Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake_AntiSpyware


  • This topic is locked This topic is locked
19 replies to this topic

#1 DBreban

DBreban

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:59 AM

Posted 08 April 2016 - 07:33 PM

Hi

 

Can anyone help me remove Fake_AntiSpyware?

 

Thanks

 



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:59 PM

Posted 08 April 2016 - 08:04 PM

Hello DBreban and Welcome to the BleepingComputer. :welcome:  
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • Ensure your external and/or USB drives are inserted during always the scan.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
 
Please do the following,

Boot to Safemode with Networking

To Enter Safemode

  • Go to Start> Shut off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
    this will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to Safemode with Networking
  • Then press the Enter Key on your Keyboard

Tutorial if you need it How to boot into Safemode
 
next....

  • Please download rkill (Courtesy of Bleepingcomputer.com).
  • There are 5 different versions of this tool. If one of them will not run, please try the next one in the list.
  • Note: Vista and Windows 7 Users must right click and select "Run as Administrator" to run the tool.
  • Note: You only need to get one of the tools to run, not all of them.

1. rkill.exe

2. rkill.com

3. rkill.scr

4. WiNlOgOn.exe

5. uSeRiNiT.exe

 
next....
 
Scan with Malwarebytes Antimalware

  • Please update the database by clicking on the "Update Now" button.
  • Following the update and click "Settings" and go to "Detection and Protection"
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard, then click on Scan Now to start the scan.
  • If Malware or Potentially Unwanted Programs ''PUPs'' are found, you will receive a prompt so that you can decide what you want to do. I suggest "Quarantine". Click the button: Apply All Actions.
  • A window with an option to view the detailed log will appear. Click on "View Detailed Log".
  • After viewing the results, please click on the "Copy to Clipboard" button and then OK.
  • Return to our forum. Paste your log into your next reply.

next....
Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Regards


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 DBreban

DBreban
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:59 AM

Posted 08 April 2016 - 11:42 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 9/04/2016
Scan Time: 11:55 AM
Logfile: 
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.04.08.06
Rootkit Database: v2016.04.03.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: danie_000
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 340974
Time Elapsed: 33 min, 30 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 2
PUP.Optional.MalwareProtection, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MalwareProtectionLive, , [9acc604c128789ad33b9da788d772dd3], 
PUP.Optional.Spigot, HKU\S-1-5-21-284253375-2469379939-3772216226-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2D80C308-8F50-4D88-BD74-2354ABFED283}, , [94d2406c891089ad558437067f8558a8], 
 
Registry Values: 1
PUP.Optional.Spigot, HKU\S-1-5-21-284253375-2469379939-3772216226-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2D80C308-8F50-4D88-BD74-2354ABFED283}|URL, https://au.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=344160&p={searchTerms}, , [94d2406c891089ad558437067f8558a8]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 2
PUP.Optional.MalwareProtection, C:\Users\danie_000\AppData\Local\MalwareProtectionLive, , [9acc604c128789ad33b9da788d772dd3], 
PUP.Optional.MalwareProtection, C:\Users\danie_000\AppData\Local\MalwareProtectionLive\quarantine, , [9acc604c128789ad33b9da788d772dd3], 
 
Files: 12
PUP.Optional.MalwareProtection, C:\Users\danie_000\AppData\Local\MalwareProtectionLive\MalwareProtectionClient.exe.config, , [9acc604c128789ad33b9da788d772dd3], 
PUP.Optional.MalwareProtection, C:\Users\danie_000\AppData\Local\MalwareProtectionLive\certificates, , [9acc604c128789ad33b9da788d772dd3], 
PUP.Optional.MalwareProtection, C:\Users\danie_000\AppData\Local\MalwareProtectionLive\certificates_filter, , [9acc604c128789ad33b9da788d772dd3], 
PUP.Optional.MalwareProtection, C:\Users\danie_000\AppData\Local\MalwareProtectionLive\DotNetCheck.exe, , [9acc604c128789ad33b9da788d772dd3], 
PUP.Optional.MalwareProtection, C:\Users\danie_000\AppData\Local\MalwareProtectionLive\DotNetCheck.exe.config, , [9acc604c128789ad33b9da788d772dd3], 
PUP.Optional.MalwareProtection, C:\Users\danie_000\AppData\Local\MalwareProtectionLive\extensions, , [9acc604c128789ad33b9da788d772dd3], 
PUP.Optional.MalwareProtection, C:\Users\danie_000\AppData\Local\MalwareProtectionLive\extensions_filter, , [9acc604c128789ad33b9da788d772dd3], 
PUP.Optional.MalwareProtection, C:\Users\danie_000\AppData\Local\MalwareProtectionLive\log.txt, , [9acc604c128789ad33b9da788d772dd3], 
PUP.Optional.MalwareProtection, C:\Users\danie_000\AppData\Local\MalwareProtectionLive\uninstall.exe, , [9acc604c128789ad33b9da788d772dd3], 
PUP.Optional.MalwareProtection, C:\Users\danie_000\AppData\Local\MalwareProtectionLive\userinfo.dat, , [9acc604c128789ad33b9da788d772dd3], 
PUP.Optional.MalwareProtection, C:\Users\danie_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Malware Protection Live.lnk, , [0d59f4b82871300621cc2929b64ed62a], 
PUP.Optional.HomePageHelper, C:\Users\danie_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences, Good: ("session":{"restore_on_startup":4,"startup_urls":["https://www.malwarebytes.org/restorebrowser/"]}}), Bad: ("session":{"restore_on_startup":4,"startup_urls":["https://au.search.yahoo.com/?type=344160&fr=yo-yhp-ch","http://homepage-web.com/?s=acer&m=start","http://www.omniboxes.com/?type=hp&ts=1431475511&z=6be73f01589cfbc845e22d9g1z2c9gdzdm2w2weebw&from=epom&uid=WDCXWD5000LPVX-22V0TT0_WD-WX81E73NPZT8NPZT8","http://www.oursurfing.com/?type=hp&ts=1431476408&z=85fa9baf05b7838f0426241gfzec2g6z3m1qazbeac&from=cmi&uid=WDCXWD5000LPVX-22V0TT0_WD-WX81E73NPZT8NPZT8"]},"sync":{"remaining_rollback_tries":0}}), ,[5d097636b5e4142273a478e61ee7e41c]
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
C:\Users\danie_000\Downloads\ccsetup509.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted


#4 DBreban

DBreban
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:59 AM

Posted 09 April 2016 - 06:38 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 9/04/2016
Scan Time: 11:55 AM
Logfile: 
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.04.08.06
Rootkit Database: v2016.04.03.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: danie_000
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 340974
Time Elapsed: 33 min, 30 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 2
PUP.Optional.MalwareProtection, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MalwareProtectionLive, , [9acc604c128789ad33b9da788d772dd3], 
PUP.Optional.Spigot, HKU\S-1-5-21-284253375-2469379939-3772216226-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2D80C308-8F50-4D88-BD74-2354ABFED283}, , [94d2406c891089ad558437067f8558a8], 
 
Registry Values: 1
PUP.Optional.Spigot, HKU\S-1-5-21-284253375-2469379939-3772216226-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2D80C308-8F50-4D88-BD74-2354ABFED283}|URL, https://au.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=344160&p={searchTerms}, , [94d2406c891089ad558437067f8558a8]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 2
PUP.Optional.MalwareProtection, C:\Users\danie_000\AppData\Local\MalwareProtectionLive, , [9acc604c128789ad33b9da788d772dd3], 
PUP.Optional.MalwareProtection, C:\Users\danie_000\AppData\Local\MalwareProtectionLive\quarantine, , [9acc604c128789ad33b9da788d772dd3], 
 
Files: 12
PUP.Optional.MalwareProtection, C:\Users\danie_000\AppData\Local\MalwareProtectionLive\MalwareProtectionClient.exe.config, , [9acc604c128789ad33b9da788d772dd3], 
PUP.Optional.MalwareProtection, C:\Users\danie_000\AppData\Local\MalwareProtectionLive\certificates, , [9acc604c128789ad33b9da788d772dd3], 
PUP.Optional.MalwareProtection, C:\Users\danie_000\AppData\Local\MalwareProtectionLive\certificates_filter, , [9acc604c128789ad33b9da788d772dd3], 
PUP.Optional.MalwareProtection, C:\Users\danie_000\AppData\Local\MalwareProtectionLive\DotNetCheck.exe, , [9acc604c128789ad33b9da788d772dd3], 
PUP.Optional.MalwareProtection, C:\Users\danie_000\AppData\Local\MalwareProtectionLive\DotNetCheck.exe.config, , [9acc604c128789ad33b9da788d772dd3], 
PUP.Optional.MalwareProtection, C:\Users\danie_000\AppData\Local\MalwareProtectionLive\extensions, , [9acc604c128789ad33b9da788d772dd3], 
PUP.Optional.MalwareProtection, C:\Users\danie_000\AppData\Local\MalwareProtectionLive\extensions_filter, , [9acc604c128789ad33b9da788d772dd3], 
PUP.Optional.MalwareProtection, C:\Users\danie_000\AppData\Local\MalwareProtectionLive\log.txt, , [9acc604c128789ad33b9da788d772dd3], 
PUP.Optional.MalwareProtection, C:\Users\danie_000\AppData\Local\MalwareProtectionLive\uninstall.exe, , [9acc604c128789ad33b9da788d772dd3], 
PUP.Optional.MalwareProtection, C:\Users\danie_000\AppData\Local\MalwareProtectionLive\userinfo.dat, , [9acc604c128789ad33b9da788d772dd3], 
PUP.Optional.MalwareProtection, C:\Users\danie_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Malware Protection Live.lnk, , [0d59f4b82871300621cc2929b64ed62a], 
PUP.Optional.HomePageHelper, C:\Users\danie_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences, Good: ("session":{"restore_on_startup":4,"startup_urls":["https://www.malwarebytes.org/restorebrowser/"]}}), Bad: ("session":{"restore_on_startup":4,"startup_urls":["https://au.search.yahoo.com/?type=344160&fr=yo-yhp-ch","http://homepage-web.com/?s=acer&m=start","http://www.omniboxes.com/?type=hp&ts=1431475511&z=6be73f01589cfbc845e22d9g1z2c9gdzdm2w2weebw&from=epom&uid=WDCXWD5000LPVX-22V0TT0_WD-WX81E73NPZT8NPZT8","http://www.oursurfing.com/?type=hp&ts=1431476408&z=85fa9baf05b7838f0426241gfzec2g6z3m1qazbeac&from=cmi&uid=WDCXWD5000LPVX-22V0TT0_WD-WX81E73NPZT8NPZT8"]},"sync":{"remaining_rollback_tries":0}}), ,[5d097636b5e4142273a478e61ee7e41c]
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
C:\Users\danie_000\Downloads\ccsetup509.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted


