Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PCKeeper/Reimageplus/Ads by DNSunlocker


  • This topic is locked This topic is locked
7 replies to this topic

#1 fattybelly

fattybelly

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 16 March 2016 - 07:50 PM

Hi, 

 

Today i started getting a VERY annoying pop up!!! That pop up made it hard to reach this site and make my thread

 

When im in the home page google i have no problem, but as soon as i go on any other site, a little grey window appears in the bottom left corner of my screen with a countdown on it and the message "POWERED BY" but there is no name

 

After the countdown, 2 windows with ads will pop up on top of my internet page

 

If i click on the X, 1 ad window pops up as well as having my main window beeing redirected to another ad site, if i let it run out, same thing, if i click anywhere else on the page, same thing!

 

Now it doesnt stop after 2 windows, pop ups just keep coming, even when i try to go back to my last page

 

Also the Ads that are usually beeing blocked by AdBlock, are not blocked anymore

 

Some of the pages im beeing redirected too are PC keeper, Reimageplus, Ads by DNSunlocker, Various Browser games and various offer to make a lots of money

 

What troubles me the most, is that it even Hijacked STEAM wich i use a lot to play video games, i cant go in the steam store or web anymore, i get spammed with pop ups i cant close, making my steam windows freeze and unuseable

 

My roomate already ran a bunch of anti spywares to try and fix the problem, but it did not change anything, so i came here !! I hope we didnt make things worse ...

 

Here are the Logs and 2 screenshots of the windows that are poppping up all that stuff

 

Attached File  FRST.txt   32.15KB   22 downloads

Attached Files


Edited by fattybelly, 16 March 2016 - 07:52 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:36 AM

Posted 21 March 2016 - 07:55 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/608164 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 fattybelly

fattybelly
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 22 March 2016 - 06:50 PM

Will rerun the farbar thing when i get a minute, i do not the windows cd used to instalpl windows on this computer



#4 polskamachina

polskamachina

  • Malware Response Team
  • 4,067 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:36 PM

Posted 22 March 2016 - 10:28 PM

Hi fattybelly :)

 

My name is polskamachina and I would like to welcome you to the Malware Removal Forum. I will be helping you with your malware issues.

What follows below are some ground rules for this forum.

I will reply as soon as possible (typically within 24-48 hours). In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, please let me know. I am in California at GMT-7 hours (Pacific Standard Time). If I do not respond to you within 48 hours, feel free to send me a private message.

Some points for you to keep in mind:

  • Do NOT run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • I cannot see your computer. Periodically update me on the condition of your computer, and provide as much detail as you can in every post.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end.
  • NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a flash drive, anywhere except on the computer.
  • NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. Please remember to copy the entire post so you do not miss any instructions.

Please give me some time to review your situation and I will get back to you with further instructions.

 

polskamachina



#5 fattybelly

fattybelly
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 23 March 2016 - 01:46 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Louis (administrator) on ELI (22-03-2016 14:39:33)
Running from C:\Users\Louis\Downloads
Loaded Profiles: Louis (Available Profiles: Louis & Guest)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files (x86)\WGA Remover\wgaremover.exe
(Farbar) C:\Users\Louis\Downloads\FRST64 (1).exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-10-02] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [WGA Remover] => C:\Program Files (x86)\WGA Remover\wgaremover.exe [600064 2014-11-18] ()
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2313467006-2507428521-2303096161-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-2313467006-2507428521-2303096161-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4179288 2015-11-30] (Disc Soft Ltd)
HKU\S-1-5-21-2313467006-2507428521-2303096161-1000\...\Run: [Bubble Suite] => "C:\Users\Louis\AppData\Roaming\Nosibay\Bubble Suite\Bubble Suite.exe" /winstartup
HKU\S-1-5-21-2313467006-2507428521-2303096161-1000\...\MountPoints2: D - D:\autorun.exe
HKU\S-1-5-21-2313467006-2507428521-2303096161-1000\...\MountPoints2: E - E:\setup.exe /autorun
HKU\S-1-5-21-2313467006-2507428521-2303096161-1000\...\MountPoints2: {24fec2ae-b598-11e5-8a5c-7824af362035} - D:\autorun.exe
HKU\S-1-5-21-2313467006-2507428521-2303096161-1000\...\MountPoints2: {c9b16239-d5d1-11e4-a961-7824af362035} - E:\setup.exe /autorun
HKU\S-1-5-21-2313467006-2507428521-2303096161-1000\...\MountPoints2: {c9b16250-d5d1-11e4-a961-7824af362035} - F:\Setup.exe
HKU\S-1-5-21-2313467006-2507428521-2303096161-1000\...\MountPoints2: {c9b16252-d5d1-11e4-a961-7824af362035} - G:\SETUP.EXE
HKU\S-1-5-21-2313467006-2507428521-2303096161-1000\...\MountPoints2: {e2afb096-b67d-11e5-8794-7824af362035} - E:\SETUP.EXE
HKU\S-1-5-21-2313467006-2507428521-2303096161-1000\...\MountPoints2: {e2afb099-b67d-11e5-8794-7824af362035} - F:\autorun.exe
HKU\S-1-5-21-2313467006-2507428521-2303096161-1000\...\MountPoints2: {e2afb09c-b67d-11e5-8794-7824af362035} - G:\autorun.exe
BootExecute: autocheck autochk * bootdelete
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{2D5B203D-6B7D-4B42-9C8C-AC8F83048522}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{2D5B203D-6B7D-4B42-9C8C-AC8F83048522}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2313467006-2507428521-2303096161-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll [2015-08-11] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-03-07] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-03-07] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
 
