Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ASUS laptop crashing and creating new files on its own.


  • This topic is locked This topic is locked
4 replies to this topic

#1 GlitterFluff

GlitterFluff

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:46 PM

Posted 31 January 2016 - 09:06 PM

My asus laptop has been crashing and creating new files for a few days now. I have ran malwarebytes, hitmanpro, malwarebytes antirootkit, rougekiller, SUPERantispyware professional and SFC through the command prompt. Alaso, the desktop is crashing, i.e no icons, wallpaper, start bar, charm bar, search etc. The laptop is still crashing and I don't know what to do. I have mental health problems and physical problems so I do need my laptop nearly every day, and I would appreciate any help. Thank you in advance.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
Ran by Naomi (administrator) on NAOMI_LAPTOP (01-02-2016 01:25:31)
Running from C:\Users\Naomi\Downloads
Loaded Profiles: Naomi &  (Available Profiles: Naomi)
Platform: Windows 8.1 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Ransomware\MBAMService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Spotify Ltd) C:\Users\Naomi\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Ransomware\mbarw.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
() C:\Users\Naomi\Desktop\Security\RogueKiller.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(SurfRight B.V.) C:\Users\Naomi\Downloads\HitmanPro_x64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusVibe\AsusVibe2.0.exe
(Malwarebytes Corp.) C:\Users\Naomi\Downloads\mbar-1.09.3.1001.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Malwarebytes) C:\Users\Naomi\Desktop\mbar\mbar.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officec2rclient.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\update.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\SrTasks.exe
(Trend Micro Inc.) C:\Users\Naomi\Desktop\Security\HijackThis.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\sfc.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13550152 2013-05-30] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1308232 2013-05-20] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-06] (Apple Inc.)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-04-25] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2621240 2015-11-18] (Malwarebytes Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [917112 2015-10-08] (BlueStack Systems, Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3785821525-337211984-353931936-1001\...\Run: [GoogleChromeAutoLaunch_40A427AC438C7EC77393249469937E4A] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [748360 2016-01-12] (Google Inc.)
HKU\S-1-5-21-3785821525-337211984-353931936-1001\...\Run: [Spotify Web Helper] => C:\Users\Naomi\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2355312 2016-01-30] (Spotify Ltd)
HKU\S-1-5-21-3785821525-337211984-353931936-1001\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [455392 2015-04-10] (Sony)
HKU\S-1-5-21-3785821525-337211984-353931936-1001\...\Run: [GalaxyClient] => C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe [7744568 2015-10-16] (GOG.com)
HKU\S-1-5-21-3785821525-337211984-353931936-1001\...\Run: [Spotify] => C:\Users\Naomi\AppData\Roaming\Spotify\Spotify.exe [8449136 2016-01-30] (Spotify Ltd)
HKU\S-1-5-21-3785821525-337211984-353931936-1001\...\Run: [BitTorrent] => C:\Users\Naomi\AppData\Roaming\BitTorrent\BitTorrent.exe [1873952 2015-12-06] (BitTorrent Inc.)
HKU\S-1-5-21-3785821525-337211984-353931936-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7935904 2016-01-21] (SUPERAntiSpyware)
HKU\S-1-5-21-3785821525-337211984-353931936-1001\...\MountPoints2: {0b0a061f-b8ec-11e4-be88-7824af0f00cc} - "F:\Startme.exe"
HKU\S-1-5-21-3785821525-337211984-353931936-1001\...\MountPoints2: {0c169579-1ddf-11e5-be9d-7824af0f00cc} - "G:\setup.exe"
HKU\S-1-5-21-3785821525-337211984-353931936-1001\...\MountPoints2: {20f3cfc8-f7f2-11e4-be94-7824af0f00cc} - "F:\autorun.exe"
HKU\S-1-5-21-3785821525-337211984-353931936-1001\...\MountPoints2: {38e8b5b9-3620-11e5-bea9-7824af0f00cc} - "F:\setup.exe"
HKU\S-1-5-21-3785821525-337211984-353931936-1001\...\MountPoints2: {85b72b7a-a26a-11e5-bec1-7824af0f00cc} - "F:\setup_underrail_2.0.0.2.exe"
HKU\S-1-5-21-3785821525-337211984-353931936-1001\...\MountPoints2: {b073d43e-efe3-11e4-be91-7824af0f00cc} - "F:\Autorun.exe"
HKU\S-1-5-21-3785821525-337211984-353931936-1001\...\MountPoints2: {b073d445-efe3-11e4-be91-7824af0f00cc} - "F:\Autorun.exe"
HKU\S-1-5-21-3785821525-337211984-353931936-1001\...\MountPoints2: {b4ac9567-e51f-11e4-be8b-7824af0f00cc} - "F:\Startme.exe"
HKU\S-1-5-21-3785821525-337211984-353931936-1001\...\MountPoints2: {bebb9aea-980c-11e4-824f-806e6f6e6963} - "E:\Setup.exe"
HKU\S-1-5-21-3785821525-337211984-353931936-1001\...\MountPoints2: {cc629450-5a73-11e5-beb2-7824af0f00cc} - "F:\autorun.exe"
HKU\S-1-5-21-3785821525-337211984-353931936-1001\...\MountPoints2: {e55810ac-ed2f-11e4-be90-7824af0f00cc} - "F:\Autorun.exe"
HKU\S-1-5-21-3785821525-337211984-353931936-1001\...\MountPoints2: {efc2a029-2084-11e5-bea3-7824af0f00cc} - "F:\setup.exe"
HKU\S-1-5-21-3785821525-337211984-353931936-1001\...\MountPoints2: {f0f960f0-66e4-11e5-beb4-7824af0f00cc} - "G:\setup.exe"
HKU\S-1-5-21-3785821525-337211984-353931936-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_40A427AC438C7EC77393249469937E4A] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [748360 2016-01-12] (Google Inc.)
HKU\S-1-5-21-3785821525-337211984-353931936-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify Web Helper] => C:\Users\Naomi\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2355312 2016-01-30] (Spotify Ltd)
HKU\S-1-5-21-3785821525-337211984-353931936-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [455392 2015-04-10] (Sony)
HKU\S-1-5-21-3785821525-337211984-353931936-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GalaxyClient] => C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe [7744568 2015-10-16] (GOG.com)
HKU\S-1-5-21-3785821525-337211984-353931936-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify] => C:\Users\Naomi\AppData\Roaming\Spotify\Spotify.exe [8449136 2016-01-30] (Spotify Ltd)
HKU\S-1-5-21-3785821525-337211984-353931936-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [BitTorrent] => C:\Users\Naomi\AppData\Roaming\BitTorrent\BitTorrent.exe [1873952 2015-12-06] (BitTorrent Inc.)
