For a while now I have had Cmd.exe run 2 pop ups about every hour. I do not know what the pop ups are doing and my attempts to catch them have been a bit lacking.
A screen shot I managed to grab while recording my screen: http://imgur.com/9QAXIVf
(screen recorded with Open Broadcaster)
I have attempted running spybot and malwarebytes but the problem persists.
possible other problems:
Sometimes unknown tasks with apparently no purpose will show up in my task manager, which I will promptly end. I suspect they are a product of the Cmd windows.
Any advice on how I can catch this thing and get rid of it would be awesome. Thanks!
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-06-2016 01
Ran by FRED2 (administrator) on FRED2-PC (25-06-2016 18:34:49)
Running from C:\Users\FRED2\Downloads
Loaded Profiles: FRED2 (Available Profiles: FRED2)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Cerulean Studios) C:\Program Files (x86)\Trillian\trillian.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [13318424 2015-03-12] (Logitech Inc.)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2016-05-24] (Razer Inc.)
HKU\S-1-5-21-2678748704-3792687868-2610305769-1001\...\MountPoints2: {1df9756f-669e-11e3-a7e8-08606ef0dce6} - E:\setup.exe
HKU\S-1-5-21-2678748704-3792687868-2610305769-1001\...\MountPoints2: {533305f4-1659-11e3-a8fc-08606ef0dce6} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2678748704-3792687868-2610305769-1001\...\MountPoints2: {6247d328-7775-11e3-93c6-08606ef0dce6} - F:\LaunchU3.exe -a
HKU\S-1-5-21-2678748704-3792687868-2610305769-1001\...\MountPoints2: {9aaa3728-1c33-11e3-a826-08606ef0dce6} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2678748704-3792687868-2610305769-1001\...\MountPoints2: {b4c8feaa-10a8-11e6-a983-08606ef0dce6} - H:\setup.exe
HKU\S-1-5-21-2678748704-3792687868-2610305769-1001\...\MountPoints2: {d7946ca0-2e2a-11e5-aa0c-08606ef0dce6} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2678748704-3792687868-2610305769-1001\...\MountPoints2: {e0761206-f054-11e3-b161-08606ef0dce6} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\tray.exe [1010008 2015-04-08] (Garmin Ltd. or its subsidiaries)
Startup: C:\Users\FRED2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk [2016-05-14]
ShortcutTarget: Trillian.lnk -> C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{ADDE4760-2DA4-4248-B1B8-9649CECAFFED}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{ADDE4760-2DA4-4248-B1B8-9649CECAFFED}: [DhcpNameServer] 192.168.1.1
ManualProxies:
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll [2014-01-24] (CANON INC.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-01-24] (CANON INC.)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-12-26] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-26] (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll [2014-01-24] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-01-24] (CANON INC.)
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.15.0.cab
Handler-x32: intu-tt2015 - {5A676D6A-A3EF-4FAA-8DAC-F55CA235F67C} - C:\Program Files (x86)\TurboTax 2015\ic2015pp.dll [2015-11-23] (Intuit Canada, a general partnership/une société en nom collectif.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-17] ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll [2013-04-21] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-17] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-01-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-10-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-10-16] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3325161&octid=EB_ORIGINAL_CTID&ISID=ME5EE2665-EFC6-4A7E-9734-316BE0E72D24&SearchSource=55&CUI=&UM=8&UP=SPFAFB5574-38BA-49C8-BF5F-CD34C56005C3&D=051416&SSPV=
CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?s=G5Ezftpbl0cshmoBP,9d6154d6-efd3-425f-92fa-112a3319d6c9,&prd=smw&q={searchTerms}
CHR DefaultSearchKeyword: Default -> www-searching.com
CHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll => No File
CHR Plugin: (Java Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll => No File
