Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google & IE keep redirecting to http://search.safefinder.com/?st=sc&q=


  • This topic is locked This topic is locked
11 replies to this topic

#1 safetydang

safetydang

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 22 July 2016 - 10:30 PM

I believe its called a browser hijacker. Safefinder is my issue so far. 

 

Continues to be listed is my default page when I log into Chrome or IE. AVG keeps killing a Virus called XIFS. I had another virus that would play ads in the background when nothing was open but I have killed that.
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-07-2016
Ran by DANG (administrator) on PERFORMANCE (22-07-2016 20:20:57)
Running from C:\Users\DANG\Desktop
Loaded Profiles: DANG (Available Profiles: DANG)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
() C:\Program Files\BitTorrent\BitTorrent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
() C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Valve Corporation) F:\STEAM\Steam.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Piriform Ltd) C:\Program Files (x86)\CCleaner\CCleaner64.exe
() C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
() C:\Program Files (x86)\TRENDnet\TEW-421PC&TEW-423PI\WlanCU.exe
() C:\Users\Public\Documents\Handy Tools - Prince NRVL\taskbar_usertile_alpha_7_1_by_angelwzr-d3dcdoe\UserTile.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) F:\Itunes\iTunesHelper.exe
(CompuGeek Software) C:\Windows\PSGlass.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
() C:\ProgramData\xifs\xifs.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Valve Corporation) F:\STEAM\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8292120 2013-11-14] (Logitech Inc.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [Cm106Sound] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm106.dll,CMICtrlWnd
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-05-01] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [iTunesHelper] => F:\Itunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [Aero_PowerShell] => "C:\WINDOWS\PSGlass.exe"
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1349626508-3000817215-2059185319-1000\...\Run: [Steam] => F:\STEAM\steam.exe [2851408 2016-07-08] (Valve Corporation)
HKU\S-1-5-21-1349626508-3000817215-2059185319-1000\...\Run: [CCleaner Monitoring] => C:\Program Files (x86)\CCleaner\CCleaner64.exe [8891608 2016-07-13] (Piriform Ltd)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
AppInit_DLLs: C:\ProgramData\xifs\ZenNix.dll => C:\ProgramData\xifs\ZenNix.dll [363008 2016-07-22] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2012-04-23]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TEW-421PC&TEW-423PI.lnk [2012-03-29]
ShortcutTarget: TEW-421PC&TEW-423PI.lnk -> C:\Program Files (x86)\TRENDnet\TEW-421PC&TEW-423PI\WlanCU.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UserTile - Shortcut.lnk [2011-04-18]
ShortcutTarget: UserTile - Shortcut.lnk -> C:\Users\Public\Documents\Handy Tools - Prince NRVL\taskbar_usertile_alpha_7_1_by_angelwzr-d3dcdoe\UserTile.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{6E97EA14-AEBE-4472-BABF-DE8B31962BDF}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{86D6C99C-350E-4EAC-9F80-A299E678CA06}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{BDD578B7-70AC-4668-A9E1-CFC3AE5A3F30}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1349626508-3000817215-2059185319-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://neoreconiasys.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1349626508-3000817215-2059185319-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNf02kLCqe19CEfCMffEImTmLkDWdN-Ve9o8Upj7hufhawhatJm_pYCkt0Hcn2U7Ovzq5YB_R93Kn-8pcp_1wh0SFy_YqU1WOW3cZISOy7JClixt8lnE--G9C42jpKI02BFIxDsnd0En3mrlwTTa4ejaKbrZVnAUF1ZmfXlJDeCrM,&q={searchTerms}
HKU\S-1-5-21-1349626508-3000817215-2059185319-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNf02kLCqe19CEfCMffEImTmLkDWdN-Ve9o8Upj7hufhawhatJm_pYCkt0Hcn2U7Ovzq5YB_R93Kn-8ptEooRFjQW4A3itcziSDEv0dSRQrkkk5cnCC4rUa-VVR26ZP_xOWV5qjrOUwYf4ZtkdK7nXffeIJvW2gteuN7Yzc590kVs,
HKU\S-1-5-21-1349626508-3000817215-2059185319-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNf02kLCqe19CEfCMffEImTmLkDWdN-Ve9o8Upj7hufhawhatJm_pYCkt0Hcn2U7Ovzq5YB_R93Kn-8pcp_1wh0SFy_YqU1WOW3cZISOy7JClixt8lnE--G9C42jpKI02BFIxDsnd0En3mrlwTTa4ejaKbrZVnAUF1ZmfXlJDeCrM,&q={searchTerms}
HKU\S-1-5-21-1349626508-3000817215-2059185319-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNf02kLCqe19CEfCMffEImTmLkDWdN-Ve9o8Upj7hufhawhatJm_pYCkt0Hcn2U7Ovzq5YB_R93Kn-8pcp_1wh0SFy_YqU1WOW3cZISOy7JClixt8lnE--G9C42jpKI02BFIxDsnd0En3mrlwTTa4ejaKbrZVnAUF1ZmfXlJDeCrM,&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL = 
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNf02kLCqe19CEfCMffEImTmLkDWdN-Ve9o8Upj7hufhawhatJm_pYCkt0Hcn2U7Ovzq5YB_R93Kn-8pcp_1wh0SFy_YqU1WOW3cZISOy7JClixt8lnE--G9C42jpKI02BFIxDsnd0En3mrlwTTa4ejaKbrZVnAUF1ZmfXlJDeCrM,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1349626508-3000817215-2059185319-1000 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNf02kLCqe19CEfCMffEImTmLkDWdN-Ve9o8Upj7hufhawhatJm_pYCkt0Hcn2U7Ovzq5YB_R93Kn-8pcp_1wh0SFy_YqU1WOW3cZISOy7JClixt8lnE--G9C42jpKI02BFIxDsnd0En3mrlwTTa4ejaKbrZVnAUF1ZmfXlJDeCrM,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1349626508-3000817215-2059185319-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNf02kLCqe19CEfCMffEImTmLkDWdN-Ve9o8Upj7hufhawhatJm_pYCkt0Hcn2U7Ovzq5YB_R93Kn-8pcp_1wh0SFy_YqU1WOW3cZISOy7JClixt8lnE--G9C42jpKI02BFIxDsnd0En3mrlwTTa4ejaKbrZVnAUF1ZmfXlJDeCrM,&q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-07-21] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-21] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-21] ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-21] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll [2012-10-04] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> F:\Itunes\Mozilla Plugins\npitunes.dll [2014-02-20] ()
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [No File]
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-21] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-05-19] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-05-19] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> f:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> f:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> f:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> f:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> f:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> f:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-07-31] [not signed]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-03] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-04-23] [not signed]
FF HKU\S-1-5-21-1349626508-3000817215-2059185319-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-1349626508-3000817215-2059185319-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\DANG\AppData\Roaming\IDM\idmmzcc3 => not found
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNf02kLCqe19CEfCMffEImTmLkDWdN-Ve9o8Upj7hufhawhatJm_pYCkt0Hcn2U7Ovzq5YB_R93Kn-8pcyd3cg5yEoHJgQLys3TTDjMhGpFhpRGMVWkFjPyL9DARdcKm4sNxf5Bnp2KZKLPGw0Qa-0Vg_MKT6vH_79zj16RE4QsnU,
CHR StartupUrls: Default -> "hxxp://ttora.com/","hxxps://www.youtube.com/"
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.82\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.82\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.82\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Users\DANG\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Java™ Platform SE 6 U33) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.330.5) - C:\Windows\SysWOW64\npdeployJava1.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll => No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll => No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll => No File
CHR Plugin: (Google Update) - C:\Users\DANG\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll => No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll => No File
