Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I have a Pop-Up AdWare on Chrome and freezing issues.


  • This topic is locked This topic is locked
7 replies to this topic

#1 Mewmatic197

Mewmatic197

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 25 July 2016 - 05:48 PM

This is going through only my Chrome, my FireFox is totally okay. Sometimes I use both, for certain reasons. Either way, stuff like Tabcontent or Computeratrisk and these various pop-ups telling me my computer is infected continue to show up. However, at my computer's stage in life, it's near it's end. Searching through CrystalDisk, my hard drive is probably going to fail soon and I'm probably going to have to get a new one. This kinda thing is causing numerous problems such as: Freezing entirely if I'm idle for too long and freezing if I do certain scans (I can't do Eset Net32 scans as it froze my computer. I use to be unable to do MalwareBytes scan as it froze my computer too but I fixed it, I can't do Windows Defender's full scan because that freezes my computer up too).

 

I already plan on getting a new computer entirely, but I still want to fix this one. I tried other stuff like looking for programs to uninstall or to remove extensions on Chrome, but I could not find any that seem shady. If I am unable to do a computer virus scan, what else can I do?



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:46 AM

Posted 26 July 2016 - 08:18 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===


Please post the logs for my review.

#3 Mewmatic197

Mewmatic197
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 28 July 2016 - 04:44 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-07-2016
Ran by Mew (administrator) on MEWSCOMPUTER (29-07-2016 06:37:42)
Running from C:\Users\Mew\Desktop\New folder (4)
Loaded Profiles: Mew (Available Profiles: Mew)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\WINDOWS\System32\atiesrxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
() C:\Program Files (x86)\HDD Regenerator\hrsrv.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
(Golden Frog, GmbH.) C:\Program Files (x86)\VyprVPN\VyprVPNService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(AMD) C:\WINDOWS\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\WINDOWS\System32\InputMethod\JPN\JpnIME.exe
(Microsoft Corporation) C:\WINDOWS\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Akamai Technologies, Inc.) C:\Users\Mew\AppData\Local\Akamai\netsession_win.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(Akamai Technologies, Inc.) C:\Users\Mew\AppData\Local\Akamai\netsession_win.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(Microsoft Corporation) C:\WINDOWS\System32\StikyNot.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\WINDOWS\System32\SettingSyncHost.exe
(Logitech, Inc.) C:\Users\Mew\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LULnchr.exe
(Logitech, Inc.) C:\Users\Mew\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Smooth and Flat) C:\Users\Mew\Downloads\KanColleViewer-4.2.7.0\KanColleViewer\KanColleViewer.exe
(Adobe Systems, Inc.) C:\Users\Mew\Downloads\flashplayer_11_sa_debug.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7199448 2013-10-02] (Realtek Semiconductor)
HKLM\...\Run: [SoftEther VPN Client UI Helper] => C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [4297784 2014-01-13] (SoftEther VPN Project at University of Tsukuba, Japan.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-27] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [550272 2012-08-21] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSPanel.exe [3423104 2012-08-31] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-02-05] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-22] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-06-01] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585560 2014-06-24] (Razer Inc.)
HKLM-x32\...\Run: [HDD Regenerator] => C:\Program Files (x86)\HDD Regenerator\Shell.exe [90336 2013-05-01] ()
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [24204648 2016-07-06] (Dropbox, Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [912920 2016-03-11] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKU\S-1-5-21-3698422649-1094143023-1666785436-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2851408 2016-07-09] (Valve Corporation)
HKU\S-1-5-21-3698422649-1094143023-1666785436-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Mew\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3698422649-1094143023-1666785436-1001\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-03] ()
HKU\S-1-5-21-3698422649-1094143023-1666785436-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-06-22] (SUPERAntiSpyware)
HKU\S-1-5-21-3698422649-1094143023-1666785436-1001\...\Run: [DAEMON Tools Lite] => D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3698422649-1094143023-1666785436-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3582240 2016-06-02] (Nota Inc.)
HKU\S-1-5-21-3698422649-1094143023-1666785436-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3698422649-1094143023-1666785436-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8551848 2015-10-20] (Piriform Ltd)
HKU\S-1-5-21-3698422649-1094143023-1666785436-1001\...\Run: [RESTART_STICKY_NOTES] => C:\WINDOWS\System32\StikyNot.exe [479744 2014-10-29] (Microsoft Corporation)
HKU\S-1-5-21-3698422649-1094143023-1666785436-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53123712 2016-05-17] (Skype Technologies S.A.)
HKU\S-1-5-21-3698422649-1094143023-1666785436-1001\...\MountPoints2: {9b44c7a4-2743-11e6-bfa2-60a44c25fc45} - "V:\setup.exe" 
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk [2014-01-13]
ShortcutTarget: SoftEther VPN Client Manager Startup.lnk -> C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe (SoftEther VPN Project at University of Tsukuba, Japan.)
Startup: C:\Users\Mew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2014-10-16]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 10.237.94.26
Tcpip\..\Interfaces\{518152B7-4CE9-4274-93C8-C9D90BED0C57}: [DhcpNameServer] 10.237.94.26
Tcpip\..\Interfaces\{A028B267-B2BC-44B3-9816-AB5873813F90}: [DhcpNameServer] 216.168.2.53 216.168.2.54
 
Internet Explorer:
==================
HKU\S-1-5-21-3698422649-1094143023-1666785436-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.nexon.com
HKU\S-1-5-21-3698422649-1094143023-1666785436-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
SearchScopes: HKU\S-1-5-21-3698422649-1094143023-1666785436-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3698422649-1094143023-1666785436-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-21] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-21] (Oracle Corporation)
DPF: HKLM-x32 {F8160836-0C11-4CA4-AD87-944542C7BCBD} hxxp://down.hangame.co.jp/jp/purple/launcher/PubPlugin.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)
 