CHR Profile: C:\Users\FRED2\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Translate) - C:\Users\FRED2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2015-11-17]
CHR Extension: (Google Drive) - C:\Users\FRED2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-25]
CHR Extension: (YouTube) - C:\Users\FRED2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (Google Search) - C:\Users\FRED2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (HTTPS Everywhere) - C:\Users\FRED2\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2016-06-11]
CHR Extension: (Google Docs Offline) - C:\Users\FRED2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18]
CHR Extension: (AdBlock) - C:\Users\FRED2\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-06-09]
CHR Extension: (Change Colors) - C:\Users\FRED2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbmkekhehjedonbhoikhhkmlapalklgn [2014-10-20]
CHR Extension: (Speed Dial 2) - C:\Users\FRED2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik [2016-06-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\FRED2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR Extension: (AlienTube for YouTube™) - C:\Users\FRED2\AppData\Local\Google\Chrome\User Data\Default\Extensions\opgodjgjgojjkhlmmhdlojfehcemknnp [2015-10-15]
CHR Extension: (Gmail) - C:\Users\FRED2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1362464 2016-03-15] ()
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [708616 2015-04-08] (Garmin Ltd. or its subsidiaries)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-10-16] (NVIDIA Corporation)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-09-03] (Nero AG)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140936 2013-05-14] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-10-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-10-16] (NVIDIA Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-04] ()
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 BitTorrent; "C:\Program Files\BitTorrent\BitTorrent.exe" /s iid=6908977 did=APSnapdoAMRev sid=3 ref=880b2631-3e04-5f95-9b4a-5487799a1728-PolicyMac id=6be1dde9652db82d208371d33627296304a1c4b313da0e73919c839d673eef0d [X]
S4 dpynloaeuodate; C:\Users\FRED2\AppData\Local\siliconin.exe eproduct dpynloaeuodate [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 asahci64; C:\Windows\system32\drivers\asahci64.sys [49760 2013-02-06] (Asmedia Technology)
R3 CMUSBDAC; C:\Windows\System32\DRIVERS\CMUSBDAC.sys [594944 2014-09-19] (C-MEDIA)
S3 CSRBC; C:\Windows\System32\Drivers\csrbc.sys [38400 2013-03-28] (CSR plc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-12-22] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 FLxHCIh; C:\Windows\system32\drivers\FLxHCIh.sys [69888 2011-10-17] (Fresco Logic)
S3 gtfilter; C:\Windows\System32\DRIVERS\gtfilter.sys [18272 2012-01-03] (Fructel AB)
S3 IFCoEMP; C:\Windows\system32\drivers\ifM60x64.sys [455088 2012-11-16] (Intel® Corporation)
S3 IFCoEVB; C:\Windows\system32\drivers\ifP60X64.sys [159664 2012-11-16] (Intel® Corporation)
S3 lehidmini; C:\Windows\system32\drivers\leath_hid.sys [36608 2012-06-28] (Atheros)
S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [44480 2013-09-23] (hxxp://libusb-win32.sourceforge.net)
S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [121416 2012-05-12] (MotioninJoy) [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-10-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-10-16] (NVIDIA Corporation)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [50392 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-09-22] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [130880 2015-12-14] (Razer, Inc.)
S3 SaiK0CD7; C:\Windows\System32\DRIVERS\SaiK0CD7.sys [180544 2012-09-20] (Saitek)
S3 SaiK1708; C:\Windows\System32\DRIVERS\SaiK1708.sys [180544 2012-09-20] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
S3 SaiU0CD7; C:\Windows\System32\DRIVERS\SaiU0CD7.sys [47168 2012-09-20] (Saitek)
S3 SaiU1708; C:\Windows\System32\DRIVERS\SaiU1708.sys [47168 2012-09-20] (Saitek)
S3 VUSB3HUB; C:\Windows\system32\drivers\ViaHub3.sys [204800 2011-11-14] (VIA Technologies, Inc.)
S3 xhcdrv; C:\Windows\system32\drivers\xhcdrv.sys [256000 2011-11-14] (VIA Technologies, Inc.)