Chrome: 
=======
CHR Profile: C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-15]
CHR Extension: (Google Docs) - C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-15]
CHR Extension: (Google Drive) - C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-15]
CHR Extension: (YouTube) - C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-15]
CHR Extension: (Google Sheets) - C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-15]
CHR Extension: (Google Docs Offline) - C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-03-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-15]
CHR Extension: (Gmail) - C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-15]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1362464 2016-03-15] ()
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1368408 2015-11-30] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [243984 2016-03-08] (EasyAntiCheat Ltd)
S3 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155192 2015-10-02] (NVIDIA Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-10-02] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544568 2015-10-02] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2015-12-16] (Electronic Arts)
S4 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S4 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S4 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-01-08] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [46392 2016-01-08] (Disc Soft Ltd)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [487704 2014-03-13] (Intel Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 IOMap; C:\Windows\system32\drivers\IOMap64.sys [24824 2014-10-23] (ASUSTeK Computer Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-10-02] (NVIDIA Corporation)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-22 14:36 - 2016-03-22 14:36 - 02374144 _____ (Farbar) C:\Users\Louis\Downloads\FRST64 (1).exe
2016-03-19 23:35 - 2016-03-19 23:35 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-03-19 23:35 - 2016-03-19 23:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-03-19 23:34 - 2016-03-19 23:34 - 01503872 _____ (Skype Technologies S.A.) C:\Users\Louis\Downloads\SkypeSetup.exe
2016-03-17 23:27 - 2016-03-17 23:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vulkan 1.0.3.0
2016-03-17 23:27 - 2016-03-17 23:27 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-03-17 23:27 - 2016-03-07 22:15 - 00110016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2016-03-17 23:27 - 2016-02-13 17:47 - 00125720 _____ C:\Windows\SysWOW64\vulkan-1.dll
2016-03-17 23:27 - 2016-02-13 17:46 - 00126232 _____ C:\Windows\system32\vulkan-1.dll
2016-03-17 23:27 - 2016-02-13 17:45 - 00045848 _____ C:\Windows\system32\vulkaninfo.exe
2016-03-17 23:27 - 2016-02-13 17:45 - 00042264 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2016-03-17 23:26 - 2016-03-07 22:27 - 00532536 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2016-03-17 23:26 - 2016-03-07 22:27 - 00083512 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2016-03-17 23:25 - 2016-03-08 02:07 - 42968120 _____ C:\Windows\system32\nvcompiler.dll
2016-03-17 23:25 - 2016-03-08 02:07 - 37609528 _____ C:\Windows\SysWOW64\nvcompiler.dll
2016-03-17 23:25 - 2016-03-08 02:07 - 22932928 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2016-03-17 23:25 - 2016-03-08 02:07 - 21313024 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-03-17 23:25 - 2016-03-08 02:07 - 20854680 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-03-17 23:25 - 2016-03-08 02:07 - 18879544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2016-03-17 23:25 - 2016-03-08 02:07 - 17725040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2016-03-17 23:25 - 2016-03-08 02:07 - 17318184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2016-03-17 23:25 - 2016-03-08 02:07 - 17246680 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2016-03-17 23:25 - 2016-03-08 02:07 - 16439328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2016-03-17 23:25 - 2016-03-08 02:07 - 12564024 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-03-17 23:25 - 2016-03-08 02:07 - 10546944 _____ C:\Windows\system32\nvptxJitCompiler.dll
2016-03-17 23:25 - 2016-03-08 02:07 - 08658120 _____ C:\Windows\SysWOW64\nvptxJitCompiler.dll
2016-03-17 23:25 - 2016-03-08 02:07 - 03711024 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2016-03-17 23:25 - 2016-03-08 02:07 - 03233336 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-03-17 23:25 - 2016-03-08 02:07 - 02808768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-03-17 23:25 - 2016-03-08 02:07 - 01924152 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6436451.dll
2016-03-17 23:25 - 2016-03-08 02:07 - 01571776 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6436451.dll
2016-03-17 23:25 - 2016-03-08 02:07 - 00956984 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2016-03-17 23:25 - 2016-03-08 02:07 - 00886840 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2016-03-17 23:25 - 2016-03-08 02:07 - 00749504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2016-03-17 23:25 - 2016-03-08 02:07 - 00693816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2016-03-17 23:25 - 2016-03-08 02:07 - 00678520 _____ C:\Windows\system32\nvfatbinaryLoader.dll
2016-03-17 23:25 - 2016-03-08 02:07 - 00571912 _____ C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2016-03-17 23:25 - 2016-03-08 02:07 - 00502080 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2016-03-17 23:25 - 2016-03-08 02:07 - 00473056 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2016-03-17 23:25 - 2016-03-08 02:07 - 00423360 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2016-03-17 23:25 - 2016-03-08 02:07 - 00423080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2016-03-17 23:25 - 2016-03-08 02:07 - 00391632 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2016-03-17 23:25 - 2016-03-08 02:07 - 00379448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2016-03-17 23:25 - 2016-03-08 02:07 - 00205456 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2016-03-17 23:25 - 2016-03-08 02:07 - 00175552 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2016-03-17 23:25 - 2016-03-08 02:07 - 00153392 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2016-03-17 23:25 - 2016-03-08 02:07 - 00151368 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2016-03-17 23:25 - 2016-03-08 02:07 - 00128696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2016-03-17 23:25 - 2016-03-08 02:07 - 00039240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2016-03-17 23:25 - 2016-03-08 02:07 - 00000139 _____ C:\Windows\SysWOW64\nv-vk32.json
2016-03-17 23:25 - 2016-03-08 02:07 - 00000139 _____ C:\Windows\system32\nv-vk64.json
2016-03-16 17:34 - 2016-03-16 17:35 - 69999448 _____ (Microsoft Corporation) C:\Users\Louis\Downloads\NDP452-KB2901907-x86-x64-AllOS-ENU.exe
2016-03-16 17:34 - 2016-03-16 17:34 - 01005568 _____ (Microsoft Corporation) C:\Users\Louis\Downloads\dotNetFx45_Full_setup.exe
2016-03-16 13:55 - 2016-03-22 14:39 - 00010928 _____ C:\Users\Louis\Downloads\FRST.txt
2016-03-16 00:28 - 2016-03-16 00:28 - 00048087 _____ C:\Users\Louis\Downloads\Addition.txt