FireFox:
========
FF ProfilePath: C:\Users\Mew\AppData\Roaming\Mozilla\Firefox\Profiles\iydcjx93.default
FF DefaultSearchEngine.US: Google
FF Session Restore: -> is enabled.
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll [2014-12-21] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll [2014-12-21] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-04-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-13] (Microsoft Corporation)
FF Plugin-x32: @nexon.com/NxGame -> C:\ProgramData\Nexon\NGM\npnxgame.dll [2016-04-29] (Nexon)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-10-03] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-10-03] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @TrendMicro.com/FFExtension -> C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3698422649-1094143023-1666785436-1001: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll [2013-05-26] (The Happy Cloud)
FF Extension: EPUBReader - C:\Users\Mew\AppData\Roaming\Mozilla\Firefox\Profiles\iydcjx93.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2016-03-16]
FF Extension: Always on Top - C:\Users\Mew\AppData\Roaming\Mozilla\Firefox\Profiles\iydcjx93.default\extensions\{E6C93316-271E-4b3d-8D7E-FE11B4350AEB}.xpi [2016-05-14]
FF Extension: Greasemonkey - C:\Users\Mew\AppData\Roaming\Mozilla\Firefox\Profiles\iydcjx93.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2016-05-14]
FF Extension: Adblock Plus - C:\Users\Mew\AppData\Roaming\Mozilla\Firefox\Profiles\iydcjx93.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-05-13]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://search.babylon.com/?affID=109935&tt=060612_6_&babsrc=HP_ss&mntrId=609f5c3200000000000000173f3cbe64
CHR StartupUrls: Default -> "hxxp://search.babylon.com/?affID=109935&tt=060612_6_&babsrc=HP_ss&mntrId=609f5c3200000000000000173f3cbe64","hxxp://www.yahoo.com/","hxxp://search.conduit.com/?CUI=UN61415083828592612&ctid=CT3101810&SearchSource=48"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Mew\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Mew\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2016-07-03]
CHR Extension: (Theme Creator) - C:\Users\Mew\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpelnjfckgfiplcikojhomllgombffc [2015-03-17]
CHR Extension: (Google Docs) - C:\Users\Mew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-07]
CHR Extension: (Google Drive) - C:\Users\Mew\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Mew\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2016-06-18]
CHR Extension: (YouTube) - C:\Users\Mew\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Java for Web Pages) - C:\Users\Mew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgmcbmmehggielopebenlpgcghiigckn [2014-11-13]
CHR Extension: (Google Search) - C:\Users\Mew\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-06]
CHR Extension: (グランブルーファンタジー[ChromeApps版]) - C:\Users\Mew\AppData\Local\Google\Chrome\User Data\Default\Extensions\eablgejicbklomgaiclcolfilbkckngf [2016-05-18]
CHR Extension: (4chan Navigation) - C:\Users\Mew\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgoligbfbfbbfphkpgapdfhjmmodnfmc [2014-02-09]
CHR Extension: (Stylish) - C:\Users\Mew\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2016-04-07]
CHR Extension: (Google Docs Offline) - C:\Users\Mew\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-25]
CHR Extension: (AdBlock) - C:\Users\Mew\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-07-06]
CHR Extension: (URL Plus) - C:\Users\Mew\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjgllnccfndbjbedlecgdedlikohgbko [2016-02-03]
CHR Extension: (Spell checker and Grammar checker by Ginger) - C:\Users\Mew\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdfieneakcjfaiglcfcgkidlkmlijjnh [2016-06-22]
CHR Extension: (KanColle Command Center) - C:\Users\Mew\AppData\Local\Google\Chrome\User Data\Default\Extensions\kglcokekkkmblhhkgkdnjccbpdnhocge [2015-01-26]
CHR Extension: (Little Alchemy) - C:\Users\Mew\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2016-02-10]
CHR Extension: (Pixiv Kit) - C:\Users\Mew\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpfhmlbjibbcinophhcbmapjbhboodd [2016-06-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-05]
CHR Extension: (ThemeBeta.com) - C:\Users\Mew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppomocimanllomjgkicoaanegbcnbmi [2014-02-09]
CHR Extension: (My Chrome Theme) - C:\Users\Mew\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2015-08-27]
CHR Extension: (Click&Clean App) - C:\Users\Mew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2016-07-18]
CHR Extension: (danbooruajax) - C:\Users\Mew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdhpbnjaleaejaddgcddanpipkjgpkno [2014-06-07]
CHR Extension: (Gmail) - C:\Users\Mew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR HKLM\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - <no Path/update_url>
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2016-06-22] (SUPERAntiSpyware.com)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-10-16] (Adobe Systems) [File not signed]
