temp\dllnt_dump.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-05 04:51
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-01-2015 01
Ran by Kevin (2016-01-11 00:39:43)
Running from C:\Users\Kevin\Desktop\New folder (2)
Windows 7 Home Premium Service Pack 1 (X64) (2014-10-03 15:16:04)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3160086116-3863526864-1649153606-500 - Administrator - Disabled)
Guest (S-1-5-21-3160086116-3863526864-1649153606-501 - Limited - Disabled)
Kevin (S-1-5-21-3160086116-3863526864-1649153606-1000 - Administrator - Enabled) => C:\Users\Kevin
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: 360 Total Security (Enabled - Out of date) {2B66EE1E-E5C8-C2F7-648F-4E55AC68D37D}
AS: 360 Total Security (Enabled - Out of date) {90070FFA-C3F2-CD79-5E3F-7527D7EF99C0}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3160086116-3863526864-1649153606-1000\...\uTorrent) (Version: 3.4.2.38913 - BitTorrent Inc.)
360 Total Security (HKLM-x32\...\360TotalSecurity) (Version: 8.2.0.1066 - 360 Security Center)
4K Video Downloader 3.6 (HKLM-x32\...\4K Video Downloader_is1) (Version: 3.6.4.1795 - Open Media LLC)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.228 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
AdVenture Capitalist (HKLM-x32\...\Steam App 346900) (Version:  - Hyper Hippo Games)
Age of Empires III - Complete Collection (HKLM-x32\...\Age of Empires III - Complete Collection_Origami_is1) (Version: 1.0 - R.G. Origami, Seraph1)
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Assassins Creed IV Black Flag version 1.0.0.0 (HKLM-x32\...\Assassins Creed IV Black Flag_is1) (Version: 1.0.0.0 - RePack by SEYTER)
Assassin's Creed Unity (HKLM-x32\...\Assassin's Creed Unity_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.4.9.2 - ASUSTek COMPUTER INC.)
ASUS GPU Tweak (x32 Version: 2.4.9.2 - ASUSTek COMPUTER INC.) Hidden
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.025 - ASUSTek Computer Inc.)
Banished (HKLM-x32\...\Steam App 242920) (Version:  - Shining Rock Software LLC)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Borderlands: The Pre-Sequel (HKLM-x32\...\Steam App 261640) (Version:  - 2K Australia)
CEVO CS:GO Client Beta version 1.0 (HKLM-x32\...\CEVO CS:GO Client Beta_is1) (Version: 1.0 - )
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Crysis 2 Maximum Edition (HKLM-x32\...\Steam App 108800) (Version:  - Crytek Studios)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dragon Age II (HKLM-x32\...\{F2E23139-3404-4E3C-9855-7724415D62A5}) (Version: 1.00 - Electronic Arts, Inc.)
Dragon Age: Origins - Ultimate Edition (HKLM-x32\...\Steam App 47810) (Version:  - BioWare)
DWA-548 (HKLM-x32\...\{12C3E32F-7BDA-47C2-BAB9-55D8BB048A33}) (Version: 1.00.0000 - D-Link)
f.lux (HKU\S-1-5-21-3160086116-3863526864-1649153606-1000\...\Flux) (Version:  - )
Fallout 3 (HKLM-x32\...\{974C4B12-4D02-4879-85E0-61C95CC63E9E}) (Version: 1.00.0000 - Bethesda Softworks)
Fallout 4 (HKLM-x32\...\Fallout 4_is1) (Version:  - )
Fallout New Vegas Ultimate Edition (HKLM-x32\...\Fallout New Vegas Ultimate Edition_is1) (Version:  - )
Far Cry 4 (HKLM-x32\...\Far Cry 4_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
FastStone Image Viewer 5.2 (HKLM-x32\...\FastStone Image Viewer) (Version: 5.2 - FastStone Soft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
GPUTweakStreaming (HKLM-x32\...\InstallShield_{D2A41AA7-4313-43D5-AA39-7E3FBBE0556D}) (Version: 1.0.3.5 - ASUS)
GPUTweakStreaming (x32 Version: 1.0.3.5 - ASUS) Hidden
Grand Theft Auto IV Episodes from Liberty City v.1.1.2.0 (HKLM-x32\...\Grand Theft Auto IV Episodes from Liberty City_is1) (Version:  - )
Grand Theft Auto V (HKLM-x32\...\Grand Theft Auto V_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, ProZorg_tm)
GTA San Andreas (HKLM-x32\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.00.00001 - Rockstar Games)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Intel® Chipset Device Software (x32 Version: 10.0.13 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3540 - Intel Corporation)
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Live 8.2.2 (HKLM-x32\...\Live 8.2.2) (Version:  - )
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.6 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}) (Version: 1.2.0241 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Middle Earth Shadow of Mordor (HKLM-x32\...\Middle Earth Shadow of Mordor_is1) (Version:  - )
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.61.4 - Black Tree Gaming)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 353.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.06 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.5.28 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.28 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.06 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenVPN 2.3.10-I601  (HKLM\...\OpenVPN) (Version: 2.3.10-I601 - )
Ori and the Blind Forest (HKLM-x32\...\Ori and the Blind Forest_is1) (Version:  - )
osu! (HKLM-x32\...\{634122fe-ab88-40c4-aaa7-ccc671700300}) (Version: latest - ppy Pty Ltd)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 1.3.1.41331 - Grinding Gear Games)
Pillars of Eternity (HKLM-x32\...\1207666813_is1) (Version: 2.0.0.1 - GOG.com)
PodTrans 4.2.5 (HKLM-x32\...\{A5B89AC2-2FE2-4AFD-8CB4-2613E0BB85FF}}_is1) (Version: 4.2.5 - iMobie Inc.)
Potplayer-64 Bits (HKLM\...\PotPlayer64) (Version:  - Daum Kakao Corp.)
qBittorrent 3.2.3 (HKLM-x32\...\qBittorrent) (Version: 3.2.3 - The qBittorrent project)
Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.0.30.1259 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer E220x Drivers (Version: 1.0.30.1259 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer Network Manager Suite (HKLM-x32\...\{FE5DFB80-6937-4154-A2C7-EF845C1301F8}) (Version: 1.0.30.1259 - Qualcomm Atheros)
Qualcomm Atheros Network Manager (Version: 1.0.30.1259 - Qualcomm Atheros) Hidden
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7256 - Realtek Semiconductor Corp.)
RogueKiller version 11 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 11 - Adlice Software)
SHIELD Streaming (Version: 4.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.5.28 - NVIDIA Corporation) Hidden
Sid Meiers Civilization Beyond Earth (HKLM-x32\...\U2lkTWVpZXJzQ2l2aWxpemF0aW9uQmV5b25kRWFydGg=_is1) (Version: 1 - )
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
Skyrim Script Extender (SKSE) (HKLM-x32\...\Steam App 365720) (Version:  - The SKSE Team)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TAP-Windows 9.21.1 (HKLM\...\TAP-Windows) (Version: 9.21.1 - )
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Witcher 3 - Wild Hunt (HKLM-x32\...\1207664643_is1) (Version: 1.0.0.0 - GOG.com)
Time Clickers (HKLM-x32\...\Steam App 385770) (Version:  - Proton Studio Inc)
To The Moon (HKLM-x32\...\To The Moon_is1) (Version:  - GOG.com)
Total War ROME II (HKLM-x32\...\VG90YWxXYXJST01FSUk=_is1) (Version: 1 - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Warhammer 40000 Deathwatch Enhanced Edition (HKLM-x32\...\Warhammer 40000 Deathwatch Enhanced Edition_is1) (Version:  - )
Warhammer® 40,000™: Dawn of War® II - Chaos Rising™ (HKLM-x32\...\Steam App 20570) (Version:  - Relic Entertainment)
Warhammer® 40,000™: Dawn of War® II – Retribution™ (HKLM-x32\...\Steam App 56400) (Version:  - Relic Entertainment)
Warhammer® 40,000™: Dawn of War® II (HKLM-x32\...\Steam App 15620) (Version:  - Relic Entertainment)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
X-Chat 2.8.6-2 (HKLM-x32\...\X-Chat 2_is1) (Version: 2.8.6-2 - SilvereX)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3160086116-3863526864-1649153606-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {2F427450-C260-40C7-B27A-9FEEE728E886} - System32\Tasks\{DCACDCCF-ABAF-4F5F-99CF-A432DFE3DEB5} => pcalua.exe -a G:\Programs\Office\Autorun.exe -d G:\Programs\Office
Task: {4C35BC07-D37E-452F-BCAE-FC16E8193AA1} - System32\Tasks\{DDB2AD52-9E11-4AE3-8337-5D372DE3B7C1} => pcalua.exe -a "C:\ProgramData\Supreme AdBlocker\Supreme AdBlocker.exe" -c /progname=Supreme AdBlocker /progver=3.4.2 /progpub=Supreme AdBlocker /proguninstallurl=asdahjka.com /deleteappfolder=0 /VERYSILENT
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {72E256AE-DE1F-41B3-BAFE-B73B468C8B3B} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2013-08-27] (ASUSTek Computer Inc.)
Task: {91A03C5D-FA30-4ED8-B4AE-5F48090CBE8E} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3160086116-3863526864-1649153606-1000
Task: {AD3E4CC7-19BA-4AFB-A92B-0D0168349616} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-07] (Adobe Systems Incorporated)
Task: {B5D84764-1480-44FD-A81A-AE3E0AEB15EA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-10] (Google Inc.)
Task: {D93DAA77-C112-4A00-B1C9-53E34F9D7AF7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {EA28C664-CE8F-4EA1-9E33-AC052B404C2F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-10] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-10-03 10:43 - 2015-05-27 23:15 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-01-17 13:24 - 2012-01-17 13:24 - 00055296 _____ () C:\Windows\SysWOW64\ASGT.exe
2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-01-11 00:15 - 2016-01-04 09:27 - 25034824 _____ () C:\Program Files\RogueKiller\RogueKiller64.exe
2016-01-03 19:01 - 2015-12-30 21:30 - 00088184 _____ () C:\Program Files (x86)\360\Total Security\deepscan\qutmload.dll
2016-01-10 21:49 - 2015-12-30 21:30 - 00578168 _____ () C:\Program Files (x86)\360\Total Security\safemon\wdui2.dll
2015-05-20 15:21 - 2015-05-22 20:48 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Kevin\4kvideodownloader_3.4.exe:BDU
AlternateDataStreams: C:\Users\Kevin\Desktop\flux-setup.exe:BDU
AlternateDataStreams: C:\Users\Kevin\Downloads\4kvideodownloader_3.5.exe:BDU
AlternateDataStreams: C:\Users\Kevin\Downloads\dow2-elite-2-3-0.exe:BDU
AlternateDataStreams: C:\Users\Kevin\Downloads\dow2-elite-2.3.1-H2.exe:BDU
AlternateDataStreams: C:\Users\Kevin\Downloads\drweb-1000-win-space.exe:BDU
AlternateDataStreams: C:\Users\Kevin\Downloads\qbittorrent_3.1.12_setup.exe:BDU
AlternateDataStreams: C:\Users\Kevin\Documents\SUPERAntiSpywarePro.exe:BDU