CHR Profile: C:\Users\DANG\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Entanglement Web App) - C:\Users\DANG\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2013-09-05]
CHR Extension: (Kingdom Rush) - C:\Users\DANG\AppData\Local\Google\Chrome\User Data\Default\Extensions\aijhmofidkkiacjefgflgilhklblpjcm [2012-04-01]
CHR Extension: (Google Drive) - C:\Users\DANG\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\DANG\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (Adblock for Youtube™) - C:\Users\DANG\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2016-03-05]
CHR Extension: (Google Search) - C:\Users\DANG\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Calendar) - C:\Users\DANG\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-10-12]
CHR Extension: (Cut the Rope) - C:\Users\DANG\AppData\Local\Google\Chrome\User Data\Default\Extensions\fedpaocnfoaemifdggjkofephhennndk [2012-04-01]
CHR Extension: (JDoodle Jump) - C:\Users\DANG\AppData\Local\Google\Chrome\User Data\Default\Extensions\feegnpclfpgemhfmgfobelglidonaopc [2012-04-02]
CHR Extension: (Games) - C:\Users\DANG\AppData\Local\Google\Chrome\User Data\Default\Extensions\fobcpibfeplaikcclojfdhfdmbbeofai [2012-04-10]
CHR Extension: (Google Docs Offline) - C:\Users\DANG\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\DANG\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-07-07]
CHR Extension: (Music) - C:\Users\DANG\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgakehlldcacnfhjampnkihibmkgclhk [2012-04-10]
CHR Extension: (Google Talk Launcher) - C:\Users\DANG\AppData\Local\Google\Chrome\User Data\Default\Extensions\icjglmbkgdgdgdigllcokdabceikdppi [2012-04-10]
CHR Extension: (Autodesk Homestyler) - C:\Users\DANG\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb [2013-09-28]
CHR Extension: (Scratchpad) - C:\Users\DANG\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjebfhglflhjjjiceimfkgicifkhjlnm [2013-05-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\DANG\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (imo free video calls and text) - C:\Users\DANG\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocaebkdojpikfmhmnekiflipcicedobi [2014-03-11]
CHR Extension: (Enhanced Steam) - C:\Users\DANG\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2016-07-07]
CHR Extension: (Picasa) - C:\Users\DANG\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2012-04-01]
CHR Extension: (Gmail) - C:\Users\DANG\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-02]
CHR Extension: (Canvas Rider) - C:\Users\DANG\AppData\Local\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk [2015-05-12]
CHR Profile: C:\Users\DANG\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Docs) - C:\Users\DANG\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-04]
CHR Extension: (Docs) - C:\Users\DANG\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-04]
CHR Extension: (Docs) - C:\Users\DANG\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-04]
CHR Extension: (Docs) - C:\Users\DANG\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-04]
CHR Extension: (Docs) - C:\Users\DANG\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-04]
StartMenuInternet: Google Chrome.WH3ULBQ2QRSAESMN6MVFSLN5IU - C:\Users\DANG\AppData\Local\Google\Chrome\Application\chrome334.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [637944 2016-06-29] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5251808 2016-06-29] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1080080 2016-06-21] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [712792 2016-06-29] (AVG Technologies CZ, s.r.o.)
R2 BitTorrent; C:\Program Files\BitTorrent\BitTorrent.exe [383488 2016-07-21] () [File not signed] <==== ATTENTION
S4 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [437880 2015-08-19] (BlueStack Systems, Inc.)
S4 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413304 2015-08-19] (BlueStack Systems, Inc.)
S4 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [839288 2015-08-19] (BlueStack Systems, Inc.)
S4 ES lite Service; C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-08-24] ()
R2 FlipShare Service; C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe [460144 2011-05-06] ()
R2 FlipShareServer; C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2011-05-06] () [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-05-01] (NVIDIA Corporation)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-05-01] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-05-01] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-05-01] (NVIDIA Corporation)
S3 Origin Client Service; F:\Program Files (x86)\Origin\OriginClientService.exe [2099720 2015-11-24] (Electronic Arts)
S3 OverwolfUpdaterService; F:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [18360 2013-08-22] (Overwolf Ltd)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S4 RichVideo64; C:\Program Files\Cyberlink\Shared files\RichVideo64.exe [386344 2010-08-19] ()
S4 UnsignedThemes; C:\Windows\UnsignedThemesSvc.exe [24168 2009-07-13] (The Within Network, LLC)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 xifs; C:\ProgramData\\xifs\\xifs.exe [392704 2016-07-22] () [File not signed]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-13] (Microsoft Corporation)
S3 AODDriver; C:\Program Files (x86)\Gigabyte\ET6\amd64\AODDriver.sys [57952 2013-06-18] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] ()
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [310016 2016-06-09] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [261376 2016-06-01] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [260352 2016-06-01] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [249088 2016-06-02] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [280320 2016-06-01] (AVG Technologies CZ, s.r.o.)
R0 avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [76544 2016-06-01] (AVG Technologies CZ, s.r.o.)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [146040 2015-08-19] (BlueStack Systems)
S3 dgderdrv; C:\Windows\SysWOW64\drivers\dgderdrv.sys [20032 2011-08-22] (Devguru Co., Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2012-09-04] ()
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
S3 NPF; C:\Windows\System32\drivers\npf.sys [40464 2007-11-06] (CACE Technologies)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-05-01] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-13] (NVIDIA Corporation)
S3 RTL85n64; C:\Windows\System32\DRIVERS\RTL85n64.sys [436568 2007-10-19] (Realtek)
S3 USBMULCD; C:\Windows\System32\drivers\CM10664.sys [1307648 2009-09-30] (C-Media Electronics Inc)
R2 uxpatch; C:\Windows\system32\drivers\uxpatch.sys [30568 2009-07-13] ()
S3 ALSysIO; \??\C:\Users\DANG\AppData\Local\Temp\ALSysIO64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 PlantronicsGC; system32\drivers\PLTGC.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-07-22 20:20 - 2016-07-22 20:21 - 00031875 _____ C:\Users\DANG\Desktop\FRST.txt
2016-07-22 20:20 - 2016-07-22 20:20 - 02393600 _____ (Farbar) C:\Users\DANG\Desktop\FRST64.exe
2016-07-22 20:20 - 2016-07-22 20:20 - 00000000 ____D C:\FRST
2016-07-22 20:04 - 2016-07-22 20:04 - 00028741 _____ C:\ComboFix.txt
2016-07-22 19:57 - 2016-07-22 19:57 - 00004950 _____ C:\Users\DANG\Desktop\Rkill.txt
2016-07-22 10:39 - 2016-07-22 11:21 - 00119979 _____ C:\Users\DANG\Desktop\avgrep.txt
2016-07-22 10:32 - 2016-07-22 20:07 - 00002397 _____ C:\Windows\SysWOW64\findit.xml
2016-07-22 10:31 - 2016-07-22 20:15 - 00000000 ____D C:\ProgramData\xifs
2016-07-22 10:31 - 2016-07-22 10:32 - 00000000 ____D C:\ProgramData\xifss
2016-07-21 20:51 - 2016-07-21 21:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-07-21 20:32 - 2016-07-22 20:07 - 00002277 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-07-21 20:32 - 2016-07-22 20:07 - 00002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-07-21 19:06 - 2016-07-21 20:51 - 00000000 ____D C:\$AVG
2016-07-21 19:06 - 2016-07-21 19:06 - 00000000 ____D C:\Users\DANG\AppData\Roaming\TuneUp Software
2016-07-21 19:06 - 2016-07-21 19:06 - 00000000 ____D C:\Users\DANG\AppData\Roaming\AVG
2016-07-21 19:06 - 2016-07-21 19:06 - 00000000 ____D C:\Program Files\Common Files\AV