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [437784 2016-03-11] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [417304 2016-03-11] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [880152 2016-03-11] (BlueStack Systems, Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-02] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-02] (Dropbox, Inc.)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-25] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-27] (MAGIX®) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155192 2015-08-27] (NVIDIA Corporation)
R2 hddrsrv; C:\Program Files (x86)\HDD Regenerator\hrsrv.exe [82144 2013-05-01] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-26] (Intel Corporation)
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [5449136 2016-05-16] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-08-27] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544568 2015-08-27] (NVIDIA Corporation)
R2 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [4297784 2014-01-13] (SoftEther VPN Project at University of Tsukuba, Japan.)
R2 VyprVPN; C:\Program Files (x86)\VyprVPN\VyprVPNService.exe [104448 2014-07-09] (Golden Frog, GmbH.) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S3 SwitchBoard; "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2012-04-20] (ASUSTek Computer Inc.)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R0 asahci64; C:\Windows\System32\drivers\asahci64.sys [49760 2012-01-07] (Asmedia Technology)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
S3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-11] (Advanced Micro Devices)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [154680 2016-03-11] (BlueStack Systems)
R3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
R3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R3 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-05-15] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 Neo_VPN; C:\Windows\system32\DRIVERS\Neo_VPN.sys [28768 2014-04-17] (SoftEther VPN Project at University of Tsukuba, Japan.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-08-27] (NVIDIA Corporation)
R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39032 2015-10-03] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39080 2014-05-19] (Razer Inc)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
S3 xhunter1; \??\C:\WINDOWS\xhunter1.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-07-29 06:37 - 2016-07-29 06:37 - 00000000 ____D C:\Users\Mew\Desktop\New folder (4)
2016-07-28 21:21 - 2016-07-28 21:22 - 108148646 _____ C:\Users\Mew\Downloads\[Inoue Yoshihisa] Teacher X Teacher (COMPLETE)[Eng][The Lusty Lady Project].zip
2016-07-28 21:20 - 2016-07-28 21:20 - 00016960 _____ C:\Users\Mew\Downloads\{EHT PERSONALIZED TORRENT - DO NOT REDISTRIBUTE} [Inoue Yoshihisa] Teacher X Teacher (COMPLETE)[Eng][The Lusty Lady Project].zip.torrent
2016-07-28 20:19 - 2016-07-28 20:19 - 112677891 _____ C:\Users\Mew\Downloads\[Shinozuka George] Hatsukoi Motion - She Motions Me To Make Love [English].zip
2016-07-28 19:36 - 2016-07-28 19:36 - 00021910 _____ C:\Users\Mew\Downloads\{EHT PERSONALIZED TORRENT - DO NOT REDISTRIBUTE} [Shiden Hiro] outframe (COMIC Koh Vol. 9) [English] {NecroManCr}.zip.torrent
2016-07-28 19:36 - 2016-07-28 19:36 - 00019468 _____ C:\Users\Mew\Downloads\{EHT PERSONALIZED TORRENT - DO NOT REDISTRIBUTE} [Akai Mato] It Seems My Senpai, President, and Sensei Managed Me (Girls forM Vol. 12) [English] [Tigoris Translates].zip.torrent
2016-07-28 19:35 - 2016-07-28 19:35 - 00013450 _____ C:\Users\Mew\Downloads\{EHT PERSONALIZED TORRENT - DO NOT REDISTRIBUTE} (同人誌) (C80) [春画部 (環々唯)] へんちけん 総集編 (げんしけん).zip.torrent
2016-07-28 19:35 - 2016-07-28 19:35 - 00010740 _____ C:\Users\Mew\Downloads\{EHT PERSONALIZED TORRENT - DO NOT REDISTRIBUTE} [kiasa] Kagehinata no Hinata Ch.1 (COMIC HOTMiLK 2015-11) [English] [Sky7777].zip (1).torrent
2016-07-28 19:35 - 2016-07-28 19:35 - 00000461 _____ C:\Users\Mew\Downloads\{EHT PERSONALIZED TORRENT - DO NOT REDISTRIBUTE} (COMIC1☆10) [ナンタラカンタラ (春菊天うどん)] イヤイヤPoi (艦隊これくしょん -艦これ-).zip.torrent
2016-07-28 18:50 - 2016-07-28 18:51 - 08594403 _____ C:\Users\Mew\Downloads\[Mokkouyou Bond] Cherry Eater (COMIC Shingeki 2010-11) [English] {desudesu}.zip
2016-07-28 18:38 - 2016-07-28 18:38 - 00015228 _____ C:\Users\Mew\Downloads\{EHT PERSONALIZED TORRENT - DO NOT REDISTRIBUTE} [Tsukino Jyogi] The Right Way to Teach Sex Ed. [English] =7BA=.zip.torrent
2016-07-28 18:35 - 2016-07-28 18:35 - 00013650 _____ C:\Users\Mew\Downloads\{EHT PERSONALIZED TORRENT - DO NOT REDISTRIBUTE} [Yumeno Tanuki] Ero & Peace (COMIC BAVEL 2016-03) [English] [OoaKP].zip.torrent
2016-07-28 18:34 - 2016-07-28 18:34 - 00016135 _____ C:\Users\Mew\Downloads\{EHT PERSONALIZED TORRENT - DO NOT REDISTRIBUTE} [Onizuka Naoshi] Emotive Ch. 1-4 [English].zip.torrent
2016-07-28 12:57 - 2016-07-28 12:57 - 00017267 _____ C:\Users\Mew\Downloads\[AK-Submarines] Girls und Panzer Kore ga Hontou no Anzio-sen Desu! (It's the real Anzio battle!) (BDRip 1920x1080 x264 HE-AAC).torrent
2016-07-28 12:44 - 2016-07-28 12:44 - 00015728 _____ C:\Users\Mew\Downloads\[FFF] Love Live! Sunshine!! - 03 [76CE9094].mkv.torrent
2016-07-28 12:44 - 2016-07-28 12:44 - 00014288 _____ C:\Users\Mew\Downloads\[FFF] Love Live! Sunshine!! - 04 [E9B3C5D7].mkv.torrent