2016-03-15 20:22 - 2016-03-15 20:23 - 00048087 _____ C:\Users\Louis\Desktop\Addition.txt
2016-03-15 20:22 - 2016-03-15 20:23 - 00032926 _____ C:\Users\Louis\Desktop\FRST.txt
2016-03-15 20:21 - 2016-03-22 14:39 - 00000000 ____D C:\FRST
2016-03-15 20:21 - 2016-03-15 20:21 - 02374144 _____ (Farbar) C:\Users\Louis\Downloads\FRST64.exe
2016-03-15 20:20 - 2016-03-15 20:20 - 01725440 _____ (Farbar) C:\Users\Louis\Downloads\FRST.exe
2016-03-15 19:50 - 2016-03-15 19:50 - 01527296 _____ C:\Users\Louis\Downloads\AdwCleaner (2).exe
2016-03-15 19:15 - 2016-03-15 20:11 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-15 19:15 - 2016-03-15 19:15 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-15 19:15 - 2016-03-15 19:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-15 19:15 - 2016-03-15 19:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-15 19:15 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-03-15 19:15 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-03-15 19:15 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-03-15 19:14 - 2016-03-15 19:14 - 22908888 _____ (Malwarebytes ) C:\Users\Louis\Downloads\mbam-setup-2.2.0.1024 (1).exe
2016-03-15 19:01 - 2016-03-15 19:52 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2016-03-15 19:01 - 2016-03-15 19:01 - 01527296 _____ C:\Users\Louis\Downloads\AdwCleaner.exe
2016-03-15 19:01 - 2016-03-15 19:01 - 01527296 _____ C:\Users\Louis\Downloads\AdwCleaner (1).exe
2016-03-15 18:38 - 2016-03-15 18:39 - 11441744 _____ (SurfRight B.V.) C:\Users\Louis\Downloads\HitmanPro_x64 (2).exe
2016-03-15 18:31 - 2016-03-15 18:31 - 00002271 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-15 18:31 - 2016-03-15 18:31 - 00002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-15 18:30 - 2016-03-22 14:35 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-15 18:30 - 2016-03-22 12:42 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-15 18:30 - 2016-03-15 18:30 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-03-15 18:30 - 2016-03-15 18:30 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-03-15 18:25 - 2016-03-15 18:25 - 00001417 _____ C:\Users\Louis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-03-15 18:03 - 2016-03-15 18:03 - 00007778 _____ C:\Users\Louis\Desktop\JRT.txt
2016-03-15 18:02 - 2016-03-15 18:02 - 01610352 _____ (Malwarebytes) C:\Users\Louis\Downloads\JRT.exe
2016-03-15 17:21 - 2016-03-15 17:30 - 00000000 ____D C:\ProgramData\HitmanPro
2016-03-15 17:19 - 2016-03-15 17:19 - 00061440 _____ C:\Users\Louis\Downloads\Hitman Trial Rest.exe
2016-03-15 17:15 - 2016-03-15 17:15 - 11441744 _____ (SurfRight B.V.) C:\Users\Louis\Downloads\HitmanPro_x64 (1).exe
2016-03-15 16:56 - 2016-03-15 16:57 - 11441744 _____ (SurfRight B.V.) C:\Users\Louis\Downloads\HitmanPro_x64.exe
2016-03-08 16:56 - 2016-03-08 16:56 - 00000000 ____D C:\Users\Louis\AppData\Local\Victory
2016-03-08 16:56 - 2016-03-08 16:56 - 00000000 ____D C:\Users\Louis\AppData\Local\UnrealEngine
2016-03-08 16:56 - 2016-03-08 16:43 - 00243984 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe
2016-03-08 02:22 - 2016-03-08 02:22 - 00017811 _____ C:\Users\Louis\Downloads\[kat.cr]daddy.s.home.2015.720p.brrip.850mb.mkvcage.torrent
2016-03-07 19:42 - 2016-03-07 19:42 - 00000000 ____D C:\Users\Louis\Documents\Rockstar Games
2016-03-07 17:30 - 2016-03-07 17:30 - 00001206 _____ C:\Users\Louis\Desktop\TeamSpeak 3 Client.lnk
2016-03-07 17:29 - 2016-03-07 17:29 - 31017664 _____ (TeamSpeak Systems GmbH) C:\Users\Louis\Downloads\TeamSpeak3-Client-win64-3.0.18.2.exe
2016-03-02 22:51 - 2016-03-02 22:57 - 00000000 ____D C:\Users\Louis\AppData\LocalLow\Daybreak Game Company
2016-03-02 22:51 - 2016-03-02 22:51 - 00000000 ____D C:\Users\Louis\AppData\Local\Daybreak Game Company
2016-03-02 22:50 - 2015-07-18 05:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-03-02 22:50 - 2015-07-18 05:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-03-02 22:50 - 2015-07-18 05:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-03-02 22:50 - 2015-07-18 05:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-03-02 22:50 - 2015-07-18 05:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-03-02 22:50 - 2015-07-18 05:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-03-02 22:50 - 2015-07-18 05:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-03-02 22:50 - 2015-07-18 05:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-03-02 22:50 - 2015-07-18 05:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-03-02 22:50 - 2015-07-18 05:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-03-02 22:50 - 2015-07-18 05:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-03-02 22:50 - 2015-07-18 05:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-03-02 22:50 - 2015-07-18 05:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-03-02 22:50 - 2015-07-18 05:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-03-02 22:50 - 2015-07-18 05:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-03-02 22:50 - 2015-07-18 05:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-03-02 22:50 - 2015-07-18 05:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-03-02 22:50 - 2015-07-18 05:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-03-02 22:50 - 2015-07-18 05:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-03-02 22:50 - 2015-07-18 05:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-03-02 22:50 - 2015-07-18 05:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-03-02 22:50 - 2015-07-18 05:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-03-02 22:50 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-03-02 22:50 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-03-02 22:50 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-03-02 22:50 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-03-02 22:50 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-03-02 22:50 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-03-02 22:50 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-03-02 22:50 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-03-02 22:50 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-03-02 22:50 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-03-02 22:50 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-03-02 22:50 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-03-02 22:50 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-03-02 22:50 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-03-02 22:50 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-03-02 22:50 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-03-02 22:50 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2016-03-02 22:50 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-03-02 22:50 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-03-02 22:50 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-03-02 22:50 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-03-02 22:50 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2016-03-02 22:50 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-03-02 22:50 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-03-02 22:50 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-03-02 22:50 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-02-28 16:49 - 2016-03-01 14:20 - 00000000 ____D C:\Users\Louis\AppData\Local\BlackDesertOnline