#5 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:59 PM

Posted 09 April 2016 - 08:11 PM

Hi DBreban,

I am waiting Eset scan result log file.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#6 DBreban

DBreban
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:59 AM

Posted 09 April 2016 - 08:17 PM

Please see attachment

Attached Files



#7 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:59 PM

Posted 09 April 2016 - 08:31 PM

Thanks,

 

Step 1:
 Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete or Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 2:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 3:

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure the following option is checked: addition.png
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Sincerely  . :hello:


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#8 DBreban

DBreban
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:59 AM

Posted 09 April 2016 - 09:29 PM

Thanks for the reply.

# AdwCleaner v5.109 - Logfile created 10/04/2016 at 12:04:23
# Updated 04/04/2016 by Xplode
# Database : 2016-04-09.1 [Server]
# Operating system : Windows 10 Home (x64)
# Username : danie_000 - DANIEL
# Running from : C:\Users\danie_000\Downloads\adwcleaner_5.109.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\AVG Security Toolbar
[#] Folder Deleted : C:\ProgramData\Application Data\AVG Security Toolbar
[-] Folder Deleted : C:\Users\danie_000\AppData\Local\MalwareProtectionLive

***** [ Files ] *****

[-] File Deleted : C:\Users\danie_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_homepage-web.com_0.localstorage
[-] File Deleted : C:\Users\danie_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_homepage-web.com_0.localstorage-journal
[-] File Deleted : C:\Users\danie_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Malware Protection Live.lnk

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MalwareProtectionLive
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKU\S-1-5-21-284253375-2469379939-3772216226-1002\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2D80C308-8F50-4D88-BD74-2354ABFED283}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

***** [ Web browsers ] *****

[-] [C:\Users\danie_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : isearch.avg.com
[-] [C:\Users\danie_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask search
[-] [C:\Users\danie_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : homepage-web.com
[-] [C:\Users\danie_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : websearch
[-] [C:\Users\danie_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : au.yhs4.search.yahoo.com
[-] [C:\Users\danie_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : conduit.search
[-] [C:\Users\danie_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : omniboxes
[-] [C:\Users\danie_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://homepage-web.com/?s=acer&m=start
[-] [C:\Users\danie_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://www.omniboxes.com/?type=hp&ts=1431475511&z=6be73f01589cfbc845e22d9g1z2c9gdzdm2w2weebw&from=epom&uid=WDCXWD5000LPVX-22V0TT0_WD-WX81E73NPZT8NPZT8
[-] [C:\Users\danie_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://www.oursurfing.com/?type=hp&ts=1431476408&z=85fa9baf05b7838f0426241gfzec2g6z3m1qazbeac&from=cmi&uid=WDCXWD5000LPVX-22V0TT0_WD-WX81E73NPZT8NPZT8

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [3910 bytes] - [10/04/2016 12:04:23]
C:\AdwCleaner\AdwCleaner[S1].txt - [4635 bytes] - [10/04/2016 12:02:32]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4056 bytes] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.4 (03.14.2016)
Operating System: Windows 10 Home x64
Ran by danie_000 (Administrator) on Sun 10/04/2016 at 12:09:22.33
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 10/04/2016 at 12:12:58.41
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by danie_000 (administrator) on DANIEL (10-04-2016 12:15:56)
Running from C:\Users\danie_000\Downloads
Loaded Profiles: danie_000 (Available Profiles: danie_000)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidMonitorSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.168_none_76587b40265ca57e\TiWorker.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [735544 2015-08-07] (Alps Electric Co., Ltd.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8725248 2015-11-21] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407744 2015-11-21] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-29] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-29] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-29] (Hewlett-Packard)
HKLM-x32\...\Run: [DropboxOEM] => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [462160 2014-09-03] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [657424 2015-09-03] (Hewlett-Packard Development Company, L.P.)
HKU\S-1-5-21-284253375-2469379939-3772216226-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8455960 2015-08-20] (Piriform Ltd)
HKU\S-1-5-21-284253375-2469379939-3772216226-1002\...\RunOnce: [Uninstall C:\Users\danie_000\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\danie_000\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64"
HKU\S-1-5-21-284253375-2469379939-3772216226-1002\...\RunOnce: [Uninstall C:\Users\danie_000\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\danie_000\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
HKU\S-1-5-21-284253375-2469379939-3772216226-1002\...\RunOnce: [Uninstall C:\Users\danie_000\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\danie_000\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 198.142.0.51 211.29.132.12 198.142.235.14
Tcpip\..\Interfaces\{7ee548c6-d164-421f-9fa7-22a69740deaf}: [DhcpNameServer] 198.142.0.51 211.29.132.12 198.142.235.14