2016-07-28 05:52 - 2016-07-29 06:38 - 00000000 ____D C:\Users\Mew\Documents\GuP
2016-07-27 21:49 - 2016-07-27 21:49 - 00028559 _____ C:\Users\Mew\Downloads\{EHT PERSONALIZED TORRENT - DO NOT REDISTRIBUTE} [Uo Denim] Nuku Nuku Gyarux   Cozy Cozy Gyaru Sex (bleep Stream) [English] {Afro}.zip.torrent
2016-07-27 21:48 - 2016-07-27 21:48 - 00016037 _____ C:\Users\Mew\Downloads\{EHT PERSONALIZED TORRENT - DO NOT REDISTRIBUTE} (同人誌) (例大祭12) [STUDIOはまち組 (みずきひとし)] がんばれ❤小傘さん (東方Project).zip.torrent
2016-07-27 21:48 - 2016-07-27 21:48 - 00010586 _____ C:\Users\Mew\Downloads\{EHT PERSONALIZED TORRENT - DO NOT REDISTRIBUTE} (同人誌)(C89) [bolze. (rit.)] 明石さんもあぶないよ! (艦隊これくしょん-艦これ-).zip.torrent
2016-07-27 21:48 - 2016-07-27 21:48 - 00000616 _____ C:\Users\Mew\Downloads\{EHT PERSONALIZED TORRENT - DO NOT REDISTRIBUTE} [Sakura Puchilo] Shirokuro tsukete kudasai! (Otokonoko HEAVEN Vol. 17) [English] [Digital].zip.torrent
2016-07-27 21:47 - 2016-07-27 21:47 - 00016900 _____ C:\Users\Mew\Downloads\{EHT PERSONALIZED TORRENT - DO NOT REDISTRIBUTE} [Tamatsuyada, Satou Kimiatsu] Energy Kyo-ka!! -Bakunyuu JK. Gachi Zeme Hatsujou Chuu!- Ch. 1-7 [English] [Digital].zip.torrent
2016-07-27 21:47 - 2016-07-27 21:47 - 00013239 _____ C:\Users\Mew\Downloads\{EHT PERSONALIZED TORRENT - DO NOT REDISTRIBUTE} [Yuzuriha] Seieki Makiba Zaamen Purizon   Semen Prison (2D Dream Magazine 2016-06 Vol. 88) [English] [Tremalkinger].zip.torrent
2016-07-27 21:47 - 2016-07-27 21:47 - 00001186 _____ C:\Users\Mew\Downloads\{EHT PERSONALIZED TORRENT - DO NOT REDISTRIBUTE} [Riko] Taiho sarechaitai (Otokonoko HEAVEN Vol. 22) [English].zip.torrent
2016-07-27 21:46 - 2016-07-27 21:46 - 00019072 _____ C:\Users\Mew\Downloads\{EHT PERSONALIZED TORRENT - DO NOT REDISTRIBUTE} (C89) [Cyclone (Izumi, Reizei)] KOTTORI KOTTORI (Love Live!)[english].zip.torrent
2016-07-27 21:45 - 2016-07-27 21:45 - 00027278 _____ C:\Users\Mew\Downloads\{EHT PERSONALIZED TORRENT - DO NOT REDISTRIBUTE} [Tanabe Kyou] Onegai My Master (English).zip.torrent
2016-07-27 21:45 - 2016-07-27 21:45 - 00012046 _____ C:\Users\Mew\Downloads\{EHT PERSONALIZED TORRENT - DO NOT REDISTRIBUTE} (サンクリ2016 Summer) [Squeeze Candy Heaven (いちはや)] 妹は記憶喪失.zip.torrent
2016-07-27 21:45 - 2016-07-27 21:45 - 00003060 _____ C:\Users\Mew\Downloads\{EHT PERSONALIZED TORRENT - DO NOT REDISTRIBUTE} (Futaket 11.5) [Ani ga Saru (Takashi)] Tsukasa wa bleep no SLAVE desu   Tsukasa Is a SLAVE to bleep (Ensemble Stars!) [English] {Dark Mac & B.E.C. Scans}.zip.torrent
2016-07-27 21:44 - 2016-07-27 21:44 - 00016505 _____ C:\Users\Mew\Downloads\{EHT PERSONALIZED TORRENT - DO NOT REDISTRIBUTE} (COMIC1☆10) [きのこのみ (konomi)] ご奉仕鹿島さん (艦隊これくしょん -艦これ-).zip.torrent
2016-07-27 21:44 - 2016-07-27 21:44 - 00015564 _____ C:\Users\Mew\Downloads\{EHT PERSONALIZED TORRENT - DO NOT REDISTRIBUTE} (同人誌) (COMIC1☆10) [きのこのみ (kino)] 眠れる鹿島と変態提督.zip.torrent
2016-07-27 21:44 - 2016-07-27 21:44 - 00015365 _____ C:\Users\Mew\Downloads\{EHT PERSONALIZED TORRENT - DO NOT REDISTRIBUTE} (サンクリ2016 Summer) [アジサイデンデン (川上六角、小鳥遊レイ)] 清霜お嫁さんでもがんばる (艦隊これくしょん -艦これ-).zip.torrent
2016-07-27 21:44 - 2016-07-27 21:44 - 00005382 _____ C:\Users\Mew\Downloads\{EHT PERSONALIZED TORRENT - DO NOT REDISTRIBUTE} [CHILLED HOUSE (Aoi Kumiko)] Wow! (Yama no Susume) [Digital].rar.torrent
2016-07-27 21:43 - 2016-07-27 21:43 - 00010740 _____ C:\Users\Mew\Downloads\{EHT PERSONALIZED TORRENT - DO NOT REDISTRIBUTE} [kiasa] Kagehinata no Hinata Ch.1 (COMIC HOTMiLK 2015-11) [English] [Sky7777].zip.torrent
2016-07-27 21:42 - 2016-07-27 21:43 - 00000481 _____ C:\Users\Mew\Downloads\{EHT PERSONALIZED TORRENT - DO NOT REDISTRIBUTE} (COMIC1☆10) [mocha-2popcorn (きびぃもか)] 鹿島特製フルーツサンドめしあがれ (艦隊これくしょん -艦これ-).zip.torrent
2016-07-26 12:21 - 2016-07-26 12:21 - 58842799 _____ C:\Users\Mew\Downloads\(C86) [Yakiniku Tabetai (Delaware)] Nonna-san no Muteikou -Suiminkan Kaihatsu Hen Itazura Hen Set- (Girls und Panzer).zip
2016-07-26 12:20 - 2016-07-26 12:29 - 37793363 _____ C:\Users\Mew\Downloads\[Ishikari Shake Nabe Doukoukai (Takahiro Ringu)] GIRLS und BESTRAFUNG (Girls und Panzer).zip
2016-07-26 12:13 - 2016-07-26 12:14 - 37608218 _____ C:\Users\Mew\Downloads\(C69) [Oh!saka Spirits (Ugeppa)] Oriental Radio (Ichigo Mashimaro) [English] [ATF].zip
2016-07-26 07:41 - 2016-07-26 07:47 - 00063365 _____ C:\Users\Mew\Downloads\Addition.txt
2016-07-26 07:40 - 2016-07-29 06:37 - 00000000 ____D C:\FRST
2016-07-26 07:40 - 2016-07-26 07:47 - 00077338 _____ C:\Users\Mew\Downloads\FRST.txt
2016-07-26 07:38 - 2016-07-26 07:38 - 02394112 _____ (Farbar) C:\Users\Mew\Downloads\FRST64 (1).exe
2016-07-24 22:08 - 2016-07-24 22:08 - 03561786 _____ C:\Users\Mew\Downloads\ママショタ睡眠レイプ.zip
2016-07-23 05:39 - 2016-07-23 05:41 - 99982807 _____ C:\Users\Mew\Downloads\(C80) [Morimiyakan (Morimiya Masayuki)] UI×JUN×AZU (K-ON!).zip
2016-07-23 05:39 - 2016-07-23 05:40 - 64614121 _____ C:\Users\Mew\Downloads\(C79) [Morimiyakan (Morimiya Masayuki)] SHTT (K-ON!).zip
2016-07-23 05:39 - 2016-07-23 05:39 - 20213747 _____ C:\Users\Mew\Downloads\(C76) [Okina Keikaku (Shiwasu No Okina)] Ui wa dekiteorunou bon (K-ON!) [English].zip
2016-07-23 05:38 - 2016-07-23 05:39 - 37286921 _____ C:\Users\Mew\Downloads\(C77) [Okina Keikaku (Shiwasu no Okina)] K-on! no Chou Eroi Hon ga Dekimableepa (K-ON!)) [English] [Brolen].zip