S4 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-06-25 18:34 - 2016-06-25 18:35 - 00023456 _____ C:\Users\FRED2\Downloads\FRST.txt
2016-06-25 18:34 - 2016-06-25 18:34 - 00000000 ____D C:\FRST
2016-06-25 18:33 - 2016-06-25 18:34 - 02387456 _____ (Farbar) C:\Users\FRED2\Downloads\FRST64.exe
2016-06-22 18:16 - 2016-06-22 18:16 - 00000000 ____D C:\Users\FRED2\Tracing
2016-06-19 20:14 - 2016-06-19 20:14 - 00041248 _____ C:\Users\FRED2\Downloads\the-game_english-919169.zip
2016-06-17 22:18 - 2016-06-17 22:18 - 00606532 _____ C:\Users\FRED2\Downloads\Autoruns.zip
2016-06-17 16:50 - 2016-06-17 16:50 - 03878112 _____ (Husdawg, LLC) C:\Users\FRED2\Downloads\Detection.exe
2016-06-11 21:41 - 2016-06-11 21:45 - 00000000 ____D C:\SUPERHOT
2016-06-11 21:41 - 2016-06-11 21:41 - 00000000 ____D C:\Users\FRED2\AppData\LocalLow\SUPERHOT Team
2016-06-11 20:19 - 2016-06-11 20:26 - 00011081 _____ C:\Users\FRED2\Desktop\Hiking.odt
2016-06-11 07:28 - 2016-06-11 07:28 - 00041168 _____ C:\Users\FRED2\Downloads\[kat.cr]monty.python.the.movies.1.2.3.4.comedy.1971.1983.eng.subs.1080p.h264.mp4 (1).torrent
2016-06-11 07:27 - 2016-06-11 07:27 - 00041168 _____ C:\Users\FRED2\Downloads\[kat.cr]monty.python.the.movies.1.2.3.4.comedy.1971.1983.eng.subs.1080p.h264.mp4.torrent
2016-06-11 07:25 - 2016-06-11 07:25 - 00014651 _____ C:\Users\FRED2\Downloads\[kat.cr]monty.python.jabberwocky.1977.dvdrip.divx.torrent
2016-06-11 06:50 - 2016-06-11 06:50 - 00017730 _____ C:\Users\FRED2\Downloads\[otorrents.com]forrest-gump-1994-720p.torrent
2016-06-04 17:53 - 2016-06-04 17:53 - 00036829 _____ C:\Users\FRED2\Downloads\x-men-apocalypse_english-1346862.zip
2016-06-04 17:53 - 2016-06-04 17:53 - 00036829 _____ C:\Users\FRED2\Downloads\x-men-apocalypse_english-1346862 (1).zip
2016-06-04 17:53 - 2016-06-04 17:53 - 00033978 _____ C:\Users\FRED2\Downloads\x-men-apocalypse_english-1347054.zip
2016-05-26 20:28 - 2016-05-26 20:28 - 00211592 _____ (Microsoft Corporation) C:\Users\FRED2\Downloads\vs_community_ENU.exe
2016-05-26 20:26 - 2016-05-26 20:26 - 01147432 _____ (Microsoft Corporation) C:\Users\FRED2\Downloads\wdksetup.exe
2016-05-26 20:15 - 2016-05-26 20:15 - 01270466 _____ C:\Users\FRED2\Downloads\ProcessExplorer.zip
2016-05-26 09:06 - 2016-05-26 09:54 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-05-26 09:03 - 2016-05-26 09:03 - 16563352 _____ (Malwarebytes Corp.) C:\Users\FRED2\Downloads\mbar-1.09.3.1001.exe
2016-05-26 09:01 - 2016-05-26 09:02 - 74637872 _____ (Logitech, Inc.) C:\Users\FRED2\Downloads\lws251.exe
2016-05-26 08:34 - 2016-06-25 17:37 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-26 08:34 - 2016-06-17 06:37 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-06-25 18:26 - 2013-12-13 00:07 - 00000000 ____D C:\Users\FRED2\AppData\Local\Battle.net
2016-06-25 17:38 - 2016-05-10 20:33 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-25 16:42 - 2013-04-20 08:05 - 00000000 ____D C:\Program Files (x86)\Steam
2016-06-25 16:23 - 2014-04-03 01:00 - 00000000 ____D C:\Users\FRED2\AppData\Roaming\Skype
2016-06-24 20:38 - 2016-05-10 20:33 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-24 00:53 - 2015-11-22 18:20 - 00000000 ____D C:\Program Files (x86)\Overwatch
2016-06-23 18:11 - 2013-08-25 12:54 - 00000000 ____D C:\Program Files (x86)\Diablo III
2016-06-23 18:10 - 2014-11-04 20:41 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2016-06-23 17:52 - 2013-12-13 00:07 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-06-23 05:59 - 2016-05-14 16:47 - 00000000 ____D C:\Users\FRED2\AppData\Local\WINTUNEPRO
2016-06-22 23:59 - 2014-08-28 23:38 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-22 21:48 - 2013-04-20 08:57 - 00000000 ____D C:\Users\FRED2\AppData\Roaming\OBS
2016-06-22 21:45 - 2016-05-14 18:26 - 00000000 ____D C:\Users\FRED2\AppData\Roaming\StardewValley