HKU\S-1-5-21-3785821525-337211984-353931936-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {0b0a061f-b8ec-11e4-be88-7824af0f00cc} - "F:\Startme.exe"
HKU\S-1-5-21-3785821525-337211984-353931936-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {0c169579-1ddf-11e5-be9d-7824af0f00cc} - "G:\setup.exe"
HKU\S-1-5-21-3785821525-337211984-353931936-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {20f3cfc8-f7f2-11e4-be94-7824af0f00cc} - "F:\autorun.exe"
HKU\S-1-5-21-3785821525-337211984-353931936-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {38e8b5b9-3620-11e5-bea9-7824af0f00cc} - "F:\setup.exe"
HKU\S-1-5-21-3785821525-337211984-353931936-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {85b72b7a-a26a-11e5-bec1-7824af0f00cc} - "F:\setup_underrail_2.0.0.2.exe"
HKU\S-1-5-21-3785821525-337211984-353931936-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b073d43e-efe3-11e4-be91-7824af0f00cc} - "F:\Autorun.exe"
HKU\S-1-5-21-3785821525-337211984-353931936-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b073d445-efe3-11e4-be91-7824af0f00cc} - "F:\Autorun.exe"
HKU\S-1-5-21-3785821525-337211984-353931936-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b4ac9567-e51f-11e4-be8b-7824af0f00cc} - "F:\Startme.exe"
HKU\S-1-5-21-3785821525-337211984-353931936-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {bebb9aea-980c-11e4-824f-806e6f6e6963} - "E:\Setup.exe"
HKU\S-1-5-21-3785821525-337211984-353931936-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {cc629450-5a73-11e5-beb2-7824af0f00cc} - "F:\autorun.exe"
HKU\S-1-5-21-3785821525-337211984-353931936-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {e55810ac-ed2f-11e4-be90-7824af0f00cc} - "F:\Autorun.exe"
HKU\S-1-5-21-3785821525-337211984-353931936-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {efc2a029-2084-11e5-bea3-7824af0f00cc} - "F:\setup.exe"
HKU\S-1-5-21-3785821525-337211984-353931936-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {f0f960f0-66e4-11e5-beb4-7824af0f00cc} - "G:\setup.exe"
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Malwarebytes Anti-Ransomware.lnk [2016-01-31]
ShortcutTarget: Malwarebytes Anti-Ransomware.lnk -> C:\Program Files\Malwarebytes\Anti-Ransomware\mbarw.exe (Malwarebytes)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{088A6718-7205-4CA9-91EE-CCB4D26B1D3E}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3785821525-337211984-353931936-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3785821525-337211984-353931936-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-3785821525-337211984-353931936-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3785821525-337211984-353931936-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3785821525-337211984-353931936-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3785821525-337211984-353931936-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-12-17] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-01-30] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-17] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-01-30] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-23] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-23] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Naomi\AppData\Roaming\Mozilla\Firefox\Profiles\6jtgfvo9.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-20] ()
FF Plugin: @java.com/DTPlugin,version=10.75.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-01-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.75.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-01-30] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-20] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-23] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-01-16] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin HKU\.DEFAULT: @hola.org/FlashPlayer -> C:\Users\Naomi\AppData\Local\Hola\firefox_hola\app\flash\NPSWF32_18_0_0_232.dll [No File]
FF Plugin HKU\.DEFAULT: @hola.org/vlc -> C:\Users\Naomi\AppData\Local\Hola\firefox_hola\app\vlc\npvlc.dll [No File]
FF Plugin HKU\S-1-5-21-3785821525-337211984-353931936-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Naomi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-30] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3785821525-337211984-353931936-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Naomi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-30] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Extension: ZenMate Security, Privacy & Unblock VPN - C:\Users\Naomi\AppData\Roaming\Mozilla\Firefox\Profiles\6jtgfvo9.default\Extensions\firefox@zenmate.com.xpi [2015-12-04]
FF Extension: Reddit Enhancement Suite - C:\Users\Naomi\AppData\Roaming\Mozilla\Firefox\Profiles\6jtgfvo9.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2016-01-12]
FF Extension: Adblock Plus - C:\Users\Naomi\AppData\Roaming\Mozilla\Firefox\Profiles\6jtgfvo9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-20]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.703\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll => No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java Deployment Toolkit 8.0.310.13) - C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 8 U31) - C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll => No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll => No File
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Unity Player) - C:\Users\Naomi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll => No File
CHR Profile: C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-05]
CHR Extension: (Google Docs) - C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (YouTube) - C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
CHR Extension: (Adblock Plus) - C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-12-02]
CHR Extension: (Google Search) - C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (ZenMate Security, Privacy & Unblock VPN) - C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2015-12-02]
CHR Extension: (Google Sheets) - C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-05]
CHR Extension: (Google Docs Offline) - C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-02]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2016-01-28]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2015-01-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-29]
CHR Extension: (Gmail) - C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-01]

