Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to perform Windows Update and high CPU Usage while idle


  • This topic is locked This topic is locked
12 replies to this topic

#1 Ayukiba

Ayukiba

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:06 PM

Posted 25 July 2016 - 11:27 AM

I'm unable to do a windows update. There are 10 available updates I can do but whenever I start it up it stays at "(0KB total, 0% complete)" all the time. I googled searched this and read up on a Microsoft community thread that it could be malware(http://answers.microsoft.com/en-us/windows/forum/windows_other-update/windows-update-wont-download-just-stays-at-0/8e858a10-9629-4bb0-bf8f-4c27ef4e8ce5?auth=1). I'm not really sure how to remove this problem as well as I noticed that I get significant high CPU usage from svchost.exe which almost takes up about 400,000 K upon starting up and having steam which  leads to about 20-25% CPU usage while idle. 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-07-2016
Ran by ZetoX (administrator) on CA-HOME-01 (25-07-2016 11:15:55)
Running from C:\Users\ZetoX\Desktop
Loaded Profiles: ZetoX (Available Profiles: ZetoX & DefaultAppPool)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Flux Software LLC) C:\Users\ZetoX\AppData\Local\FluxSoftware\Flux\flux.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\ZetoX\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\rzcefrenderprocess.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13776088 2014-12-11] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1391472 2014-12-11] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-04-28] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [UXTheme Launcher] => C:\Program Files (x86)\UXTheme Multi-Patcher\themeengine.exe [239870 2015-03-06] (Windows X)
HKLM-x32\...\Run: [KeyScrambler] => C:\Program Files (x86)\KeyScrambler\keyscrambler.exe [515600 2016-04-01] (QFX Software Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2016-07-07] (Razer Inc.)
HKLM\...\runonceex: [flags] => 8
HKU\S-1-5-21-1045874412-1776284438-1166630217-1000\...\Run: [f.lux] => C:\Users\ZetoX\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-1045874412-1776284438-1166630217-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8721624 2016-05-13] (Piriform Ltd)
HKU\S-1-5-21-1045874412-1776284438-1166630217-1000\...\Run: [GlassWire] => C:\Program Files (x86)\GlassWire\glasswire.exe [5742032 2016-07-03] (SecureMix LLC)
HKU\S-1-5-21-1045874412-1776284438-1166630217-1000\...\Policies\Explorer: [HideSCAVolume] 0
HKU\S-1-5-21-1045874412-1776284438-1166630217-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-1045874412-1776284438-1166630217-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\FAHScreensaver.scr
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  No File
Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall LastPass RunOnce.lnk [2015-06-23]
ShortcutTarget: Uninstall LastPass RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (No File)
Startup: C:\Users\ZetoX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShareX.lnk [2016-07-22]
ShortcutTarget: ShareX.lnk -> E:\ShareX\ShareX.exe (ShareX Team)
GroupPolicyScripts: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{E9D22E61-847F-42EA-8C0E-F0A42ECAF356}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Internet Explorer:
==================
HKU\S-1-5-21-1045874412-1776284438-1166630217-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1045874412-1776284438-1166630217-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1045874412-1776284438-1166630217-1000 -> DefaultScope {2039DD3E-4E72-4C20-90E7-9FD959AA7D06} URL = hxxp://www.google.com/cse?cx=partner-pub-0900663996874144:4435833467&ie=UTF-8&q={searchTerms}&sa=Search&ref=#gsc.tab=0&gsc.q={searchTerms}&gsc.page=1
SearchScopes: HKU\S-1-5-21-1045874412-1776284438-1166630217-1000 -> {2039DD3E-4E72-4C20-90E7-9FD959AA7D06} URL = hxxp://www.google.com/cse?cx=partner-pub-0900663996874144:4435833467&ie=UTF-8&q={searchTerms}&sa=Search&ref=#gsc.tab=0&gsc.q={searchTerms}&gsc.page=1
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-05-17] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-05-16] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-04-12] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-16] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-05-17] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> E:\java exe\bin\ssv.dll [2016-04-30] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-04-12] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> E:\java exe\bin\jp2ssv.dll [2016-04-30] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)
 
