Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't seem to get rid of Mail.ru malware, keeps infecting Chrome


  • This topic is locked This topic is locked
5 replies to this topic

#1 Kapeksy12

Kapeksy12

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 15 August 2016 - 09:52 PM

Hello! First of all, thanks. I've been following and reading the forums and I've been able to solve most of my issues.

 

However this one is still there and I can't seem to get rid of it:

 

Long story short, I got infected by a mail.ru malware through a "Trainer" program for a game, and I kept getting random pop-ups, redirected and extensions added to Internet Explorer/Chrome and Firefox. The program has been deleted, and the infection was just yesterday.

 

I have ran Kaspersky, AdwCleaner and Malwarebytes and have been able to mostly get rid of the issues. No more popups or redirects.

 

However, now I have an issue on Chrome I can't seem to figure out. I kept getting the extensions of mail ru added to chrome by default, I would just click disable and not much else would happen. But of course it bothered me and so I tried uninstalling Chrome, and nothing. Whenever I reinstall or reset chrome to default/delete "person", the extensions get added back as if it was part of the default installation.

 

This bothers me because I feel the infestation is still there... I can run Kaspersky and Malwarebytes but they don't seem to find anything wrong with chrome anymore, Adwcleaner however does find the issues. And then it successfully "cleans" the issues and restarts, yet as soon as I open chrome again the extensions re-appear. They say they are being added by another program, but I don't know why I have been able to successfully clean Firefox and Internet Explorer yet Chrome keeps bugged.

 

Anyway here's the logs, I appreciate any help that could be given. If I need to add anything else please let me know, I'll keep checking this topic! Thanks!

 

PS: I added a picture of one of the extension popups that show up on chrome, there's 4 total that get added with the same message just different icon. They have legitimate links to the chrome webstore from what I can see.

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-08-2016 01
Ran by Carlos (administrator) on MILO (15-08-2016 21:45:22)
Running from D:\ChrDownloads
Loaded Profiles: Carlos (Available Profiles: Carlos & Carl)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Alienware) C:\Program Files\Alienware\Graphics Amplifier\GraphicsAmplifierWindowsService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
( ) C:\Windows\System32\lxdicoms.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\avp.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\avpui.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
() C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
(Compal Inc.) C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienwareTactXMacroController.exe
() C:\Program Files (x86) (x86)\Lexmark 3500-4500 Series\lxdimon.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionController.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\AlienRespawn\SftService.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(SoftThinks - Dell) C:\Program Files (x86)\AlienRespawn\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\AlienRespawn\Toaster.exe
(SoftThinks) C:\Program Files (x86)\AlienRespawn\Components\OnlineCDP\backup.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(SoftThinks - Dell) C:\Program Files (x86)\AlienRespawn\Components\Shell\DBRSync.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() D:\ChrDownloads\adwcleaner_6.000.exe
(Microsoft Corporation) C:\Windows\regedit.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_22_0_0_209.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_22_0_0_209.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation)
HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [35216 2014-11-10] (Alienware)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [StageLightUpdate] => C:\Program Files\Stagelight\StagelightUpdate.exe [1397208 2014-08-20] ()
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3945672 2015-07-16] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.)
HKLM\...\Run: [lxdimon.exe] => C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdimon.exe [434856 2009-04-27] ()
HKLM\...\Run: [lxdiamon] => C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdiamon.exe [25256 2009-04-27] ()
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE
HKLM-x32\...\Run: [Sound Blaster Recon3Di SBX Control Panel] => c:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe [1129984 2014-03-20] (Creative Technology Ltd)
HKLM-x32\...\Run: [AlienwareOn-ScreenDisplay] => C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe [3746560 2014-09-26] (Compal Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [883352 2015-12-14] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [lxdimon.exe] => C:\Program Files (x86) (x86)\Lexmark 3500-4500 Series\lxdimon.exe [434856 2009-04-27] ()
HKLM-x32\...\Run: [lxdiamon] => C:\Program Files (x86) (x86)\Lexmark 3500-4500 Series\lxdiamon.exe [25256 2009-04-27] ()
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Carlos\AppData\Local\MEGAsync\ShellExtX64.dll No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Carlos\AppData\Local\MEGAsync\ShellExtX64.dll No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Carlos\AppData\Local\MEGAsync\ShellExtX64.dll No File
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Program Files (x86)\AlienRespawn\Components\Shell\DBROverlayIconBackuped.dll [2015-07-27] (SoftThinks SAS)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Program Files (x86)\AlienRespawn\Components\Shell\DBROverlayIconNotBackuped.dll [2015-07-27] (SoftThinks SAS)
ShellIconOverlayIdentifiers: [DBRShellOverlayBackupFile] -> {831CEBDD-6BAF-4432-BE76-9E0989C14AEF} => C:\Program Files (x86)\AlienRespawn\Components\Shell\DBROverlayIconBackuped.dll [2015-07-27] (SoftThinks SAS)
ShellIconOverlayIdentifiers: [DBRShellOverlayModifiedBackupFile] -> {275E4FD7-21EF-45CF-A836-832E5D2CC1B3} => C:\Program Files (x86)\AlienRespawn\Components\Shell\DBROverlayIconNotBackuped.dll [2015-07-27] (SoftThinks SAS)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-06-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-06-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-06-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Carlos\AppData\Local\MEGAsync\ShellExtX32.dll No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Carlos\AppData\Local\MEGAsync\ShellExtX32.dll No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Carlos\AppData\Local\MEGAsync\ShellExtX32.dll No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2016-08-15]
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{EBB6EF1E-4289-4B2E-8BD8-AE0303EC8FD5}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 0.0.0.0
Tcpip\..\Interfaces\{707823c6-91dd-4aa2-b6a5-d3ade9c55f0b}: [DhcpNameServer] 192.168.1.254 0.0.0.0
Tcpip\..\Interfaces\{c8dce9ae-d10d-4eb4-b364-7ecca0c505e8}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{eb2d66e0-6f63-4ea0-bdc3-61f33f1770bb}: [DhcpNameServer] 192.168.1.254 0.0.0.0