Opera:
=======
OPR Extension: (YouTube Center) - C:\Users\Naomi\AppData\Roaming\Opera Software\Opera Stable\Extensions\cdcifocibecgcgigbanojipblimlaoij [2015-05-03]
OPR Extension: (Adblock Plus) - C:\Users\Naomi\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2015-05-05]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [File not signed]
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [437880 2015-10-08] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [417400 2015-10-08] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [855672 2015-10-08] (BlueStack Systems, Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2787512 2015-12-22] (Microsoft Corporation)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [238376 2015-05-29] (EasyAntiCheat Ltd)
S3 GalaxyClientService; C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [1616440 2015-10-16] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7184440 2015-12-09] (GOG.com)
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2013-10-23] (Bitdefender)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2016-01-31] (SurfRight B.V.)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MB3Service; C:\Program Files\Malwarebytes\Anti-Ransomware\MBAMService.exe [3124536 2016-01-25] (Malwarebytes)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [739640 2015-11-18] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2057736 2015-09-11] (Electronic Arts)
S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [69392 2013-12-12] (ASUS Corporation)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [146040 2015-10-08] (BlueStack Systems)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-11-18] ()
R3 farflt; C:\WINDOWS\system32\drivers\farflt.sys [54656 2016-01-31] (Malwarebytes)
R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
R3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [41080 2016-01-31] ()
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [109272 2016-01-31] (Malwarebytes)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [217328 2016-01-31] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 tap0901cn; C:\Windows\system32\DRIVERS\tap0901cn.sys [39616 2014-12-29] (Connectify)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-01-31] ()
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R2 WinisoCDBus; C:\Windows\System32\drivers\WinisoCDBus.sys [204032 2014-02-26] (WinISO.com)
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-01 01:25 - 2016-02-01 01:25 - 00033284 _____ C:\Users\Naomi\Downloads\FRST.txt
2016-02-01 01:24 - 2016-02-01 01:25 - 00000000 ____D C:\FRST
2016-02-01 01:20 - 2016-02-01 01:20 - 02370560 _____ (Farbar) C:\Users\Naomi\Downloads\FRST64.exe
2016-01-31 23:38 - 2016-01-31 23:40 - 00000000 ____D C:\SUPERDelete
2016-01-31 23:16 - 2016-01-31 23:16 - 00003598 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task 408d3854-c72d-4315-9b6a-102b8c038704
2016-01-31 23:16 - 2016-01-31 23:16 - 00003516 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task 6870300a-90a9-4e83-a6d3-bc6c4db0d0b8
2016-01-31 23:16 - 2016-01-31 23:16 - 00000536 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 6870300a-90a9-4e83-a6d3-bc6c4db0d0b8.job
2016-01-31 23:16 - 2016-01-31 23:16 - 00000536 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 408d3854-c72d-4315-9b6a-102b8c038704.job
2016-01-31 23:16 - 2016-01-31 23:16 - 00000000 ____D C:\Users\Naomi\AppData\Roaming\SUPERAntiSpyware.com
2016-01-31 23:15 - 2016-01-31 23:16 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-01-31 23:15 - 2016-01-31 23:15 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-01-31 23:15 - 2016-01-31 23:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2016-01-31 23:08 - 2016-01-31 23:10 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-01-31 23:06 - 2016-01-31 23:06 - 00000000 ____D C:\Users\Naomi\Desktop\mbar
2016-01-31 23:05 - 2016-01-31 23:06 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Naomi\Downloads\mbar-1.09.3.1001.exe
2016-01-31 23:02 - 2016-01-31 23:02 - 00041080 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2016-01-31 23:02 - 2016-01-31 23:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2016-01-31 23:01 - 2016-01-31 23:02 - 00000000 ____D C:\Program Files\HitmanPro
2016-01-31 23:00 - 2016-01-31 23:02 - 00000000 ____D C:\ProgramData\HitmanPro
2016-01-31 23:00 - 2016-01-31 23:01 - 11323704 _____ (SurfRight B.V.) C:\Users\Naomi\Downloads\HitmanPro_x64.exe
2016-01-31 22:55 - 2016-01-31 22:55 - 00000000 ____D C:\Users\Naomi\AppData\Local\CrashDumps
2016-01-31 22:53 - 2016-01-31 22:59 - 00024688 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-01-31 22:52 - 2016-01-31 22:56 - 00000000 ____D C:\ProgramData\RogueKiller
2016-01-31 22:50 - 2016-01-31 23:56 - 00000000 ____D C:\AdwCleaner
2016-01-31 22:50 - 2016-01-31 22:54 - 00241246 _____ C:\TDSSKiller.3.1.0.9_31.01.2016_22.50.57_log.txt
2016-01-31 22:47 - 2016-01-31 22:47 - 00000000 ____D C:\Rem-VBSqt
2016-01-31 22:46 - 2016-01-31 22:58 - 00054656 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2016-01-31 22:45 - 2016-02-01 01:08 - 00000000 ____D C:\Users\Naomi\Desktop\Security
2016-01-31 22:45 - 2016-01-31 22:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2016-01-31 22:45 - 2016-01-31 22:45 - 00000000 ____D C:\Program Files\Malwarebytes
2016-01-31 22:43 - 2016-01-31 22:44 - 37537616 _____ (Malwarebytes ) C:\Users\Naomi\Downloads\MBARW_Setup.exe
2016-01-28 23:21 - 2016-01-28 23:21 - 00000000 ____D C:\WINDOWS\pss
2016-01-28 03:23 - 2016-01-31 01:15 - 00000000 ____D C:\Users\Naomi\AppData\LocalLow\BitTorrent
2016-01-28 03:21 - 2016-01-28 03:21 - 00000000 ____D C:\Users\Naomi\AppData\Roaming\mkxp
2016-01-28 03:21 - 2016-01-28 03:21 - 00000000 ____D C:\Users\Naomi\AppData\Roaming\dingaling
2016-01-24 23:59 - 2016-01-24 23:59 - 00000000 ____D C:\Users\Naomi\AppData\LocalLow\noio