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2014-11-25 14:52 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3160086116-3863526864-1649153606-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 91.239.100.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{5F52358A-2BC6-43A4-9158-25D3057175EB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{BCFC47E0-B894-4FA4-9A9F-74C1C8ABC05F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{89A26429-8694-49C4-A9EC-58FF93004D20}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A7B11EE2-6EBD-4739-BFB7-AFC0B584EAAD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{270EF0E7-51C1-4F28-960C-195AA712E95A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{FE9CA406-9A5F-45B8-AE91-17557DB7ECEE}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [TCP Query User{EDE4FBD7-CBC1-4B4A-832E-0E99D33301B2}C:\program files (x86)\x-chat 2\xchat.exe] => (Allow) C:\program files (x86)\x-chat 2\xchat.exe
FirewallRules: [UDP Query User{0E0F95AD-911F-4A09-A469-9F651ACC98AB}C:\program files (x86)\x-chat 2\xchat.exe] => (Allow) C:\program files (x86)\x-chat 2\xchat.exe
FirewallRules: [{1F73587D-AE08-4363-9C1C-B833DE65BC1E}] => (Allow) G:\Steam\Steam.exe
FirewallRules: [{4162FECC-6315-4164-BB97-BE1104889A7B}] => (Allow) G:\Steam\Steam.exe
FirewallRules: [{EFB0AB44-E29B-4026-91FB-71BFB656ED6A}] => (Allow) G:\Steam\bin\steamwebhelper.exe
FirewallRules: [{DE449DA0-44F6-47EA-81E0-F020502BE22D}] => (Allow) G:\Steam\bin\steamwebhelper.exe
FirewallRules: [{BA8BC59B-6CA0-44B2-B72C-CD7065E1C2E5}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{5CD33527-EF5F-4E2C-B576-7E787E075668}] => (Allow) C:\Users\Kevin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4BF2A796-C8FE-41C1-A35D-4B3B310E522F}] => (Allow) C:\Users\Kevin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E4074328-4B9B-41F0-8585-4D2B4EFA36A5}] => (Allow) G:\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{4E3EF6DD-0C5A-4222-B7EC-B6DCED7CA200}] => (Allow) G:\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{30005BE6-F8F3-4080-A356-451FB2BF5766}] => (Allow) G:\Steam\SteamApps\common\Dragon Age Ultimate Edition\DAOriginsLauncher.exe
FirewallRules: [{7A8678AF-D4E9-4F78-B569-9876CDF8B7BA}] => (Allow) G:\Steam\SteamApps\common\Dragon Age Ultimate Edition\DAOriginsLauncher.exe
FirewallRules: [{0C9D66FF-D438-49D9-BA06-581B0F38A364}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{B664EAD8-BCD3-4C26-A0D9-870AA21828A5}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{0DE68DFA-3DDF-4748-8AAE-987D61C088B3}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{304ACBED-721F-4F17-83D9-FF30EB1B6A05}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{4837E135-1A22-45FA-9E51-72380C597AF7}] => (Allow) G:\Steam\SteamApps\common\BorderlandsPreSequel\Binaries\Win32\Launcher.exe
FirewallRules: [{3041A676-1501-44C1-8050-9D0FAD376AF0}] => (Allow) G:\Steam\SteamApps\common\BorderlandsPreSequel\Binaries\Win32\Launcher.exe
FirewallRules: [{A93387C0-5B6D-4524-AA19-8E27CB62D01A}] => (Allow) G:\Steam\SteamApps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe
FirewallRules: [{C9606EF4-FAE2-475C-BEFC-7A67ED352947}] => (Allow) G:\Steam\SteamApps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe
FirewallRules: [TCP Query User{0E07C7FC-346D-49E4-9B68-1D5B3E0653BA}G:\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Allow) G:\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [UDP Query User{AFD60CB3-AEC3-4AEA-8654-1DC596A83722}G:\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Allow) G:\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [{88983EC1-6689-4A1E-96FA-080193CD0BCF}] => (Allow) G:\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{D2356A42-A87A-444C-B224-7284282766CE}] => (Allow) G:\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [TCP Query User{7F879038-769B-4678-B394-A7A3F4C9BDDD}C:\programdata\battle.net\agent\agent.3507\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3507\agent.exe
FirewallRules: [UDP Query User{CBA8D074-BEDD-4ACB-8932-61C4AE95F390}C:\programdata\battle.net\agent\agent.3507\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3507\agent.exe
FirewallRules: [{B398D1D3-9A8B-4E7C-AAD9-769BF2115848}] => (Allow) G:\Steam\SteamApps\common\Crysis 2 Game of the Year\bin32\Crysis2Launcher.exe
FirewallRules: [{E24DC4CF-B462-4A2C-B3C6-1203D5233D3B}] => (Allow) G:\Steam\SteamApps\common\Crysis 2 Game of the Year\bin32\Crysis2Launcher.exe
FirewallRules: [TCP Query User{A3EF3BD0-4BCF-4812-A58B-ED738DF707A1}G:\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe] => (Allow) G:\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe
FirewallRules: [UDP Query User{D650BAC6-BB3F-4774-B589-C36AE7335F3E}G:\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe] => (Allow) G:\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe
FirewallRules: [{A6D4A7F0-AE34-4987-A132-C504C96F5DD7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{D9E5AC55-C8D3-43AC-9802-C8FAA6D773DF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [TCP Query User{AD08DFBD-0C3A-4695-803E-C93F420683EF}G:\games\total.war.rome.ii-reloaded\total war rome ii\rome2.exe] => (Allow) G:\games\total.war.rome.ii-reloaded\total war rome ii\rome2.exe
FirewallRules: [UDP Query User{BED4F057-346B-4E72-9080-EB69A1C499E8}G:\games\total.war.rome.ii-reloaded\total war rome ii\rome2.exe] => (Allow) G:\games\total.war.rome.ii-reloaded\total war rome ii\rome2.exe
FirewallRules: [{5EE73551-B026-42AB-AAFF-D73BAFA4F635}] => (Allow) C:\Program Files (x86)\Dragon Age 2\bin_ship\DragonAge2.exe
FirewallRules: [{23240D6B-8C70-4BF5-AAB3-20234541F2F6}] => (Allow) C:\Program Files (x86)\Dragon Age 2\bin_ship\DragonAge2.exe
FirewallRules: [{07679C88-5950-4A18-B9EF-8924A677638B}] => (Allow) C:\Program Files (x86)\Dragon Age 2\DragonAge2Launcher.exe
FirewallRules: [{15BA8B93-8853-40B2-A340-34A6039D857F}] => (Allow) C:\Program Files (x86)\Dragon Age 2\DragonAge2Launcher.exe
FirewallRules: [TCP Query User{7F8DB8B9-C2C5-42A4-A55E-062C3FD3220E}G:\games\new folder\far cry 4\bin\farcry4.exe] => (Allow) G:\games\new folder\far cry 4\bin\farcry4.exe
FirewallRules: [UDP Query User{D528EF8B-4F81-4A10-910B-2BDA56888965}G:\games\new folder\far cry 4\bin\farcry4.exe] => (Allow) G:\games\new folder\far cry 4\bin\farcry4.exe
FirewallRules: [{A51797E9-BC4B-4604-8081-CAB72D19D173}] => (Allow) G:\Steam\SteamApps\common\Dawn of War 2\DOW2.exe
FirewallRules: [{F2FC423F-B76D-4628-9659-994EBD8A1C4A}] => (Allow) G:\Steam\SteamApps\common\Dawn of War 2\DOW2.exe
FirewallRules: [{7A0856DD-5210-4FF7-8424-E89D3D50C595}] => (Allow) G:\Steam\SteamApps\common\Dawn of War II - Retribution\DOW2.exe
FirewallRules: [{BBB262EF-26BD-4C88-94B9-0E69E1A92555}] => (Allow) G:\Steam\SteamApps\common\Dawn of War II - Retribution\DOW2.exe
FirewallRules: [{CA23DA99-942A-415F-A1AC-1073E02EDC66}] => (Allow) C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe
FirewallRules: [{85EEB4A7-F9DB-4D0B-BFAB-181AFA2845AF}] => (Allow) G:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{F628131A-92AB-4391-BF9E-4208A7A5E068}] => (Allow) G:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{7DA3577C-6374-4D59-B00A-4E23BAD084FE}] => (Allow) G:\Steam\SteamApps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{E4C593D4-9545-4CAD-BEAA-F091094666E7}] => (Allow) G:\Steam\SteamApps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{69F11CF0-3FEC-4A34-AE52-892EF23E580E}] => (Allow) G:\Steam\SteamApps\common\TimeClickers\TimeClickers.exe
FirewallRules: [{4905CF9A-C79D-46F4-A3C8-36B7F2626F2A}] => (Allow) G:\Steam\SteamApps\common\TimeClickers\TimeClickers.exe
FirewallRules: [{0D681BC2-BC94-40A0-97EC-79F932E5C8FF}] => (Allow) G:\Programs\qBittorrent\qbittorrent.exe
FirewallRules: [{9AC94C5D-3209-40B5-9E59-101F4A39EE03}] => (Allow) G:\Programs\qBittorrent\qbittorrent.exe
FirewallRules: [TCP Query User{D6059134-6793-4C68-A08D-71143760CA09}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Allow) C:\program files (x86)\qbittorrent\qbittorrent.exe
FirewallRules: [UDP Query User{75613C7D-2D6F-4F4B-8529-A96418FD3750}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Allow) C:\program files (x86)\qbittorrent\qbittorrent.exe
FirewallRules: [{D3B6CD62-6B01-45EE-90E0-F5FE2EE31CBC}] => (Allow) G:\Steam\SteamApps\common\Skyrim\skse_steam_boot.exe
FirewallRules: [{58013D3D-E7A3-469F-A034-C2CB03952EA6}] => (Allow) G:\Steam\SteamApps\common\Skyrim\skse_steam_boot.exe
FirewallRules: [TCP Query User{020980FB-1B5E-43DD-9551-73637E8D5228}G:\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe] => (Allow) G:\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe
FirewallRules: [UDP Query User{B7738C74-3BCA-4C54-AC98-C1895EA12A54}G:\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe] => (Allow) G:\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe
FirewallRules: [{B8EE9F00-9643-4E04-8426-4571718398C4}] => (Allow) C:\Program Files (x86)\pandasecuritytb\cleanupie.exe
FirewallRules: [{E9765C5B-085D-43D1-A4D6-24F9023A40E3}] => (Allow) C:\Program Files (x86)\pandasecuritytb\cleanupie.exe
FirewallRules: [{37ED7F1E-63C9-4D8F-8C2C-B04D9F6ED86E}] => (Allow) C:\Program Files (x86)\pandasecuritytb\ToolbarCleaner.exe
FirewallRules: [{B138A706-AD59-4620-BACD-8DDDE013B3B0}] => (Allow) C:\Program Files (x86)\pandasecuritytb\ToolbarCleaner.exe
FirewallRules: [{BCBBADAB-3171-4EF5-9A5F-E5CE0E6808E4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{ED3CEE77-ED14-46C8-A3DC-DED8040375CA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{210BB489-1CD3-4BC3-BEC4-F77037AFBA4A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D0F59986-6381-465E-B74D-B2A12BEFEDF5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2C39FE68-D8FD-43E8-8507-58440D2D937F}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{E4D09C18-A232-4DC2-93A4-508D8D8D49A8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{407F6F2C-A44B-4B99-999A-A74BB561ED1A}] => (Allow) G:\Steam\SteamApps\common\Banished\Application-steam-x64.exe
FirewallRules: [{F6FE6C6D-A1CF-43E4-86A7-E340D2A4DAFE}] => (Allow) G:\Steam\SteamApps\common\Banished\Application-steam-x64.exe
FirewallRules: [{10978263-90A0-46E2-AB8F-9FE59AED93C8}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{48A449B5-7C5F-4971-9C40-C8C1C5107150}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{7AD58A8B-1607-44BD-ABF7-CF2065664519}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe
FirewallRules: [{706B0041-DCD1-4583-9F13-20354C5EF97C}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe
 