FireFox:
========
FF ProfilePath: C:\Users\ZetoX\AppData\Roaming\Mozilla\Firefox\Profiles\er4iwddb.default
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-16] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-01-26] (Unity Technologies ApS)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll [2016-06-05] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> E:\java exe\bin\dtplugin\npDeployJava1.dll [2016-04-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> E:\java exe\bin\plugin2\npjp2.dll [2016-04-30] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-05-05] (Microsoft Corporation)
FF Plugin-x32: @ogplanet.com/npOGPPlugin -> C:\Windows\system32\npOGPPlugin.dll [No File]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Plugin HKU\.DEFAULT: gingersoftware.com/gingerPlugin -> C:\Program Files (x86)\Ginger\GingerServices\GingerServicesProxy.dll [No File]
FF Plugin HKU\S-1-5-21-1045874412-1776284438-1166630217-1000: @nsroblox.roblox.com/launcher -> C:\Program Files (x86)\Roblox\Versions\version-9d174e484c8b493e\\NPRobloxProxy.dll [No File]
FF Plugin HKU\S-1-5-21-1045874412-1776284438-1166630217-1000: @nsroblox.roblox.com/launcher64 -> C:\Program Files (x86)\Roblox\Versions\version-9d174e484c8b493e\\NPRobloxProxy64.dll [No File]
FF Plugin HKU\S-1-5-21-1045874412-1776284438-1166630217-1000: @screenleap.com/ScreenleapPlugin,version=1.1 -> C:\Users\ZetoX\AppData\Local\Screenleap\npscreenleap1.1.dll [2014-11-12] (ScreenLeap, Inc.)
FF Plugin HKU\S-1-5-21-1045874412-1776284438-1166630217-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\ZetoX\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-07-07] (Unity Technologies ApS)
FF Extension: Avira Browser Safety - C:\Users\ZetoX\AppData\Roaming\Mozilla\Firefox\Profiles\er4iwddb.default\Extensions\abs@avira.com [2015-06-20] [not signed]
FF Extension: BetterTTV - C:\Users\ZetoX\AppData\Roaming\Mozilla\Firefox\Profiles\er4iwddb.default\Extensions\firefox@betterttv.net.xpi [2015-06-20] [not signed]
FF Extension: Adblock Plus - C:\Users\ZetoX\AppData\Roaming\Mozilla\Firefox\Profiles\er4iwddb.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-06-20]
FF HKLM-x32\...\Firefox\Extensions: [firefox@gingersoftware.2.0.0.74.com] - C:\Program Files (x86)\Ginger\Mozilla\firefox@gingersoftware.2.0.0.74.com => not found
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={19F8A679-A3F0-11E2-8AE4-50E549B9285D}
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> duckduckgo.com
CHR DefaultSuggestURL: Default -> hxxps://ac.duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Profile: C:\Users\ZetoX\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Magic Actions for YouTube™) - C:\Users\ZetoX\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2016-07-03]
CHR Extension: (BetterTTV) - C:\Users\ZetoX\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2016-06-03]
CHR Extension: (Google Drive) - C:\Users\ZetoX\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\ZetoX\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (uBlock Origin) - C:\Users\ZetoX\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-06-25]
CHR Extension: (Google Tips) - C:\Users\ZetoX\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnhacgcmhcgppboemgoobibkhlpglejb [2016-07-24]
CHR Extension: (Google Search) - C:\Users\ZetoX\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (the quiet place) - C:\Users\ZetoX\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbbkjidgehnkkhcppdpnicohbhblkfdp [2015-02-17]
CHR Extension: (Papaly Bookmark Manager) - C:\Users\ZetoX\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebaemiclbgheekdodbcengpahonmfnla [2016-07-24]
CHR Extension: (Session Buddy) - C:\Users\ZetoX\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2016-04-30]
CHR Extension: (Google Calendar) - C:\Users\ZetoX\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-10-13]
CHR Extension: (Join by joaoapps) - C:\Users\ZetoX\AppData\Local\Google\Chrome\User Data\Default\Extensions\flejfacjooompmliegamfbpjjdlhokhj [2016-07-19]
CHR Extension: (Planning Center Services) - C:\Users\ZetoX\AppData\Local\Google\Chrome\User Data\Default\Extensions\gajngmgnjagbmbkkihobcmmokgbmbgan [2016-07-24]
CHR Extension: (appchan x) - C:\Users\ZetoX\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfibffekgcmgabbfaibbbcapgnfobnoi [2016-02-14]
CHR Extension: (Google Docs Offline) - C:\Users\ZetoX\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Dark Grey With Orange Highlight Chrome Theme) - C:\Users\ZetoX\AppData\Local\Google\Chrome\User Data\Default\Extensions\iiimckfhccecppknoingmkhomknkjolb [2016-07-24]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\ZetoX\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2016-03-16]
CHR Extension: (The Great Suspender) - C:\Users\ZetoX\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2015-11-28]
CHR Extension: (ButtonBass Player Piano) - C:\Users\ZetoX\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkmkonkgohgomnnkaclbiammkcjenfdi [2016-07-24]
CHR Extension: (Ghostery) - C:\Users\ZetoX\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2016-02-22]
CHR Extension: (My Study Life) - C:\Users\ZetoX\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnjdjjiobjicmlhnjlogfgbibihjhkeo [2016-07-24]
CHR Extension: (Save to Pocket) - C:\Users\ZetoX\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2016-07-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ZetoX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Todo.ly) - C:\Users\ZetoX\AppData\Local\Google\Chrome\User Data\Default\Extensions\obhefmbclkekanpjjpkbciloojcmpkap [2016-07-24]
CHR Extension: (Study Planner - Gets Homework & Essays Done) - C:\Users\ZetoX\AppData\Local\Google\Chrome\User Data\Default\Extensions\oigefcidhkeifchgbnknfmgdapejholn [2016-07-24]
CHR Extension: (Enhanced Steam) - C:\Users\ZetoX\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2016-07-07]
CHR Extension: (Gmail) - C:\Users\ZetoX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\ZetoX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-07-21]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hglljpndoeopcpehilglkbnincooinnb] - C:\Users\ZetoX\AppData\Local\Flvto Plugin for Google Chrome\the_extension.crx [2013-08-30]
 