2016-07-21 19:05 - 2016-07-22 20:10 - 00000000 ____D C:\ProgramData\MFAData
2016-07-21 19:05 - 2016-07-21 21:07 - 00000862 _____ C:\Users\Public\Desktop\AVG.lnk
2016-07-21 19:05 - 2016-07-21 21:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2016-07-21 19:05 - 2016-07-21 19:05 - 00000000 ____D C:\Users\DANG\AppData\Local\MFAData
2016-07-21 19:04 - 2016-07-21 19:06 - 00000000 ____D C:\ProgramData\Avg
2016-07-21 19:04 - 2016-07-21 19:06 - 00000000 ____D C:\Program Files (x86)\AVG
2016-07-21 19:03 - 2016-07-21 21:07 - 00000000 ____D C:\Users\DANG\AppData\Local\AvgSetupLog
2016-07-21 19:03 - 2016-07-21 21:07 - 00000000 ____D C:\Users\DANG\AppData\Local\Avg
2016-07-21 18:55 - 2016-07-21 18:55 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\DANG\Desktop\rkill.exe
2016-07-21 18:50 - 2016-07-21 18:50 - 00002806 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-07-21 18:50 - 2016-07-21 18:50 - 00001021 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-07-21 18:50 - 2016-07-21 18:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-07-21 18:12 - 2016-07-21 18:50 - 00003808 _____ C:\Windows\System32\Tasks\89851767
2016-07-21 18:12 - 2016-07-21 18:50 - 00003650 _____ C:\Windows\System32\Tasks\Pa8985176789851767
2016-07-21 17:57 - 2016-07-22 10:30 - 00000000 ____D C:\AdwCleaner
2016-07-21 17:57 - 2016-07-21 17:57 - 01610560 _____ (Malwarebytes) C:\Users\DANG\Desktop\JRT.exe
2016-07-21 17:56 - 2016-07-21 17:56 - 03712064 _____ C:\Users\DANG\Desktop\AdwCleaner.exe
2016-07-21 17:46 - 2011-06-25 23:45 - 00256000 _____ C:\Windows\PEV.exe
2016-07-21 17:46 - 2010-11-07 10:20 - 00208896 _____ C:\Windows\MBR.exe
2016-07-21 17:46 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-07-21 17:46 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-07-21 17:46 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-07-21 17:46 - 2000-08-30 17:00 - 00098816 _____ C:\Windows\sed.exe
2016-07-21 17:46 - 2000-08-30 17:00 - 00080412 _____ C:\Windows\grep.exe
2016-07-21 17:46 - 2000-08-30 17:00 - 00068096 _____ C:\Windows\zip.exe
2016-07-21 17:45 - 2016-07-21 17:45 - 05659291 ____R (Swearware) C:\Users\DANG\Desktop\ComboFix.exe
2016-07-21 17:33 - 2016-07-21 18:14 - 00000000 ____D C:\Program Files (x86)\AdVPN
2016-07-21 17:33 - 2016-07-21 17:33 - 00031232 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
2016-07-21 17:32 - 2016-07-21 19:16 - 00000000 ___HD C:\Program Files (x86)\columnists
2016-07-21 17:32 - 2016-07-21 19:12 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-07-21 17:31 - 2016-07-21 17:31 - 00000000 ____D C:\Users\DANG\AppData\Roaming\c
2016-07-21 17:31 - 2016-07-21 17:31 - 00000000 ____D C:\Users\DANG\AppData\Local\gsearch
2016-07-21 17:30 - 2016-07-21 20:30 - 00000000 ____D C:\Program Files\BitTorrent
2016-07-21 17:30 - 2016-07-21 17:30 - 07105536 _____ C:\Users\DANG\AppData\Roaming\agent.dat
2016-07-21 17:30 - 2016-07-21 17:30 - 01881490 _____ C:\Users\DANG\AppData\Roaming\Singtom.tst
2016-07-21 17:30 - 2016-07-21 17:30 - 00129024 _____ C:\Users\DANG\AppData\Roaming\Installer.dat
2016-07-21 17:30 - 2016-07-21 17:30 - 00126464 _____ C:\Users\DANG\AppData\Roaming\noah.dat
2016-07-21 17:30 - 2016-07-21 17:30 - 00126464 _____ C:\Users\DANG\AppData\Roaming\lobby.dat
2016-07-21 17:30 - 2016-07-21 17:30 - 00072702 _____ C:\Users\DANG\AppData\Roaming\SoftHotkix.tst
2016-07-21 17:30 - 2016-07-21 17:30 - 00070656 _____ C:\Users\DANG\AppData\Roaming\Config.xml
2016-07-21 17:30 - 2016-07-21 17:30 - 00054272 _____ C:\Users\DANG\AppData\Roaming\ApplicationHosting.dat
2016-07-21 17:30 - 2016-07-21 17:30 - 00041472 _____ C:\Users\DANG\AppData\Local\Kontripzap.dat
2016-07-21 17:30 - 2016-07-21 17:30 - 00019536 _____ C:\Users\DANG\AppData\Roaming\InstallationConfiguration.xml
2016-07-21 17:30 - 2016-07-21 17:30 - 00018432 _____ C:\Users\DANG\AppData\Roaming\Main.dat
2016-07-21 17:30 - 2016-07-21 17:30 - 00005568 _____ C:\Users\DANG\AppData\Roaming\md.xml
2016-07-21 17:30 - 2016-07-21 17:30 - 00000187 _____ C:\Users\DANG\AppData\Local\Kontripzap.exe.config
2016-07-21 17:29 - 2016-07-21 17:29 - 00000000 ____D C:\Users\Public\Documents\Tools
2016-07-11 02:34 - 2016-07-11 02:34 - 00181638 _____ C:\Users\DANG\Desktop\fseprd503214.pdf
2016-07-11 01:28 - 2016-07-11 01:28 - 00215241 _____ C:\Users\DANG\Desktop\fseprd503208.pdf
2016-07-07 20:00 - 2016-07-07 20:00 - 00554499 _____ C:\Users\DANG\Desktop\QRG-Registering_for_Classes.pdf
2016-06-27 21:50 - 2016-06-27 23:13 - 00000000 ____D C:\Users\DANG\Documents\Overwatch
2016-06-27 00:04 - 2016-06-27 00:04 - 00000905 _____ C:\Users\Public\Desktop\Overwatch.lnk
2016-06-27 00:04 - 2016-06-27 00:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overwatch
2016-06-22 14:35 - 2016-06-22 14:35 - 00119959 _____ C:\Users\DANG\Desktop\Form.pdf
2016-06-22 12:32 - 2016-06-22 14:32 - 00354233 _____ C:\Users\DANG\Desktop\CypressCollegeAssessmentExemptionPetition.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-07-22 20:14 - 2009-07-13 21:45 - 00021248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-22 20:14 - 2009-07-13 21:45 - 00021248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-22 20:13 - 2009-07-13 22:13 - 00800014 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-22 20:13 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2016-07-22 20:12 - 2012-11-29 12:33 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-07-22 20:07 - 2013-08-25 15:25 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-22 20:07 - 2012-03-29 20:25 - 00000000 ____D C:\ProgramData\NVIDIA
2016-07-22 20:07 - 2012-03-27 04:49 - 00001405 _____ C:\Users\DANG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-07-22 20:07 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-22 20:04 - 2014-12-17 03:58 - 00000000 ____D C:\Qoobox
2016-07-22 20:03 - 2009-07-13 19:34 - 00000215 _____ C:\Windows\system.ini
2016-07-22 19:55 - 2012-03-27 05:05 - 00000000 ____D C:\Users\DANG\AppData\Roaming\uTorrent
2016-07-22 10:15 - 2013-08-25 15:25 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-22 10:14 - 2013-08-05 00:13 - 00000000 ____D C:\Users\DANG\AppData\Roaming\vlc
2016-07-21 20:37 - 2015-10-16 21:47 - 00000000 ____D C:\Users\DANG\.oracle_jre_usage
2016-07-21 20:37 - 2013-10-23 22:53 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-07-21 20:37 - 2013-10-23 22:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-07-21 20:37 - 2012-07-31 14:53 - 00000000 ____D C:\Program Files (x86)\Java
2016-07-21 20:32 - 2013-08-25 15:25 - 00000000 ____D C:\Program Files (x86)\Google
2016-07-21 19:12 - 2012-11-29 12:33 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-07-21 19:12 - 2012-11-29 12:33 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-07-21 18:52 - 2016-03-01 01:20 - 00000000 ____D C:\Users\DANG\AppData\Local\CrashDumps
2016-07-21 18:52 - 2015-10-08 22:43 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-07-21 18:52 - 2011-04-18 22:23 - 00000000 ____D C:\Windows\Panther
2016-07-21 18:50 - 2011-04-18 21:56 - 00000000 ____D C:\Program Files (x86)\CCleaner
2016-07-21 18:12 - 2012-03-27 03:18 - 00000000 ____D C:\Windows\system32\Macromed
2016-07-21 18:12 - 2011-04-18 21:57 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-07-21 18:11 - 2012-03-27 05:03 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2016-07-21 17:59 - 2012-03-27 04:56 - 00000000 ____D C:\Users\DANG\AppData\Roaming\Yahoo!
2016-07-21 17:50 - 2014-12-17 03:58 - 00000000 ____D C:\Windows\erdnt
2016-07-21 17:50 - 2009-07-13 19:34 - 83886080 _____ C:\Windows\system32\config\SOFTWARE.bak
2016-07-21 17:50 - 2009-07-13 19:34 - 27525120 _____ C:\Windows\system32\config\SYSTEM.bak
2016-07-21 17:50 - 2009-07-13 19:34 - 00524288 _____ C:\Windows\system32\config\DEFAULT.bak
2016-07-21 17:50 - 2009-07-13 19:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2016-07-21 17:50 - 2009-07-13 19:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2016-07-21 17:32 - 2013-04-01 21:55 - 00000000 ____D C:\ProgramData\Package Cache
2016-07-21 17:31 - 2014-03-07 00:21 - 00000000 ____D C:\Users\DANG\AppData\Local\Battle.net
2016-07-14 01:38 - 2015-11-27 22:42 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
 