2016-02-28 16:48 - 2016-02-28 16:48 - 50625480 _____ (Daum Games EU) C:\Users\Louis\Downloads\BlackDesertOnlineSetup_20160228_1005.exe
2016-02-27 07:40 - 2016-02-27 07:40 - 00000000 _____ C:\Users\Louis\Desktop\New Text Document.txt
2016-02-27 02:14 - 2016-02-27 02:14 - 00068580 _____ C:\Users\Louis\Downloads\[kat.cr]californication.s04.season.4.720p.bluray.x264.reward.publichd.torrent
2016-02-25 16:25 - 2016-02-25 16:25 - 00069700 _____ C:\Users\Louis\Downloads\[kat.cr]krampus.2015.1080p.web.dl.dd5.1.h264.rarbg.torrent
2016-02-24 10:58 - 2016-02-24 13:27 - 00000000 ____D C:\Users\Louis\Downloads\Californication.S02.Season.2.720p.BluRay.X264-REWARD [PublicHD]
2016-02-24 10:58 - 2016-02-24 10:58 - 00068560 _____ C:\Users\Louis\Downloads\[kat.cr]californication.s03.season.3.720p.bluray.x264.reward.publichd.torrent
2016-02-24 10:57 - 2016-02-24 10:57 - 00068720 _____ C:\Users\Louis\Downloads\[kat.cr]californication.s02.season.2.720p.bluray.x264.reward.publichd.torrent
2016-02-23 21:43 - 2016-02-23 21:43 - 00000028 _____ C:\Users\Louis\Desktop\Cats.txt
2016-02-23 21:34 - 2016-02-23 22:19 - 00000000 ____D C:\Users\Louis\Downloads\Californication.S01.Season.1.720p.BluRay.X264-REWARD [PublicHD]
2016-02-23 21:33 - 2016-02-23 21:33 - 00068580 _____ C:\Users\Louis\Downloads\[kat.cr]californication.s01.season.1.720p.bluray.x264.reward.publichd.torrent
2016-02-23 12:48 - 2016-02-23 12:48 - 00008787 _____ C:\Users\Louis\Downloads\[kat.cr]the.magicians.us.s01e04.internal.720p.hdtv.x264.killers.ettv.torrent
2016-02-23 10:10 - 2016-02-23 10:10 - 00069239 _____ C:\Users\Louis\Downloads\[kat.cr]the.magicians.s01e05.720p.hdtv.x264.avs.rartv.torrent
2016-02-23 10:10 - 2016-02-23 10:10 - 00069066 _____ C:\Users\Louis\Downloads\[kat.cr]the.magicians.s01e06.720p.hdtv.x264.avs.rartv.torrent
2016-02-23 10:10 - 2016-02-23 10:10 - 00064442 _____ C:\Users\Louis\Downloads\[kat.cr]the.magicians.us.s01e06.720p.hdtv.x264.fleet.rartv.torrent
2016-02-23 10:10 - 2016-02-23 10:10 - 00004369 _____ C:\Users\Louis\Downloads\[kat.cr]the.magicians.us.s01e02.hdtv.xvid.fum.ettv.torrent
2016-02-23 10:10 - 2016-02-23 10:10 - 00003265 _____ C:\Users\Louis\Downloads\[kat.cr]the.magicians.us.s01e03.hdtv.x264.fum.ettv.torrent
2016-02-22 17:28 - 2016-02-22 17:28 - 00059780 _____ C:\Users\Louis\Downloads\[kat.cr]deadpool.2016.hdts.x264.readnfo.exclusive.torrent
2016-02-21 22:09 - 2016-02-21 22:09 - 00015927 _____ C:\Users\Louis\Downloads\[kat.cr]victor.frankenstein.2015.1080p.webrip.aac.x264.etrg.torrent
2016-02-21 17:00 - 2016-02-21 17:00 - 00020570 _____ C:\Users\Louis\Downloads\[kat.cr]animecreed.dragon.ball.super.031.english.subbed.720p.lucifer22.torrent
2016-02-21 16:55 - 2016-02-21 16:55 - 00015904 _____ C:\Users\Louis\Downloads\[kat.cr]dragon.ball.super.032.english.subbed.720p.animecreed.animotime.lucifer22.torrent
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-22 14:37 - 2015-02-25 17:43 - 00000000 ____D C:\Users\Louis\AppData\Roaming\vlc
2016-03-22 14:37 - 2015-02-09 11:41 - 00000000 ____D C:\Program Files (x86)\Steam
2016-03-22 13:42 - 2009-07-13 20:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-22 13:42 - 2009-07-13 20:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-22 12:42 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-22 12:41 - 2015-05-20 18:23 - 00000000 ____D C:\ProgramData\NVIDIA
2016-03-22 05:51 - 2015-02-09 11:50 - 00000000 ____D C:\Users\Louis\AppData\Local\Battle.net
2016-03-22 03:47 - 2015-02-23 14:40 - 00000000 ____D C:\Users\Louis\AppData\Roaming\uTorrent
2016-03-22 03:41 - 2015-12-20 22:05 - 00000000 ____D C:\Users\Louis\Desktop\DM
2016-03-22 01:53 - 2015-02-09 11:57 - 00000000 ____D C:\Program Files (x86)\StarCraft II
2016-03-22 01:30 - 2015-02-09 11:50 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-03-21 21:06 - 2015-03-14 19:37 - 00000000 ____D C:\Users\Louis\AppData\Roaming\Skype
2016-03-21 21:02 - 2015-04-28 14:46 - 00000080 _____ C:\Users\Louis\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
2016-03-19 23:35 - 2015-03-14 19:37 - 00000000 ____D C:\Users\Louis\AppData\Local\Skype
2016-03-19 23:35 - 2015-03-14 19:37 - 00000000 ____D C:\ProgramData\Skype
2016-03-19 18:41 - 2016-01-21 18:31 - 00000000 ____D C:\Users\Louis\Documents\My Games
2016-03-19 17:10 - 2016-01-28 16:47 - 00000000 ____D C:\Users\Louis\Documents\The Witcher 3
2016-03-17 23:27 - 2016-02-16 17:28 - 00000000 ____D C:\temp
2016-03-17 23:27 - 2015-02-09 11:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-03-17 23:27 - 2015-02-09 11:25 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-03-17 23:27 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2016-03-17 23:26 - 2015-02-09 11:23 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-03-17 03:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\NDF
2016-03-16 17:40 - 2015-02-09 11:25 - 00773560 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-03-16 17:40 - 2009-07-13 21:13 - 00773560 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-16 15:04 - 2015-04-28 14:46 - 00000000 ____D C:\Program Files\Rockstar Games
2016-03-16 15:04 - 2015-04-28 14:46 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2016-03-15 20:27 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Registration
2016-03-15 19:24 - 2016-02-16 19:16 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-03-15 19:22 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\DigitalLocker
2016-03-15 18:31 - 2015-02-09 11:13 - 00000000 ____D C:\Users\Louis\AppData\Local\Google
2016-03-15 18:31 - 2015-02-09 11:13 - 00000000 ____D C:\Program Files (x86)\Google
2016-03-15 18:30 - 2015-02-09 11:13 - 00000000 ____D C:\Users\Louis\AppData\Local\Deployment
2016-03-08 02:07 - 2015-10-08 13:09 - 14128496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2016-03-08 02:07 - 2015-10-08 13:09 - 03283896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2016-03-08 02:07 - 2015-05-20 18:22 - 18990976 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2016-03-08 02:07 - 2015-05-20 18:22 - 01572496 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2016-03-08 02:07 - 2015-05-20 18:22 - 00036743 _____ C:\Windows\system32\nvinfo.pb
2016-03-07 22:27 - 2015-05-20 18:23 - 06369728 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2016-03-07 22:27 - 2015-05-20 18:23 - 02994232 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2016-03-07 22:27 - 2015-05-20 18:23 - 02561472 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2016-03-07 22:27 - 2015-05-20 18:23 - 01264064 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2016-03-07 22:27 - 2015-05-20 18:23 - 00392128 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2016-03-07 22:27 - 2015-05-20 18:23 - 00069568 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2016-03-07 22:13 - 2015-03-14 17:19 - 00000000 ____D C:\Users\Louis\AppData\Roaming\TS3Client
2016-03-07 14:12 - 2016-02-17 19:27 - 00000000 ____D C:\Program Files (x86)\Black Desert Online
2016-03-06 20:23 - 2015-05-20 18:23 - 06203411 _____ C:\Windows\system32\nvcoproc.bin
2016-03-02 22:51 - 2015-02-10 00:15 - 00000000 ____D C:\ProgramData\Package Cache
 