2016-07-23 05:38 - 2016-07-23 05:39 - 11600014 _____ C:\Users\Mew\Downloads\(C76) [STUDIO TIAMAT (TANABE)] Mashmallow NYAN NYAN Whip (K-ON!) [ENG] [CGrascal].zip
2016-07-23 05:38 - 2016-07-23 05:39 - 08576574 _____ C:\Users\Mew\Downloads\(C76) [Ponyfarm (Inoue Yoshihisa)] Pony-on! (K-ON!) [English] [desudesu].zip
2016-07-23 05:38 - 2016-07-23 05:38 - 22390590 _____ C:\Users\Mew\Downloads\(C76) [GOLD RUSH (Suzuki Address)] Jumping Now!! (K-On!) [English] {doujin-moe.us}.zip
2016-07-23 05:38 - 2016-07-23 05:38 - 15344624 _____ C:\Users\Mew\Downloads\(SC48) [Haresaku (Ken)] Azu-nyan to Nyan-Nyan (K-ON!) [English] [Soba-Scans].zip
2016-07-23 05:37 - 2016-07-23 05:38 - 17090022 _____ C:\Users\Mew\Downloads\(C78) [Okina Keikaku (Shiwasu no Okina)] GTT Ganshago Tea Time (K-ON!) [English] =Little White Butterflies=.zip
2016-07-23 05:37 - 2016-07-23 05:37 - 09141071 _____ C:\Users\Mew\Downloads\(C79) [Jouji Mujoh (Shinozuka George)] Suggoi Usui!   Super Weak! (K-ON!) [English] {StolenTranslations}.zip
2016-07-23 05:37 - 2016-07-23 05:37 - 08960250 _____ C:\Users\Mew\Downloads\(C76) [Friendly Sky (CHuN)] Mi-On! (K-ON!) [English] [Yoroshii].zip
2016-07-23 05:37 - 2016-07-23 05:37 - 06950094 _____ C:\Users\Mew\Downloads\(Puniket 22) [Galley (ryoma)] A-YON! (K-ON!) [English].zip
2016-07-23 05:35 - 2016-07-23 05:35 - 06760009 _____ C:\Users\Mew\Downloads\[Koterabyte (Kotera)] YUI × AZUSA (K-ON!) [English] =TV= [Digital].zip
2016-07-23 05:34 - 2016-07-23 05:34 - 12535464 _____ C:\Users\Mew\Downloads\(C77) [Cafe Homerun (Abe Morioka)] Fuyu Yui   Winter Yui (K-ON!) [English] [Yoroshii].zip
2016-07-23 05:33 - 2016-07-23 05:34 - 26074472 _____ C:\Users\Mew\Downloads\(C78) [Ohkura Bekkan (Ohkura Kazuya)] Dokidoki Shower Time (K-ON!) [English] [Kameden].zip
2016-07-23 05:32 - 2016-07-23 05:33 - 19321160 _____ C:\Users\Mew\Downloads\(Toramatsuri2010) [Matumoto Drill Laboratory] Houkago ○○ Time (K-ON!) [English] [Chocolate].zip
2016-07-23 05:32 - 2016-07-23 05:32 - 16664134 _____ C:\Users\Mew\Downloads\[Matsumoto Drill Kenkyuujo] Ikasu Band Tengoku (K-ON!).zip
2016-07-22 22:51 - 2016-07-22 22:52 - 21915257 _____ C:\Users\Mew\Downloads\[Freehand Tamashi] Oba to 3P.zip
2016-07-21 13:10 - 2016-07-21 13:10 - 52437728 _____ (Microsoft Corporation) C:\Users\Mew\Downloads\Windows-KB890830-x64-V5.38.exe
2016-07-20 15:56 - 2016-07-20 15:56 - 00000000 ____D C:\WINDOWS\system32\config\mybackup
2016-07-19 23:02 - 2016-07-19 23:02 - 03017376 _____ (ESET) C:\Users\Mew\Downloads\eset_nod32_antivirus_live_installer.exe
2016-07-19 22:39 - 2016-07-19 22:39 - 06753280 _____ C:\Users\Mew\Downloads\(Reitaisai 9) [Yu-yake Spectrum (Glyserin)] Koi no Mahou wa Kasurenai!  (Touhou Project).zip
2016-07-19 22:34 - 2016-07-19 22:35 - 26343305 _____ C:\Users\Mew\Downloads\[Shinozaki Rei] Meg to Tomo   Meg and Tomo (bleep Hole) [English] =LWB=.zip
2016-07-19 16:19 - 2016-07-19 16:19 - 00000000 ____D C:\Users\Mew\AppData\Local\ESET
2016-07-19 15:24 - 2013-05-14 22:18 - 00809496 ____R (Creative Labs Inc.) C:\WINDOWS\SysWOW64\tmpF370.tmp
2016-07-19 15:24 - 2013-05-14 22:18 - 00809496 ____R (Creative Labs Inc.) C:\WINDOWS\SysWOW64\tmpF350.tmp
2016-07-19 12:56 - 2016-07-21 11:57 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-07-19 12:55 - 2016-07-19 12:55 - 00001125 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-07-19 12:55 - 2016-07-19 12:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-07-19 12:55 - 2016-07-19 12:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-07-19 12:55 - 2016-07-19 12:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-07-19 12:55 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-07-19 12:55 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-07-19 12:55 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-07-19 09:22 - 2016-07-19 09:22 - 22851472 _____ (Malwarebytes ) C:\Users\Mew\Downloads\mbam-setup-2.2.1.1043 (2).exe
2016-07-19 01:11 - 2016-07-19 01:11 - 00566128 _____ (Malwarebytes) C:\Users\Mew\Downloads\mbam-clean-2.3.0.1001 (1).exe
2016-07-19 00:27 - 2016-07-19 00:35 - 00000000 ____D C:\Users\Mew\Downloads\[PonPon Itai] Oaiko   Draw (Comic LO 2015-06) [English] {5 a.m.}
2016-07-19 00:26 - 2016-07-19 00:26 - 21888524 _____ C:\Users\Mew\Downloads\[PonPon Itai] Oaiko   Draw (Comic LO 2015-06) [English] {5 a.m.}.zip
2016-07-18 23:21 - 2016-07-18 23:21 - 11335819 _____ C:\Users\Mew\Downloads\[Naokichi.] Hitorijime, bleepai   I Want You All to Myself (Otokonoko Heaven Vol. 04) [English] =SW=.zip
2016-07-17 21:21 - 2016-07-17 21:21 - 41131479 _____ C:\Users\Mew\Downloads\(COMIC1☆7) [Forest Snow (Morina Masayuki)] Kore ga  Watashi no Otomedou ! (Girls und Panzer).zip
2016-07-15 21:32 - 2016-07-15 21:32 - 34673116 _____ C:\Users\Mew\Downloads\(C83) [necrolincer (Kimoto Kanata)] Sensha Gedou (Girls und Panzer).zip
2016-07-15 21:32 - 2016-07-15 21:32 - 17283599 _____ C:\Users\Mew\Downloads\(C83) [chaos-graphixxx (mdo-h)] Akiyamax! (Girls und Panzer).zip
2016-07-15 21:31 - 2016-07-15 21:31 - 19477637 _____ C:\Users\Mew\Downloads\(C84) [chaos-graphixxx (mdo-h)] Akiyamax!! Panzer vor! (Girls und Panzer).zip
2016-07-15 21:30 - 2016-07-15 21:31 - 18686592 _____ C:\Users\Mew\Downloads\(COMIC1☆7) [Kossori Kakure Dokoro (Island)] R-ANKOH! (Girls und Panzer) [English] [EHCove].zip