==================== Files in the root of some directories =======
 
2016-07-21 17:30 - 2016-07-21 17:30 - 7105536 _____ () C:\Users\DANG\AppData\Roaming\agent.dat
2013-08-24 00:59 - 2013-08-24 01:01 - 0000626 _____ () C:\Users\DANG\AppData\Roaming\All CPU MeterV3_Settings.ini
2013-09-20 03:19 - 2013-09-20 02:03 - 0012005 _____ () C:\Users\DANG\AppData\Roaming\alsoft.ini
2016-07-21 17:30 - 2016-07-21 17:30 - 0054272 _____ () C:\Users\DANG\AppData\Roaming\ApplicationHosting.dat
2016-07-21 17:30 - 2016-07-21 17:30 - 0070656 _____ () C:\Users\DANG\AppData\Roaming\Config.xml
2016-07-21 17:30 - 2016-07-21 17:30 - 0019536 _____ () C:\Users\DANG\AppData\Roaming\InstallationConfiguration.xml
2016-07-21 17:30 - 2016-07-21 17:30 - 0129024 _____ () C:\Users\DANG\AppData\Roaming\Installer.dat
2016-07-21 17:30 - 2016-07-21 17:30 - 0126464 _____ () C:\Users\DANG\AppData\Roaming\lobby.dat
2016-07-21 17:30 - 2016-07-21 17:30 - 0018432 _____ () C:\Users\DANG\AppData\Roaming\Main.dat
2016-07-21 17:30 - 2016-07-21 17:30 - 0005568 _____ () C:\Users\DANG\AppData\Roaming\md.xml
2016-07-21 17:30 - 2016-07-21 17:30 - 0126464 _____ () C:\Users\DANG\AppData\Roaming\noah.dat
2016-07-21 17:30 - 2016-07-21 17:30 - 1881490 _____ () C:\Users\DANG\AppData\Roaming\Singtom.tst
2016-07-21 17:30 - 2016-07-21 17:30 - 0072702 _____ () C:\Users\DANG\AppData\Roaming\SoftHotkix.tst
2014-10-24 11:23 - 2014-10-24 11:23 - 0000035 _____ () C:\Users\DANG\AppData\Roaming\Statdisk.prefs
2016-07-21 17:31 - 2016-07-21 17:31 - 0001150 _____ () C:\Users\DANG\AppData\Roaming\uninstall_temp.ico
2012-06-29 19:29 - 2016-06-15 22:43 - 0054272 _____ () C:\Users\DANG\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-18 10:43 - 2012-06-18 10:43 - 0000092 _____ () C:\Users\DANG\AppData\Local\fusioncache.dat
2016-07-21 17:30 - 2016-07-21 17:30 - 0041472 _____ () C:\Users\DANG\AppData\Local\Kontripzap.dat
2016-07-21 17:30 - 2016-07-21 17:30 - 0000187 _____ () C:\Users\DANG\AppData\Local\Kontripzap.exe.config
2013-04-22 22:15 - 2014-01-05 22:39 - 0007597 _____ () C:\Users\DANG\AppData\Local\resmon.resmoncfg
2013-01-18 01:04 - 2013-01-18 01:04 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2012-04-23 00:01 - 2012-04-23 00:07 - 0001204 _____ () C:\ProgramData\hpzinstall.log
2012-11-05 01:50 - 2016-01-31 13:35 - 0000029 _____ () C:\ProgramData\IpAndPort.fig
2012-07-06 19:08 - 2016-01-31 13:35 - 0000197 _____ () C:\ProgramData\RmUserCfg.ini
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2011-04-18 21:24
 
==================== End of FRST.txt ============================

Edited by safetydang, 22 July 2016 - 10:40 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:17 AM

Posted 23 July 2016 - 08:05 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyclsid;
emptyffcache;
FFdefaults;
emptyiecache;
iedefaults;
emptychrcache;
CHRdefaults;
emptyalltemp;
emptyfolderscheck;delete
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.

==

Please run the Farbar tool one more time and post the FRST and Addition.txt logs for my review.

Also, please provide an update on how the computer is behaving after running the above script.

#3 safetydang

safetydang
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 28 July 2016 - 11:42 PM

Sorry I was off the grid for a few days. Finally got back and turned my computer on. Was instantly reminded of the virus and ran her to run the steps.

 

Zoek:

 

 
Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by DANG on Thu 07/28/2016 at 21:11:00.89.
Neo Reconia 7 Performance Edition SP1  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\DANG\Downloads\zoek.exe [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
7/28/2016 9:13:23 PM Zoek.exe System Restore Point Created Successfully.
 
==== Empty Folders Check ======================
 
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\Origin Games deleted successfully
C:\PROGRA~3\BlueStacks deleted successfully
C:\PROGRA~3\{22653E43-41C4-421E-BCAA-AED3F3792193} deleted successfully
C:\Users\DANG\AppData\Roaming\c deleted successfully
C:\Users\DANG\AppData\Roaming\DMCache deleted successfully
C:\Users\DANG\AppData\Roaming\Splashtop deleted successfully
C:\Users\DANG\AppData\Roaming\Yahoo! deleted successfully
C:\Users\DANG\AppData\Local\Samsung deleted successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\CrashDumps deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
HKEY_USERS\S-1-5-21-1349626508-3000817215-2059185319-1000\Software\Microsoft\Internet Explorer\SearchScopes\{ielnksrch} deleted successfully
HKEY_USERS\S-1-5-21-1349626508-3000817215-2059185319-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A} deleted successfully
HKEY_USERS\S-1-5-21-1349626508-3000817215-2059185319-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7AEFE841-DCA1-4A95-80CB-BE935D020300} deleted successfully
HKEY_USERS\S-1-5-21-1349626508-3000817215-2059185319-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AEFE841-DCA1-4A95-80CB-BE935D020300} deleted successfully
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== Batch Command(s) Run By Tool======================
 
 
==== Deleting Files \ Folders ======================
 
C:\PROGRA~2\Origin Games not found
C:\PROGRA~3\{22653E43-41C4-421E-BCAA-AED3F3792193} not found
C:\PROGRA~3\xifss deleted
C:\PROGRA~3\xifs deleted
C:\PROGRA~2\columnists deleted
C:\Users\DANG\AppData\Roaming\Natural Selection 2 deleted
C:\windows\SysNative\Tasks\snf deleted
C:\windows\SysNative\Tasks\snp deleted
C:\PROGRA~3\Overwolf deleted
C:\Users\DANG\.android deleted
C:\PROGRA~2\RNX-N180UBE 11n USB Wireless LAN Driver deleted
C:\Show_Hidden_Files_On_Off.vbs deleted
C:\Users\DANG\AppData\Roaming\uninstall_temp.ico deleted
C:\Users\DANG\AppData\Roaming\All CPU MeterV3_Settings.ini deleted
C:\Users\DANG\AppData\Roaming\alsoft.ini deleted
C:\PROGRA~3\{8533ADFA-85F0-4dc1-946A-2A0BA58E78E3} deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\DANG\AppData\Local\Kontripzap.exe.config deleted
C:\Users\DANG\AppData\Local\gsearch deleted
"C:\Windows\Installer\9b86f32.msi" deleted
 
==== Orphaned Tasks deleted from Registry ======================
 
Adobe Acrobat Update Task deleted
AutoKMS deleted
Core Temp Autostart DANG deleted
GoogleUpdateTaskUserS-1-5-21-1349626508-3000817215-2059185319-1000Core deleted
GoogleUpdateTaskUserS-1-5-21-1349626508-3000817215-2059185319-1000UA deleted
ProPCCleaner_Popup deleted
ProPCCleaner_Start deleted
snf deleted
snp deleted
{07B9AD44-97A2-4F83-BD9E-4C2575E05A44} deleted
{8395CFD9-B5E7-467A-AAFC-5AC5341A16F8} deleted
{EE4DFE20-ACB5-4487-9C13-CAB7B25497AF} deleted
{FBEED911-3D10-4203-83F2-29C2736EAC18} deleted
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [04/23/2012 12:04 AM]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [04/23/2012 12:04 AM]
 
==== Chromium Look ======================
 
 
imo free video calls and text - DANG\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ocaebkdojpikfmhmnekiflipcicedobi
Enhanced Steam - DANG\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\okadibdjfemgnhjiembecghcbfknbfhg
Canvas Rider - DANG\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\poknhlcknimnnbfcombaooklofipaibk
 