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp13.msn.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13.msn.com
HKU\S-1-5-21-284253375-2469379939-3772216226-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13.msn.com
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-04-01] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-04-01] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-02-25] (HP)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-07-26] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-02-25] (HP)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-01] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-01] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-01] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-01] (Microsoft Corporation)

FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-06-20] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-06-20] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-04-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-19] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxps://au.search.yahoo.com/?type=344160&fr=yo-yhp-ch
CHR Profile: C:\Users\danie_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\danie_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-18]
CHR Extension: (Google Docs) - C:\Users\danie_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-18]
CHR Extension: (Google Drive) - C:\Users\danie_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\danie_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-09-18]
CHR Extension: (YouTube) - C:\Users\danie_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\danie_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Sheets) - C:\Users\danie_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-18]
CHR Extension: (Google Docs Offline) - C:\Users\danie_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\danie_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\danie_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-18]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [138752 2015-08-06] () [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-06] (Advanced Micro Devices, Inc.) [File not signed]
R2 ApHidMonitorService; C:\Program Files\Apoint2K\HidMonitorSvc.exe [104824 2015-08-07] (Alps Electric Co., Ltd.)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2286848 2015-10-14] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2823920 2016-03-20] (Microsoft Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [26680 2016-02-18] (Hewlett-Packard Company)
R2 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [606224 2015-09-03] (Hewlett-Packard Development Company, L.P.)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-29] (Softex Inc.) [File not signed]
S3 ose; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [203296 2016-03-19] (Microsoft Corporation) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-15] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [307456 2015-11-21] (Realtek Semiconductor)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17640 2013-10-24] (Advanced Micro Devices, INC.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-11-21] (Advanced Micro Devices)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [208176 2015-10-14] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7551240 2015-09-19] (Broadcom Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-13] (CyberLink)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [302808 2015-11-21] (Realtek Semiconductor Corp.)
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [761560 2015-11-21] (Realsil Semiconductor Corporation)
U5 RTSUER; C:\Windows\System32\Drivers\RTSUER.sys [407768 2015-11-21] (Realsil Semiconductor Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-23] (HP Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-10 12:15 - 2016-04-10 12:15 - 02374144 _____ (Farbar) C:\Users\danie_000\Downloads\FRST64.exe
2016-04-10 12:15 - 2016-04-10 12:15 - 00014561 _____ C:\Users\danie_000\Downloads\FRST.txt
2016-04-10 12:15 - 2016-04-10 12:15 - 00000000 ____D C:\FRST
2016-04-10 12:12 - 2016-04-10 12:12 - 00000559 _____ C:\Users\danie_000\Desktop\JRT.txt
2016-04-10 12:08 - 2016-04-10 12:09 - 01610352 _____ (Malwarebytes) C:\Users\danie_000\Downloads\JRT.exe
2016-04-10 12:02 - 2016-04-10 12:04 - 00000000 ____D C:\AdwCleaner
2016-04-10 12:02 - 2016-04-10 12:02 - 03119168 _____ C:\Users\danie_000\Downloads\adwcleaner_5.109.exe
2016-04-10 11:17 - 2016-04-10 11:17 - 00000232 _____ C:\Users\danie_000\Downloads\ESETscan.txt
2016-04-10 09:27 - 2016-04-10 09:27 - 00000000 ___HD C:\OneDriveTemp
2016-04-09 16:52 - 2016-04-09 16:52 - 00000000 ____D C:\Users\danie_000\AppData\LocalLow\Temp
2016-04-09 16:51 - 2016-04-09 16:51 - 00004246 _____ C:\Users\danie_000\Downloads\malware.txt
2016-04-09 14:41 - 2016-04-09 14:41 - 00000232 _____ C:\Users\danie_000\Desktop\ESETscan.txt
2016-04-09 12:33 - 2016-04-09 12:33 - 00000000 ____D C:\Program Files (x86)\ESET
2016-04-09 12:32 - 2016-04-09 12:33 - 02870984 _____ (ESET) C:\Users\danie_000\Downloads\esetsmartinstaller_enu.exe
2016-04-09 11:54 - 2016-04-09 11:54 - 00001178 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-09 11:54 - 2016-04-09 11:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-09 11:53 - 2016-04-09 11:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-09 11:53 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-04-09 11:53 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-04-09 11:53 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-04-09 11:52 - 2016-04-09 11:52 - 22851472 _____ (Malwarebytes ) C:\Users\danie_000\Downloads\mbam-setup-2.2.1.1043.exe
2016-04-09 11:51 - 2016-04-09 11:51 - 01106888 _____ (Bleeping Computer, LLC) C:\Users\danie_000\Downloads\WiNlOgOn64.exe
2016-04-09 11:50 - 2016-04-09 11:51 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\danie_000\Downloads\WiNlOgOn.exe
2016-04-09 11:49 - 2016-04-09 11:51 - 00001624 _____ C:\Users\danie_000\Desktop\Rkill.txt
2016-04-09 11:49 - 2016-04-09 11:49 - 01106888 _____ (Bleeping Computer, LLC) C:\Users\danie_000\Downloads\rkill64.exe
2016-04-09 11:48 - 2016-04-09 11:49 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\danie_000\Downloads\rkill.exe