2016-01-24 23:57 - 2016-01-24 23:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kingdom [GOG.com]
2016-01-24 10:26 - 2016-01-24 10:26 - 00254511 _____ C:\Users\Naomi\Downloads\UNDERTALE_V8.CT
2016-01-13 12:45 - 2015-12-11 04:38 - 25837568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-01-13 12:45 - 2015-12-11 04:00 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-01-13 12:45 - 2015-12-11 03:55 - 06051328 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-01-13 12:45 - 2015-12-11 03:50 - 20367360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-01-13 12:45 - 2015-12-11 03:45 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-01-13 12:45 - 2015-12-11 03:21 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-01-13 12:45 - 2015-12-11 03:18 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-01-13 12:45 - 2015-12-11 03:09 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-01-13 12:45 - 2015-12-11 03:09 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-01-13 12:45 - 2015-12-11 03:03 - 14456832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-01-13 12:45 - 2015-12-11 02:59 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-01-13 12:45 - 2015-12-11 02:43 - 04610560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-01-13 12:45 - 2015-12-11 02:43 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-01-13 12:45 - 2015-12-11 02:38 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-01-13 12:45 - 2015-12-11 02:37 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-01-13 12:45 - 2015-12-11 02:35 - 12856320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-01-13 12:45 - 2015-12-11 02:26 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-01-13 12:45 - 2015-12-11 02:14 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-01-13 12:45 - 2015-12-11 02:12 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-01-13 12:45 - 2015-12-11 02:08 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-01-13 12:45 - 2015-12-11 02:07 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-01-13 12:44 - 2015-12-05 05:58 - 02745184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2016-01-13 12:44 - 2015-12-05 05:58 - 02528784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2016-01-13 12:44 - 2015-12-05 05:58 - 02450240 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVENCOD.DLL
2016-01-13 12:44 - 2015-12-05 05:58 - 02447136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVENCOD.DLL
2016-01-13 12:44 - 2015-12-05 05:58 - 02334104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-01-13 12:44 - 2015-12-05 05:58 - 02324744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-01-13 12:44 - 2015-12-05 05:58 - 01877504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
2016-01-13 12:44 - 2015-12-05 05:58 - 01798480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2016-01-13 12:44 - 2015-12-05 05:58 - 01484888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
2016-01-13 12:44 - 2015-12-05 05:58 - 01288128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-01-13 12:44 - 2015-12-05 05:58 - 01210200 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2016-01-13 12:44 - 2015-12-05 05:58 - 01150232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOE.DLL
2016-01-13 12:44 - 2015-12-05 05:58 - 01115640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-01-13 12:44 - 2015-12-05 05:58 - 01037680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2016-01-13 12:44 - 2015-12-05 05:58 - 00914672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOE.DLL
2016-01-13 12:44 - 2015-12-05 05:58 - 00850680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-01-13 12:44 - 2015-12-05 05:58 - 00735496 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-13 12:44 - 2015-12-05 05:58 - 00700360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-01-13 12:44 - 2015-12-05 05:58 - 00629600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP4SDECD.DLL
2016-01-13 12:44 - 2015-12-05 05:58 - 00584656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-13 12:44 - 2015-12-05 05:58 - 00557856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSDECD.DLL
2016-01-13 12:44 - 2015-12-05 05:58 - 00498472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-13 12:44 - 2015-12-05 05:58 - 00492736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSDECD.DLL
2016-01-13 12:44 - 2015-12-05 05:58 - 00463776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP4SDECD.DLL
2016-01-13 12:44 - 2015-12-05 05:58 - 00399776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-13 12:44 - 2015-12-05 05:58 - 00299080 _____ (Microsoft Corporation) C:\WINDOWS\system32\VIDRESZR.DLL
2016-01-13 12:44 - 2015-12-05 05:58 - 00275312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MPG4DECD.DLL
2016-01-13 12:44 - 2015-12-05 05:58 - 00274280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP43DECD.DLL
2016-01-13 12:44 - 2015-12-05 05:58 - 00250520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPG4DECD.DLL
2016-01-13 12:44 - 2015-12-05 05:58 - 00248432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP43DECD.DLL
2016-01-13 12:44 - 2015-12-05 05:58 - 00246856 _____ (Microsoft Corporation) C:\WINDOWS\system32\RESAMPLEDMO.DLL
2016-01-13 12:44 - 2015-12-05 05:58 - 00244296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-01-13 12:44 - 2015-12-05 05:58 - 00229272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RESAMPLEDMO.DLL
2016-01-13 12:44 - 2015-12-05 05:58 - 00203016 _____ (Microsoft Corporation) C:\WINDOWS\system32\COLORCNV.DLL
2016-01-13 12:44 - 2015-12-05 05:58 - 00184912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\COLORCNV.DLL
2016-01-13 12:44 - 2015-12-05 05:58 - 00183856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VIDRESZR.DLL