==================== Files in the root of some directories =======
 
2015-03-14 09:58 - 2015-03-14 09:58 - 0007605 _____ () C:\Users\Louis\AppData\Local\Resmon.ResmonCfg
 
Some files in TEMP:
====================
C:\Users\Louis\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Louis\AppData\Local\Temp\nvStInst.exe
C:\Users\Louis\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-03-19 04:57
 
==================== End of FRST.txt ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Louis (2016-03-22 14:39:44)
Running from C:\Users\Louis\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2015-02-09 18:59:15)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2313467006-2507428521-2303096161-500 - Administrator - Disabled)
Guest (S-1-5-21-2313467006-2507428521-2303096161-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-2313467006-2507428521-2303096161-1007 - Limited - Enabled)
Louis (S-1-5-21-2313467006-2507428521-2303096161-1000 - Administrator - Enabled) => C:\Users\Louis
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2313467006-2507428521-2303096161-1000\...\uTorrent) (Version: 3.4.2.39710 - BitTorrent Inc.)
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.3.183.90 - Adobe Systems Incorporated)
ARK: Survival Evolved (HKLM\...\Steam App 346110) (Version:  - Studio Wildcard)
Assassin's Creed IV Black Flag (HKLM-x32\...\Steam App 242050) (Version:  - Ubisoft Montreal)
ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.7.9.0 - ASUSTek COMPUTER INC.)
ASUS GPU Tweak (x32 Version: 2.7.9.0 - ASUSTek COMPUTER INC.) Hidden
Batman: Arkham City GOTY (HKLM-x32\...\Steam App 200260) (Version:  - Rocksteady Studios)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Black Desert Character Creator (HKLM-x32\...\{83AC6E37-6497-4A01-BB5D-AA845BA08832}) (Version: 1.0.0.2 - Daum Games EU)
Black Desert Online (HKLM-x32\...\{C1F96C92-7B8C-485F-A9CD-37A0708A2A60}) (Version: 1.0.0.1 - Daum Games EU)
Borderlands 2 (HKLM\...\Steam App 49520) (Version:  - Gearbox Software)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.2.0.0114 - Disc Soft Ltd)
Diablo II (HKLM-x32\...\Diablo II) (Version:  - )
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Fallout 4 (HKLM-x32\...\Steam App 377160) (Version:  - Bethesda Game Studios)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)
FlacSquisher 1.3.5 (HKLM-x32\...\FlacSquisher) (Version: 1.3.5 - FlacSquisher)
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\Steam App 271590) (Version:  - Rockstar North)
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
H1Z1: Just Survive (HKLM\...\Steam App 295110) (Version:  - Daybreak Game Company)
H1Z1: King of the Kill (HKLM\...\Steam App 433850) (Version:  - Daybreak Game Company)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Intel® Network Connections 19.1.51.0 (HKLM\...\PROSetDX) (Version: 19.1.51.0 - Intel)
Jade Empire (HKLM-x32\...\{EEAA7AC3-F651-4842-86E0-4C755181388B}) (Version: 1.0.1.1 - Electronic Arts)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Magicka 2 Sneak Peek (HKLM-x32\...\Steam App 351950) (Version:  - )
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Mass Effect (HKLM-x32\...\{D5FED686-AF59-454C-91A9-DC357E4AED11}_is1) (Version:  - )
Mass Effect™ 3 Demo (HKLM-x32\...\{A1683CA7-4850-4A21-982B-C6D853C79AF7}) (Version: 1.0.0.0 - Electronic Arts)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Rise Of Nations (HKLM-x32\...\RiseOfNations 1.0) (Version:  - Microsoft)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 364.51 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 364.51 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.14.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.14.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 364.51 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 364.51 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.7.2.53208 - Electronic Arts, Inc.)
Pillars of Eternity (HKLM-x32\...\Steam App 291650) (Version:  - Obsidian Entertainment)
Project 64 version 2.1.0.1 (HKLM-x32\...\Project 64_is1) (Version: 2.1.0.1 - )
Project 64 version 2.2.0.3 (HKLM-x32\...\{BEB5FB69-4080-466F-96C4-F15DF271718B}_is1) (Version: 2.2.0.3 - )
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.7.8 - Rockstar Games)
SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.14.5 - NVIDIA Corporation) Hidden
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Star Citizen Launcher (HKU\S-1-5-21-2313467006-2507428521-2303096161-1000\...\Star Citizen Launcher) (Version: 00.01.00.00 - Cloud Imperium Games)
Star Wars®: Knights of the Old Republic ™ (HKLM-x32\...\{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}) (Version:  - )
STAR WARS™ Battlefront™ (HKLM-x32\...\{E402D891-4E45-4ce9-B41F-DD35864EF170}) (Version: 1.0.4.28745 - Electronic Arts)
STAR WARS™ Battlefront™ Beta (HKLM-x32\...\{8A863B64-C9BE-4203-9ED7-92981CF690D3}) (Version: 1.0.3.51560 - Electronic Arts)
StarCraft II - Legacy of the Void Beta (HKLM-x32\...\StarCraft II - Legacy of the Void Beta) (Version:  - Blizzard Entertainment)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamSpeak 3 Client (HKU\S-1-5-21-2313467006-2507428521-2303096161-1000\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
The Culling (HKLM\...\Steam App 437220) (Version:  - Xaviant)
The Witcher 3: Wild Hunt (HKLM-x32\...\Steam App 292030) (Version:  - CD PROJEKT RED)
Tom Clancy's Rainbow Six Siege - Beta (HKLM-x32\...\Steam App 396410) (Version:  - )
Uplay (HKLM-x32\...\Uplay) (Version: 14.0 - Ubisoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
War for the Overworld (HKLM\...\Steam App 230190) (Version:  - Subterranean Games)
WGA Remover version 1.5 (HKLM-x32\...\{2F672AB6-053A-4F23-855F-F57F7BFBA163}_is1) (Version: 1.5 - WGAREMOVER)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Wolfenstein: The New Order (HKLM-x32\...\Steam App 201810) (Version:  - Machine Games)
ZSNESw 1.51 (HKLM-x32\...\ZSNESw) (Version: 1.51 - ZSNESw)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1B0B3FA8-3AF6-42CC-887A-23405C1588C8} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {69F4E0A0-2400-4701-8BCE-2E5F155FF8C3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-15] (Google Inc.)
Task: {91E3F7D5-622E-48D2-813E-6FF04B2F8306} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-15] (Google Inc.)
Task: {95D76E06-1B35-4FA0-B5D4-3B3716B0D1DD} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {BB36E274-1A6C-4C60-8188-2E5194676067} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {D7B576E2-84A5-4FAC-8EB4-97549A118B91} - System32\Tasks\{149AB8EC-D77B-4A3B-BBDC-69C5839D1E49} => pcalua.exe -a C:\Users\Louis\Downloads\LeagueofLegends_NA_Installer_9_15_2014.exe -d C:\Windows\SysWOW64 -c /groupsextract:100;101;102; /out:"C:\Users\Louis\AppData\Roaming\Riot Games\League of Legends\prerequisites" /callbackid:1228
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-05-20 18:23 - 2016-03-07 22:27 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-12-14 12:48 - 2014-11-18 02:55 - 00600064 _____ () C:\Program Files (x86)\WGA Remover\wgaremover.exe
2015-04-13 04:59 - 2015-10-02 21:06 - 00011896 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-03-15 18:31 - 2016-03-07 18:48 - 01676440 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\libglesv2.dll
2016-03-15 18:31 - 2016-03-07 18:48 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformation [63]
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformation [63]
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7866 more sites.
 
IE trusted site: HKU\S-1-5-21-2313467006-2507428521-2303096161-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-2313467006-2507428521-2303096161-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-2313467006-2507428521-2303096161-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-2313467006-2507428521-2303096161-1000\...\sony.com -> sony.com
IE restricted site: HKU\S-1-5-21-2313467006-2507428521-2303096161-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2313467006-2507428521-2303096161-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2313467006-2507428521-2303096161-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2313467006-2507428521-2303096161-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2313467006-2507428521-2303096161-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2313467006-2507428521-2303096161-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2313467006-2507428521-2303096161-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2313467006-2507428521-2303096161-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2313467006-2507428521-2303096161-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2313467006-2507428521-2303096161-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2313467006-2507428521-2303096161-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2313467006-2507428521-2303096161-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2313467006-2507428521-2303096161-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2313467006-2507428521-2303096161-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2313467006-2507428521-2303096161-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2313467006-2507428521-2303096161-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2313467006-2507428521-2303096161-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2313467006-2507428521-2303096161-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2313467006-2507428521-2303096161-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2313467006-2507428521-2303096161-1000\...\123simsen.com -> www.123simsen.com
 
There are 7866 more sites.
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 18:34 - 2015-12-14 13:02 - 00450806 ____R C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 mpa.one.microsoft.com127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
 