2016-04-09 11:41 - 2016-04-09 11:41 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-04-06 21:13 - 2016-04-06 21:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-04-06 19:38 - 2016-04-06 19:38 - 00000000 ____D C:\Users\danie_000\AppData\Roaming\AVG
2016-04-06 19:35 - 2016-04-06 19:35 - 00000000 ____D C:\Users\danie_000\AppData\Roaming\TuneUp Software
2016-04-06 19:33 - 2016-04-09 16:55 - 00000000 ___HD C:\$AVG
2016-04-06 19:29 - 2016-04-09 16:58 - 00000000 ____D C:\ProgramData\MFAData
2016-04-06 19:29 - 2016-04-06 19:29 - 00000000 ____D C:\Users\danie_000\AppData\Local\MFAData
2016-04-06 19:25 - 2016-04-09 17:04 - 00000000 ____D C:\ProgramData\Avg
2016-04-06 19:24 - 2016-04-09 17:03 - 00000000 ____D C:\Users\danie_000\AppData\Local\AvgSetupLog
2016-04-06 19:24 - 2016-04-09 16:58 - 00000000 ____D C:\Users\danie_000\AppData\Local\Avg
2016-04-06 19:23 - 2016-04-06 19:24 - 02940360 _____ (AVG Technologies CZ, s.r.o.) C:\Users\danie_000\Downloads\AVG_Protection_755.exe
2016-04-06 19:15 - 2016-04-06 19:15 - 04282368 _____ C:\Users\danie_000\Downloads\Gay-_SC-Tanner (2).iso
2016-04-06 19:14 - 2016-04-06 19:15 - 04282368 _____ C:\Users\danie_000\Downloads\Gay-_SC-Tanner (1).iso
2016-04-06 19:14 - 2016-04-06 19:14 - 00000000 ____D C:\Users\danie_000\Downloads\Vuze Leap
2016-04-06 19:14 - 2016-04-06 19:14 - 00000000 ____D C:\Users\danie_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vuze Leap
2016-04-06 19:12 - 2016-04-06 19:13 - 01308288 _____ (Azureus Software, Inc.) C:\Users\danie_000\Downloads\VuzeLeapSetup.exe
2016-04-06 19:11 - 2016-04-06 19:11 - 04282368 _____ C:\Users\danie_000\Downloads\Gay-_SC-Tanner.iso
2016-04-02 17:28 - 2016-04-09 19:51 - 00003270 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleFordanie_000
2016-03-26 18:31 - 2016-04-10 12:05 - 00000362 _____ C:\WINDOWS\Tasks\HPCeeScheduleFordanie_000.job
2016-03-11 17:36 - 2016-03-01 15:31 - 00848168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-03-11 17:36 - 2016-03-01 15:22 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-03-11 17:36 - 2016-02-24 19:52 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-03-11 17:36 - 2016-02-24 19:51 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-03-11 17:36 - 2016-02-24 19:34 - 01613664 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-03-11 17:36 - 2016-02-24 19:28 - 03449168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2016-03-11 17:36 - 2016-02-24 19:15 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-03-11 17:36 - 2016-02-24 18:51 - 01322248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-03-11 17:36 - 2016-02-24 18:50 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-03-11 17:36 - 2016-02-24 18:46 - 06607080 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-03-11 17:36 - 2016-02-24 18:11 - 01997152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-03-11 17:36 - 2016-02-24 18:06 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-03-11 17:36 - 2016-02-24 16:44 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-03-11 17:36 - 2016-02-24 16:43 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2016-03-11 17:36 - 2016-02-24 16:40 - 01224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2016-03-11 17:36 - 2016-02-24 16:39 - 01390592 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-03-11 17:36 - 2016-02-24 16:34 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2016-03-11 17:36 - 2016-02-24 16:11 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-03-11 17:36 - 2016-02-24 16:09 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2016-03-11 17:36 - 2016-02-24 16:07 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2016-03-11 17:36 - 2016-02-24 16:04 - 01497088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2016-03-11 17:36 - 2016-02-24 16:01 - 01831936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-03-11 17:36 - 2016-02-24 16:00 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-03-11 17:36 - 2016-02-24 16:00 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-03-11 17:36 - 2016-02-24 15:55 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-03-11 17:36 - 2016-02-24 15:34 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-03-11 17:36 - 2016-02-24 15:20 - 22376960 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-03-11 17:36 - 2016-02-24 15:18 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-03-11 17:36 - 2016-02-24 15:12 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-03-11 17:36 - 2016-02-24 15:12 - 05321728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-03-11 17:36 - 2016-02-24 15:10 - 24600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-03-11 17:36 - 2016-02-24 15:09 - 06972416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-03-11 17:36 - 2016-02-24 15:05 - 12586496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-03-11 17:36 - 2016-02-24 15:03 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-03-11 17:36 - 2016-02-24 14:59 - 05661696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-03-11 17:36 - 2016-02-24 14:55 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-03-11 17:35 - 2016-02-24 19:48 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-03-11 17:35 - 2016-02-24 19:47 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-03-11 17:35 - 2016-02-24 19:40 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-03-11 17:35 - 2016-02-24 18:58 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2016-03-11 17:35 - 2016-02-24 18:54 - 00127840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2016-03-11 17:35 - 2016-02-24 18:43 - 00625000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2016-03-11 17:35 - 2016-02-24 18:39 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-03-11 17:35 - 2016-02-24 18:39 - 00141560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2016-03-11 17:35 - 2016-02-24 18:19 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2016-03-11 17:35 - 2016-02-24 18:14 - 00216416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-03-11 17:35 - 2016-02-24 18:11 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-03-11 17:35 - 2016-02-24 18:11 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-03-11 17:35 - 2016-02-24 18:11 - 00652392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-03-11 17:35 - 2016-02-24 18:11 - 00394080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-03-11 17:35 - 2016-02-24 18:11 - 00258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqmapi.dll