Opera: 
=======
OPR StartupUrls:  "hxxp://www.viceice.com/" 
OPR Extension: (Ghostery) - C:\Users\ZetoX\AppData\Roaming\Opera Software\Opera Stable\Extensions\bbkekonodcdmedgffkkbgmnnekbainbg [2015-08-11]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-07-15] (Advanced Micro Devices, Inc.) [File not signed]
S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [441216 2015-05-09] ()
S4 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2015-03-07] (BitRaider, LLC)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2010-02-02] (Microsoft Corporation)
S4 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_host.exe [76616 2016-06-20] (Google Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3009776 2016-05-27] (Microsoft Corporation)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [232208 2016-07-23] (EasyAntiCheat Ltd)
S4 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [4342224 2016-07-03] (SecureMix LLC)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-07-12] (Hi-Rez Studios) [File not signed]
U2 iprip; C:\Windows\System32\iprip.dll [35328 2009-07-13] (Microsoft Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4797064 2013-11-05] (INCA Internet Co., Ltd.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2015-10-31] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-04] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation)
R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-20] (Microsoft Corporation)
S4 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 Themes; C:\Windows\SysWOW64\themeservice.dll [44544 2015-01-12] (Microsoft Corporation) [File not signed]
S4 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe [36352 2015-09-04] ()
S4 VMAuthdService; E:\VMware\vmware-authd.exe [87744 2014-11-20] (VMware, Inc.)
S4 VMwareHostd; E:\VMware\vmware-hostd.exe [12730560 2014-11-20] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-12-14] (AVG Technologies)
R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2734080 2013-04-11] (C-Media Inc)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 ElgatoGC658Y; C:\Windows\System32\Drivers\ElgatoGC658.sys [50288 2012-11-12] (UB658)
S3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2015-07-09] (Echobit, LLC)
R1 gwdrv; C:\Windows\System32\DRIVERS\gwdrv.sys [33248 2015-05-28] (SecureMix LLC)
R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [224720 2015-08-18] (QFX Software Corporation)
S3 Larmkanal; C:\Windows\System32\DRIVERS\Larmkanal.sys [32680 2015-06-09] (Adoriasoft LLC)
S4 LMIRfsClientNP; no ImagePath
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 Phosgene; C:\Windows\System32\DRIVERS\Phosgene.sys [31656 2015-06-08] ()
S3 ptun0901; C:\Windows\System32\DRIVERS\ptun0901.sys [40664 2014-03-10] (The OpenVPN Project)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [50392 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-09-22] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [130880 2015-12-14] (Razer, Inc.)
S3 RZSURROUNDVADService; C:\Windows\System32\drivers\RzSurroundVAD.sys [40640 2015-02-09] (Windows ® Win 7 DDK provider)
R3 tap-tb-0901; C:\Windows\System32\DRIVERS\tap-tb-0901.sys [38656 2014-08-12] (The OpenVPN Project)
R3 tapqqvipacc; C:\Windows\System32\DRIVERS\tapqqvipacc.sys [30720 2013-09-08] (The OpenVPN Project)
S3 tapSF0901; C:\Windows\System32\DRIVERS\tapSF0901.sys [39104 2014-05-06] (Spotflux, Inc.)
R1 VBoxUSBMon; C:\Windows\System32\DRIVERS\VBoxUSBMon.sys [127432 2015-09-16] (BigNox Corporation)
R1 veracrypt; C:\Windows\System32\drivers\veracrypt.sys [198248 2016-04-18] (IDRIX)
S3 vhidmini; C:\Windows\System32\DRIVERS\vjoy.sys [15544 2013-04-18] (Headsoft)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [76480 2014-11-17] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-08-28] (VMware, Inc.)
S3 X6va015; no ImagePath
S3 xb1usb; C:\Windows\System32\DRIVERS\xb1usb.sys [34016 2014-05-27] (Microsoft Corporation)
R1 XQHDrv; C:\Windows\System32\DRIVERS\XQHDrv.sys [253384 2015-09-15] (BigNox Corporation)
R1 XQHDrv; C:\Windows\SysWOW64\DRIVERS\XQHDrv.sys [253384 2015-09-15] (BigNox Corporation)
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 cpuz137; \??\C:\Windows\TEMP\cpuz137\cpuz137_x64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 X6va021; \??\C:\Windows\SysWOW64\Drivers\X6va021 [X]
S3 X6va029; \??\C:\Windows\SysWOW64\Drivers\X6va029 [X]
S3 X6va062; \??\C:\Windows\SysWOW64\Drivers\X6va062 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2099-01-18 15:31 - 2016-06-08 18:05 - 01008128 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-07-25 11:15 - 2016-07-25 11:16 - 00028546 _____ C:\Users\ZetoX\Desktop\FRST.txt
2016-07-25 11:15 - 2016-07-25 11:15 - 02394112 _____ (Farbar) C:\Users\ZetoX\Desktop\FRST64.exe
2016-07-24 19:32 - 2016-07-24 19:32 - 00000000 ____D C:\Users\ZetoX\AppData\Local\TempTaskUpdateDetectionC9BE23C8-86B4-48AA-B261-2E5BE216BB51
2016-07-24 18:01 - 2016-07-24 18:01 - 04952336 _____ (Advanced Micro Devices, Inc.) C:\Users\ZetoX\Downloads\autodetectutility.exe
2016-07-23 22:33 - 2016-07-23 22:33 - 00000000 ____D C:\Users\ZetoX\AppData\Local\TempTaskUpdateDetection1223C270-AD4E-4D53-8CFF-864988B9A441
2016-07-23 11:24 - 2016-07-23 11:25 - 00000140 _____ C:\Windows\Reimage.ini
2016-07-22 10:24 - 2016-07-22 11:22 - 00000000 ____D C:\Users\ZetoX\Documents\Overwatch
2016-07-22 10:23 - 2016-07-22 10:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overwatch
2016-07-22 10:03 - 2016-07-24 23:13 - 00000000 ____D C:\Users\ZetoX\AppData\Local\Battle.net
2016-07-22 10:03 - 2016-07-22 10:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2016-07-22 10:01 - 2016-07-22 10:04 - 00000000 ____D C:\Users\ZetoX\AppData\Roaming\Battle.net
2016-07-22 09:58 - 2016-07-22 09:59 - 03012080 _____ (Blizzard Entertainment) C:\Users\ZetoX\Downloads\Battle.net-Setup.exe
2016-07-21 12:43 - 2016-07-21 12:43 - 03163631 _____ C:\Users\ZetoX\Downloads\LightNovelPOP_FONT.zip
2016-07-21 12:43 - 2016-07-21 12:43 - 00150275 _____ C:\Users\ZetoX\Downloads\mitubachi.zip
2016-07-21 12:43 - 2016-07-21 12:43 - 00067831 _____ C:\Users\ZetoX\Downloads\mouhitu.zip
2016-07-21 12:42 - 2016-07-21 12:42 - 00362967 _____ C:\Users\ZetoX\Downloads\Mutsugo-Font.zip
2016-07-21 12:42 - 2016-07-21 12:42 - 00275732 _____ C:\Users\ZetoX\Downloads\タロ子フォント.zip
2016-07-21 12:42 - 2016-07-21 12:42 - 00087319 _____ C:\Users\ZetoX\Downloads\えみんこフォント.zip
2016-07-21 12:41 - 2016-07-21 12:41 - 03205748 _____ C:\Users\ZetoX\Downloads\851CHIKARA-DZUYOKU_kanaA.ttf
2016-07-21 12:38 - 2016-07-21 12:38 - 13615758 _____ C:\Users\ZetoX\Downloads\TAKUMIYFONT20160613.zip
2016-07-21 12:31 - 2016-07-21 12:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GDevelop