2016-01-13 12:44 - 2015-12-05 05:58 - 00116720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
2016-01-13 12:44 - 2015-12-05 05:58 - 00110544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-01-13 12:44 - 2015-12-05 05:58 - 00099136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
2016-01-13 12:44 - 2015-12-05 05:58 - 00090904 _____ (Microsoft Corporation) C:\WINDOWS\system32\devenum.dll
2016-01-13 12:44 - 2015-12-05 05:58 - 00090392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfvdsp.dll
2016-01-13 12:44 - 2015-12-05 05:58 - 00081032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devenum.dll
2016-01-13 12:44 - 2015-12-05 05:58 - 00076936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfvdsp.dll
2016-01-13 12:44 - 2015-12-03 18:07 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-01-13 12:44 - 2015-12-03 18:07 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2016-01-13 12:44 - 2015-12-03 18:05 - 00644608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVXENCD.DLL
2016-01-13 12:44 - 2015-12-03 18:02 - 01664000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2016-01-13 12:44 - 2015-12-03 18:00 - 00451072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSENCD.DLL
2016-01-13 12:44 - 2015-12-03 17:58 - 00378880 ____C (Microsoft Corporation) C:\WINDOWS\system32\SysFxUI.dll
2016-01-13 12:44 - 2015-12-03 17:36 - 01697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-13 12:44 - 2015-12-03 17:30 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFWMAAEC.DLL
2016-01-13 12:44 - 2015-12-03 17:28 - 00519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-01-13 12:44 - 2015-12-03 17:28 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2016-01-13 12:44 - 2015-12-03 17:27 - 00736256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVXENCD.DLL
2016-01-13 12:44 - 2015-12-03 17:24 - 01411584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2016-01-13 12:44 - 2015-12-03 17:23 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSENCD.DLL
2016-01-13 12:44 - 2015-12-03 17:06 - 01501184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-13 12:44 - 2015-12-03 17:01 - 00743936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFWMAAEC.DLL
2016-01-13 12:44 - 2015-12-03 16:40 - 01010688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
2016-01-13 12:44 - 2015-12-03 16:29 - 00887296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
2016-01-13 12:44 - 2015-12-02 15:04 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-01-13 12:44 - 2015-12-02 15:01 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2016-01-13 12:43 - 2015-12-30 19:32 - 07453016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-01-13 12:43 - 2015-12-30 19:32 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-01-13 12:43 - 2015-12-30 19:32 - 01499912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-01-13 12:43 - 2015-12-10 00:40 - 00033456 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-01-13 12:43 - 2015-12-07 10:56 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-01-13 12:43 - 2015-12-04 15:00 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-01-13 12:43 - 2015-12-03 19:42 - 00561952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-01-13 12:43 - 2015-12-03 19:42 - 00397224 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2016-01-13 12:43 - 2015-12-03 19:42 - 00137968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
2016-01-13 12:43 - 2015-12-03 19:42 - 00106960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2016-01-13 12:43 - 2015-12-03 19:41 - 00177488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-01-13 12:43 - 2015-12-03 18:52 - 00340872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2016-01-13 12:43 - 2015-12-03 18:52 - 00120376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll
2016-01-13 12:43 - 2015-12-03 18:52 - 00091416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2016-01-13 12:43 - 2015-12-03 18:28 - 00401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-01-13 12:43 - 2015-12-03 18:28 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-01-13 12:43 - 2015-12-03 17:51 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-01-13 12:43 - 2015-12-03 17:16 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-01-13 12:43 - 2015-12-03 17:13 - 01441280 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-01-13 12:43 - 2015-12-03 17:07 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-01-13 12:43 - 2015-12-03 16:45 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-01-13 12:43 - 2015-11-17 21:07 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-01-13 12:43 - 2015-11-17 21:07 - 01164800 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-13 12:43 - 2015-11-17 21:07 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-01-13 12:43 - 2015-11-17 21:07 - 00705024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-13 12:43 - 2015-11-17 21:07 - 00505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-13 12:43 - 2015-11-17 21:07 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-01-13 12:43 - 2015-11-17 21:07 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-01-13 12:42 - 2015-12-08 19:08 - 00685432 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2016-01-13 12:42 - 2015-12-08 19:07 - 00507176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2016-01-07 12:08 - 2016-01-07 12:08 - 00261056 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avchv.sys
2016-01-06 23:16 - 2016-01-07 11:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-05 23:03 - 2016-01-05 23:13 - 00000000 ____D C:\Users\Naomi\Documents\Darkest
2016-01-05 22:09 - 2016-01-05 22:09 - 00000000 ____D C:\Users\Naomi\AppData\LocalLow\Coredumping
2016-01-03 17:17 - 2016-01-03 23:18 - 00000000 ____D C:\Users\Naomi\AppData\Roaming\To the Moon - Freebird Games