There are 15463 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2313467006-2507428521-2303096161-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: ASGT => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gyweqynuzbt => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: NvStreamSvc => 3
MSCONFIG\Services: SDScannerService => 2
MSCONFIG\Services: SDUpdateService => 2
MSCONFIG\Services: SDWSCService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: wucotusy => 2
MSCONFIG\Services: zutuzuni => 2
MSCONFIG\startupreg: Nvtmru => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: uTorrent => "C:\Users\Louis\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{B2E2311D-6260-4E7F-9749-5F8D2AA85741}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6DAA1359-9689-4622-9894-D498D9D602DC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{645176C9-2E0B-43DC-8AAC-80B0DD54A092}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{92DFFC40-51F7-40DF-ACA6-D5B4EF453591}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{DB43BCC6-AA41-481C-BF0D-01AA8C000311}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{55CF9B63-79DA-4A89-A612-08E4F3F704F3}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{C87AB932-3666-4B3A-9E61-CA069F5EDC14}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{BB1E8524-0F60-452E-89B5-C2CE2A12A77E}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [TCP Query User{1E7B21D0-D572-4150-86E0-018B1C30E3B5}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [UDP Query User{4BDF62F7-0EB5-4346-95BD-EE8ADD7147D3}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [TCP Query User{8CA7D2F2-C6ED-4677-944B-61DC155F9FAD}C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Block) C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe
FirewallRules: [UDP Query User{E0BF7DF4-D879-4CDC-A2FD-8C0F5D4E8E0B}C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Block) C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe
FirewallRules: [TCP Query User{22888856-E50E-486F-AB17-07EF61900B78}C:\users\louis\desktop\starcraft 1 and broodwar\starcraft.exe] => (Allow) C:\users\louis\desktop\starcraft 1 and broodwar\starcraft.exe
FirewallRules: [UDP Query User{DF1FC1A3-3CD4-46CA-939F-4C2A98F63EC5}C:\users\louis\desktop\starcraft 1 and broodwar\starcraft.exe] => (Allow) C:\users\louis\desktop\starcraft 1 and broodwar\starcraft.exe
FirewallRules: [{2AF273E3-09D4-48FC-8AA8-F9967BB892EA}] => (Allow) C:\Users\Louis\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{58461037-28F5-41B0-B63F-969A53D9D139}] => (Allow) C:\Users\Louis\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4A55093C-A165-44DD-9A40-E25C4BC5BE69}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{D7E9CBEA-F702-4317-BFAF-70BD6F233FEF}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{98D3E5E2-6799-411C-99AE-AC7E7AE06252}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\War For The Overworld\WFTOGame.exe
FirewallRules: [{E1F492A5-8D76-4274-8EF5-A68A939C56AA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Batman Arkham City GOTY\Binaries\Win32\BatmanAC.exe
FirewallRules: [{8AE70F9A-07F8-4974-A716-296B2018ECB7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Batman Arkham City GOTY\Binaries\Win32\BatmanAC.exe
FirewallRules: [{3E0F9582-2C09-4422-A172-B87408C1F751}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Reign Of Kings\ROK.exe
FirewallRules: [{DFC87E92-C571-430D-9EDA-7A82432C8532}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Reign Of Kings\ROK.exe
FirewallRules: [{344FA909-ADA5-4FB2-AD1C-D5249E499E79}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{175B4E3D-5BFA-434A-AA3C-B062061C5231}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EvolveGame\Bin64_SteamRetail\Evolve.exe
FirewallRules: [{CBF1218D-1664-4FB8-B63C-D92F70B35CFD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EvolveGame\Bin64_SteamRetail\Evolve.exe
FirewallRules: [{FFC5F603-8EF6-4F60-9424-CFD56885E97E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{6EE7F793-4768-4C1F-BF50-4A05BF182BB8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{2DD7DDAA-44F3-4D71-BF3B-200C666A2E1B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pillars of Eternity\PillarsOfEternity.exe
FirewallRules: [{353A1FDD-00D0-422B-970C-520CD309BD69}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pillars of Eternity\PillarsOfEternity.exe
FirewallRules: [{7B37E2DE-EFD5-434A-8297-72ED9DABFAC2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Assassin's Creed IV Black Flag\AC4BFSP.exe
FirewallRules: [{7D82E238-06F8-4116-A858-4EAA92E513FC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Assassin's Creed IV Black Flag\AC4BFSP.exe
FirewallRules: [{3E78F3C8-89A4-4920-A8DF-AEAA8233183A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Assassin's Creed IV Black Flag\AC4BFMP.exe
FirewallRules: [{7B48BFA8-1353-434C-80EB-CDAA96BA4578}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Assassin's Creed IV Black Flag\AC4BFMP.exe
FirewallRules: [{651ABDCA-9F80-46DC-BE22-1AD4BA58BE54}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{1788AA8B-ADEB-4B05-B730-7B0D7AE2BCFD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{A29F1ED9-B418-4C97-B7CC-328FB5B07FFA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{51340B59-DFCF-485A-849F-21DEFF31998D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{AAAC0DA1-D3EC-4CFB-85C9-7CD43EAFB8C0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magicka 2 Sneak Peek\engine\Magicka2.exe
FirewallRules: [{509C0809-BE32-4E06-8761-8979A9E463D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magicka 2 Sneak Peek\engine\Magicka2.exe
FirewallRules: [{134D8972-D309-43B5-A08B-F7BC9EED6B0C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe
FirewallRules: [{A30383F3-1ED0-4342-8E9F-158B96368089}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe
FirewallRules: [{4BC4DCFD-D434-4E7F-BD8F-1F520329588B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGameServer.exe
FirewallRules: [{78437EEE-E422-4D9A-AE58-75D25B7DC4C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGameServer.exe
FirewallRules: [{348F30C1-F3BC-4DE7-9393-0CF0992F82A4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGameOldLoad.exe
FirewallRules: [{0E6416B7-CA01-4F21-840A-37C8BE4C4C96}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGameOldLoad.exe
FirewallRules: [{3ED6DBFD-188B-4267-9161-1A5478CD457A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wolfenstein.The.New.Order\WolfNewOrder_x64.exe
FirewallRules: [{448538C5-38E8-4F61-8346-DD439EF0B845}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wolfenstein.The.New.Order\WolfNewOrder_x64.exe