2016-07-21 12:22 - 2016-07-21 12:22 - 16457382 _____ (The qBittorrent project) C:\Users\ZetoX\Downloads\qbittorrent_3.3.6_setup.exe
2016-07-19 23:13 - 2016-07-19 23:13 - 00481798 _____ C:\Users\ZetoX\Downloads\pogo-optimizer-master.zip
2016-07-19 08:01 - 2016-07-19 08:25 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-07-18 19:34 - 2016-07-18 19:35 - 113598877 _____ (Florian Rival ) C:\Users\ZetoX\Downloads\gd4092.exe
2016-07-18 01:04 - 2016-07-18 01:04 - 00000000 ____D C:\TDSSKiller_Quarantine
2016-07-18 01:02 - 2016-07-18 01:04 - 00230756 _____ C:\TDSSKiller.3.1.0.9_18.07.2016_01.02.56_log.txt
2016-07-17 09:16 - 2016-07-24 11:43 - 00000000 ____D C:\Users\ZetoX\vmlogs
2016-07-17 09:16 - 2016-07-24 11:43 - 00000000 ____D C:\Users\ZetoX\.BigNox
2016-07-17 09:16 - 2016-07-17 09:16 - 00000000 ____D C:\Users\ZetoX\Nox_share
2016-07-17 09:16 - 2016-07-17 09:16 - 00000000 ____D C:\Users\ZetoX\AppData\Roaming\Microsoft\Windows\Start Menu\Nox
2016-07-17 09:16 - 2015-09-16 01:07 - 00127432 _____ (BigNox Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2016-07-17 09:15 - 2016-07-24 11:43 - 00000000 ____D C:\Users\ZetoX\AppData\Local\Nox
2016-07-17 09:15 - 2016-07-17 09:16 - 00000000 ____D C:\Program Files\Bignox
2016-07-17 09:15 - 2016-07-17 09:15 - 00000000 ____D C:\Users\ZetoX\AppData\Roaming\Nox
2016-07-17 09:15 - 2015-09-15 22:29 - 00253384 _____ (BigNox Corporation) C:\Windows\system32\Drivers\XQHDrv.sys
2016-07-14 23:29 - 2016-07-25 11:13 - 01137734 _____ C:\Windows\ntbtlog.txt
2016-07-14 15:03 - 2016-07-14 15:03 - 00000132 _____ C:\Users\ZetoX\AppData\Roaming\Adobe BMP Format CS6 Prefs
2016-07-13 22:50 - 2016-07-13 22:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GlassWire
2016-07-13 22:50 - 2015-05-28 23:30 - 00008657 _____ C:\Windows\system32\Drivers\gwdrv.cat
2016-07-13 22:50 - 2015-05-28 23:15 - 00033248 _____ (SecureMix LLC) C:\Windows\system32\Drivers\gwdrv.sys
2016-07-13 22:49 - 2016-07-13 22:50 - 00000000 ____D C:\Program Files (x86)\GlassWire
2016-07-11 16:58 - 2016-07-11 16:58 - 00000000 ____D C:\Users\ZetoX\AppData\Local\TempTaskUpdateDetection760F1FE5-9860-474C-A69F-DD2F49BA75B3
2016-07-11 16:50 - 2016-07-11 16:50 - 00000000 ____D C:\Users\ZetoX\AppData\Local\TempTaskUpdateDetectionFE9AC0D3-8E6A-47DA-885D-E4A7F50123C6
2016-07-11 11:01 - 2016-07-11 11:01 - 00000000 ____D C:\Users\ZetoX\AppData\Local\TempTaskUpdateDetectionED0A9C3A-481F-4C4D-9CEF-EDA252120ECC
2016-07-10 16:03 - 2016-07-10 16:03 - 00000000 ____D C:\Program Files (x86)\OnePlus USB Drivers
2016-07-10 15:59 - 2016-07-10 16:03 - 00000000 ____D C:\Android
2016-07-10 15:55 - 2016-07-10 19:15 - 00000000 ____D C:\adb
2016-07-10 15:55 - 2014-04-25 06:00 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2016-07-10 15:55 - 2014-04-25 06:00 - 01002728 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller2.dll
2016-07-10 15:49 - 2016-07-10 15:51 - 157010698 _____ C:\Users\ZetoX\backup.ab
2016-07-08 22:55 - 2016-07-08 22:55 - 00000000 ____D C:\Users\ZetoX\AppData\Local\ShooterGame
2016-07-08 22:16 - 2016-07-08 22:16 - 00000000 ____D C:\Users\ZetoX\AppData\Local\TempTaskUpdateDetection530D3C4D-0AAB-4C60-AB9A-7DACC426E2D1
2016-07-08 22:13 - 2016-07-08 22:13 - 00000000 ____D C:\Users\ZetoX\AppData\Local\TempTaskUpdateDetection08CA9C50-18C3-46DC-99EE-5776924B1A13
2016-07-08 21:27 - 2016-07-08 21:27 - 00000000 ____D C:\Users\ZetoX\AppData\Local\TempTaskUpdateDetection979BFC80-516F-4F4C-A2BF-9F641E1FED25
2016-07-08 14:48 - 2016-07-08 14:48 - 00000000 ____D C:\Users\ZetoX\AppData\Local\TempTaskUpdateDetectionC9520F54-150C-4875-ABCC-ACAA769CC342
2016-07-03 16:30 - 2016-07-03 16:30 - 00000000 ____D C:\Users\ZetoX\AppData\LocalLow\CyberCoconut
2016-07-03 12:38 - 2016-07-23 17:02 - 00232208 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe
2016-07-03 12:34 - 2016-07-14 00:16 - 00000000 ____D C:\Users\ZetoX\AppData\Local\wf-launcher
2016-07-03 12:34 - 2016-07-14 00:06 - 00000000 ____D C:\ProgramData\GFACE
2016-07-02 20:52 - 2016-07-02 20:52 - 00000000 ____D C:\Users\ZetoX\AppData\Local\SWARMRIDERS
2016-07-02 19:02 - 2016-07-02 19:02 - 00000000 ____D C:\Users\ZetoX\Documents\Zaccaria_Pinball
2016-07-02 18:50 - 2015-07-18 08:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-07-02 18:50 - 2015-07-18 08:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-07-02 18:50 - 2015-07-18 08:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-07-02 18:50 - 2015-07-18 08:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-07-02 18:50 - 2015-07-18 08:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-07-02 18:50 - 2015-07-18 08:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-07-02 18:50 - 2015-07-18 08:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-07-02 18:50 - 2015-07-18 08:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-07-02 18:50 - 2015-07-18 08:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-07-02 18:50 - 2015-07-18 08:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-07-02 18:50 - 2015-07-18 08:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-07-02 18:50 - 2015-07-18 08:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-07-02 18:50 - 2015-07-18 08:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-07-02 18:50 - 2015-07-18 08:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-07-02 18:50 - 2015-07-18 08:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-07-02 18:50 - 2015-07-18 08:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-07-02 18:50 - 2015-07-18 08:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-07-02 18:50 - 2015-07-18 08:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-07-02 18:50 - 2015-07-18 08:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-07-02 18:50 - 2015-07-18 08:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-07-02 18:50 - 2015-07-18 08:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-07-02 18:50 - 2015-07-18 08:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-07-02 18:50 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-07-02 18:50 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-07-02 18:50 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-07-02 18:50 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-07-02 18:50 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-07-02 18:50 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-07-02 18:50 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-07-02 18:50 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-07-02 18:50 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-07-02 18:50 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-07-02 18:50 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-07-02 18:50 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-07-02 18:50 