==== Chromium Fix ======================
 
C:\Users\DANG\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.safefinder.com_0.localstorage deleted successfully
C:\Users\DANG\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.safefinder.com_0.localstorage-journal deleted successfully
C:\Users\DANG\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_search.safefinder.com_0.localstorage deleted successfully
C:\Users\DANG\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_search.safefinder.com_0.localstorage-journal deleted successfully
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"SearchAssistant"="http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNf02kLCqe19CEfCMffEImTmLkDWdN-Ve9o8Upj7hufhawhatJm_pYCkt0Hcn2U7Ovzq5YB_R93Kn-8pcp_1wh0SFy_YqU1WOW3cZISOy7JClixt8lnE--G9C42jpKI02BFIxDsnd0En3mrlwTTa4ejaKbrZVnAUF1ZmfXlJDeCrM,&q={searchTerms}"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNf02kLCqe19CEfCMffEImTmLkDWdN-Ve9o8Upj7hufhawhatJm_pYCkt0Hcn2U7Ovzq5YB_R93Kn-8pcp_1wh0SFy_YqU1WOW3cZISOy7JClixt8lnE--G9C42jpKI02BFIxDsnd0En3mrlwTTa4ejaKbrZVnAUF1ZmfXlJDeCrM,&q={searchTerms}"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNf02kLCqe19CEfCMffEImTmLkDWdN-Ve9o8Upj7hufhawhatJm_pYCkt0Hcn2U7Ovzq5YB_R93Kn-8pcp_1wh0SFy_YqU1WOW3cZISOy7JClixt8lnE--G9C42jpKI02BFIxDsnd0En3mrlwTTa4ejaKbrZVnAUF1ZmfXlJDeCrM,&q={searchTerms}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{ielnksrch}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}] not found
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
 
==== All HKLM and HKCU SearchScopes ======================
 
HKLM\SearchScopes "DefaultScope"="{5C03E060-11F4-41A1-903F-006EFBB28E12}"
HKLM\SearchScopes\{E506DAA8-7511-4CDA-B91A-894D1DAE972D} - http://www.bing.com/search?q={searchTerms}&form=IE8SRC&src=IE-SearchBox
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{ielnksrch}"
HKLM\Wow6432Node\SearchScopes\ielnksrch - http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNf02kLCqe19CEfCMffEImTmLkDWdN-Ve9o8Upj7hufhawhatJm_pYCkt0Hcn2U7Ovzq5YB_R93Kn-8pcp_1wh0SFy_YqU1WOW3cZISOy7JClixt8lnE--G9C42jpKI02BFIxDsnd0En3mrlwTTa4ejaKbrZVnAUF1ZmfXlJDeCrM,&q={searchTerms}
HKLM\Wow6432Node\SearchScopes\{E506DAA8-7511-4CDA-B91A-894D1DAE972D} - http://www.bing.com/search?q={searchTerms}&form=IE8SRC&src=IE-SearchBox
HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
 
==== Reset Google Chrome ======================
 
C:\Users\DANG\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\DANG\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\DANG\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences was reset successfully
C:\Users\DANG\AppData\Local\Google\Chrome\User Data\Profile 1\Secure Preferences was reset successfully
C:\Users\DANG\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\DANG\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\DANG\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data was reset successfully
C:\Users\DANG\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data-journal was reset successfully
 
==== shortcuts on Users Desktops ======================
 
C:\Users\DANG\Desktop\D9-Viewer.lnk - F:\D9-Viewer\D9-Viewer.exe 
C:\Users\DANG\Desktop\Emulators - Shortcut.lnk - F:\Emulators 
C:\Users\DANG\Desktop\Fallout 4 - Shortcut.lnk - F:\STEAM\steamapps\common\Fallout 4 
C:\Users\DANG\Desktop\Fallout4 - S Plugin.lnk - C:\Users\DANG\AppData\Local\Fallout4 
C:\Users\DANG\Desktop\My Works - Shortcut.lnk - F:\My Works 
C:\Users\DANG\Desktop\Rick & Morty.lnk - F:\Torrent\Rick and Morty 
C:\Users\DANG\Desktop\TheSimpsons.lnk - F:\Downloads\The.Simpsons.Complete.S00-22.MiXED.XviD.-IPT 
 
==== shortcuts on All Users Desktop ======================
 
C:\Users\Public\Desktop\AVG.lnk - C:\Program Files (x86)\AVG\Framework\Common\avguix.exe /zen.open_ui
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files (x86)\CCleaner\CCleaner64.exe 
C:\Users\Public\Desktop\Fraps.lnk - F:\Fraps\fraps.exe 
C:\Users\Public\Desktop\Overwatch.lnk - F:\Program Files (x86)\Hearthstone\Overwatch\Overwatch Launcher.exe 
C:\Users\Public\Desktop\VLC media player.lnk - F:\Program Files (x86)\VideoLAN\VLC\vlc.exe 
 
==== shortcuts in Users Start Menu ======================
 
C:\Users\DANG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D?publisher=apsnapdoam&co=US&userid=af602409-377c-a7d4-c837-893532eb8e14&searchtype=sc&installDate=22/07/2016&barcodeid=50046888&channelid=888&av=windows
 
==== shortcuts in All Users Start Menu ======================
 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\SC_Reader.ico 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D?publisher=apsnapdoam&co=US&userid=af602409-377c-a7d4-c837-893532eb8e14&searchtype=sc&installDate=22/07/2016&barcodeid=50046888&channelid=888&av=windows
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG\AVG Protection.lnk - C:\Program Files (x86)\AVG\Av\avgui.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen\AVG.lnk - C:\Program Files (x86)\AVG\Framework\Common\avguix.exe /zen.open_ui
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files (x86)\CCleaner\CCleaner64.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm\Heroes of the Storm.lnk - F:\Program Files (x86)\Hearthstone\Heroes of the Storm\Heroes of the Storm.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_101\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files (x86)\Java\jre1.8.0_101\bin\javacpl.exe -tab update
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_101\bin\javacpl.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\GeForce Experience.lnk - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\LaunchGFExperience.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision Photo Viewer.lnk - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstview.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision preview pack 1.lnk - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe /show
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\Disable 3D Vision.lnk - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe /disable
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\Enable 3D Vision.lnk - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe /enable
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overwatch\Overwatch.lnk - F:\Program Files (x86)\Hearthstone\Overwatch\Overwatch Launcher.exe 
 
==== shortcuts in Quick Launch ======================
 
C:\Users\DANG\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D?publisher=apsnapdoam&co=US&userid=af602409-377c-a7d4-c837-893532eb8e14&searchtype=sc&installDate=22/07/2016&barcodeid=50046888&channelid=888&av=windows
C:\Users\DANG\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D?publisher=apsnapdoam&co=US&userid=af602409-377c-a7d4-c837-893532eb8e14&searchtype=sc&installDate=22/07/2016&barcodeid=50046888&channelid=888&av=windows
C:\Users\DANG\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\DANG\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\DANG\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -  
C:\Users\DANG\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe 
C:\Users\DANG\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Audio transfer application.lnk - F:\Program Files (x86)\Virtual Audio Cable\audiorepeater.exe 
C:\Users\DANG\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Battlefield 3.lnk - F:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe 
C:\Users\DANG\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Off-Road Drive.lnk - F:\Games\Off-Road Drive\Binaries\Win32\ORD.exe 
C:\Users\DANG\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Overwolf.lnk - F:\Program Files (x86)\Overwolf\OverwolfLauncher.exe 
C:\Users\DANG\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Rigs of Rods.lnk - F:\Games\Rigs of Rods 0.38\rorconfig.exe 
C:\Users\DANG\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\SimpleSoundPlayer.lnk - F:\Program Files (x86)\Virtual Audio Cable\SimpleSoundPlayer.exe 
C:\Users\DANG\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Steam.lnk - F:\STEAM\Steam.exe 
C:\Users\DANG\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\µTorrent.lnk -  
C:\Users\DANG\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D?publisher=apsnapdoam&co=US&userid=af602409-377c-a7d4-c837-893532eb8e14&searchtype=sc&installDate=22/07/2016&barcodeid=50046888&channelid=888&av=windows
C:\Users\DANG\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\iTunes.lnk - F:\Itunes\iTunes.exe 
C:\Users\DANG\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Steam.lnk - F:\STEAM\Steam.exe 
C:\Users\DANG\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe 
C:\Users\DANG\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\µTorrent.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
 
==== shortcuts After Repair ======================
 
C:\Users\DANG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
C:\Users\DANG\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
C:\Users\DANG\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 
C:\Users\DANG\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
 
==== Deleting Registry Keys ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E85CE1EACA2B95944A2C3C28202A2593 deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AE1EC58E-B2AC-4959-A4C2-C38202A25239} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\E85CE1EACA2B95944A2C3C28202A2593 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\glocks deleted successfully
 
==== Empty IE Cache ======================
 
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\DANG\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\DANG\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
 
==== Empty FireFox Cache ======================
 
No FireFox Profiles found
 
==== Empty Chrome Cache ======================
 
C:\Users\DANG\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=8431 folders=290 571278402 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\DANG\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\Windows\Temp successfully emptied
C:\Users\DANG\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== EOF on Thu 07/28/2016 at 21:38:44.83 ======================