==================== Restore Points =========================
 
06-01-2016 15:26:06 Device Driver Package Install: TAP-Windows Provider V9 Network adapters
07-01-2016 14:23:42 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/11/2016 12:30:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ntdll.dll, version: 6.1.7601.19045, time stamp: 0x56259295
Exception code: 0xc0000005
Fault offset: 0x00000000000200ea
Faulting process id: 0x28c
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
 
Error: (01/05/2016 10:09:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8315
 
Error: (01/05/2016 10:09:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8315
 
Error: (01/05/2016 10:09:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/05/2016 10:09:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7269
 
Error: (01/05/2016 10:09:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7269
 
Error: (01/05/2016 10:09:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/05/2016 10:09:34 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6271
 
Error: (01/05/2016 10:09:34 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6271
 
Error: (01/05/2016 10:09:34 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (01/11/2016 12:31:59 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Program Compatibility Assistant Service service, but this action failed with the following error: 
%%1056
 
Error: (01/11/2016 12:30:59 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (01/11/2016 12:30:59 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The WLAN AutoConfig service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (01/11/2016 12:30:59 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Diagnostic System Host service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/11/2016 12:30:59 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Desktop Window Manager Session Manager service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (01/11/2016 12:30:59 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Program Compatibility Assistant Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (01/11/2016 12:30:59 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Network Connections service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
 
Error: (01/11/2016 12:30:59 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Audio Endpoint Builder service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (01/11/2016 12:30:58 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/08/2016 11:46:06 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4690K CPU @ 3.50GHz
Percentage of memory in use: 99%
Total physical RAM: 8053.06 MB
Available physical RAM: 40.77 MB
Total Virtual: 16104.32 MB
Available Virtual: 8821.94 MB
 
==================== Drives ================================
 
Drive c: (Chorong) (Fixed) (Total:232.79 GB) (Free:69.31 GB) NTFS
Drive e: (Eunji) (Fixed) (Total:1863.01 GB) (Free:1548.33 GB) NTFS
Drive g: (Hayoung) (Fixed) (Total:2794.39 GB) (Free:384.39 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 2794.5 GB) (Disk ID: 2569FA96)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 3444DB7B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 000CE27C)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

 



#6 Jo*

Jo*

  • Malware Response Team
  • 3,293 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:21 PM

Posted 12 January 2016 - 03:37 PM

Hello,

you should know which router you have and check its documentation, if DhcpNameServer : 10.0.1.1 is the Default Setting for this model or not.
Case of problems contact the support of the router manufactorer or visit their website.

Is this a Company PC, that you are using?
Is this a Company Network or a Private Home Network, that you are using?
 

***


Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt
 
start
CreateRestorePoint:
EmptyTemp:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION 
SearchScopes: HKLM -> DefaultScope {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms} 
SearchScopes: HKLM -> {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms} 
SearchScopes: HKLM-x32 -> DefaultScope {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms} 
SearchScopes: HKLM-x32 -> {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms} 
SearchScopes: HKU\S-1-5-21-3160086116-3863526864-1649153606-1000 -> DefaultScope {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms} 
SearchScopes: HKU\S-1-5-21-3160086116-3863526864-1649153606-1000 -> {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms} 
S3 gdrv; \??\C:\Windows\gdrv.sys [X] 
end
NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST / FSRT64 again like we did before but this time press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.