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-07-02 18:50 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-07-02 18:50 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-07-02 18:50 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-07-02 18:50 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2016-07-02 18:50 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-07-02 18:50 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-07-02 18:50 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-07-02 18:50 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-07-02 18:50 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2016-07-02 18:50 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-07-02 18:50 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-07-02 18:50 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-07-02 18:50 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-06-28 16:22 - 2016-06-28 16:22 - 00000000 ____D C:\Users\ZetoX\AppData\Local\TempTaskUpdateDetection33AE25F8-04CC-4F80-8116-2A0C94417856
2016-06-27 01:30 - 2016-06-27 01:30 - 00000000 ____D C:\Users\ZetoX\AppData\Roaming\VSRevoGroup
2016-06-27 01:12 - 2016-06-27 01:12 - 00000000 ____D C:\Users\ZetoX\AppData\Local\Topaz Labs
2016-06-26 22:05 - 2016-06-29 22:47 - 00000000 ____D C:\Users\ZetoX\AppData\Local\Hero_Siege
2016-06-26 19:00 - 2016-06-26 19:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2016-06-25 01:17 - 2016-06-25 01:19 - 00000000 ____D C:\Users\ZetoX\AppData\Roaming\12ibt6
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-07-25 11:15 - 2015-07-12 19:21 - 00000000 ____D C:\FRST
2016-07-25 11:13 - 2015-02-09 21:35 - 00000000 ____D C:\Users\ZetoX\Documents\ShareX
2016-07-25 11:13 - 2014-11-02 18:42 - 00000000 ____D C:\ProgramData\VMware
2016-07-25 11:13 - 2014-09-23 23:30 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-25 11:13 - 2014-08-17 20:46 - 00000000 ____D C:\Users\ZetoX\AppData\Local\Adobe
2016-07-25 11:13 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-25 11:00 - 2009-07-13 23:45 - 00025664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-25 11:00 - 2009-07-13 23:45 - 00025664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-25 10:11 - 2014-09-23 23:30 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-25 10:09 - 2009-07-14 00:13 - 00978830 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-25 10:09 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-07-25 10:04 - 2013-12-14 00:23 - 00000000 ____D C:\Program Files (x86)\Steam
2016-07-24 20:36 - 2014-08-04 21:43 - 00000000 ____D C:\Users\ZetoX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2016-07-24 20:21 - 2016-03-14 18:59 - 00000000 ____D C:\Users\ZetoX\AppData\Roaming\calibre
2016-07-24 15:28 - 2013-12-14 00:19 - 00000000 ____D C:\Users\ZetoX\AppData\Roaming\Skype
2016-07-23 16:54 - 2014-03-09 15:37 - 00000000 ____D C:\Users\ZetoX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-07-22 10:03 - 2015-02-09 21:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShareX
2016-07-22 10:01 - 2014-06-22 01:58 - 00000000 ____D C:\ProgramData\Battle.net
2016-07-21 18:24 - 2016-06-21 08:21 - 00000000 ____D C:\Users\ZetoX\.GDevelop
2016-07-21 18:21 - 2016-06-21 08:29 - 00000000 ____D C:\Users\ZetoX\GDevelop projects
2016-07-21 18:15 - 2016-02-01 07:23 - 05700192 _____ C:\Windows\system32\FNTCACHE.DAT
2016-07-21 13:28 - 2015-10-03 11:47 - 00000000 ____D C:\Users\ZetoX\AppData\Roaming\qBittorrent
2016-07-21 13:01 - 2015-01-04 22:19 - 00001456 _____ C:\Users\ZetoX\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-07-21 12:44 - 2016-01-31 20:08 - 00240312 _____ C:\Users\ZetoX\AppData\Local\GDIPFONTCACHEV1.DAT
2016-07-20 17:13 - 2014-09-23 23:31 - 00002205 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-07-19 10:25 - 2016-06-06 17:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
2016-07-19 08:01 - 2016-03-16 13:09 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-19 08:00 - 2016-03-16 13:09 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-07-17 09:16 - 2016-05-16 16:43 - 00000000 ____D C:\Users\ZetoX\.android
2016-07-17 09:16 - 2013-12-12 20:17 - 00000000 ____D C:\Users\ZetoX
2016-07-17 09:15 - 2016-06-13 02:56 - 00000000 ____D C:\Program Files\DIFX
2016-07-15 16:34 - 2014-03-09 14:34 - 00000000 ____D C:\Users\ZetoX\AppData\Roaming\Notepad++
2016-07-14 23:24 - 2014-01-18 19:42 - 00000000 ____D C:\Users\ZetoX\AppData\Local\CrashDumps
2016-07-14 10:22 - 2016-06-06 17:10 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2016-07-13 12:41 - 2015-07-02 03:51 - 00000000 ____D C:\Users\ZetoX\AppData\Roaming\discord
2016-07-13 11:57 - 2014-12-25 15:16 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-07-13 11:57 - 2013-12-12 21:18 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-07-12 04:39 - 2015-07-02 03:51 - 00000000 ____D C:\Users\ZetoX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2016-07-12 04:39 - 2015-07-02 03:51 - 00000000 ____D C:\Users\ZetoX\AppData\Local\Discord
2016-07-11 10:22 - 2016-02-27 22:57 - 00000000 ____D C:\Users\ZetoX\AppData\Local\UnrealEngine
2016-07-10 15:38 - 2016-04-30 21:46 - 00000000 ____D C:\Users\ZetoX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Android SDK Tools
2016-07-10 15:37 - 2016-05-16 16:02 - 00000000 ____D C:\Users\ZetoX\AppData\Local\Android
2016-07-06 19:39 - 2010-11-20 22:27 - 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-07-03 22:30 - 2016-02-25 04:55 - 00000000 ____D C:\Users\ZetoX\AppData\Roaming\MusicBee
2016-07-03 01:11 - 2016-02-02 20:36 - 00000000 ____D C:\Users\ZetoX\Documents\American Truck Simulator
2016-07-02 18:50 - 2013-12-12 20:23 - 00000000 ____D C:\ProgramData\Package Cache
2016-06-30 06:50 - 2016-01-20 19:07 - 00001692 _____ C:\Users\ZetoX\.bash_history
2016-06-28 20:24 - 2016-01-20 22:30 - 00000000 ____D C:\Users\ZetoX\AppData\Roaming\BetterDiscord
2016-06-28 16:53 - 2013-12-22 18:27 - 00000132 _____ C:\Users\ZetoX\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-06-28 16:43 - 2014-08-05 02:00 - 00000000 ____D C:\Program Files (x86)\Topaz Labs
2016-06-28 16:43 - 2013-12-31 14:48 - 00000000 ____D C:\Program Files\Common Files\Topaz Labs
2016-06-27 16:42 - 2009-07-14 00:08 - 00032562 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-06-27 02:38 - 2014-01-19 21:02 - 00000000 ____D C:\Program Files\Folder Colorizer
2016-06-27 01:56 - 2016-03-14 18:59 - 00000000 ____D C:\Users\ZetoX\Documents\Calibre Library
2016-06-27 01:51 - 2013-12-13 23:59 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-06-27 01:51 - 2013-12-12 23:21 - 00000000 ____D C:\Users\ZetoX\AppData\Roaming\Adobe
2016-06-27 01:29 - 2016-04-03 03:34 - 00000000 ____D C:\Users\ZetoX\AppData\Roaming\Dual Monitor Tools
 