2016-06-22 18:16 - 2015-12-20 19:26 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-06-22 18:16 - 2014-04-03 01:00 - 00000000 ____D C:\ProgramData\Skype
2016-06-22 18:16 - 2013-04-19 22:06 - 00000000 ____D C:\Users\FRED2
2016-06-20 22:53 - 2013-09-05 18:34 - 00007603 _____ C:\Users\FRED2\AppData\Local\Resmon.ResmonCfg
2016-06-20 22:30 - 2013-04-20 08:12 - 00000000 ____D C:\Users\FRED2\AppData\Roaming\tixati
2016-06-20 20:08 - 2013-04-20 08:43 - 00000000 ____D C:\Users\FRED2\AppData\Roaming\vlc
2016-06-20 20:08 - 2009-07-14 00:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-20 20:08 - 2009-07-14 00:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-20 18:53 - 2013-04-20 08:12 - 00000000 ____D C:\Users\FRED2\Documents\Torrents
2016-06-19 18:40 - 2014-04-18 06:13 - 00000000 ____D C:\Users\FRED2\Desktop\Games
2016-06-17 22:28 - 2015-12-11 19:26 - 00012485 _____ C:\Users\FRED2\Desktop\budget.ods
2016-06-17 22:28 - 2013-09-20 16:33 - 00000000 ____D C:\Users\FRED2\Desktop\Protection
2016-06-17 19:53 - 2013-04-10 15:03 - 00000000 ____D C:\ProgramData\NVIDIA
2016-06-17 19:53 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-17 19:41 - 2013-09-07 10:05 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-17 19:37 - 2013-04-19 22:06 - 00000000 ____D C:\Users\FRED2\AppData\Local\VirtualStore
2016-06-17 06:37 - 2013-04-20 23:51 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-06-17 06:37 - 2013-04-20 23:51 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-14 11:33 - 2013-04-20 20:40 - 00000000 ____D C:\Program Files (x86)\StarCraft II
2016-06-11 21:45 - 2015-05-31 09:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2016-06-11 21:45 - 2009-07-14 01:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-06-11 20:19 - 2015-03-15 17:40 - 00268288 ___SH C:\Users\FRED2\Documents\Thumbs.db
2016-06-11 20:19 - 2015-01-24 10:42 - 00000000 ____D C:\Users\FRED2\Documents\Army
2016-06-05 20:29 - 2015-10-14 16:59 - 00000000 ____D C:\Users\FRED2\AppData\Roaming\Kodi
2016-06-04 20:15 - 2016-05-11 06:31 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-06-04 08:10 - 2014-01-16 15:01 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2016-05-26 09:04 - 2014-08-28 23:38 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-05-26 08:27 - 2013-04-21 19:48 - 00000000 ____D C:\Users\FRED2\AppData\Local\ElevatedDiagnostics
==================== Files in the root of some directories =======
2016-05-02 11:03 - 2016-05-14 16:53 - 6494208 _____ () C:\Users\FRED2\AppData\Roaming\agent.dat
2016-05-02 11:02 - 2016-05-14 16:52 - 0127488 _____ () C:\Users\FRED2\AppData\Roaming\Installer.dat
2016-05-02 11:03 - 2016-05-14 16:53 - 0018432 _____ () C:\Users\FRED2\AppData\Roaming\Main.dat
2013-09-13 00:33 - 2013-09-13 00:33 - 0000042 _____ () C:\Users\FRED2\AppData\Roaming\WB.CFG
2013-09-05 18:34 - 2016-06-20 22:53 - 0007603 _____ () C:\Users\FRED2\AppData\Local\Resmon.ResmonCfg
2016-05-02 12:08 - 2016-05-02 12:08 - 0000000 _____ () C:\Users\FRED2\AppData\Local\{E0FE84C0-C5CA-49EA-8FD1-2C6F835277EF}
2013-04-21 20:09 - 2013-04-21 20:09 - 0159528 _____ () C:\ProgramData\1366589266.bdinstall.bin
2013-09-05 14:11 - 2013-09-05 14:11 - 0022799 _____ () C:\ProgramData\1378404700.bdinstall.bin
2013-09-05 14:12 - 2013-09-05 14:12 - 0161521 _____ () C:\ProgramData\1378404701.bdinstall.bin
2013-09-07 08:27 - 2013-09-07 08:27 - 0022832 _____ () C:\ProgramData\1378556826.bdinstall.bin
2013-09-07 08:27 - 2013-09-07 08:27 - 0043667 _____ () C:\ProgramData\1378556832.bdinstall.bin
2013-09-07 08:32 - 2013-09-07 08:32 - 0080339 _____ () C:\ProgramData\1378557083.bdinstall.bin
Some files in TEMP:
====================
C:\Users\FRED2\AppData\Local\Temp\uninstall.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-06-17 00:27
==================== End of FRST.txt ============================