2016-07-15 21:29 - 2016-07-15 21:30 - 43508464 _____ C:\Users\Mew\Downloads\[Ahemaru (Henrik)] Ura Senshadou   Black Market Tankery (Girls und Panzer) [English] =SNP= [Digital].zip
2016-07-15 21:29 - 2016-07-15 21:30 - 109896135 _____ C:\Users\Mew\Downloads\(COMIC1☆7) [BLACK DOG (Kuroinu Juu)] Dame! Zettai! Chikan Sensha! (Girls und Panzer) [English] [Tigoris Translates].zip
2016-07-15 21:26 - 2016-07-15 21:27 - 89984413 _____ C:\Users\Mew\Downloads\(COMIC1☆7) [necrolincer (Kimoto Kanata)] Sensha Gedou 2 (Girls und Panzer) [English] [Tigoris Translates].zip
2016-07-15 21:24 - 2016-07-15 21:24 - 20454687 _____ C:\Users\Mew\Downloads\(C84) [Majimeya (isao)] Genshiken no Ero hon (Genshiken).zip
2016-07-15 21:23 - 2016-07-15 21:24 - 04995902 _____ C:\Users\Mew\Downloads\(Mori no Kiseki 22) [Wareme (Koppe)] Suu (Genshiken).zip
2016-07-15 15:26 - 2016-07-15 15:26 - 00540783 _____ C:\Users\Mew\Documents\hibiki.webm
2016-07-14 13:47 - 2016-07-14 13:47 - 00000000 ____D C:\Users\Mew\Documents\Updater
2016-07-12 13:05 - 2016-07-12 13:09 - 00000000 ____D C:\Users\Mew\Downloads\[Oomori Harusame] Hisoka ni Oshiete!   Secret Lessons! (COMIC HOTMiLK 2010-04) [English]
2016-07-12 13:05 - 2016-07-12 13:09 - 00000000 ____D C:\Users\Mew\Downloads\[Aogiri Penta (High-Spirit)] Oshikake Pretty! (Mushiro, Gohoubi Vol.2) (ENG) =SW=
2016-07-12 13:00 - 2016-07-12 13:00 - 25115116 _____ C:\Users\Mew\Downloads\[Oomori Harusame] Hisoka ni Oshiete!   Secret Lessons! (COMIC HOTMiLK 2010-04) [English].zip
2016-07-12 12:29 - 2016-07-12 12:29 - 28853207 _____ C:\Users\Mew\Downloads\[Aogiri Penta (High-Spirit)] Oshikake Pretty! (Mushiro, Gohoubi Vol.2) (ENG) =SW=.zip
2016-07-12 12:20 - 2016-07-12 12:21 - 06658297 _____ C:\Users\Mew\Downloads\LEE  (CHICHI) (DRAGON BALL).zip
2016-07-12 09:54 - 2016-07-12 09:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-07-10 22:58 - 2016-07-10 22:58 - 09064898 _____ C:\Users\Mew\Downloads\[GOD Ryokutya (Bu-chan)] Chinpoko Delicious Wonderful! [Digital] (1).zip
2016-07-09 16:04 - 2016-07-09 16:04 - 04015992 _____ C:\Users\Mew\Downloads\Commission - Pacifica 10hr.zip
2016-07-08 20:26 - 2016-07-08 20:28 - 139740222 _____ C:\Users\Mew\Downloads\[Wamusato Haru] Sankakukan [English] [Kusanyagi + Carstairs + Wrathkal + Ero-Otoko].zip
2016-07-08 15:00 - 2016-07-08 15:01 - 131586611 _____ C:\Users\Mew\Downloads\Feywilde - Ouka Cosplay.zip
2016-07-08 14:59 - 2016-07-08 15:01 - 91669965 _____ C:\Users\Mew\Downloads\Feywilde - FFXI Vanadiel Vixen.zip
2016-07-08 14:59 - 2016-07-08 15:01 - 204152186 _____ C:\Users\Mew\Downloads\Feywilde - Miqo'te Seductress Cosplay.zip
2016-07-08 14:50 - 2016-07-08 14:52 - 148409019 _____ C:\Users\Mew\Downloads\Feywilde - Tifa Cosplay.zip
2016-07-08 14:49 - 2016-07-08 14:54 - 502805612 _____ C:\Users\Mew\Downloads\Feywilde - Miqo'te Cosplay.zip
2016-07-08 14:49 - 2016-07-08 14:52 - 245697364 _____ C:\Users\Mew\Downloads\Feywilde - Sonico Cosplay.zip
2016-07-08 14:49 - 2016-07-08 14:50 - 84578767 _____ C:\Users\Mew\Downloads\Feywilde - Velvet Cosplay.zip
2016-07-08 14:49 - 2016-07-08 14:50 - 55633571 _____ C:\Users\Mew\Downloads\Feywilde - Hex Maniac Cosplay.zip
2016-07-08 14:15 - 2016-07-08 14:15 - 00566128 _____ (Malwarebytes) C:\Users\Mew\Downloads\mbam-clean-2.3.0.1001.exe
2016-07-07 22:51 - 2016-07-07 22:54 - 213134523 _____ C:\Users\Mew\Downloads\Feywilde + Unknown - Asuna Leafa Cosplay.zip
2016-07-07 22:50 - 2016-07-07 22:53 - 228774942 _____ C:\Users\Mew\Downloads\Feywilde - Alleyne Cosplay.zip
2016-07-07 16:31 - 2016-07-07 16:31 - 00000000 ____D C:\Users\Mew\Downloads\RJ173517
2016-07-07 16:29 - 2016-07-07 16:30 - 57207121 _____ C:\Users\Mew\Downloads\RJ173517.zip
2016-07-07 07:57 - 2016-07-07 07:57 - 00000000 ____D C:\Users\Mew\Downloads\KanColleViewer-4.2.7.0
2016-07-06 17:03 - 2016-07-06 17:03 - 22851472 _____ (Malwarebytes ) C:\Users\Mew\Downloads\mbam-setup-2.2.1.1043 (1).exe
2016-07-05 20:34 - 2016-07-05 20:34 - 22851472 _____ (Malwarebytes ) C:\Users\Mew\Downloads\mbam-setup-2.2.1.1043.exe
2016-07-05 18:48 - 2016-07-05 18:48 - 10175310 _____ C:\Users\Mew\Downloads\[Ponsuke] Natsukaze   Summer Cold (COMIC LO 2013-08) [English].zip
2016-07-05 18:18 - 2016-07-05 18:19 - 58698478 _____ C:\Users\Mew\Downloads\(SC64) [Raijinkai (Haruki Genia)] Lebe-kun no Yuuutsu (Kantai Collection -KanColle-).zip
2016-07-04 22:04 - 2016-07-04 22:04 - 00516947 _____ C:\Users\Mew\Documents\1467621095514.webm
2016-07-04 18:01 - 2016-07-04 18:01 - 07242894 _____ C:\Users\Mew\Downloads\[Shindou] Haikyuu-gakari no Onee-san   Deployment Duty Girl (COMIC Megastore Alpha 2016-06) [English] =TLL+CW=.zip
2016-07-03 23:00 - 2016-07-03 23:00 - 01034578 _____ C:\Users\Mew\Documents\macaroni.webm
2016-07-01 17:07 - 2016-07-01 17:08 - 111595896 _____ C:\Users\Mew\Downloads\Feywilde - Nonon Cosplay.zip
2016-07-01 17:06 - 2016-07-01 17:10 - 234660630 _____ C:\Users\Mew\Downloads\Feywilde - Holo Cosplay.zip
2016-07-01 17:06 - 2016-07-01 17:09 - 193433256 _____ C:\Users\Mew\Downloads\Feywilde - Leafa Cosplay.zip
2016-07-01 17:06 - 2016-07-01 17:08 - 124967148 _____ C:\Users\Mew\Downloads\Feywilde - Makoto Cosplay.zip