==================== Files in the root of some directories =======
 
2016-07-14 15:03 - 2016-07-14 15:03 - 0000132 _____ () C:\Users\ZetoX\AppData\Roaming\Adobe BMP Format CS6 Prefs
2015-10-11 11:30 - 2015-10-11 11:30 - 0000132 _____ () C:\Users\ZetoX\AppData\Roaming\Adobe IllExport Filter CS6 Prefs
2013-12-22 18:27 - 2016-06-28 16:53 - 0000132 _____ () C:\Users\ZetoX\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-03-11 20:19 - 2014-07-13 07:23 - 0000132 _____ () C:\Users\ZetoX\AppData\Roaming\Adobe Targa Format CS6 Prefs
2014-01-21 06:57 - 2014-01-21 06:57 - 0000014 _____ () C:\Users\ZetoX\AppData\Roaming\checkV8
2014-03-17 19:07 - 2014-03-17 19:07 - 0091521 _____ () C:\Users\ZetoX\AppData\Roaming\icarus-dxdiag.xml
2016-03-21 19:04 - 2016-03-21 19:04 - 240397312 _____ () C:\Users\ZetoX\AppData\Roaming\Launcher.dat
2014-06-15 01:20 - 2014-06-15 01:20 - 0000099 _____ () C:\Users\ZetoX\AppData\Roaming\LauncherSettings_live.cfg
2015-12-07 22:23 - 2015-12-07 22:24 - 0004504 _____ () C:\Users\ZetoX\AppData\Roaming\SpeedRunnersLog.txt
2014-06-15 01:13 - 2014-06-15 01:13 - 0000040 _____ () C:\Users\ZetoX\AppData\Roaming\TheHunterSettings_steam_live.cfg
2016-03-21 19:04 - 2016-03-21 22:06 - 0000009 _____ () C:\Users\ZetoX\AppData\Roaming\update.dat
2016-03-21 19:05 - 2016-03-23 15:02 - 0000004 _____ () C:\Users\ZetoX\AppData\Roaming\Microsoft\notaut.txt
2015-01-04 22:19 - 2016-07-21 13:01 - 0001456 _____ () C:\Users\ZetoX\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-01-19 21:10 - 2014-01-19 21:10 - 0003584 _____ () C:\Users\ZetoX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-10-15 18:01 - 2015-10-15 18:01 - 0000218 _____ () C:\Users\ZetoX\AppData\Local\recently-used.xbel
2014-06-19 07:51 - 2016-06-05 23:31 - 0007605 _____ () C:\Users\ZetoX\AppData\Local\Resmon.ResmonCfg
2014-01-11 19:05 - 2014-01-11 19:05 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-12-26 03:52 - 2014-06-08 07:58 - 0000347 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
 
Some files in TEMP:
====================
C:\Users\ZetoX\AppData\Local\temp\ReimagePackage.exe
C:\Users\ZetoX\AppData\Local\temp\ShareX-11.1.0-setup.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-07-18 08:22
 
==================== End of FRST.txt ============================


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:06 PM

Posted 26 July 2016 - 08:15 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKLM\...\runonceex: [flags] => 8
HKU\S-1-5-21-1045874412-1776284438-1166630217-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  No File
ShortcutTarget: Uninstall LastPass RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (No File)
GroupPolicyScripts: Restriction <======= ATTENTION
HKU\S-1-5-21-1045874412-1776284438-1166630217-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @ogplanet.com/npOGPPlugin -> C:\Windows\system32\npOGPPlugin.dll [No File]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin HKU\.DEFAULT: gingersoftware.com/gingerPlugin -> C:\Program Files (x86)\Ginger\GingerServices\GingerServicesProxy.dll [No File]
FF Plugin HKU\S-1-5-21-1045874412-1776284438-1166630217-1000: @nsroblox.roblox.com/launcher -> C:\Program Files (x86)\Roblox\Versions\version-9d174e484c8b493e\\NPRobloxProxy.dll [No File]
FF Plugin HKU\S-1-5-21-1045874412-1776284438-1166630217-1000: @nsroblox.roblox.com/launcher64 -> C:\Program Files (x86)\Roblox\Versions\version-9d174e484c8b493e\\NPRobloxProxy64.dll [No File]
FF Extension: BetterTTV - C:\Users\ZetoX\AppData\Roaming\Mozilla\Firefox\Profiles\er4iwddb.default\Extensions\firefox@betterttv.net.xpi [2015-06-20] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [firefox@gingersoftware.2.0.0.74.com] - C:\Program Files (x86)\Ginger\Mozilla\firefox@gingersoftware.2.0.0.74.com => not found
CHR HomePage: Default -> hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={19F8A679-A3F0-11E2-8AE4-50E549B9285D}
CHR Extension: (Chrome Web Store Payments) - C:\Users\ZetoX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
S4 LMIRfsClientNP; no ImagePath
S3 X6va015; no ImagePath
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 cpuz137; \??\C:\Windows\TEMP\cpuz137\cpuz137_x64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 X6va021; \??\C:\Windows\SysWOW64\Drivers\X6va021 [X]
S3 X6va029; \??\C:\Windows\SysWOW64\Drivers\X6va029 [X]
S3 X6va062; \??\C:\Windows\SysWOW64\Drivers\X6va062 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
C:\Users\ZetoX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

Restart Chrome.

Please post the Fixlog.txt log, include the Addition.txt log created by the Farbar tool.

Let me know what problem persists.

#3 Ayukiba

Ayukiba
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:06 PM

Posted 26 July 2016 - 04:12 PM

I also forgot to mention that my pc will not pickup audio from my headset mic sometimes and when I go to the sound settings in Windows and click on the "recording" tab, the sound window just freezes.
FD13lwI.png

The volume mixer actually froze as well and I can't hear audio from anything anymore either. 

EDIT: After another restart I can hear audio and use my mic again, although the mic audio is a lingering issue that happens from time to time. 