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-01 01:29 - 2014-12-23 02:13 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-02-01 00:40 - 2014-11-28 11:09 - 00000932 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-31 23:38 - 2014-12-01 21:23 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-01-31 23:28 - 2014-11-28 10:23 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3785821525-337211984-353931936-1001
2016-01-31 23:23 - 2013-04-25 23:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-01-31 23:23 - 2013-04-25 23:20 - 00000000 ____D C:\Program Files (x86)\WildGames
2016-01-31 23:06 - 2014-12-01 21:22 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-01-31 23:01 - 2014-11-28 10:16 - 00000074 _____ C:\Users\Naomi\AppData\Roaming\sp_data.sys
2016-01-31 23:00 - 2015-02-10 16:33 - 00000000 __RDO C:\Users\Naomi\OneDrive
2016-01-31 22:58 - 2014-12-01 21:23 - 00217328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-01-31 22:58 - 2014-11-28 11:09 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-31 22:57 - 2013-08-22 14:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-31 22:57 - 2013-08-22 13:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-01-31 22:46 - 2014-12-01 21:22 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-31 20:35 - 2015-08-22 12:44 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-01-31 01:15 - 2015-04-23 17:02 - 00000000 ____D C:\Users\Naomi\AppData\Roaming\BitTorrent
2016-01-30 23:45 - 2015-05-13 19:03 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-01-30 12:38 - 2015-04-03 18:17 - 00000000 ____D C:\Users\Naomi\AppData\Local\Spotify
2016-01-30 12:36 - 2015-12-02 08:25 - 00003474 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
2016-01-30 12:36 - 2015-07-11 15:30 - 00003464 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
2016-01-30 12:35 - 2015-04-03 18:14 - 00000000 ____D C:\Users\Naomi\AppData\Roaming\Spotify
2016-01-30 12:26 - 2015-08-05 16:31 - 00800774 _____ C:\WINDOWS\ntbtlog.txt
2016-01-29 01:02 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\Branding
2016-01-28 23:34 - 2015-01-09 14:52 - 00000000 ____D C:\Users\Naomi
2016-01-28 18:13 - 2015-05-03 11:00 - 00000000 ____D C:\Users\Naomi\AppData\Roaming\vlc
2016-01-28 17:21 - 2015-04-21 05:29 - 00003942 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{30395F12-DF02-496F-A7C3-4E802126C017}
2016-01-28 04:30 - 2015-10-04 16:25 - 00000000 ____D C:\Users\Naomi\Desktop\Games
2016-01-28 03:16 - 2015-05-19 11:46 - 00000000 ____D C:\Users\Naomi\Downloads\Games
2016-01-25 16:00 - 2013-08-22 13:36 - 00000000 ____D C:\WINDOWS\Inf
2016-01-24 13:39 - 2015-11-14 12:34 - 00000000 ____D C:\Users\Naomi\AppData\Local\UNDERTALE
2016-01-24 09:54 - 2013-08-22 15:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-24 09:54 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-01-22 17:02 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\rescache
2016-01-21 19:16 - 2015-04-21 05:35 - 00003854 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1429594488
2016-01-21 19:16 - 2015-04-21 05:35 - 00001025 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-01-21 19:16 - 2015-04-21 05:32 - 00000000 ____D C:\Program Files (x86)\Opera
2016-01-20 20:30 - 2015-05-13 19:03 - 00003864 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-01-20 20:30 - 2014-12-23 02:13 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-01-18 13:31 - 2014-09-24 16:21 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-01-18 13:22 - 2014-11-29 18:10 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-18 13:22 - 2014-11-29 18:10 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-01-17 23:30 - 2014-12-23 21:33 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-01-17 23:30 - 2014-09-24 18:55 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2016-01-17 22:27 - 2014-11-29 15:04 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-01-17 22:19 - 2014-11-29 15:04 - 143671360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-01-17 05:26 - 2013-08-22 15:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-01-17 05:23 - 2015-01-13 19:57 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-01-15 19:12 - 2015-07-07 16:57 - 00000000 ____D C:\Users\Naomi\Downloads\Movies
2016-01-13 13:10 - 2014-11-29 18:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-01-13 13:10 - 2012-07-26 07:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-01-07 11:16 - 2015-05-21 06:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-07 10:40 - 2015-09-25 14:08 - 00000000 ____D C:\Program Files (x86)\GOG.com
2016-01-05 20:04 - 2015-01-17 17:09 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-01-05 20:04 - 2015-01-17 17:09 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-04 20:48 - 2014-11-28 10:22 - 00000000 ____D C:\Program Files (x86)\Steam