***


FRST / FSRT64: run it again.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

***


Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.

Edited by Jo*, 12 January 2016 - 03:58 PM.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#7 AtlasK

AtlasK
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 12 January 2016 - 04:41 PM

yes this is a home private network. And I do believe it is the default setting for my router.

 

here are the logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01
Ran by Kevin (administrator) on KEVIN-PC (12-01-2016 16:31:51)
Running from C:\Users\Kevin\Desktop\New folder (2)
Loaded Profiles: Kevin (Available Profiles: Kevin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Windows\SysWOW64\ASGT.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUS) C:\Program Files (x86)\ASUS\GPU Tweak\GPUTweak.exe
(Flux Software LLC) C:\Users\Kevin\AppData\Local\FluxSoftware\Flux\flux.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(ASUS) C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2016-01-11] (AVAST Software)
HKU\S-1-5-21-3160086116-3863526864-1649153606-1000\...\Run: [f.lux] => C:\Users\Kevin\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-3160086116-3863526864-1649153606-1000\...\MountPoints2: H - H:\autorun.exe
HKU\S-1-5-21-3160086116-3863526864-1649153606-1000\...\MountPoints2: {2544cccf-4b0f-11e4-a950-806e6f6e6963} - D:\Run.exe
HKU\S-1-5-21-3160086116-3863526864-1649153606-1000\...\MountPoints2: {ee3fa1e2-4bd7-11e4-a18f-74d435eb8455} - H:\setup.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-10-07] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [panda] => reg.exe delete "HKCU\Software\AppDataLow\Software\panda" /f
HKU\S-1-5-18\...\RunOnce: [panda_XP] => reg.exe delete "HKCU\Software\panda" /f
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-01-11] (AVAST Software)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{A46A65D1-2FC7-44E2-A554-5AF701E1982A}: [DhcpNameServer] 10.0.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.ca
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.ca
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-3160086116-3863526864-1649153606-1000\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.ca
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-01-11] (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-01-11] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\zvEuGAOR.default
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-10-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-10-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-05-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-05-27] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\zvEuGAOR.default\Extensions\abs@avira.com [2015-06-10] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-01-11]
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll => No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Profile: C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (AdBlock) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-01-08]
CHR Extension: (AlienTube for YouTube™) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\opgodjgjgojjkhlmmhdlojfehcemknnp [2015-11-18]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3160086116-3863526864-1649153606-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Kevin\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx <not found>
CHR HKU\S-1-5-21-3160086116-3863526864-1649153606-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-01-11]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2016-01-11] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [5561368 2016-01-11] (Avast Software)
S3 celavimushost; C:\Program Files (x86)\CEVO\CSGO Client Beta\CelavimusClientHelper.exe [123608 2015-06-10] (altPUG LLC)
S3 DAUpdaterSvc; G:\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [25832 2014-10-06] (BioWare)
S3 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-22] (NVIDIA Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [296432 2014-04-08] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-05-22] (NVIDIA Corporation)
S3 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23006864 2015-05-22] (NVIDIA Corporation)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [38200 2016-01-04] (The OpenVPN Project)
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [343040 2013-08-08] (Qualcomm Atheros) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2010-05-29] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2016-01-11] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2016-01-11] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2016-01-11] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2016-01-11] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1055560 2016-01-11] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [451040 2016-01-11] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2016-01-11] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2016-01-11] (AVAST Software)
R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [67888 2013-02-13] (Qualcomm Atheros, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-10-05] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-04-11] (Intel Corporation)
R3 IOMap; C:\Windows\system32\drivers\IOMap64.sys [24824 2013-07-02] (ASUSTeK Computer Inc.)
R3 Ke2200; C:\Windows\System32\DRIVERS\e22w7x64.sys [154320 2013-03-20] (Qualcomm Atheros, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation)
R3 netr28x; C:\Windows\System32\DRIVERS\Dnetr28x.sys [1885792 2012-08-24] (Ralink Technology, Corp.)
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [147088 2016-01-11] (AVAST Software)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-22] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-04-03] (NVIDIA Corporation)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [310904 2016-01-11] (Avast Software)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-12 14:43 - 2013-07-02 18:29 - 00024824 _____ (ASUSTeK Computer Inc.) C:\Windows\system32\Drivers\IOMap64.sys
2016-01-11 22:46 - 2016-01-11 22:50 - 210145320 _____ (Emsisoft Ltd. ) C:\Users\Kevin\Downloads\EmsisoftAntiMalwareSetup.exe
2016-01-11 22:37 - 2016-01-11 22:37 - 00147088 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys
2016-01-11 22:37 - 2016-01-11 22:36 - 00386096 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-01-11 22:36 - 2016-01-11 22:37 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-01-11 22:36 - 2016-01-11 22:36 - 01055560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-01-11 22:36 - 2016-01-11 22:36 - 00451040 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-01-11 22:36 - 2016-01-11 22:36 - 00273784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-01-11 22:36 - 2016-01-11 22:36 - 00155304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-01-11 22:36 - 2016-01-11 22:36 - 00097648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-01-11 22:36 - 2016-01-11 22:36 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-01-11 22:36 - 2016-01-11 22:36 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-01-11 22:36 - 2016-01-11 22:36 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-01-11 22:36 - 2016-01-11 22:36 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-01-11 22:36 - 2016-01-11 22:36 - 00001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-01-11 22:36 - 2016-01-11 22:36 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-01-11 22:36 - 2016-01-11 22:36 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\AVAST Software
2016-01-11 22:36 - 2016-01-11 22:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-01-11 22:36 - 2016-01-11 22:36 - 00000000 ____D C:\Program Files\Common Files\AV
2016-01-11 22:35 - 2016-01-11 22:35 - 00000000 ____D C:\ProgramData\AVAST Software
2016-01-11 22:35 - 2016-01-11 22:35 - 00000000 ____D C:\Program Files\AVAST Software
2016-01-11 22:33 - 2016-01-11 22:33 - 05066104 _____ (AVAST Software) C:\Users\Kevin\Downloads\avast_free_antivirus_setup_online_cnet1.exe
2016-01-11 22:09 - 2016-01-11 22:09 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Kevin\Downloads\mbar-1.09.3.1001 (1).exe
2016-01-11 21:45 - 2016-01-11 21:45 - 01754112 _____ C:\Users\Kevin\Downloads\AdwCleaner.exe
2016-01-11 21:31 - 2016-01-11 21:31 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Kevin\Downloads\mbar-1.09.3.1001.exe
2016-01-11 21:25 - 2016-01-11 21:25 - 00000000 ____D C:\Users\Kevin\Documents\scans
2016-01-11 01:04 - 2016-01-11 22:47 - 00000000 ____D C:\AdwCleaner
2016-01-11 01:04 - 2016-01-11 01:04 - 00001962 _____ C:\Users\Kevin\Desktop\JRT.txt
2016-01-11 01:02 - 2016-01-11 01:02 - 01749504 _____ C:\Users\Kevin\Downloads\adwcleaner_5.028.exe
2016-01-11 01:01 - 2016-01-11 01:01 - 01600184 _____ (Malwarebytes) C:\Users\Kevin\Downloads\JRT.exe
2016-01-11 00:51 - 2016-01-11 00:51 - 00409848 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-11 00:38 - 2016-01-12 16:31 - 00000000 ____D C:\FRST
2016-01-11 00:35 - 2016-01-12 16:29 - 00000000 ____D C:\Users\Kevin\Desktop\New folder (2)
2016-01-11 00:34 - 2016-01-11 00:34 - 00000000 ____D C:\Users\Kevin\Desktop\New folder
2016-01-11 00:29 - 2016-01-11 00:29 - 04186180 _____ C:\Users\Kevin\Downloads\RegWatcher.zip
2016-01-11 00:28 - 2016-01-11 00:28 - 00852720 _____ C:\Users\Kevin\Desktop\SecurityCheck.exe
2016-01-11 00:15 - 2016-01-11 00:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-01-11 00:15 - 2016-01-11 00:15 - 00000000 ____D C:\Program Files\RogueKiller
2016-01-11 00:14 - 2016-01-11 00:14 - 31162664 _____ (Adlice Software ) C:\Users\Kevin\Downloads\setup.exe
2016-01-11 00:02 - 2016-01-11 00:02 - 00110104 _____ C:\Users\Kevin\AppData\Local\GDIPFONTCACHEV1.DAT
2016-01-10 23:45 - 2016-01-10 23:45 - 00001768 _____ C:\Users\Kevin\Documents\School 2016 - Shortcut.lnk
2016-01-10 21:49 - 2016-01-11 21:48 - 00000000 ____D C:\ProgramData\360safe
2016-01-09 16:34 - 2016-01-10 23:47 - 00000000 ____D C:\Users\Kevin\Documents\School 2016
2016-01-07 14:23 - 2016-01-10 21:54 - 00003770 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-01-07 14:23 - 2015-01-06 22:15 - 00104896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mup.sys
2016-01-07 14:23 - 2015-01-06 22:10 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-01-07 14:23 - 2015-01-06 21:44 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2016-01-07 14:23 - 2015-01-06 20:49 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2016-01-07 14:23 - 2015-01-06 20:48 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2016-01-06 15:28 - 2014-08-21 12:29 - 00004027 _____ C:\Users\Kevin\Desktop\vpnbook-ca1-udp25000.ovpn
2016-01-06 15:28 - 2014-08-21 12:29 - 00004023 _____ C:\Users\Kevin\Desktop\vpnbook-ca1-udp53.ovpn
2016-01-06 15:28 - 2014-08-21 12:29 - 00004023 _____ C:\Users\Kevin\Desktop\vpnbook-ca1-tcp443.ovpn
2016-01-06 15:28 - 2014-08-21 12:29 - 00004021 _____ C:\Users\Kevin\Desktop\vpnbook-ca1-tcp80.ovpn
2016-01-06 15:26 - 2016-01-06 15:26 - 00000915 _____ C:\Users\Public\Desktop\OpenVPN GUI.lnk
2016-01-06 15:26 - 2016-01-06 15:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2016-01-06 15:26 - 2016-01-06 15:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
2016-01-06 15:26 - 2016-01-06 15:26 - 00000000 ____D C:\Program Files\TAP-Windows
2016-01-06 15:26 - 2016-01-06 15:26 - 00000000 ____D C:\Program Files\OpenVPN
2016-01-06 15:25 - 2016-01-06 15:25 - 01827536 _____ C:\Users\Kevin\Downloads\openvpn-install-2.3.10-I601-x86_64.exe
2016-01-06 15:24 - 2016-01-06 15:24 - 00009226 _____ C:\Users\Kevin\Downloads\VPNBook.com-OpenVPN-CA1 (2).zip
2016-01-06 15:23 - 2016-01-06 15:23 - 00009226 _____ C:\Users\Kevin\Downloads\VPNBook.com-OpenVPN-CA1 (1).zip
2016-01-04 21:06 - 2016-01-04 21:18 - 00000000 __SHD C:\$360Section
2016-01-03 19:44 - 2016-01-03 19:44 - 00000000 ____D C:\Users\Kevin\Documents\Banished
2016-01-03 19:02 - 2016-01-11 00:51 - 00000000 ____D C:\Windows\Tasks\360Disabled
2016-01-03 19:02 - 2016-01-04 21:18 - 00000000 ____D C:\ProgramData\360Quarant
2016-01-03 19:01 - 2016-01-03 19:01 - 00000000 ____D C:\Program Files (x86)\360
2016-01-03 19:01 - 2015-12-16 22:14 - 00077904 _____ (360.cn) C:\Windows\SysWOW64\Drivers\360AvFlt.sys
2015-12-21 17:41 - 2015-12-21 17:41 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-12-21 17:41 - 2015-12-21 17:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-12-16 08:41 - 2015-12-16 08:41 - 03266706 _____ C:\Users\Kevin\Downloads\12.01 and 12.02 Solids and Liquids combined.pdf
2015-12-16 08:34 - 2015-12-16 08:34 - 02097932 _____ C:\Users\Kevin\Downloads\11.01 and 11.02 Proteins combined.pdf
2015-12-16 02:27 - 2016-01-11 22:27 - 00036608 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-12-16 02:26 - 2015-12-16 03:07 - 00000000 ____D C:\ProgramData\RogueKiller
2015-12-16 01:30 - 2016-01-11 22:09 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-16 01:30 - 2016-01-11 22:09 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-12-16 01:30 - 2015-12-16 01:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-16 01:30 - 2015-12-16 01:30 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-16 01:30 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-12-16 01:30 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-12-16 01:29 - 2015-12-16 01:29 - 22908888 _____ (Malwarebytes ) C:\Users\Kevin\Downloads\mbam-setup-2.2.0.1024.exe
2015-12-14 13:29 - 2015-12-14 13:29 - 01050800 _____ C:\Users\Kevin\Downloads\CHEM112 Quantum2 2.02.pdf
2015-12-14 13:28 - 2015-12-14 13:29 - 01931441 _____ C:\Users\Kevin\Downloads\CHEM112 Quantum 1 2.01.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-12 16:30 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-12 16:12 - 2014-10-04 03:06 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\X-Chat 2
2016-01-12 15:38 - 2015-01-31 02:55 - 00000000 ____D C:\Windows\SysWOW64\vbox
2016-01-12 15:38 - 2015-01-31 02:55 - 00000000 ____D C:\Windows\system32\vbox
2016-01-12 14:48 - 2009-07-13 23:45 - 00015024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-12 14:48 - 2009-07-13 23:45 - 00015024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-12 14:46 - 2009-07-14 00:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-12 14:46 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-01-11 22:37 - 2009-07-13 22:20 - 00000000 ____D C:\Windows
2016-01-11 22:22 - 2014-10-03 10:16 - 00000000 ____D C:\Users\Kevin
2016-01-11 22:17 - 2015-04-22 07:11 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-01-11 22:17 - 2015-04-22 07:08 - 00000000 ____D C:\Users\Kevin\Desktop\mbar
2016-01-11 21:54 - 2014-10-05 14:02 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\vlc
2016-01-11 01:21 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2016-01-11 00:51 - 2014-11-25 14:30 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-01-11 00:50 - 2009-07-13 22:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-01-11 00:02 - 2014-10-04 13:12 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\Skype
2016-01-10 23:42 - 2014-10-04 19:12 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\uTorrent
2016-01-10 22:37 - 2015-03-07 04:08 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\qBittorrent
2016-01-10 21:54 - 2014-10-03 10:20 - 00003906 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-01-10 21:54 - 2014-10-03 10:20 - 00003654 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-01-09 12:05 - 2014-10-03 10:43 - 00000000 ____D C:\ProgramData\NVIDIA
2016-01-07 14:23 - 2015-09-12 15:37 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2016-01-07 14:23 - 2015-05-14 18:10 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-07 14:23 - 2015-05-14 18:10 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-06 15:10 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2016-01-04 22:18 - 2015-08-25 02:57 - 00000000 ____D C:\Program Files (x86)\Panda Security
2016-01-04 22:17 - 2015-08-25 02:57 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\Panda Security
2016-01-04 22:17 - 2015-08-25 02:56 - 00000000 ____D C:\ProgramData\Panda Security
2016-01-03 19:31 - 2014-10-15 21:37 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2016-01-03 19:31 - 2014-10-03 11:07 - 00000000 ____D C:\Windows\Panther
2016-01-03 19:30 - 2015-01-06 12:02 - 00003888 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-01-03 19:11 - 2014-10-03 11:44 - 00000000 ____D C:\Users\Kevin\AppData\Local\ElevatedDiagnostics
2015-12-21 17:41 - 2014-10-04 13:12 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2015-12-21 17:41 - 2014-10-04 13:12 - 00000000 ____D C:\Users\Kevin\AppData\Local\Skype
2015-12-21 17:41 - 2014-10-04 13:11 - 00000000 ____D C:\ProgramData\Skype
2015-12-17 11:45 - 2014-12-05 22:08 - 00000897 _____ C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2015-12-17 11:45 - 2014-12-05 22:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2015-12-17 11:44 - 2014-12-05 22:08 - 00000000 ____D C:\Program Files\Nexus Mod Manager
2015-12-16 16:46 - 2015-06-10 23:08 - 00002190 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-16 02:47 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\TAPI
 