#4 safetydang

safetydang
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 28 July 2016 - 11:45 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-07-2016
Ran by DANG (administrator) on PERFORMANCE (28-07-2016 21:41:18)
Running from C:\Users\DANG\Desktop
Loaded Profiles: DANG (Available Profiles: DANG)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
() C:\Program Files\BitTorrent\BitTorrent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Valve Corporation) F:\STEAM\Steam.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Piriform Ltd) C:\Program Files (x86)\CCleaner\CCleaner64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
() C:\Program Files (x86)\TRENDnet\TEW-421PC&TEW-423PI\WlanCU.exe
() C:\Users\Public\Documents\Handy Tools - Prince NRVL\taskbar_usertile_alpha_7_1_by_angelwzr-d3dcdoe\UserTile.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) F:\Itunes\iTunesHelper.exe
(CompuGeek Software) C:\Windows\PSGlass.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Valve Corporation) F:\STEAM\bin\steamwebhelper.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8292120 2013-11-14] (Logitech Inc.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [Cm106Sound] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm106.dll,CMICtrlWnd
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-05-01] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [iTunesHelper] => F:\Itunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [Aero_PowerShell] => "C:\WINDOWS\PSGlass.exe"
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [186640 2016-07-20] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [6723856 2016-07-22] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1349626508-3000817215-2059185319-1000\...\Run: [Steam] => F:\STEAM\steam.exe [2851408 2016-07-08] (Valve Corporation)
HKU\S-1-5-21-1349626508-3000817215-2059185319-1000\...\Run: [CCleaner Monitoring] => C:\Program Files (x86)\CCleaner\CCleaner64.exe [8891608 2016-07-13] (Piriform Ltd)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
AppInit_DLLs: C:\ProgramData\xifs\ZenNix.dll => No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2012-04-23]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TEW-421PC&TEW-423PI.lnk [2012-03-29]
ShortcutTarget: TEW-421PC&TEW-423PI.lnk -> C:\Program Files (x86)\TRENDnet\TEW-421PC&TEW-423PI\WlanCU.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UserTile - Shortcut.lnk [2011-04-18]
ShortcutTarget: UserTile - Shortcut.lnk -> C:\Users\Public\Documents\Handy Tools - Prince NRVL\taskbar_usertile_alpha_7_1_by_angelwzr-d3dcdoe\UserTile.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{6E97EA14-AEBE-4472-BABF-DE8B31962BDF}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{86D6C99C-350E-4EAC-9F80-A299E678CA06}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{BDD578B7-70AC-4668-A9E1-CFC3AE5A3F30}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1349626508-3000817215-2059185319-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL = 
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNf02kLCqe19CEfCMffEImTmLkDWdN-Ve9o8Upj7hufhawhatJm_pYCkt0Hcn2U7Ovzq5YB_R93Kn-8pcp_1wh0SFy_YqU1WOW3cZISOy7JClixt8lnE--G9C42jpKI02BFIxDsnd0En3mrlwTTa4ejaKbrZVnAUF1ZmfXlJDeCrM,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1349626508-3000817215-2059185319-1000 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1349626508-3000817215-2059185319-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-07-21] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-21] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-21] ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-21] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll [2012-10-04] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> F:\Itunes\Mozilla Plugins\npitunes.dll [2014-02-20] ()
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [No File]
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-21] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-05-19] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-05-19] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> f:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> f:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> f:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> f:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> f:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> f:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-07-31] [not signed]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-03] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-04-23] [not signed]
FF HKU\S-1-5-21-1349626508-3000817215-2059185319-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-1349626508-3000817215-2059185319-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\DANG\AppData\Roaming\IDM\idmmzcc3 => not found
 