==================== Files in the root of some directories =======

2014-11-28 10:16 - 2016-01-31 23:01 - 0000074 _____ () C:\Users\Naomi\AppData\Roaming\sp_data.sys
2015-09-09 10:30 - 2015-10-18 20:29 - 0000073 _____ () C:\Users\Naomi\AppData\Local\package.nw.new
2015-01-09 11:07 - 2015-01-09 11:07 - 0045517 _____ () C:\ProgramData\1420801649.bdinstall.bin
2015-01-09 11:15 - 2015-01-09 11:16 - 0041454 _____ () C:\ProgramData\1420802155.3980.bin
2015-01-09 11:16 - 2015-01-09 11:16 - 0002056 _____ () C:\ProgramData\1420802155.4520.bin
2015-01-09 11:25 - 2015-01-09 11:25 - 0214255 _____ () C:\ProgramData\1420802505.bdinstall.bin
2015-05-07 15:19 - 2015-05-07 15:19 - 0037436 _____ () C:\ProgramData\1431011961.bdinstall.bin
2015-05-07 15:19 - 2015-05-07 15:20 - 0007657 _____ () C:\ProgramData\1431011966.3088.bin
2015-05-07 15:19 - 2015-05-07 15:22 - 0001398 _____ () C:\ProgramData\1431011966.4852.bin
2015-05-07 15:19 - 2015-05-07 15:22 - 0039455 _____ () C:\ProgramData\1431011966.7392.bin
2015-05-07 15:19 - 2015-05-07 15:20 - 0002410 _____ () C:\ProgramData\1431011966.8736.bin
2015-05-11 15:29 - 2015-05-11 15:29 - 0039647 _____ () C:\ProgramData\1431358147.bdinstall.bin
2015-05-16 14:04 - 2015-05-16 14:04 - 0038330 _____ () C:\ProgramData\1431785044.bdinstall.bin
2015-05-16 14:19 - 2015-05-16 14:19 - 0179853 _____ () C:\ProgramData\1431785070.bdinstall.bin
2015-01-29 18:27 - 2015-01-29 18:27 - 0740775 _____ () C:\ProgramData\AndyDrivers.zip
2013-04-25 23:15 - 2012-09-07 11:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2013-04-25 23:15 - 2009-07-22 10:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2013-04-25 23:15 - 2012-09-07 11:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS

Some files in TEMP:
====================
C:\Users\Naomi\AppData\Local\Temp\dllnt_dump.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-30 22:29

==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,618 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:03:46 PM

Posted 02 February 2016 - 08:37 PM

Sorry for the delay. I am going over your log, and should have something for you in the next 24 to 48 hours.
To err is Human. To blame it on someone else is even more Human.

#3 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,618 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:03:46 PM

Posted 04 February 2016 - 06:06 PM

Thank you for your patience. Before we get to work here are a few things to keep in mind:
  • Please do not run any tools on your own while we solve this. Some are rather powerful, and using one at the wrong moment can have catastrophic effects. Also please refrain from seeking help for this problem elsewhere. Too many cooks spoils the broth.
  • Next, it is important that the instructions given be performed in the order given. We may need one tool to finish its job before another one starts.
  • If at any time my instructions are not clear stop and ask for clarification.
  • Rather than attach any logs to your post it is better that you copy and paste them instead, except if instructed otherwise.
  • Any program that I ask you run should only be run once.
  • As soon as your computer is clean I will let you know.
  • Please try to complete any tasks and reply in 24 hours. I will try to do likewise.
  • If you have any pirated software on your system I must ask that you remove them. No need for you to tell me if you do. Many times such programs are the source of many an infection, which makes cleaning a sick computer just that more difficult. And it's also against BleepingComputer's rules.
  • Lastly, do not make any changes to your computer from here on out until you get an "All Clear from me.
First up:

Going over your logs I noticed that you have BitTorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall BitTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.

Online Gaming Warning!

Online gaming sites are a security risk which can make your computer susceptible to a large number of malware infections, remote attacks, exposure of personal information, and identity theft. They can lead to other sites containing malware which you can inadvertently download without knowledge. Users visiting such sites may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. Gaming sites can put you at risk to fraud, phishing and theft of personal data. Even if the gaming site is a clean site, there is always the potential of some type of malware making its way there and then onto your system. In some instances an infection may have caused so much damage to your system that it cannot be successfully cleaned or repaired. In those cases, recovery is not possible and the only option is to reformat/reinstall the OS.

Next:

More specifically, I noticed you had WildTangent on your computer.
WildTangent Program Warning

Wild Tangent is a video game software company specializing in online games. It has even made a partnership with AOL to include itself as part of the AOL Instant Messenger for their AIM games section. The WildTangent Web Driver is their technology that allows you to play 3D games over the Internet. Although its not technically considered spyware it does have built in components to update itself and gather information about the computer system including:
  • Operating System Version
  • CPU Type and Speed
  • Memory Amount
  • Video Card type and Driver Version
  • Sound Card type and Driver Version
  • DirectX Version
  • Location that the Web Driver was installed from
  • For that reason I would suggest you uninstalled it via add/remove.
Reboot after the uninstallation.<- Important.

For now I need you to upload some files so they can be scanned.
  • Please go to Virustotal
  • Select Choose File
  • Navigate to the following file (if multiple files then one at a time), double click on it so the file name is populated, then click Scan it!
  • IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.

C:\ProgramData\Package Cache\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}\vcredist_x86.exe

  • Once completed, highlight the information in the address bar and copy then paste the link in your reply
virustotal.jpg

Repeat the above upload instructions for the following files:

G:\setup.exe
F:\autorun.exe
F:\setup.exe
F:\setup_underrail_2.0.0.2.exe
F:\Autorun.exe
F:\Startme.exe
C:\Users\Naomi\Downloads\UNDERTALE_V8.CT
E:\Setup.exe
C:\users\naomi\downloads\games\3dmgame-7.days.to.die.alpha.12.5.steam.edition.x64.cracked-3dm\3dmgame-7.days.to.die.alpha.12.5.steam.edition.x64.cracked-3dm\7 days to die\7daystodie.exe

This will take a little time, but it's worth it. Inform me of any questions or concerns.
To err is Human. To blame it on someone else is even more Human.

#4 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,618 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:03:46 PM

Posted 09 February 2016 - 05:53 AM

It has been a few days. Do you still need help with this?
To err is Human. To blame it on someone else is even more Human.

#5 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:46 PM

Posted 12 February 2016 - 10:47 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users