==================== Files in the root of some directories =======
 
2015-05-21 18:51 - 2015-05-21 18:51 - 0000000 _____ () C:\Users\Kevin\AppData\Local\Temp.dat
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-05 04:51
 
==================== End of FRST.txt ============================
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 7 Home Premium x64 
Ran by Kevin (Administrator) on Tue 01/12/2016 at 16:34:40.76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 4 
 
Successfully deleted: C:\Users\Kevin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5LG01MTB (Folder) 
Successfully deleted: C:\Users\Kevin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KUJH12LC (Folder) 
Successfully deleted: C:\Users\Kevin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LR2EGZ70 (Folder) 
Successfully deleted: C:\Users\Kevin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MZ2CJUNH (Folder) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 01/12/2016 at 16:35:44.78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


#8 Jo*

Jo*

  • Malware Response Team
  • 3,293 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:21 PM

Posted 12 January 2016 - 04:47 PM

The fixlist did not run.

Why didn't you follow the instuctions to copy and run FRST from C:\Users\Kevin\Desktop\


If you use FRST from: Running from C:\Users\Kevin\Desktop\New folder (2)
Then you have to copy the fixlist.txt in the same Folder!


Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt



start
CreateRestorePoint:
EmptyTemp:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION 
SearchScopes: HKLM -> DefaultScope {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms} 
SearchScopes: HKLM -> {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms} 
SearchScopes: HKLM-x32 -> DefaultScope {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms} 
SearchScopes: HKLM-x32 -> {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms} 
SearchScopes: HKU\S-1-5-21-3160086116-3863526864-1649153606-1000 -> DefaultScope {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms} 
SearchScopes: HKU\S-1-5-21-3160086116-3863526864-1649153606-1000 -> {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms} 
S3 gdrv; \??\C:\Windows\gdrv.sys [X] 
end
NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST / FSRT64 again like we did before but this time press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#9 AtlasK

AtlasK
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 12 January 2016 - 04:50 PM

i thought i did sorry about that let me just run them again from the desktop and ill get right back to you with the log.



#10 AtlasK

AtlasK
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 12 January 2016 - 04:54 PM

Alright here is the new fixlog and the FRST file

 

Fix result of Farbar Recovery Scan Tool (x64) Version:10-01-2015 01
Ran by Kevin (2016-01-12 16:49:16) Run:4
Running from C:\Users\Kevin\Desktop
Loaded Profiles: Kevin (Available Profiles: Kevin)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
CreateRestorePoint:
EmptyTemp:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION 
SearchScopes: HKLM -> DefaultScope {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms} 
SearchScopes: HKLM -> {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms} 
SearchScopes: HKLM-x32 -> DefaultScope {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms} 
SearchScopes: HKLM-x32 -> {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms} 
SearchScopes: HKU\S-1-5-21-3160086116-3863526864-1649153606-1000 -> DefaultScope {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms} 
SearchScopes: HKU\S-1-5-21-3160086116-3863526864-1649153606-1000 -> {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms} 
S3 gdrv; \??\C:\Windows\gdrv.sys [X] 
end
*****************
 