2016-07-01 15:36 - 2016-07-01 15:37 - 14432875 _____ C:\Users\Mew\Downloads\(C84) [Abradeli Kami (bobobo)] Ssu!! (Gatchaman Crowds) [English] (1).zip
2016-07-01 15:36 - 2016-07-01 15:36 - 08152894 _____ C:\Users\Mew\Downloads\(C83) [Full High Kick (Mimofu)] Thanks to you guys I'm finally popular! (WataMote) [English] [Trinity Translations].zip
2016-06-30 10:54 - 2016-06-30 10:55 - 71714331 _____ C:\Users\Mew\Downloads\RJ135875.zip
2016-06-30 10:45 - 2016-06-30 10:45 - 05560963 _____ C:\Users\Mew\Downloads\いやらしいリナ会長.zip
2016-06-30 10:45 - 2016-06-30 10:45 - 01821986 _____ C:\Users\Mew\Downloads\ごちうさ水着まとめ.zip
2016-06-30 10:44 - 2016-06-30 10:44 - 29571729 _____ C:\Users\Mew\Downloads\青葉ちゃんまとめ.zip
2016-06-30 10:43 - 2016-06-30 10:43 - 01975140 _____ C:\Users\Mew\Downloads\あけましておめでポーン尻.zip
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-07-29 06:37 - 2015-06-02 17:27 - 00000928 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-07-29 06:35 - 2013-09-01 04:29 - 01671680 ___SH C:\Users\Mew\Desktop\Thumbs.db
2016-07-29 06:32 - 2016-02-26 20:03 - 00000000 ____D C:\Users\Mew\AppData\Roaming\Skype
2016-07-29 05:40 - 2014-01-14 06:59 - 00000932 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-29 05:40 - 2014-01-14 06:59 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-29 05:35 - 2014-01-14 06:59 - 00003904 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-29 05:35 - 2014-01-14 06:59 - 00003668 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-29 05:27 - 2014-06-06 15:04 - 00003790 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{024568A9-A5E9-4915-AD30-1686AB547767}
2016-07-29 05:26 - 2014-05-31 06:58 - 00000000 __RDO C:\Users\Mew\OneDrive
2016-07-29 05:25 - 2016-04-10 06:29 - 00000000 ___RD C:\Users\Mew\Dropbox
2016-07-29 05:24 - 2013-07-23 18:07 - 00000000 ____D C:\Program Files (x86)\Steam
2016-07-29 05:23 - 2015-06-02 17:27 - 00000924 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-07-28 21:41 - 2013-07-22 17:29 - 00000000 ____D C:\Users\Mew\AppData\Roaming\uTorrent
2016-07-28 21:41 - 2013-07-22 12:01 - 00000000 ____D C:\Users\Mew\AppData\Roaming\X-Chat 2
2016-07-28 14:51 - 2013-08-22 05:17 - 45055488 ___SH C:\Users\Mew\Documents\Thumbs.db
2016-07-28 06:21 - 2014-07-17 04:31 - 00000000 ____D C:\Users\Mew\Documents\For when my HD comes back
2016-07-26 20:00 - 2013-07-22 17:09 - 00000000 ____D C:\Users\Mew\AppData\Local\Last.fm
2016-07-25 23:06 - 2014-02-19 05:43 - 00000000 ____D C:\Users\Mew\AppData\Roaming\MPC-HC
2016-07-25 15:54 - 2013-07-27 22:10 - 03133440 ___SH C:\Users\Mew\Downloads\Thumbs.db
2016-07-23 04:36 - 2014-01-13 17:03 - 00000000 ____D C:\Program Files\SoftEther VPN Client
2016-07-23 04:35 - 2015-08-06 13:58 - 00000000 ____D C:\ProgramData\NVIDIA
2016-07-23 04:35 - 2013-08-22 23:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-07-23 03:22 - 2014-05-31 06:35 - 00000000 ____D C:\Users\Mew
2016-07-22 05:53 - 2013-07-22 11:07 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3698422649-1094143023-1666785436-1001
2016-07-21 16:15 - 2014-03-21 10:54 - 00000000 ____D C:\Users\Mew\AppData\Local\Battle.net
2016-07-21 14:05 - 2013-07-22 18:55 - 144749672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-07-21 12:57 - 2014-07-21 14:03 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-07-21 12:51 - 2013-08-22 22:36 - 00000000 ____D C:\WINDOWS\Inf
2016-07-21 10:02 - 2016-05-25 11:18 - 00002212 _____ C:\Users\Mew\Desktop\Discord.lnk
2016-07-21 10:02 - 2016-05-25 11:18 - 00000000 ____D C:\Users\Mew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2016-07-21 10:02 - 2016-05-25 11:17 - 00000000 ____D C:\Users\Mew\AppData\Roaming\discord
2016-07-21 10:02 - 2016-05-25 11:17 - 00000000 ____D C:\Users\Mew\AppData\Local\Discord
2016-07-20 03:06 - 2013-08-23 00:36 - 00000000 ____D C:\WINDOWS\tracing
2016-07-20 02:15 - 2012-07-26 17:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-07-19 23:08 - 2016-06-09 20:48 - 00000000 ____D C:\WINDOWS\Minidump
2016-07-19 15:24 - 2016-06-01 10:45 - 00466456 _____ (Creative Labs) C:\WINDOWS\system32\wrap_oal.dll
2016-07-19 15:24 - 2016-06-01 10:45 - 00444952 _____ (Creative Labs) C:\WINDOWS\SysWOW64\wrap_oal.dll
2016-07-19 15:24 - 2016-06-01 10:45 - 00122904 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\system32\OpenAL32.dll
2016-07-19 15:24 - 2016-06-01 10:45 - 00109080 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\SysWOW64\OpenAL32.dll
2016-07-19 12:54 - 2013-08-23 00:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-07-14 18:14 - 2016-04-03 18:43 - 00004476 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-07-14 18:13 - 2016-04-03 18:42 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-07-12 09:54 - 2015-06-02 17:27 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-07-08 06:38 - 2016-06-27 16:21 - 00000002 _____ C:\END
2016-07-07 09:39 - 2013-07-22 18:57 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-07-07 08:03 - 2016-02-24 20:39 - 00002174 _____ C:\Users\Mew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\提督業も忙しい!.lnk
2016-07-04 22:00 - 2014-04-22 19:22 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-06-29 16:31 - 2015-02-23 17:27 - 00000000 ____D C:\Users\Mew\AppData\Local\NexonLauncher
2016-06-29 13:42 - 2014-03-18 19:03 - 00338232 _____ C:\WINDOWS\system32\PerfStringBackup.INI
 