FirewallRules: [{E6F20315-8A5E-4AFD-A83A-4C03A0E5F788}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{E1852994-3F06-4C00-B975-9A5EFB7BC8E1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{0EC0B67B-8B97-42F3-9BB8-E1EF6B580DF3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{87CABE20-BF1D-494A-AB30-AC361F73E5EF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{DBE07A02-0026-4FB1-BA1E-C4681903065B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe
FirewallRules: [{57912016-6689-4124-AB53-347F42740990}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe
FirewallRules: [{592E6BE9-EC1E-4BD3-9CB8-D87A4EA029CC}] => (Allow) C:\Program Files (x86)\Origin Games\Mass Effect 3 Demo\Binaries\Win32\MassEffect3Demo.exe
FirewallRules: [{3272722D-5FCE-4573-8E64-20789A09E57A}] => (Allow) C:\Program Files (x86)\Origin Games\Mass Effect 3 Demo\Binaries\Win32\MassEffect3Demo.exe
FirewallRules: [{1C45B927-667E-41A0-B376-DFC8FAEA6C03}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe
FirewallRules: [{B856076B-1E3E-4C75-ABED-9DF0652A0411}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe
FirewallRules: [{CB20DF77-3FEB-4401-988E-0CF0DEC43CE2}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront Beta\starwarsbattlefront.exe
FirewallRules: [{6C160EDB-700C-4252-8C80-BD04FE9E7FF6}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront Beta\starwarsbattlefront.exe
FirewallRules: [{2BEADBEE-5B0D-469F-BCD6-279254FCB914}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{B278EC9F-6BD9-4158-84F7-D6B94905BAF0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{F41F7B45-A1A2-47A8-B856-2262C67F8ED2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{8694D206-5E08-475A-BECD-8643BDEE21E4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{CE4628C6-4D66-4A4C-B953-6956079C6993}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{55A7C786-8201-4BDE-90E4-85EA7FD4DB9C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{4638CA2E-FE1C-417E-89FD-D878C7778CFB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{DC9E1951-36A9-409D-B685-8D3E9265718F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magicka 2\engine\Magicka2.exe
FirewallRules: [{B9A4DBE4-ADC9-4F19-8895-14A7043240DC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magicka 2\engine\Magicka2.exe
FirewallRules: [{4611647B-17A3-46BF-8383-E12C5CB87EE6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege - Beta\RainbowSix.exe
FirewallRules: [{2BC027BC-41D4-48C7-BF81-E87D87EA80E2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege - Beta\RainbowSix.exe
FirewallRules: [{8E9C8D5E-0D34-4C29-95D0-85389B69D553}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{94D1C5B7-3A67-4740-803A-3384B0188D09}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{5FAE0D88-A70E-4A7D-B0BF-D8C2E080057F}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront\starwarsbattlefront.exe
FirewallRules: [{3449A711-A462-4A63-961D-E9CB7BA951E1}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront\starwarsbattlefront.exe
FirewallRules: [{0C9BA61D-47C3-4B30-AEA9-E2A30C9CC0FC}] => (Allow) C:\Users\Louis\Downloads\bin\BlackDesert32.exe
FirewallRules: [{400E6368-1F40-4884-A1D5-B40AFF253BD0}] => (Allow) C:\Users\Louis\Downloads\bin64\BlackDesert64.exe
FirewallRules: [{9003FA1E-7A5A-4150-85C5-D28B2D9EAB45}] => (Allow) C:\Users\Louis\Downloads\BlackDesert_Launcher.exe
FirewallRules: [{3C600304-320B-4BC3-B7EC-2C2BC8E05700}] => (Allow) C:\Users\Louis\Downloads\BlackDesert_Downloader.exe
FirewallRules: [{BE2B6EAC-DD5B-4F4B-BAF0-76E31C0BA26E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magicka 2\engine\Magicka2.exe
FirewallRules: [{75871A2A-3FFC-4E33-9D25-FA23DA8EBC50}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magicka 2\engine\Magicka2.exe
FirewallRules: [{C470EDF2-F4B1-4BBA-BA60-6C0C81F00283}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{6BD63162-E452-491D-98F2-87A1963D71B3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{60608710-9110-4048-A633-DF356FFDB49D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SNOW\Bin64\playSNOW.exe
FirewallRules: [{607E6726-F827-4BD0-998F-D7A47E979D48}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SNOW\Bin64\playSNOW.exe
FirewallRules: [{62613344-3BFE-4189-9C65-B6E60D2FF31B}] => (Allow) C:\Users\Louis\AppData\Local\Chromatic\Utils\Updater.exe
FirewallRules: [{F46FD922-E147-4A9F-BF70-691F12A98060}] => (Allow) C:\Users\Louis\AppData\Local\Chromatic\Utils\Updater.exe
FirewallRules: [{052CA80B-D8F9-4C09-9A9E-90D8D2DD2137}] => (Allow) C:\Users\Louis\Downloads\bin\BlackDesert32.exe
FirewallRules: [{0D0A1786-135F-4A13-BEFD-AF4A71C42293}] => (Allow) C:\Users\Louis\Downloads\bin64\BlackDesert64.exe
FirewallRules: [{729C2B29-0730-472F-BCAA-A500CDD5D1F4}] => (Allow) C:\Users\Louis\Downloads\BlackDesert_Launcher.exe
FirewallRules: [{20E9B92B-9375-442F-9B3E-B0BDD59C5FAB}] => (Allow) C:\Users\Louis\Downloads\BlackDesert_Downloader.exe
FirewallRules: [{66848E8F-989F-4DB3-95F5-FDCEB488A4D0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1\LaunchPad.exe
FirewallRules: [{61083479-64B6-49A6-A019-A0AA78B88B9C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1\LaunchPad.exe
FirewallRules: [{777A43A1-55F8-4C0C-9EBA-9D7A6E87F3C7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe
FirewallRules: [{8B5605FF-5C5C-4F97-ADE3-C4DDBDE2A823}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe
FirewallRules: [{283020FF-1920-4AC4-BEF3-B2FDD5EFE473}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheCulling\TheCulling_Launcher.exe
FirewallRules: [{C9EEAC14-369D-42ED-8398-CD1B95063BEC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheCulling\TheCulling_Launcher.exe
FirewallRules: [{E6400E4C-C419-453F-AB83-184A0808B737}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{4B240ED4-B246-4E16-8CE1-336BA4BB9681}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{D79965C6-CCE2-45F3-AA74-D20206B35868}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{83E2A4A4-AEC8-47BE-890C-9C65DEF27133}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{04F2E1F5-8873-446D-9D5D-35E43E2BB0AC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{618668A5-1CD9-4A77-9FBE-A3FFF1A13444}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\War For The Overworld\WFTO.exe
FirewallRules: [{EEAD70BE-C877-4086-960B-36463C4E6C7C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\War For The Overworld\WFTO.exe
FirewallRules: [{47F0D4E5-2E13-4C58-9B0A-027848B1AF24}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{255A469A-1242-47DA-BB9C-79F5825E2AC9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{807140A2-2A34-401D-9103-B11EF6D54C57}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{C7F78766-E0B5-4666-8F1D-4805AA0CEB8C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Restore Points =========================
 