2016-03-11 17:35 - 2016-02-24 18:10 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-03-11 17:35 - 2016-02-24 18:10 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-03-11 17:35 - 2016-02-24 18:09 - 00640472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-03-11 17:35 - 2016-02-24 18:09 - 00147808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2016-03-11 17:35 - 2016-02-24 17:59 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-03-11 17:35 - 2016-02-24 17:39 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTypeHelperUtil.dll
2016-03-11 17:35 - 2016-02-24 17:39 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExtrasXmlParser.dll
2016-03-11 17:35 - 2016-02-24 17:38 - 00187744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-03-11 17:35 - 2016-02-24 17:38 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2016-03-11 17:35 - 2016-02-24 17:37 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataLanguageUtil.dll
2016-03-11 17:35 - 2016-02-24 17:36 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenanceClient.dll
2016-03-11 17:35 - 2016-02-24 17:35 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-03-11 17:35 - 2016-02-24 17:35 - 00523752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-03-11 17:35 - 2016-02-24 17:35 - 00220064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqmapi.dll
2016-03-11 17:35 - 2016-02-24 17:33 - 00538736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-03-11 17:35 - 2016-02-24 17:33 - 00141664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2016-03-11 17:35 - 2016-02-24 17:30 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfapigp.dll
2016-03-11 17:35 - 2016-02-24 17:28 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\POSyncServices.dll
2016-03-11 17:35 - 2016-02-24 17:23 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-03-11 17:35 - 2016-02-24 17:23 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataPlatformHelperUtil.dll
2016-03-11 17:35 - 2016-02-24 17:22 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2016-03-11 17:35 - 2016-02-24 17:20 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2016-03-11 17:35 - 2016-02-24 17:20 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-03-11 17:35 - 2016-02-24 17:20 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-03-11 17:35 - 2016-02-24 17:19 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2016-03-11 17:35 - 2016-02-24 17:19 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2016-03-11 17:35 - 2016-02-24 17:15 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-03-11 17:35 - 2016-02-24 17:14 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExSMime.dll
2016-03-11 17:35 - 2016-02-24 17:13 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2016-03-11 17:35 - 2016-02-24 17:12 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\cemapi.dll
2016-03-11 17:35 - 2016-02-24 17:12 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2016-03-11 17:35 - 2016-02-24 17:10 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2016-03-11 17:35 - 2016-02-24 17:09 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2016-03-11 17:35 - 2016-02-24 17:09 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll
2016-03-11 17:35 - 2016-02-24 17:07 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2016-03-11 17:35 - 2016-02-24 17:05 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-03-11 17:35 - 2016-02-24 17:03 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-03-11 17:35 - 2016-02-24 17:02 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2016-03-11 17:35 - 2016-02-24 17:01 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-03-11 17:35 - 2016-02-24 17:01 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
2016-03-11 17:35 - 2016-02-24 17:01 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2016-03-11 17:35 - 2016-02-24 17:00 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2016-03-11 17:35 - 2016-02-24 16:59 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2016-03-11 17:35 - 2016-02-24 16:59 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-03-11 17:35 - 2016-02-24 16:55 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2016-03-11 17:35 - 2016-02-24 16:55 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2016-03-11 17:35 - 2016-02-24 16:55 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExtrasXmlParser.dll
2016-03-11 17:35 - 2016-02-24 16:54 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2016-03-11 17:35 - 2016-02-24 16:54 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
2016-03-11 17:35 - 2016-02-24 16:54 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2016-03-11 17:35 - 2016-02-24 16:54 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTypeHelperUtil.dll
2016-03-11 17:35 - 2016-02-24 16:53 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2016-03-11 17:35 - 2016-02-24 16:53 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataLanguageUtil.dll
2016-03-11 17:35 - 2016-02-24 16:52 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2016-03-11 17:35 - 2016-02-24 16:52 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PimIndexMaintenanceClient.dll
2016-03-11 17:35 - 2016-02-24 16:49 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2016-03-11 17:35 - 2016-02-24 16:46 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfapigp.dll
2016-03-11 17:35 - 2016-02-24 16:44 - 00915456 _____ (Microsoft Corporation) C:\WINDOWS\system32\configurationclient.dll
2016-03-11 17:35 - 2016-02-24 16:44 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2016-03-11 17:35 - 2016-02-24 16:44 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\POSyncServices.dll