Restore point was successfully created.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{59E9C8B1-74FD-4CB6-A815-9E96102F97BD} => key not found. 
HKCR\CLSID\{59E9C8B1-74FD-4CB6-A815-9E96102F97BD} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{59E9C8B1-74FD-4CB6-A815-9E96102F97BD} => key not found. 
HKCR\Wow6432Node\CLSID\{59E9C8B1-74FD-4CB6-A815-9E96102F97BD} => key not found. 
HKU\S-1-5-21-3160086116-3863526864-1649153606-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-21-3160086116-3863526864-1649153606-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{59E9C8B1-74FD-4CB6-A815-9E96102F97BD} => key not found. 
HKCR\CLSID\{59E9C8B1-74FD-4CB6-A815-9E96102F97BD} => key not found. 
gdrv => service not found.
EmptyTemp: => 37.9 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 16:49:22 ====
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01
Ran by Kevin (administrator) on KEVIN-PC (12-01-2016 16:51:16)
Running from C:\Users\Kevin\Desktop
Loaded Profiles: Kevin (Available Profiles: Kevin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Windows\SysWOW64\ASGT.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUS) C:\Program Files (x86)\ASUS\GPU Tweak\GPUTweak.exe
(Flux Software LLC) C:\Users\Kevin\AppData\Local\FluxSoftware\Flux\flux.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(ASUS) C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2016-01-11] (AVAST Software)
HKU\S-1-5-21-3160086116-3863526864-1649153606-1000\...\Run: [f.lux] => C:\Users\Kevin\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-3160086116-3863526864-1649153606-1000\...\MountPoints2: H - H:\autorun.exe
HKU\S-1-5-21-3160086116-3863526864-1649153606-1000\...\MountPoints2: {2544cccf-4b0f-11e4-a950-806e6f6e6963} - D:\Run.exe
HKU\S-1-5-21-3160086116-3863526864-1649153606-1000\...\MountPoints2: {ee3fa1e2-4bd7-11e4-a18f-74d435eb8455} - H:\setup.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-10-07] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [panda] => reg.exe delete "HKCU\Software\AppDataLow\Software\panda" /f
HKU\S-1-5-18\...\RunOnce: [panda_XP] => reg.exe delete "HKCU\Software\panda" /f
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-01-11] (AVAST Software)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{A46A65D1-2FC7-44E2-A554-5AF701E1982A}: [DhcpNameServer] 10.0.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.ca
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.ca
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-3160086116-3863526864-1649153606-1000\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.ca
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-01-11] (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-01-11] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\zvEuGAOR.default
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-10-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-10-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-05-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-05-27] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\zvEuGAOR.default\Extensions\abs@avira.com [2015-06-10] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-01-11]
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll => No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Profile: C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (AdBlock) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-01-08]
CHR Extension: (AlienTube for YouTube™) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\opgodjgjgojjkhlmmhdlojfehcemknnp [2015-11-18]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3160086116-3863526864-1649153606-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Kevin\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx <not found>
CHR HKU\S-1-5-21-3160086116-3863526864-1649153606-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-01-11]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2016-01-11] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [5561368 2016-01-11] (Avast Software)
S3 celavimushost; C:\Program Files (x86)\CEVO\CSGO Client Beta\CelavimusClientHelper.exe [123608 2015-06-10] (altPUG LLC)
S3 DAUpdaterSvc; G:\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [25832 2014-10-06] (BioWare)
S3 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-22] (NVIDIA Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [296432 2014-04-08] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-05-22] (NVIDIA Corporation)
S3 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23006864 2015-05-22] (NVIDIA Corporation)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [38200 2016-01-04] (The OpenVPN Project)
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [343040 2013-08-08] (Qualcomm Atheros) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2010-05-29] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2016-01-11] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2016-01-11] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2016-01-11] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2016-01-11] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1055560 2016-01-11] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [451040 2016-01-11] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2016-01-11] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2016-01-11] (AVAST Software)
R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [67888 2013-02-13] (Qualcomm Atheros, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-10-05] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-04-11] (Intel Corporation)
R3 IOMap; C:\Windows\system32\drivers\IOMap64.sys [24824 2013-07-02] (ASUSTeK Computer Inc.)
R3 Ke2200; C:\Windows\System32\DRIVERS\e22w7x64.sys [154320 2013-03-20] (Qualcomm Atheros, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation)
R3 netr28x; C:\Windows\System32\DRIVERS\Dnetr28x.sys [1885792 2012-08-24] (Ralink Technology, Corp.)
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [147088 2016-01-11] (AVAST Software)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-22] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-04-03] (NVIDIA Corporation)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [310904 2016-01-11] (Avast Software)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-12 14:43 - 2013-07-02 18:29 - 00024824 _____ (ASUSTeK Computer Inc.) C:\Windows\system32\Drivers\IOMap64.sys
2016-01-11 22:46 - 2016-01-11 22:50 - 210145320 _____ (Emsisoft Ltd. ) C:\Users\Kevin\Downloads\EmsisoftAntiMalwareSetup.exe
2016-01-11 22:37 - 2016-01-11 22:37 - 00147088 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys
2016-01-11 22:37 - 2016-01-11 22:36 - 00386096 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-01-11 22:36 - 2016-01-11 22:37 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-01-11 22:36 - 2016-01-11 22:36 - 01055560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-01-11 22:36 - 2016-01-11 22:36 - 00451040 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-01-11 22:36 - 2016-01-11 22:36 - 00273784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-01-11 22:36 - 2016-01-11 22:36 - 00155304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-01-11 22:36 - 2016-01-11 22:36 - 00097648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-01-11 22:36 - 2016-01-11 22:36 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-01-11 22:36 - 2016-01-11 22:36 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-01-11 22:36 - 2016-01-11 22:36 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-01-11 22:36 - 2016-01-11 22:36 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-01-11 22:36 - 2016-01-11 22:36 - 00001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-01-11 22:36 - 2016-01-11 22:36 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-01-11 22:36 - 2016-01-11 22:36 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\AVAST Software
2016-01-11 22:36 - 2016-01-11 22:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-01-11 22:36 - 2016-01-11 22:36 - 00000000 ____D C:\Program Files\Common Files\AV
2016-01-11 22:35 - 2016-01-11 22:35 - 00000000 ____D C:\ProgramData\AVAST Software
2016-01-11 22:35 - 2016-01-11 22:35 - 00000000 ____D C:\Program Files\AVAST Software
2016-01-11 22:33 - 2016-01-11 22:33 - 05066104 _____ (AVAST Software) C:\Users\Kevin\Downloads\avast_free_antivirus_setup_online_cnet1.exe
2016-01-11 22:09 - 2016-01-11 22:09 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Kevin\Downloads\mbar-1.09.3.1001 (1).exe
2016-01-11 21:45 - 2016-01-11 21:45 - 01754112 _____ C:\Users\Kevin\Downloads\AdwCleaner.exe
2016-01-11 21:31 - 2016-01-11 21:31 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Kevin\Downloads\mbar-1.09.3.1001.exe
2016-01-11 21:25 - 2016-01-11 21:25 - 00000000 ____D C:\Users\Kevin\Documents\scans
2016-01-11 01:04 - 2016-01-12 16:35 - 00001066 _____ C:\Users\Kevin\Desktop\JRT.txt