Chrome: 
=======
CHR Profile: C:\Users\DANG\AppData\Local\Google\Chrome\User Data\Default
CHR Profile: C:\Users\DANG\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\DANG\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-07-28]
CHR Extension: (Google Docs) - C:\Users\DANG\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-07-28]
CHR Extension: (Google Drive) - C:\Users\DANG\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-28]
CHR Extension: (YouTube) - C:\Users\DANG\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-28]
CHR Extension: (Google Sheets) - C:\Users\DANG\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-07-28]
CHR Extension: (Google Docs Offline) - C:\Users\DANG\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\DANG\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-28]
CHR Extension: (Gmail) - C:\Users\DANG\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-28]
StartMenuInternet: Google Chrome.WH3ULBQ2QRSAESMN6MVFSLN5IU - C:\Users\DANG\AppData\Local\Google\Chrome\Application\chrome334.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [637944 2016-07-22] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5251808 2016-07-22] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1097488 2016-07-20] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [712792 2016-07-22] (AVG Technologies CZ, s.r.o.)
R2 BitTorrent; C:\Program Files\BitTorrent\BitTorrent.exe [383488 2016-07-21] () [File not signed] <==== ATTENTION
S4 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [437880 2015-08-19] (BlueStack Systems, Inc.)
S4 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413304 2015-08-19] (BlueStack Systems, Inc.)
S4 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [839288 2015-08-19] (BlueStack Systems, Inc.)
S4 ES lite Service; C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-08-24] ()
R2 FlipShare Service; C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe [460144 2011-05-06] ()
R2 FlipShareServer; C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2011-05-06] () [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-05-01] (NVIDIA Corporation)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-05-01] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-05-01] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-05-01] (NVIDIA Corporation)
S3 Origin Client Service; F:\Program Files (x86)\Origin\OriginClientService.exe [2099720 2015-11-24] (Electronic Arts)
S3 OverwolfUpdaterService; F:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [18360 2013-08-22] (Overwolf Ltd)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S4 RichVideo64; C:\Program Files\Cyberlink\Shared files\RichVideo64.exe [386344 2010-08-19] ()
S4 UnsignedThemes; C:\Windows\UnsignedThemesSvc.exe [24168 2009-07-13] (The Within Network, LLC)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-13] (Microsoft Corporation)
S3 AODDriver; C:\Program Files (x86)\Gigabyte\ET6\amd64\AODDriver.sys [57952 2013-06-18] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] ()
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [310016 2016-06-09] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [261376 2016-06-01] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [260352 2016-06-01] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [249088 2016-06-02] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [280320 2016-06-01] (AVG Technologies CZ, s.r.o.)
R0 avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [76544 2016-06-01] (AVG Technologies CZ, s.r.o.)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [146040 2015-08-19] (BlueStack Systems)
S3 dgderdrv; C:\Windows\SysWOW64\drivers\dgderdrv.sys [20032 2011-08-22] (Devguru Co., Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2012-09-04] ()
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
S3 NPF; C:\Windows\System32\drivers\npf.sys [40464 2007-11-06] (CACE Technologies)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-05-01] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-13] (NVIDIA Corporation)
S3 RTL85n64; C:\Windows\System32\DRIVERS\RTL85n64.sys [436568 2007-10-19] (Realtek)
S3 USBMULCD; C:\Windows\System32\drivers\CM10664.sys [1307648 2009-09-30] (C-Media Electronics Inc)
R2 uxpatch; C:\Windows\system32\drivers\uxpatch.sys [30568 2009-07-13] ()
S3 ALSysIO; \??\C:\Users\DANG\AppData\Local\Temp\ALSysIO64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 PlantronicsGC; system32\drivers\PLTGC.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-07-28 21:40 - 2016-07-28 21:40 - 00000000 ____D C:\Users\DANG\Desktop\FRST-OlderVersion
2016-07-28 21:39 - 2016-07-28 21:39 - 00002210 _____ C:\Users\DANG\Desktop\Google Chrome.lnk
2016-07-28 21:28 - 2016-07-28 21:10 - 00024064 _____ C:\Windows\zoek-delete.exe
2016-07-28 21:23 - 2016-07-28 21:23 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2016-07-28 21:23 - 2016-07-28 21:23 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2016-07-28 21:14 - 2016-07-28 21:14 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-28 21:14 - 2016-07-28 21:14 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-28 21:10 - 2016-07-28 21:26 - 00000000 ____D C:\zoek_backup
2016-07-28 21:10 - 2016-07-28 21:10 - 01309184 _____ C:\Users\DANG\Downloads\zoek.exe
2016-07-22 20:21 - 2016-07-22 20:22 - 00051607 _____ C:\Users\DANG\Desktop\Addition.txt
2016-07-22 20:20 - 2016-07-28 21:41 - 00023920 _____ C:\Users\DANG\Desktop\FRST.txt
2016-07-22 20:20 - 2016-07-28 21:41 - 00000000 ____D C:\FRST
2016-07-22 20:20 - 2016-07-28 21:40 - 02394112 _____ (Farbar) C:\Users\DANG\Desktop\FRST64.exe
2016-07-22 20:04 - 2016-07-22 20:04 - 00028741 _____ C:\ComboFix.txt
2016-07-22 10:32 - 2016-07-28 21:07 - 00002397 _____ C:\Windows\SysWOW64\findit.xml
2016-07-21 20:51 - 2016-07-28 21:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-07-21 20:32 - 2016-07-28 21:26 - 00002210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-07-21 19:06 - 2016-07-21 20:51 - 00000000 ___HD C:\$AVG
2016-07-21 19:06 - 2016-07-21 19:06 - 00000000 ____D C:\Users\DANG\AppData\Roaming\TuneUp Software
2016-07-21 19:06 - 2016-07-21 19:06 - 00000000 ____D C:\Users\DANG\AppData\Roaming\AVG
2016-07-21 19:06 - 2016-07-21 19:06 - 00000000 ____D C:\Program Files\Common Files\AV
2016-07-21 19:05 - 2016-07-28 21:39 - 00000000 ____D C:\ProgramData\MFAData
2016-07-21 19:05 - 2016-07-28 21:23 - 00000984 _____ C:\Users\Public\Desktop\AVG.lnk
2016-07-21 19:05 - 2016-07-28 21:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2016-07-21 19:05 - 2016-07-21 19:05 - 00000000 ____D C:\Users\DANG\AppData\Local\MFAData
2016-07-21 19:04 - 2016-07-21 19:06 - 00000000 ____D C:\ProgramData\Avg
2016-07-21 19:04 - 2016-07-21 19:06 - 00000000 ____D C:\Program Files (x86)\AVG
2016-07-21 19:03 - 2016-07-21 21:07 - 00000000 ____D C:\Users\DANG\AppData\Local\AvgSetupLog
2016-07-21 19:03 - 2016-07-21 21:07 - 00000000 ____D C:\Users\DANG\AppData\Local\Avg
2016-07-21 18:55 - 2016-07-21 18:55 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\DANG\Desktop\rkill.exe
2016-07-21 18:50 - 2016-07-21 18:50 - 00002806 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-07-21 18:50 - 2016-07-21 18:50 - 00001021 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-07-21 18:50 - 2016-07-21 18:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-07-21 18:12 - 2016-07-21 18:50 - 00003808 _____ C:\Windows\System32\Tasks\89851767
2016-07-21 18:12 - 2016-07-21 18:50 - 00003650 _____ C:\Windows\System32\Tasks\Pa8985176789851767
2016-07-21 17:57 - 2016-07-22 10:30 - 00000000 ____D C:\AdwCleaner
2016-07-21 17:57 - 2016-07-21 17:57 - 01610560 _____ (Malwarebytes) C:\Users\DANG\Desktop\JRT.exe
2016-07-21 17:56 - 2016-07-21 17:56 - 03712064 _____ C:\Users\DANG\Desktop\AdwCleaner.exe
2016-07-21 17:46 - 2011-06-25 23:45 - 00256000 _____ C:\Windows\PEV.exe
2016-07-21 17:46 - 2010-11-07 10:20 - 00208896 _____ C:\Windows\MBR.exe
2016-07-21 17:46 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-07-21 17:46 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-07-21 17:46 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-07-21 17:46 - 2000-08-30 17:00 - 00098816 _____ C:\Windows\sed.exe
2016-07-21 17:46 - 2000-08-30 17:00 - 00080412 _____ C:\Windows\grep.exe
2016-07-21 17:46 - 2000-08-30 17:00 - 00068096 _____ C:\Windows\zip.exe
2016-07-21 17:45 - 2016-07-21 17:45 - 05659291 ____R (Swearware) C:\Users\DANG\Desktop\ComboFix.exe
2016-07-21 17:33 - 2016-07-21 18:14 - 00000000 ____D C:\Program Files (x86)\AdVPN
2016-07-21 17:33 - 2016-07-21 17:33 - 00031232 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
2016-07-21 17:32 - 2016-07-21 19:12 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-07-21 17:30 - 2016-07-21 20:30 - 00000000 ____D C:\Program Files\BitTorrent
2016-07-21 17:30 - 2016-07-21 17:30 - 07105536 _____ C:\Users\DANG\AppData\Roaming\agent.dat
2016-07-21 17:30 - 2016-07-21 17:30 - 01881490 _____ C:\Users\DANG\AppData\Roaming\Singtom.tst
2016-07-21 17:30 - 2016-07-21 17:30 - 00129024 _____ C:\Users\DANG\AppData\Roaming\Installer.dat
2016-07-21 17:30 - 2016-07-21 17:30 - 00126464 _____ C:\Users\DANG\AppData\Roaming\noah.dat
2016-07-21 17:30 - 2016-07-21 17:30 - 00126464 _____ C:\Users\DANG\AppData\Roaming\lobby.dat
2016-07-21 17:30 - 2016-07-21 17:30 - 00072702 _____ C:\Users\DANG\AppData\Roaming\SoftHotkix.tst
2016-07-21 17:30 - 2016-07-21 17:30 - 00070656 _____ C:\Users\DANG\AppData\Roaming\Config.xml
2016-07-21 17:30 - 2016-07-21 17:30 - 00054272 _____ C:\Users\DANG\AppData\Roaming\ApplicationHosting.dat
2016-07-21 17:30 - 2016-07-21 17:30 - 00041472 _____ C:\Users\DANG\AppData\Local\Kontripzap.dat
2016-07-21 17:30 - 2016-07-21 17:30 - 00019536 _____ C:\Users\DANG\AppData\Roaming\InstallationConfiguration.xml
2016-07-21 17:30 - 2016-07-21 17:30 - 00018432 _____ C:\Users\DANG\AppData\Roaming\Main.dat
2016-07-21 17:30 - 2016-07-21 17:30 - 00005568 _____ C:\Users\DANG\AppData\Roaming\md.xml
2016-07-21 17:29 - 2016-07-21 17:29 - 00000000 ____D C:\Users\Public\Documents\Tools
2016-07-11 02:34 - 2016-07-11 02:34 - 00181638 _____ C:\Users\DANG\Desktop\fseprd503214.pdf
2016-07-11 01:28 - 2016-07-11 01:28 - 00215241 _____ C:\Users\DANG\Desktop\fseprd503208.pdf
2016-07-07 20:00 - 2016-07-07 20:00 - 00554499 _____ C:\Users\DANG\Desktop\QRG-Registering_for_Classes.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-07-28 21:38 - 2013-08-25 15:25 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-28 21:38 - 2012-03-29 20:25 - 00000000 ____D C:\ProgramData\NVIDIA
2016-07-28 21:38 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-28 21:26 - 2012-03-27 04:49 - 00001687 _____ C:\Users\DANG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-07-28 21:25 - 2012-03-27 04:48 - 00000000 ____D C:\Users\DANG
2016-07-28 21:19 - 2013-08-25 15:25 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-28 21:14 - 2016-03-01 01:20 - 00000000 ____D C:\Users\DANG\AppData\Local\CrashDumps
2016-07-28 21:14 - 2009-07-13 21:45 - 00021248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-28 21:14 - 2009-07-13 21:45 - 00021248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-28 21:13 - 2009-07-13 22:13 - 00800014 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-28 21:13 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2016-07-28 21:12 - 2012-11-29 12:33 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-07-22 23:06 - 2013-08-05 00:13 - 00000000 ____D C:\Users\DANG\AppData\Roaming\vlc
2016-07-22 22:28 - 2012-03-27 05:05 - 00000000 ____D C:\Users\DANG\AppData\Roaming\uTorrent
2016-07-22 20:04 - 2014-12-17 03:58 - 00000000 ____D C:\Qoobox
2016-07-22 20:03 - 2009-07-13 19:34 - 00000215 _____ C:\Windows\system.ini
2016-07-21 20:37 - 2015-10-16 21:47 - 00000000 ____D C:\Users\DANG\.oracle_jre_usage
2016-07-21 20:37 - 2013-10-23 22:53 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-07-21 20:37 - 2013-10-23 22:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-07-21 20:37 - 2012-07-31 14:53 - 00000000 ____D C:\Program Files (x86)\Java
2016-07-21 20:32 - 2013-08-25 15:25 - 00000000 ____D C:\Program Files (x86)\Google
2016-07-21 19:12 - 2012-11-29 12:33 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-07-21 19:12 - 2012-11-29 12:33 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-07-21 18:52 - 2015-10-08 22:43 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-07-21 18:52 - 2011-04-18 22:23 - 00000000 ____D C:\Windows\Panther
2016-07-21 18:50 - 2011-04-18 21:56 - 00000000 ____D C:\Program Files (x86)\CCleaner
2016-07-21 18:12 - 2012-03-27 03:18 - 00000000 ____D C:\Windows\system32\Macromed
2016-07-21 18:12 - 2011-04-18 21:57 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-07-21 18:11 - 2012-03-27 05:03 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2016-07-21 17:50 - 2014-12-17 03:58 - 00000000 ____D C:\Windows\erdnt
2016-07-21 17:50 - 2009-07-13 19:34 - 83886080 _____ C:\Windows\system32\config\SOFTWARE.bak
2016-07-21 17:50 - 2009-07-13 19:34 - 27525120 _____ C:\Windows\system32\config\SYSTEM.bak
2016-07-21 17:50 - 2009-07-13 19:34 - 00524288 _____ C:\Windows\system32\config\DEFAULT.bak
2016-07-21 17:50 - 2009-07-13 19:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2016-07-21 17:50 - 2009-07-13 19:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2016-07-21 17:31 - 2014-03-07 00:21 - 00000000 ____D C:\Users\DANG\AppData\Local\Battle.net
2016-07-14 01:38 - 2015-11-27 22:42 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
 