Fix result of Farbar Recovery Scan Tool (x64) Version: 24-07-2016
Ran by ZetoX (2016-07-26 16:01:42) Run:2
Running from C:\Users\ZetoX\Desktop
Loaded Profiles: ZetoX (Available Profiles: ZetoX & DefaultAppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM-x32\...\Run: [] => [X]
HKLM\...\runonceex: [flags] => 8
HKU\S-1-5-21-1045874412-1776284438-1166630217-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  No File
ShortcutTarget: Uninstall LastPass RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (No File)
GroupPolicyScripts: Restriction <======= ATTENTION
HKU\S-1-5-21-1045874412-1776284438-1166630217-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @ogplanet.com/npOGPPlugin -> C:\Windows\system32\npOGPPlugin.dll [No File]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin HKU\.DEFAULT: gingersoftware.com/gingerPlugin -> C:\Program Files (x86)\Ginger\GingerServices\GingerServicesProxy.dll [No File]
FF Plugin HKU\S-1-5-21-1045874412-1776284438-1166630217-1000: @nsroblox.roblox.com/launcher -> C:\Program Files (x86)\Roblox\Versions\version-9d174e484c8b493e\\NPRobloxProxy.dll [No File]
FF Plugin HKU\S-1-5-21-1045874412-1776284438-1166630217-1000: @nsroblox.roblox.com/launcher64 -> C:\Program Files (x86)\Roblox\Versions\version-9d174e484c8b493e\\NPRobloxProxy64.dll [No File]
FF Extension: BetterTTV - C:\Users\ZetoX\AppData\Roaming\Mozilla\Firefox\Profiles\er4iwddb.default\Extensions\firefox@betterttv.net.xpi [2015-06-20] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [firefox@gingersoftware.2.0.0.74.com] - C:\Program Files (x86)\Ginger\Mozilla\firefox@gingersoftware.2.0.0.74.com => not found
CHR HomePage: Default -> hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={19F8A679-A3F0-11E2-8AE4-50E549B9285D}
CHR Extension: (Chrome Web Store Payments) - C:\Users\ZetoX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
S4 LMIRfsClientNP; no ImagePath
S3 X6va015; no ImagePath
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 cpuz137; \??\C:\Windows\TEMP\cpuz137\cpuz137_x64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 X6va021; \??\C:\Windows\SysWOW64\Drivers\X6va021 [X]
S3 X6va029; \??\C:\Windows\SysWOW64\Drivers\X6va029 [X]
S3 X6va062; \??\C:\Windows\SysWOW64\Drivers\X6va062 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
C:\Users\ZetoX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\runonceex\\flags => value removed successfully
HKU\S-1-5-21-1045874412-1776284438-1166630217-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending" => key removed successfully
HKCR\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced" => key removed successfully
HKCR\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing" => key removed successfully
HKCR\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending" => key removed successfully
HKCR\Wow6432Node\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced" => key removed successfully
HKCR\Wow6432Node\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing" => key removed successfully
HKCR\Wow6432Node\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => key not found. 
C:\Program Files (x86)\Common Files\lpuninstall.exe => not found.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKU\S-1-5-21-1045874412-1776284438-1166630217-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@ogplanet.com/npOGPPlugin" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => key removed successfully
"HKU\.DEFAULT\Software\MozillaPlugins\gingersoftware.com/gingerPlugin" => key removed successfully
C:\Program Files (x86)\Ginger\GingerServices\GingerServicesProxy.dll => not found.
"HKU\S-1-5-21-1045874412-1776284438-1166630217-1000\Software\MozillaPlugins\@nsroblox.roblox.com/launcher" => key removed successfully
C:\Program Files (x86)\Roblox\Versions\version-9d174e484c8b493e\\NPRobloxProxy.dll => not found.
"HKU\S-1-5-21-1045874412-1776284438-1166630217-1000\Software\MozillaPlugins\@nsroblox.roblox.com/launcher64" => key removed successfully
C:\Program Files (x86)\Roblox\Versions\version-9d174e484c8b493e\\NPRobloxProxy64.dll => not found.
C:\Users\ZetoX\AppData\Roaming\Mozilla\Firefox\Profiles\er4iwddb.default\Extensions\firefox@betterttv.net.xpi => moved successfully
FF Extension: BetterTTV - C:\Users\ZetoX\AppData\Roaming\Mozilla\Firefox\Profiles\er4iwddb.default\Extensions\firefox@betterttv.net.xpi [2015-06-20] [not signed] => not found
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\firefox@gingersoftware.2.0.0.74.com => value removed successfully
Chrome HomePage => removed successfully
C:\Users\ZetoX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
LMIRfsClientNP => service removed successfully
X6va015 => service removed successfully
AODDriver4.2.0 => service removed successfully
BRDriver64_1_3_3_E02B25FC => service removed successfully
cpuz136 => service removed successfully
cpuz137 => service removed successfully
EagleX64 => service removed successfully
GPUZ => service removed successfully
LMIInfo => service removed successfully
taphss6 => service removed successfully
VBoxNetFlt => service removed successfully
VGPU => service removed successfully
X6va021 => service removed successfully
X6va029 => service removed successfully
X6va062 => service removed successfully
xhunter1 => service removed successfully
"C:\Users\ZetoX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda" => not found.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 56345483 B
Java, Flash, Steam htmlcache => 419206358 B
Windows/system/drivers => 59784169 B
Edge => 0 B
Chrome => 585972400 B
Firefox => 5597878 B
Opera => 3608288 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 16802 B
systemprofile32 => 16802 B
LocalService => 66228 B
NetworkService => 32353684 B
ZetoX => 94191763 B
DefaultAppPool => 0 B
 
RecycleBin => 0 B
EmptyTemp: => 1.2 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 16:02:10 ====

 

Attached Files


Edited by Ayukiba, 26 July 2016 - 04:15 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:06 PM

Posted 27 July 2016 - 08:29 AM

Did you install this Steam Killer.?
Task: {4980776C-479D-4C98-8E05-E2B8EAE27DAC} - System32\Tasks\steamwebhelper_killer => TASKKILL <==== ATTENTION

If you want to keep if remove the line from my fix below before saving the Fixlog.txt file.

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
CloseProcesses:

Task: {4980776C-479D-4C98-8E05-E2B8EAE27DAC} - System32\Tasks\steamwebhelper_killer => TASKKILL <==== ATTENTION
Task: {BF899CCC-2324-426A-BA35-9DE877F3C220} - \Game_Booster_AutoUpdate -> No File <==== ATTENTION
Task: {C4B9D1CE-2AF0-4AE9-8C18-1202297EB07B} - \Update\Update -> No File <==== ATTENTION
Task: {D10D21AA-FE71-4FAA-BC12-EB9C06405FB8} - \Driver Booster SkipUAC (ZetoX) -> No File <==== ATTENTION
AlternateDataStreams: C:\Windows\Temp:$DATA [16]
AlternateDataStreams: C:\ProgramData\TEMP:373E1720 [131]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.
===

Windows update issue, run the Fix for Windows 7 on this page
https://support.microsoft.com/en-gb/kb/2714434

Restart the computer normally.

How is it now?