2016-01-11 01:04 - 2016-01-11 22:47 - 00000000 ____D C:\AdwCleaner
2016-01-11 01:02 - 2016-01-11 01:02 - 01749504 _____ C:\Users\Kevin\Downloads\adwcleaner_5.028.exe
2016-01-11 01:01 - 2016-01-11 01:01 - 01600184 _____ (Malwarebytes) C:\Users\Kevin\Desktop\JRT.exe
2016-01-11 00:51 - 2016-01-11 00:51 - 00409848 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-11 00:39 - 2016-01-12 16:51 - 00014469 _____ C:\Users\Kevin\Desktop\FRST.txt
2016-01-11 00:39 - 2016-01-12 16:49 - 00002632 _____ C:\Users\Kevin\Desktop\Fixlog.txt
2016-01-11 00:39 - 2016-01-11 00:40 - 00039298 _____ C:\Users\Kevin\Desktop\Addition.txt
2016-01-11 00:38 - 2016-01-12 16:51 - 00000000 ____D C:\FRST
2016-01-11 00:35 - 2016-01-12 16:47 - 00000000 ____D C:\Users\Kevin\Desktop\New folder (2)
2016-01-11 00:35 - 2016-01-11 00:35 - 02370560 _____ (Farbar) C:\Users\Kevin\Desktop\FRST64.exe
2016-01-11 00:34 - 2016-01-11 00:34 - 00000000 ____D C:\Users\Kevin\Desktop\New folder
2016-01-11 00:29 - 2016-01-11 00:29 - 04186180 _____ C:\Users\Kevin\Downloads\RegWatcher.zip
2016-01-11 00:28 - 2016-01-11 00:28 - 00852720 _____ C:\Users\Kevin\Desktop\SecurityCheck.exe
2016-01-11 00:15 - 2016-01-11 00:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-01-11 00:15 - 2016-01-11 00:15 - 00000000 ____D C:\Program Files\RogueKiller
2016-01-11 00:14 - 2016-01-11 00:14 - 31162664 _____ (Adlice Software ) C:\Users\Kevin\Downloads\setup.exe
2016-01-11 00:02 - 2016-01-11 00:02 - 00110104 _____ C:\Users\Kevin\AppData\Local\GDIPFONTCACHEV1.DAT
2016-01-10 23:45 - 2016-01-10 23:45 - 00001768 _____ C:\Users\Kevin\Documents\School 2016 - Shortcut.lnk
2016-01-10 21:49 - 2016-01-11 21:48 - 00000000 ____D C:\ProgramData\360safe
2016-01-09 16:34 - 2016-01-10 23:47 - 00000000 ____D C:\Users\Kevin\Documents\School 2016
2016-01-07 14:23 - 2016-01-10 21:54 - 00003770 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-01-07 14:23 - 2015-01-06 22:15 - 00104896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mup.sys
2016-01-07 14:23 - 2015-01-06 22:10 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-01-07 14:23 - 2015-01-06 21:44 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2016-01-07 14:23 - 2015-01-06 20:49 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2016-01-07 14:23 - 2015-01-06 20:48 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2016-01-06 15:28 - 2014-08-21 12:29 - 00004027 _____ C:\Users\Kevin\Desktop\vpnbook-ca1-udp25000.ovpn
2016-01-06 15:28 - 2014-08-21 12:29 - 00004023 _____ C:\Users\Kevin\Desktop\vpnbook-ca1-udp53.ovpn
2016-01-06 15:28 - 2014-08-21 12:29 - 00004023 _____ C:\Users\Kevin\Desktop\vpnbook-ca1-tcp443.ovpn
2016-01-06 15:28 - 2014-08-21 12:29 - 00004021 _____ C:\Users\Kevin\Desktop\vpnbook-ca1-tcp80.ovpn
2016-01-06 15:26 - 2016-01-06 15:26 - 00000915 _____ C:\Users\Public\Desktop\OpenVPN GUI.lnk
2016-01-06 15:26 - 2016-01-06 15:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2016-01-06 15:26 - 2016-01-06 15:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
2016-01-06 15:26 - 2016-01-06 15:26 - 00000000 ____D C:\Program Files\TAP-Windows
2016-01-06 15:26 - 2016-01-06 15:26 - 00000000 ____D C:\Program Files\OpenVPN
2016-01-06 15:25 - 2016-01-06 15:25 - 01827536 _____ C:\Users\Kevin\Downloads\openvpn-install-2.3.10-I601-x86_64.exe
2016-01-06 15:24 - 2016-01-06 15:24 - 00009226 _____ C:\Users\Kevin\Downloads\VPNBook.com-OpenVPN-CA1 (2).zip
2016-01-06 15:23 - 2016-01-06 15:23 - 00009226 _____ C:\Users\Kevin\Downloads\VPNBook.com-OpenVPN-CA1 (1).zip
2016-01-04 21:06 - 2016-01-04 21:18 - 00000000 __SHD C:\$360Section
2016-01-03 19:44 - 2016-01-03 19:44 - 00000000 ____D C:\Users\Kevin\Documents\Banished
2016-01-03 19:02 - 2016-01-11 00:51 - 00000000 ____D C:\Windows\Tasks\360Disabled
2016-01-03 19:02 - 2016-01-04 21:18 - 00000000 ____D C:\ProgramData\360Quarant
2016-01-03 19:01 - 2016-01-03 19:01 - 00000000 ____D C:\Program Files (x86)\360
2016-01-03 19:01 - 2015-12-16 22:14 - 00077904 _____ (360.cn) C:\Windows\SysWOW64\Drivers\360AvFlt.sys
2015-12-21 17:41 - 2015-12-21 17:41 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-12-21 17:41 - 2015-12-21 17:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-12-16 08:41 - 2015-12-16 08:41 - 03266706 _____ C:\Users\Kevin\Downloads\12.01 and 12.02 Solids and Liquids combined.pdf
2015-12-16 08:34 - 2015-12-16 08:34 - 02097932 _____ C:\Users\Kevin\Downloads\11.01 and 11.02 Proteins combined.pdf
2015-12-16 02:27 - 2016-01-11 22:27 - 00036608 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-12-16 02:26 - 2015-12-16 03:07 - 00000000 ____D C:\ProgramData\RogueKiller
2015-12-16 01:30 - 2016-01-11 22:09 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-16 01:30 - 2016-01-11 22:09 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-12-16 01:30 - 2015-12-16 01:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-16 01:30 - 2015-12-16 01:30 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-16 01:30 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-12-16 01:30 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-12-16 01:29 - 2015-12-16 01:29 - 22908888 _____ (Malwarebytes ) C:\Users\Kevin\Downloads\mbam-setup-2.2.0.1024.exe
2015-12-14 13:29 - 2015-12-14 13:29 - 01050800 _____ C:\Users\Kevin\Downloads\CHEM112 Quantum2 2.02.pdf
2015-12-14 13:28 - 2015-12-14 13:29 - 01931441 _____ C:\Users\Kevin\Downloads\CHEM112 Quantum 1 2.01.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-12 16:49 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-12 16:38 - 2009-07-13 23:45 - 00015024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-12 16:38 - 2009-07-13 23:45 - 00015024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-12 16:37 - 2009-07-14 00:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-12 16:37 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-01-12 16:12 - 2014-10-04 03:06 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\X-Chat 2
2016-01-12 15:38 - 2015-01-31 02:55 - 00000000 ____D C:\Windows\SysWOW64\vbox
2016-01-12 15:38 - 2015-01-31 02:55 - 00000000 ____D C:\Windows\system32\vbox
2016-01-11 22:37 - 2009-07-13 22:20 - 00000000 ____D C:\Windows
2016-01-11 22:22 - 2014-10-03 10:16 - 00000000 ____D C:\Users\Kevin
2016-01-11 22:17 - 2015-04-22 07:11 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-01-11 22:17 - 2015-04-22 07:08 - 00000000 ____D C:\Users\Kevin\Desktop\mbar
2016-01-11 21:54 - 2014-10-05 14:02 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\vlc
2016-01-11 01:21 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2016-01-11 00:51 - 2014-11-25 14:30 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-01-11 00:50 - 2009-07-13 22:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-01-11 00:02 - 2014-10-04 13:12 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\Skype
2016-01-10 23:42 - 2014-10-04 19:12 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\uTorrent
2016-01-10 22:37 - 2015-03-07 04:08 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\qBittorrent
2016-01-10 21:54 - 2014-10-03 10:20 - 00003906 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-01-10 21:54 - 2014-10-03 10:20 - 00003654 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-01-09 12:05 - 2014-10-03 10:43 - 00000000 ____D C:\ProgramData\NVIDIA
2016-01-07 14:23 - 2015-09-12 15:37 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2016-01-07 14:23 - 2015-05-14 18:10 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-07 14:23 - 2015-05-14 18:10 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-06 15:10 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2016-01-04 22:18 - 2015-08-25 02:57 - 00000000 ____D C:\Program Files (x86)\Panda Security
2016-01-04 22:17 - 2015-08-25 02:57 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\Panda Security
2016-01-04 22:17 - 2015-08-25 02:56 - 00000000 ____D C:\ProgramData\Panda Security
2016-01-03 19:31 - 2014-10-15 21:37 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2016-01-03 19:31 - 2014-10-03 11:07 - 00000000 ____D C:\Windows\Panther
2016-01-03 19:30 - 2015-01-06 12:02 - 00003888 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-01-03 19:11 - 2014-10-03 11:44 - 00000000 ____D C:\Users\Kevin\AppData\Local\ElevatedDiagnostics
2015-12-21 17:41 - 2014-10-04 13:12 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2015-12-21 17:41 - 2014-10-04 13:12 - 00000000 ____D C:\Users\Kevin\AppData\Local\Skype
2015-12-21 17:41 - 2014-10-04 13:11 - 00000000 ____D C:\ProgramData\Skype
2015-12-17 11:45 - 2014-12-05 22:08 - 00000897 _____ C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2015-12-17 11:45 - 2014-12-05 22:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2015-12-17 11:44 - 2014-12-05 22:08 - 00000000 ____D C:\Program Files\Nexus Mod Manager
2015-12-16 16:46 - 2015-06-10 23:08 - 00002190 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-16 02:47 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\TAPI
 