2016-03-11 17:35 - 2016-02-24 16:43 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-03-11 17:35 - 2016-02-24 16:42 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-03-11 17:35 - 2016-02-24 16:42 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-03-11 17:35 - 2016-02-24 16:41 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-03-11 17:35 - 2016-02-24 16:41 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-03-11 17:35 - 2016-02-24 16:40 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-03-11 17:35 - 2016-02-24 16:40 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataPlatformHelperUtil.dll
2016-03-11 17:35 - 2016-02-24 16:39 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2016-03-11 17:35 - 2016-02-24 16:38 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2016-03-11 17:35 - 2016-02-24 16:36 - 01847808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2016-03-11 17:35 - 2016-02-24 16:34 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-03-11 17:35 - 2016-02-24 16:32 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2016-03-11 17:35 - 2016-02-24 16:32 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2016-03-11 17:35 - 2016-02-24 16:31 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cemapi.dll
2016-03-11 17:35 - 2016-02-24 16:31 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2016-03-11 17:35 - 2016-02-24 16:28 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-03-11 17:35 - 2016-02-24 16:28 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2016-03-11 17:35 - 2016-02-24 16:28 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxSip.dll
2016-03-11 17:35 - 2016-02-24 16:25 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\sharemediacpl.dll
2016-03-11 17:35 - 2016-02-24 16:23 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2016-03-11 17:35 - 2016-02-24 16:22 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2016-03-11 17:35 - 2016-02-24 16:21 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2016-03-11 17:35 - 2016-02-24 16:21 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2016-03-11 17:35 - 2016-02-24 16:18 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2016-03-11 17:35 - 2016-02-24 16:18 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2016-03-11 17:35 - 2016-02-24 16:18 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2016-03-11 17:35 - 2016-02-24 16:17 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2016-03-11 17:35 - 2016-02-24 16:13 - 00540160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2016-03-11 17:35 - 2016-02-24 16:09 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-03-11 17:35 - 2016-02-24 16:09 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-03-11 17:35 - 2016-02-24 16:09 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2016-03-11 17:35 - 2016-02-24 16:07 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2016-03-11 17:35 - 2016-02-24 16:07 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-03-11 17:35 - 2016-02-24 16:03 - 00769536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2016-03-11 17:35 - 2016-02-24 15:57 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-03-11 17:35 - 2016-02-24 15:43 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwbase.dll
2016-03-11 17:35 - 2016-02-24 15:22 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwbase.dll
2016-03-11 17:34 - 2016-02-24 17:35 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-03-11 17:34 - 2016-02-24 17:31 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-03-11 17:34 - 2016-02-24 17:23 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-03-11 17:34 - 2016-02-24 16:59 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2016-03-11 17:34 - 2016-02-24 16:58 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\scapi.dll
2016-03-11 17:34 - 2016-02-24 16:51 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-03-11 17:34 - 2016-02-24 16:47 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-03-11 17:34 - 2016-02-24 16:16 - 00394752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-10 12:14 - 2015-10-31 08:35 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{48026F38-AA7E-4836-80AD-97AF1064FF20}
2016-04-10 12:13 - 2015-11-13 20:27 - 00972104 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-10 12:13 - 2015-10-30 17:21 - 00000000 ____D C:\WINDOWS\INF
2016-04-10 12:10 - 2015-09-18 10:53 - 00000000 ___RD C:\Users\danie_000\OneDrive
2016-04-10 12:07 - 2015-09-18 14:21 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-10 12:05 - 2015-11-13 20:49 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-10 12:05 - 2015-11-13 20:23 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2016-04-10 12:05 - 2015-10-30 16:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-04-10 11:38 - 2015-09-18 14:21 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-10 11:07 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-10 09:30 - 2015-09-18 10:51 - 00000000 ____D C:\Users\danie_000\Documents\Youcam
2016-04-09 16:55 - 2015-10-30 17:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-04-09 12:32 - 2015-10-30 17:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-09 11:55 - 2015-10-01 21:29 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-04-07 11:00 - 2015-09-18 16:24 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-04-07 10:35 - 2015-09-18 16:24 - 143659408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-06 19:42 - 2015-10-30 16:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-04-01 09:00 - 2015-10-30 17:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-04-01 08:56 - 2015-06-16 22:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-03-31 08:45 - 2015-09-18 14:23 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-31 08:45 - 2015-09-18 14:23 - 00002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-23 14:24 - 2015-10-30 17:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-14 08:45 - 2015-11-13 20:18 - 00354304 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-03-13 20:09 - 2015-10-30 17:24 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-03-13 20:09 - 2015-10-30 17:24 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-03-13 20:09 - 2015-10-30 17:24 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-03-13 20:09 - 2015-10-30 17:24 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-03-11 17:59 - 2015-09-18 14:20 - 00002419 _____ C:\Users\danie_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