17-03-2016 02:48:59 Scheduled Checkpoint
19-03-2016 18:37:20 Installed Microsoft Visual C++ 2005 Redistributable
19-03-2016 18:38:37 Installed Microsoft Visual C++ 2005 Redistributable
19-03-2016 18:40:17 Installed DirectX
 
==================== Faulty Device Manager Devices =============
 
Name: SM Bus Controller
Description: SM Bus Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/15/2016 06:28:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17801 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 3f0
 
Start Time: 01d17f2b328aa91d
 
Termination Time: 0
 
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Report Id:
 
Error: (03/02/2016 04:43:56 AM) (Source: Software Protection Platform Service) (EventID: 8208) (User: )
Description: Acquisition of genuine ticket failed (hr=0xC004C4A2) for template Id 66c92734-d682-4d71-983e-d6ec3f16059f
 
Error: (03/02/2016 04:43:56 AM) (Source: Software Protection Platform Service) (EventID: 8209) (User: )
Description: Genuine state set to non-genuine (0x00000000) for application Id 55c92734-d682-4d71-983e-d6ec3f16059f
 
Error: (02/17/2016 09:27:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.4.40.94, time stamp: 0x53ad3eee
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18798, time stamp: 0x5507b485
Exception code: 0x0eedfade
Fault offset: 0x0000c42d
Faulting process id: 0x2280
Faulting application start time: 0xSDUpdate.exe0
Faulting application path: SDUpdate.exe1
Faulting module path: SDUpdate.exe2
Report Id: SDUpdate.exe3
 
Error: (02/17/2016 09:22:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.4.40.94, time stamp: 0x53ad3eee
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18798, time stamp: 0x5507b485
Exception code: 0x0eedfade
Fault offset: 0x0000c42d
Faulting process id: 0x1ff8
Faulting application start time: 0xSDUpdate.exe0
Faulting application path: SDUpdate.exe1
Faulting module path: SDUpdate.exe2
Report Id: SDUpdate.exe3
 
Error: (02/17/2016 09:17:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.4.40.94, time stamp: 0x53ad3eee
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18798, time stamp: 0x5507b485
Exception code: 0x0eedfade
Fault offset: 0x0000c42d
Faulting process id: 0x1eb8
Faulting application start time: 0xSDUpdate.exe0
Faulting application path: SDUpdate.exe1
Faulting module path: SDUpdate.exe2
Report Id: SDUpdate.exe3
 
Error: (02/17/2016 09:12:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.4.40.94, time stamp: 0x53ad3eee
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18798, time stamp: 0x5507b485
Exception code: 0x0eedfade
Fault offset: 0x0000c42d
Faulting process id: 0x194
Faulting application start time: 0xSDUpdate.exe0
Faulting application path: SDUpdate.exe1
Faulting module path: SDUpdate.exe2
Report Id: SDUpdate.exe3
 
Error: (02/17/2016 09:07:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.4.40.94, time stamp: 0x53ad3eee
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18798, time stamp: 0x5507b485
Exception code: 0x0eedfade
Fault offset: 0x0000c42d
Faulting process id: 0x21c
Faulting application start time: 0xSDUpdate.exe0
Faulting application path: SDUpdate.exe1
Faulting module path: SDUpdate.exe2
Report Id: SDUpdate.exe3
 
Error: (02/17/2016 09:02:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.4.40.94, time stamp: 0x53ad3eee
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18798, time stamp: 0x5507b485
Exception code: 0x0eedfade
Fault offset: 0x0000c42d
Faulting process id: 0x21d8
Faulting application start time: 0xSDUpdate.exe0
Faulting application path: SDUpdate.exe1
Faulting module path: SDUpdate.exe2
Report Id: SDUpdate.exe3
 
Error: (02/17/2016 08:57:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.4.40.94, time stamp: 0x53ad3eee
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18798, time stamp: 0x5507b485
Exception code: 0x0eedfade
Fault offset: 0x0000c42d
Faulting process id: 0x1e28
Faulting application start time: 0xSDUpdate.exe0
Faulting application path: SDUpdate.exe1
Faulting module path: SDUpdate.exe2
Report Id: SDUpdate.exe3
 
 
System errors:
=============
Error: (03/22/2016 12:54:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Disc Soft Lite Bus Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/22/2016 12:42:05 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (03/21/2016 09:01:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
%%1053
 
Error: (03/21/2016 09:01:33 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
 
Error: (03/21/2016 04:23:10 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Disc Soft Lite Bus Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/21/2016 04:23:02 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (03/20/2016 06:11:22 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
 
Error: (03/20/2016 06:11:22 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
 
Error: (03/19/2016 11:37:21 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {CC957078-B838-47C4-A7CF-626E7A82FC58}
 
Error: (03/19/2016 06:54:24 PM) (Source: nvlddmkm) (EventID: 13) (User: )
Description: \Device\Video7Graphics Exception: ESR 0x408030=0x80000003
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 13%
Total physical RAM: 16326.88 MB
Available physical RAM: 14174.12 MB
Total Virtual: 32651.94 MB
Available Virtual: 30342.55 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:1862.92 GB) (Free:393.16 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 2754B346)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1862.9 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#6 polskamachina

polskamachina

  • Malware Response Team
  • 4,067 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:36 PM

Posted 25 March 2016 - 11:40 AM

Hi fattybelly :)
 
Going over your logs I noticed the following that you have µTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall µTorrent, however that choice is up to you.If you choose to remove these programs, you can do so via:
Start > Control Panel > Programs and Features.
If you wish to keep it, please do not use it until your computer is cleaned.
 
Next:
 
I don't see an Anti Virus Program running on your machine

Please download and install an antivirus program, and make sure that you keep it updated
New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software. Here are some suggestions for a good, free, antivirus program for non-commercial home use:

Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
 
I noticed you have AdwCleaner on your computer. Please follow the directions below to download a fresh copy. The tools you will use on Bleeping Computer should be downloaded to your desktop to make them easier to access. If your browser is configured to automatically download files to your download folder, you can either change that configuration to ask you every time where to download the file or just right click on the file and then select your desktop as the download location.
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Right-click AdwCleaner and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on I agree button.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[S#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.

Next:
 
Please download Malwarebytes Anti-Malware photo.jpg?sz=48 and save it to your desktop.

  • Double-click on the setup file (mbam-setup.exe), then click on Run to install.
  • Malwarebytes will automatically open to its Dashboard. If you have never run this version, you should see a red note at the top indicating "A scan has never been run on your system"

    malwarebytes-anti-malware-fix-now.jpg
    .
  • Click on Update Now to download the current database definitions, then click the Scan Now >> button.
    .
  • If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
  • You will be prompted to update Malwarebytes...click on the Update Now button.

    malwarebytes-anti-malware-2-0-update-now
    .
  • The THREAT SCAN will automatically begin.

    malwarebytes-anti-malware-scan.jpg
    .
  • When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.

    malwarebytes-anti-malware-potential-thre
    .
  • To complete any actions taken you will be prompted to restart your computer...click on Yes. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

    mbam4_zps490948cc.png
    .
  • After rebooting the computer, copy and paste the mbam.log in your next reply.
  • .
    To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
    Windows 7 C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
    • Open Malwarebytes Anti-Malware.
    • Click the History Tab at the top and select Application Logs.
    • Select (check) the box next to Scan Log. Choose the most current scan.
    • Click the View button.
    • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
    • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
    • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
    • Open Malwarebytes Anti-Malware.
    • Click the Scan Tab at the top.
    • Click the View detailed log link on the right.
    • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
    • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
    • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

In summary I will need from you in your next reply:

  • Your decision about whether or not you will keep your torrent software
  • Confirmation that you installed an anti-virus product
  • AdwCleaner log
  • Malwarebytes log

Let me know if you have any questions.
 
polskamachina



#7 polskamachina

polskamachina

  • Malware Response Team
  • 4,067 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:36 PM

Posted 29 March 2016 - 12:23 AM

Hi fattybelly :)

 
It's been a while since you've checked in. Did you need any more help with this? If not, this topic will be closed in 48 hours.
 
Please let me know if you have any questions.
 
polskamachina



#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,404 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:36 AM

Posted 31 March 2016 - 11:17 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users