==================== Files in the root of some directories =======
 
2015-05-21 18:51 - 2015-05-21 18:51 - 0000000 _____ () C:\Users\Kevin\AppData\Local\Temp.dat
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-05 04:51
 
==================== End of FRST.txt ============================


#11 Jo*

Jo*

  • Malware Response Team
  • 3,293 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:21 PM

Posted 12 January 2016 - 05:50 PM

yes this is a home private network. And I do believe it is the default setting for my router.

Then all is clear and OK.


:step1: Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 5 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7/8/10 users need to right click and choose Run as Administrator
You only need to get one of them to run, not all of them.Do not reboot your computer after running rkill as the malware programs will start again.



---


:step2: Malwarebytes' Anti-Malware
If this program is already installed: Skip the installation and run only the scan!
Download and install: Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mb3-setup-1878.1878-3.4.5.2467.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
How to get logs: (Export log to save as txt)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.
(Copy to clipboard for pasting into forum replies or tickets)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#12 AtlasK

AtlasK
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 12 January 2016 - 06:10 PM

okay here it is, thanks for all your help. Malwarebytes Anti-Malware

www.malwarebytes.org
 
Scan Date: 1/12/2016
Scan Time: 6:00 PM
Logfile: 
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2016.01.12.06
Rootkit Database: v2016.01.09.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Kevin
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 382007
Time Elapsed: 3 min, 26 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#13 Jo*

Jo*

  • Malware Response Team
  • 3,293 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:21 PM

Posted 13 January 2016 - 10:00 AM

Hello again,

:step1: We need to download Temp File Cleaner (TFC) by OldTimer:
  • Please download TFC.exe by Oldtimer at one of the two links: Link 1 Link 2
  • Save and close all running applications
  • Double-click on TFC.exe to run the program
  • Click on Start to begin the cleaning process note: this program may close running applications, make your screen disappear temporarily, or require a reboot of your PC - this is normal and part of the cleanup
  • When the scan is complete, if you were not asked to reboot the computer, please do so now
More Information can be found about the tool here:
http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/



***


:step2: Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
- Kaspersky Lab report: Evaluating the threat level of software vulnerabilities
- Microsoft: Unprecedented Wave of Java Exploitation
- Ghosts of Java Haunt Users

Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 8 and save it to your desktop.
  • Under "Java Platform, Standard Edition"...click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select (click on) the download link for your operating system (Windows x86 Offline: jre-8u66-windows-i586.exe or Windows x64: jre-8u66-windows-x64.exe) and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to StartBtn.gif > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7/8 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-8u66-windows-i586.exe (or jre-8u66-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7/8 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered any unwanted software or toolbars during installation, just uncheck the box before continuing unless you want it. The McAfee Security Scan Plus may be installed unless you uncheck the McAfee installation box when updating Java.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version. However, be aware that the Java updater prompts you to make Yahoo Search your browser's default search engine and home page...the option is pre-checked.


***


:step3: ESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.
Open the scan log and copy and paste the content to your next reply.
 

***


:step4: How the computer is running now?


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#14 AtlasK

AtlasK
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 13 January 2016 - 09:07 PM

okay, everything seems fine. My computer is running just as fast as usual. ESET scanner just came back with a bunch of files from games I had downloaded.

C:\Users\Kevin\AppData\Roaming\uTorrent\uTorrent.exe a variant of Win32/OpenCandy.A potentially unsafe application cleaned by deleting
C:\Users\Kevin\Downloads\Dragon.Age.Inquisition.Up.1-2.5.Incl.DLC.and.Crack.v3-3DM.iso a variant of Win64/HackTool.Crack.B potentially unsafe application deleted
C:\Users\Kevin\Downloads\FreemakeVideoDownloaderSetup.exe a variant of Win32/OpenCandy.A potentially unsafe application deleted
C:\Users\Kevin\Downloads\uTorrent.exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application cleaned by deleting
G:\Games\Assassin's Creed Unity\steam_api64.dll a variant of Win64/HackTool.Crack.D potentially unsafe application cleaned by deleting
G:\Games\Civilization\Sid.Meiers.Civilization.Beyond.Earth-RELOADED[rarbg]\rld-smcbe.iso Win32/HackTool.Crack.CS potentially unsafe application deleted
G:\Games\Dark.Souls.II-RELOADED\rld-daso2.iso a variant of Win32/HackTool.Crack.CS potentially unsafe application deleted
G:\Games\Fallout Mods\CheatEngine64.exe a variant of Win32/OpenCandy.A potentially unsafe application deleted
G:\Games\Total.War.ROME.II-RELOADED\rld-twrome2.iso a variant of Win32/HackTool.Crack.DF potentially unsafe application deleted
G:\Games\Total.War.ROME.II-RELOADED\Total War ROME II\steam_api.dll a variant of Win32/HackTool.Crack.DF potentially unsafe application cleaned by deleting


#15 Jo*

Jo*

  • Malware Response Team
  • 3,293 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:21 PM

Posted 14 January 2016 - 03:48 AM

It Appears That Your Pc Is Now Clean!

***


Clean up:

***


Right-click AdwCleaner.exe and select Run As Administrator.
  • Click on the Uninstall button.
  • A window will open, press the Confirm button.
  • AdwCleaner will uninstall now.

***


Clean up with delfix:
  • please download delfix to your desktop.
  • Close all other programms and start delfix.
  • Please check all the boxes and run the tool.
  • delfix will now delete all found traces of our removal process

***


Delete the log files our tools created; they are located at your desktop or at the
"c:\users\{.......}\Downloads" folder.
Highlight them, and press the del or delete key on the keyboard.
You can browse to the location of the file or folder using either My Computer or Windows Explorer.

***


Here are some Preventive tips to reduce the potential for spyware infection in the future

:step1: Browse more secure :step2: Make sure you keep your Windows OS current.
  • Windows XP users can visit Windows update regularly to download and install any critical updates and service packs.
  • Windows Vista / 7 / 8 users can update via
    Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane).
:step3: Avoid P2P
  • If you think you're using a "safe" P2P program, only the program is safe, not the data.
  • You will share files from unsafe sources, and these may be infected.
  • Some bad guys use P2P filesharing as an important chanel to spread their wares.
:step4: Use only one anti-virus software and keep it up-to-date.

:step5: Firewall
Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

:step6: Backup regularly
You never know when your PC will become unstable or become so infected that you can't recover it.

:step7: Use Strong passwords!

:step8: Email attachments
Do not open any unknown email attachments, which you received without asking for it!


Extra note:
Keep your Browser, Java, pdf Reader and Adobe Flash Up to Date.
And you could install Malwarebytes Anti-Exploit to run alongside your traditional anti-virus or anti-malware products.

Make sure your programs are up to date - because older versions may contain Security Leaks.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users