Some files in TEMP:
====================
C:\Users\danie_000\AppData\Local\Temp\libeay32.dll
C:\Users\danie_000\AppData\Local\Temp\msvcr120.dll
C:\Users\danie_000\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-03 15:15

==================== End of FRST.txt ============================

Attached Files



#9 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:59 PM

Posted 10 April 2016 - 03:33 PM

Hi again,

 

Please uninstall:

AVG
TuneUp Software

 

And Pc restart now,

=======================================================
 FRST Script:
 Please download this attached  Attached File  Fixlist.txt   2.09KB   3 downloads and save it in the same directory as FRST

  • Close any open browsers or any other programs that are open
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

===========================================================================

Adobe Shockwave Player update:

Adobe Shockwave Player Version 12.2.4.194 download from here and install.

====================================================================

 

Please let me know how your system is running and any issue ?


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#10 DBreban

DBreban
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:59 AM

Posted 10 April 2016 - 07:15 PM

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by danie_000 (2016-04-11 10:06:31) Run:1
Running from C:\Users\danie_000\Downloads
Loaded Profiles: danie_000 (Available Profiles: danie_000)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleFordanie_000.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
FirewallRules: [{5E337084-B8AD-4A70-B081-68B163764095}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{4C9BD6BD-28B6-4F2F-9B72-0A038D148BF2}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
CHR HomePage: Default -> hxxps://au.search.yahoo.com/?type=344160&fr=yo-yhp-ch
2016-04-06 19:38 - 2016-04-06 19:38 - 00000000 ____D C:\Users\danie_000\AppData\Roaming\AVG
2016-04-06 19:35 - 2016-04-06 19:35 - 00000000 ____D C:\Users\danie_000\AppData\Roaming\TuneUp Software
2016-04-06 19:33 - 2016-04-09 16:55 - 00000000 ___HD C:\$AVG
2016-04-06 19:25 - 2016-04-09 17:04 - 00000000 ____D C:\ProgramData\Avg
2016-04-06 19:24 - 2016-04-09 17:03 - 00000000 ____D C:\Users\danie_000\AppData\Local\AvgSetupLog
2016-04-06 19:24 - 2016-04-09 16:58 - 00000000 ____D C:\Users\danie_000\AppData\Local\Avg
2016-04-06 19:23 - 2016-04-06 19:24 - 02940360 _____ (AVG Technologies CZ, s.r.o.) C:\Users\danie_000\Downloads\AVG_Protection_755.exe
2016-04-06 19:15 - 2016-04-06 19:15 - 04282368 _____ C:\Users\danie_000\Downloads\Gay-_SC-Tanner (2).iso
2016-04-06 19:14 - 2016-04-06 19:15 - 04282368 _____ C:\Users\danie_000\Downloads\Gay-_SC-Tanner (1).iso
2016-04-06 19:11 - 2016-04-06 19:11 - 04282368 _____ C:\Users\danie_000\Downloads\Gay-_SC-Tanner.iso
C:\Users\danie_000\AppData\Local\Temp\libeay32.dll
C:\Users\danie_000\AppData\Local\Temp\msvcr120.dll
C:\Users\danie_000\AppData\Local\Temp\sqlite3.dll
EmptyTemp:
Reboot:
 
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\WINDOWS\Tasks\HPCeeScheduleFordanie_000.job => moved successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5E337084-B8AD-4A70-B081-68B163764095} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4C9BD6BD-28B6-4F2F-9B72-0A038D148BF2} => value removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3" => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll => moved successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9" => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll => not found.
Chrome HomePage => removed successfully
C:\Users\danie_000\AppData\Roaming\AVG => moved successfully
C:\Users\danie_000\AppData\Roaming\TuneUp Software => moved successfully
C:\$AVG => moved successfully
C:\ProgramData\Avg => moved successfully
C:\Users\danie_000\AppData\Local\AvgSetupLog => moved successfully
C:\Users\danie_000\AppData\Local\Avg => moved successfully
C:\Users\danie_000\Downloads\AVG_Protection_755.exe => moved successfully
C:\Users\danie_000\Downloads\Gay-_SC-Tanner (2).iso => moved successfully
C:\Users\danie_000\Downloads\Gay-_SC-Tanner (1).iso => moved successfully
C:\Users\danie_000\Downloads\Gay-_SC-Tanner.iso => moved successfully
C:\Users\danie_000\AppData\Local\Temp\libeay32.dll => moved successfully
C:\Users\danie_000\AppData\Local\Temp\msvcr120.dll => moved successfully
C:\Users\danie_000\AppData\Local\Temp\sqlite3.dll => moved successfully
 
The computer seems to be running fine. I was getting annoying browser popups and AVG kept detecting the same problem.


#11 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:59 PM

Posted 10 April 2016 - 08:08 PM

The computer seems to be running fine. I was getting annoying browser popups and AVG kept detecting the same problem.

which  to file  ?


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#12 DBreban

DBreban
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:59 AM

Posted 10 April 2016 - 08:14 PM

What do you mean?



#13 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:59 PM

Posted 10 April 2016 - 08:23 PM

AVG kept detecting the same problem

is there still problem ?

I understand it in that way.  So I understand  as still have problem !!


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#14 DBreban

DBreban
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:59 AM

Posted 10 April 2016 - 09:03 PM

Oh. No. I thought you were asking about the initial problem. 

 

All seems to be good now. 



#15 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:59 PM

Posted 11 April 2016 - 06:19 AM

Okay, we are agreed now.

 

Please do the following.

 

Please download and run RogueKiller  32/64 bit to your desktop

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes)

 

 

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users