#5 Ayukiba

Ayukiba
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:06 PM

Posted 27 July 2016 - 09:40 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 24-07-2016
Ran by ZetoX (2016-07-27 09:35:37) Run:3
Running from C:\Users\ZetoX\Desktop
Loaded Profiles: ZetoX (Available Profiles: ZetoX & DefaultAppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
 
Start
 
CreateRestorePoint
CloseProcesses
 
Task {4980776C-479D-4C98-8E05-E2B8EAE27DAC} - System32Taskssteamwebhelper_killer = TASKKILL ==== ATTENTION
Task {BF899CCC-2324-426A-BA35-9DE877F3C220} - Game_Booster_AutoUpdate - No File ==== ATTENTION
Task {C4B9D1CE-2AF0-4AE9-8C18-1202297EB07B} - UpdateUpdate - No File ==== ATTENTION
Task {D10D21AA-FE71-4FAA-BC12-EB9C06405FB8} - Driver Booster SkipUAC (ZetoX) - No File ==== ATTENTION
AlternateDataStreams CWindowsTemp$DATA [16]
AlternateDataStreams CProgramDataTEMP373E1720 [131]
 
End
*****************
 
CreateRestorePoint => Error: No automatic fix found for this entry.
CloseProcesses => Error: No automatic fix found for this entry.
Task {4980776C-479D-4C98-8E05-E2B8EAE27DAC} - System32Taskssteamwebhelper_killer = TASKKILL ==== ATTENTION => Error: No automatic fix found for this entry.
Task {BF899CCC-2324-426A-BA35-9DE877F3C220} - Game_Booster_AutoUpdate - No File ==== ATTENTION => Error: No automatic fix found for this entry.
Task {C4B9D1CE-2AF0-4AE9-8C18-1202297EB07B} - UpdateUpdate - No File ==== ATTENTION => Error: No automatic fix found for this entry.
Task {D10D21AA-FE71-4FAA-BC12-EB9C06405FB8} - Driver Booster SkipUAC (ZetoX) - No File ==== ATTENTION => Error: No automatic fix found for this entry.
AlternateDataStreams CWindowsTemp$DATA [16] => Error: No automatic fix found for this entry.
AlternateDataStreams CProgramDataTEMP373E1720 [131] => Error: No automatic fix found for this entry.
 
==== End of Fixlog 09:35:37 ====


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:06 PM

Posted 27 July 2016 - 12:07 PM

Nothing worked with my fix this time.

How is the computer running?


--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
=======

#7 Ayukiba

Ayukiba
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:06 PM

Posted 27 July 2016 - 03:03 PM

I forgot to mention when I used the windows diagnostic tool to fix the windows update issue it found 4 errors and fixed all but the windows update error.
JdpMq7l.png

RogueKiller V12.4.0.0 (x64) [Jul 18 2016] (Free) by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : ZetoX [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 07/27/2016 13:48:38
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 9 ¤¤¤
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484} (C:\Program Files\Reimage\Reimage Repair\REI_Axcontrol.dll) -> Not selected
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB} (C:\Program Files\Reimage\Reimage Repair\REI_Axcontrol.dll) -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Reimage -> Not selected
[PUP] (X64) HKEY_USERS\S-1-5-21-1045874412-1776284438-1166630217-1000\Software\Reimage -> Not selected
[PUP] (X86) HKEY_USERS\S-1-5-21-1045874412-1776284438-1166630217-1000\Software\Reimage -> Not selected
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Not selected
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1045874412-1776284438-1166630217-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1045874412-1776284438-1166630217-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Not selected
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 2 ¤¤¤
[PUP][File] C:\Windows\Reimage.ini -> Not selected
[PUP][Folder] C:\Users\ZetoX\AppData\Local\Flvto Youtube Downloader -> Not selected
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: M4-CT128M4SSD2 ATA Device +++++
--- User ---
[MBR] 620fde6e8db5498c3b73a157df194f70
[BSP] 141624a443eed604222fe1ee2a556251 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 122102 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: KINGSTON SH103S3120G ATA Device +++++
--- User ---
[MBR] d395a8921a878f353ae94804b1322d20
[BSP] 1d4d336fd91c3efff30bb13c6d2d5645 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 114371 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive2: ST31000524AS ATA Device +++++
--- User ---
[MBR] 3a9b3dd102355e22b879ae843afd1686
[BSP] 582ae02852a91d0badfca29b465dd89b : HP|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 81920 | Size: 953828 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:06 PM

Posted 28 July 2016 - 07:22 AM



I suggest you remove Reimage reported as PUP by the RogueKiller tool.
Run the RogueKiller tool and remove everything. It will reset your default settings.

http://www.herdprotect.com/reiguard.exe-a616f96a7170e2187da3d52f4836a62f668226ad.aspx

===

The error 0x80070057 may be solved by referring to this link.

https://social.technet.microsoft.com/Forums/office/en-US/53a1f2ab-037b-438e-a690-00a0e745730d/windows-7-update-error-0x80070057?forum=w7itprogeneral

The best solution was this:

Alrighty, I am going to give ya the easiest way to fix this error code. Ready? :P

1. Close ALL programs.

2. Open up Internet Explorer.

3. Download...Silverlight from Microsoft.

**IF YOU already have it, then...uninstall it first, then restart your computer...then repeat steps 1-3 again.**

4. At the end of the install, it will offer you a check box to install updates from Windows...make sure that IS checked. Then...go ahead and check your Windows updates after it is FULLY DONE.

Poof! There ya go. No extra work, no fancy I.T. tricks, just... a nice and easy way to fix the problem. I've had this problem a few times in my department and this is what I've found to be the fastest/easiest way to resolve the problem. :)

Proposed as answer by 5Tone Tuesday, May 05, 2015 2:56 PM


Try it and let me know if the problem persists.

#9 Ayukiba

Ayukiba
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:06 PM

Posted 29 July 2016 - 12:47 AM

I removed Reimage and all of it's content with Rogue killer. 

When I tried that solution I uninstalled my current one and downloaded Microsoft Silverlight ( https://www.microsoft.com/getsilverlight/get-started/install/default.aspx?reason=unsupportedbrowser&_helpmsg=ChromeVersionDoesNotSupportPlugins# ) , but for some reason I don't get an option to tick to install updates from Windows.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:06 PM

Posted 29 July 2016 - 08:41 AM

Restart the computer normally and try to install it.

Use Internet Explorer for good results.

Keep me posted.

#11 Ayukiba

Ayukiba
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:06 PM

Posted 31 July 2016 - 03:24 PM

All updates have been done and PC seems to be running smoother. Thank you very much! 



#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:06 PM

Posted 01 August 2016 - 06:37 AM

Glad we could help.


If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:06 PM

Posted 07 August 2016 - 08:21 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users