==================== Files in the root of some directories =======
 
2016-07-21 17:30 - 2016-07-21 17:30 - 7105536 _____ () C:\Users\DANG\AppData\Roaming\agent.dat
2016-07-21 17:30 - 2016-07-21 17:30 - 0054272 _____ () C:\Users\DANG\AppData\Roaming\ApplicationHosting.dat
2016-07-21 17:30 - 2016-07-21 17:30 - 0070656 _____ () C:\Users\DANG\AppData\Roaming\Config.xml
2016-07-21 17:30 - 2016-07-21 17:30 - 0019536 _____ () C:\Users\DANG\AppData\Roaming\InstallationConfiguration.xml
2016-07-21 17:30 - 2016-07-21 17:30 - 0129024 _____ () C:\Users\DANG\AppData\Roaming\Installer.dat
2016-07-21 17:30 - 2016-07-21 17:30 - 0126464 _____ () C:\Users\DANG\AppData\Roaming\lobby.dat
2016-07-21 17:30 - 2016-07-21 17:30 - 0018432 _____ () C:\Users\DANG\AppData\Roaming\Main.dat
2016-07-21 17:30 - 2016-07-21 17:30 - 0005568 _____ () C:\Users\DANG\AppData\Roaming\md.xml
2016-07-21 17:30 - 2016-07-21 17:30 - 0126464 _____ () C:\Users\DANG\AppData\Roaming\noah.dat
2016-07-21 17:30 - 2016-07-21 17:30 - 1881490 _____ () C:\Users\DANG\AppData\Roaming\Singtom.tst
2016-07-21 17:30 - 2016-07-21 17:30 - 0072702 _____ () C:\Users\DANG\AppData\Roaming\SoftHotkix.tst
2014-10-24 11:23 - 2014-10-24 11:23 - 0000035 _____ () C:\Users\DANG\AppData\Roaming\Statdisk.prefs
2012-06-29 19:29 - 2016-06-15 22:43 - 0054272 _____ () C:\Users\DANG\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-18 10:43 - 2012-06-18 10:43 - 0000092 _____ () C:\Users\DANG\AppData\Local\fusioncache.dat
2016-07-21 17:30 - 2016-07-21 17:30 - 0041472 _____ () C:\Users\DANG\AppData\Local\Kontripzap.dat
2013-04-22 22:15 - 2014-01-05 22:39 - 0007597 _____ () C:\Users\DANG\AppData\Local\resmon.resmoncfg
2013-01-18 01:04 - 2013-01-18 01:04 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2012-04-23 00:01 - 2012-04-23 00:07 - 0001204 _____ () C:\ProgramData\hpzinstall.log
2012-11-05 01:50 - 2016-01-31 13:35 - 0000029 _____ () C:\ProgramData\IpAndPort.fig
2012-07-06 19:08 - 2016-01-31 13:35 - 0000197 _____ () C:\ProgramData\RmUserCfg.ini
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2011-04-18 21:24
 
==================== End of FRST.txt ============================


#5 safetydang

safetydang
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 28 July 2016 - 11:48 PM

Currently 30 mins in no issues with Chrome. Usually it would instantly go to SafeFinder but, it hasn't gone there yet. AVG started and found found something called Linkley or Linkly. Notification popped up stating to block it or remove it.

Thank you for helping me. I will updated with issues and wait for further instructions. 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:17 AM

Posted 29 July 2016 - 08:38 AM

Clean the rest.

the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
AppInit_DLLs: C:\ProgramData\xifs\ZenNix.dll => No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1349626508-3000817215-2059185319-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNf02kLCqe19CEfCMffEImTmLkDWdN-Ve9o8Upj7hufhawhatJm_pYCkt0Hcn2U7Ovzq5YB_R93Kn-8pcp_1wh0SFy_YqU1WOW3cZISOy7JClixt8lnE--G9C42jpKI02BFIxDsnd0En3mrlwTTa4ejaKbrZVnAUF1ZmfXlJDeCrM,&q={searchTerms}
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [No File]
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-07-31] [not signed]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-03] [not signed]
FF HKU\S-1-5-21-1349626508-3000817215-2059185319-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\DANG\AppData\Roaming\IDM\idmmzcc3 => not found
CHR Extension: (Chrome Web Store Payments) - C:\Users\DANG\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-28]
S3 ALSysIO; \??\C:\Users\DANG\AppData\Local\Temp\ALSysIO64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 PlantronicsGC; system32\drivers\PLTGC.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Users\DANG\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.

#7 safetydang

safetydang
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 29 July 2016 - 10:48 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 27-07-2016
Ran by DANG (2016-07-29 08:43:19) Run:1
Running from C:\Users\DANG\Desktop\FRST64
Loaded Profiles: DANG (Available Profiles: DANG)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
 
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
AppInit_DLLs: C:\ProgramData\xifs\ZenNix.dll => No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1349626508-3000817215-2059185319-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNf02kLCqe19CEfCMffEImTmLkDWdN-Ve9o8Upj7hufhawhatJm_pYCkt0Hcn2U7Ovzq5YB_R93Kn-8pcp_1wh0SFy_YqU1WOW3cZISOy7JClixt8lnE--G9C42jpKI02BFIxDsnd0En3mrlwTTa4ejaKbrZVnAUF1ZmfXlJDeCrM,&q={searchTerms}
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [No File]
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-07-31] [not signed]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-03] [not signed]
FF HKU\S-1-5-21-1349626508-3000817215-2059185319-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\DANG\AppData\Roaming\IDM\idmmzcc3 => not found
CHR Extension: (Chrome Web Store Payments) - C:\Users\DANG\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-28]
S3 ALSysIO; \??\C:\Users\DANG\AppData\Local\Temp\ALSysIO64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 PlantronicsGC; system32\drivers\PLTGC.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Users\DANG\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE => value removed successfully
"C:\ProgramData\xifs\ZenNix.dll" => Value data removed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-1349626508-3000817215-2059185319-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\ielnksrch" => key removed successfully
HKCR\Wow6432Node\CLSID\ielnksrch => key not found. 
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=2.3.0" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => key removed successfully
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} => moved successfully
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-07-31] [not signed] => not found
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} => moved successfully
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-03] [not signed] => not found
HKU\S-1-5-21-1349626508-3000817215-2059185319-1000\Software\Mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com => value removed successfully
C:\Users\DANG\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
ALSysIO => service removed successfully
catchme => service removed successfully
EagleX64 => service removed successfully
PlantronicsGC => service removed successfully
VGPU => service removed successfully
"C:\Users\DANG\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda" => not found.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 15939383 B
Java, Flash, Steam htmlcache => 269631464 B
Windows/system/drivers => 245108 B
Edge => 0 B
Chrome => 98216563 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 33253 B
systemprofile32 => 43175 B
LocalService => 0 B
NetworkService => 0 B
DANG => 3416822 B


#8 safetydang

safetydang
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 29 July 2016 - 10:52 AM

Both IE and Chrome no longer go to SafeSearch website. AVG no longer detecting incoming virus. Before every time I restarted the computer 4 Virus notifications would come up from AVG. 



#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:17 AM

Posted 30 July 2016 - 06:57 AM

Glad we could help.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#10 safetydang

safetydang
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 30 July 2016 - 09:23 PM

Glad we could help.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

Thank you so much! 



#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:17 AM

Posted 31 July 2016 - 08:42 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:17 AM

Posted 31 July 2016 - 08:42 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users