==================== Files in the root of some directories =======
 
2014-09-26 07:35 - 2014-09-26 07:35 - 0000132 _____ () C:\Users\Mew\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-05-16 03:10 - 2014-05-16 03:10 - 0607664 _____ (Neople inc) C:\Users\Mew\AppData\Local\DFOIns.exe
2014-05-16 03:10 - 2014-05-16 21:05 - 0477104 _____ (Neople inc) C:\Users\Mew\AppData\Local\NeopleCustomURLStarter.exe
2014-09-23 07:39 - 2014-09-23 07:39 - 0004376 _____ () C:\Users\Mew\AppData\Local\recently-used.xbel
2014-07-19 17:50 - 2014-07-19 17:50 - 0000438 _____ () C:\Users\Mew\AppData\Local\ReclaiMe.config
2014-05-31 06:30 - 2014-05-31 06:30 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-07-19 17:50 - 2014-07-19 17:50 - 0000896 _____ () C:\ProgramData\ReclaiMe.config
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-07-22 16:01
 
==================== End of FRST.txt ============================

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:46 AM

Posted 29 July 2016 - 07:52 AM

Remove this old version of Flash via the Control Panel > Programs > Programs and Features.
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3698422649-1094143023-1666785436-1001\...\Run: [AdobeBridge] => [X]
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @TrendMicro.com/FFExtension -> C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll [No File]
CHR HomePage: Default -> hxxp://search.babylon.com/?affID=109935&tt=060612_6_&babsrc=HP_ss&mntrId=609f5c3200000000000000173f3cbe64
CHR StartupUrls: Default -> "hxxp://search.babylon.com/?affID=109935&tt=060612_6_&babsrc=HP_ss&mntrId=609f5c3200000000000000173f3cbe64","hxxp://www.yahoo.com/","hxxp://search.conduit.com/?CUI=UN61415083828592612&ctid=CT3101810&SearchSource=48"
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-05]
CHR HKLM\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - <no Path/update_url>
S3 SwitchBoard; "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [X]
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
S3 xhunter1; \??\C:\WINDOWS\xhunter1.sys [X]
C:\Users\Mew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
AlternateDataStreams: C:\ProgramData\Temp:B755D674 [129]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Please post the logs and let me know what problem persists with this computer.

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:46 AM

Posted 04 August 2016 - 10:16 AM

Are you still with me?

#6 Mewmatic197

Mewmatic197
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 07 August 2016 - 03:39 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 27-07-2016
Ran by Mew (2016-07-30 03:48:03) Run:1
Running from C:\Users\Mew\Desktop\New folder (4)
Loaded Profiles: Mew (Available Profiles: Mew)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3698422649-1094143023-1666785436-1001\...\Run: [AdobeBridge] => [X]
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @TrendMicro.com/FFExtension -> C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll [No File]
CHR HomePage: Default -> hxxp://search.babylon.com/?affID=109935&tt=060612_6_&babsrc=HP_ss&mntrId=609f5c3200000000000000173f3cbe64
CHR StartupUrls: Default -> "hxxp://search.babylon.com/?affID=109935&tt=060612_6_&babsrc=HP_ss&mntrId=609f5c3200000000000000173f3cbe64","hxxp://www.yahoo.com/","hxxp://search.conduit.com/?CUI=UN61415083828592612&ctid=CT3101810&SearchSource=48"
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-05]
CHR HKLM\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - <no Path/update_url>
S3 SwitchBoard; "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [X]
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
S3 xhunter1; \??\C:\WINDOWS\xhunter1.sys [X]
C:\Users\Mew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
AlternateDataStreams: C:\ProgramData\Temp:B755D674 [129]
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-3698422649-1094143023-1666785436-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found. 
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@TrendMicro.com/FFExtension" => key removed successfully
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
C:\Users\Mew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee" => key removed successfully
SwitchBoard => service removed successfully
EagleX64 => service removed successfully
xhunter1 => service removed successfully
"C:\Users\Mew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda" => not found.
C:\ProgramData\Temp => ":B755D674" ADS removed successfully.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 16777216 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 29021282 B
Java, Flash, Steam htmlcache => 250359878 B
Windows/system/drivers => 8306708 B
Edge => 0 B
Chrome => 333568301 B
Firefox => 378904942 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 463369 B
systemprofile32 => 7779 B
LocalService => 0 B
NetworkService => 453834 B
Mew => 237967069 B
 
RecycleBin => 0 B
EmptyTemp: => 1.2 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 03:52:38 ====
 
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------# AdwCleaner v5.201 - Logfile created 07/08/2016 at 17:24:31
# Updated 30/06/2016 by ToolsLib
# Database : 2016-08-06.2 [Server]
# Operating system : Windows 8.1  (X64)
# Username : Mew - MEWSCOMPUTER
# Running from : C:\Users\Mew\Downloads\adwcleaner_5.201.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
[-] File Deleted : C:\END
[-] File Deleted : C:\Users\Mew\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.toptvtabsearch.com_0.localstorage
[-] File Deleted : C:\Users\Mew\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.toptvtabsearch.com_0.localstorage-journal
 
***** [ DLLs ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Mew\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Mew\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Mew\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search.conduit.com
[-] [C:\Users\Mew\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : websearch.ask.com
[-] [C:\Users\Mew\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : adobe-photoshop-cs2.en.softonic.com
[-] [C:\Users\Mew\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://search.babylon.com/?affID=109935&tt=060612_6_&babsrc=HP_ss&mntrId=609f5c3200000000000000173f3cbe64
[-] [C:\Users\Mew\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://search.conduit.com/?CUI=UN61415083828592612&ctid=CT3101810&SearchSource=48
[-] [C:\Users\Mew\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://search.babylon.com/?affID=109935&tt=060612_6_&babsrc=HP_ss&mntrId=609f5c3200000000000000173f3cbe64
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [2250 bytes] - [07/08/2016 17:24:31]
C:\AdwCleaner\AdwCleaner[S1].txt - [2247 bytes] - [07/08/2016 17:22:15]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2396 bytes] ##########
 
----------------------
I'm still being randomly directed to websites such as:
Spoiler
It 
doesn't matter what website I go to, or what I am doing, websites similar to this one keep popping up in my tabs while browsing Chrome.
 
Thank you for the help so far, and sorry for the late message


#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:46 AM

Posted 07 August 2016 - 08:18 AM

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyclsid;
emptyffcache;
FFdefaults;
emptyiecache;
iedefaults;
emptychrcache;
CHRdefaults;
emptyalltemp;
emptyfolderscheck;delete
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.
===

Also, please provide an update on how the computer is behaving after running the above script.

#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:46 AM

Posted 13 August 2016 - 10:05 AM

Are you still with me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users