Internet Explorer:
==================
HKU\S-1-5-21-4176796193-3150544440-4270807610-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-4176796193-3150544440-4270807610-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.alienwarearena.com/welcome-ca-e
HKU\S-1-5-21-4176796193-3150544440-4270807610-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE03&ocid=UE03DHP
HKU\S-1-5-21-4176796193-3150544440-4270807610-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.alienwarearena.com/welcome-ca-e
HKU\S-1-5-21-4176796193-3150544440-4270807610-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://prodigy.msn.com/es-mx/?pc=UE03&ocid=UE03DHP
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-06-14] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-06-14] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-06-14] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-29] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-06-14] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-29] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\knusewl9.default-1471309726928
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-10-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-10-10] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-29] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-06-17] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-04-01] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-07-10] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-07-10] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_ACF0E80077C511E59DED005056C00008@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi [2016-04-29]
FF HKU\S-1-5-21-4176796193-3150544440-4270807610-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => not found

Chrome:
=======
CHR Profile: C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Docs) - C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-15]
CHR Extension: (Google Drive) - C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-15]
CHR Extension: (YouTube) - C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-15]
CHR Extension: (Gmail) - C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-15]
CHR HKLM\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [ccfifbojenkenpkmnbnndeadpfdiffof] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi
CHR HKLM-x32\...\Chrome\Extension: [oelpkepjlgmehajehfeicfbjdiobdkfj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ojlcebdkbpjdpiligkdbbkdkfjmchbfd] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [309376 2014-09-18] (Qualcomm Atheros) [File not signed]
R2 AVP16.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\avp.exe [236928 2015-12-22] (AO Kaspersky Lab)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [432792 2015-12-14] (BlueStack Systems, Inc.)
S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [412312 2015-12-14] (BlueStack Systems, Inc.)
S3 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [854680 2015-12-14] (BlueStack Systems, Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3189488 2016-07-02] (Microsoft Corporation)
R2 CTAudSvcService; c:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [429056 2013-10-28] (Creative Technology Ltd) [File not signed]
R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [133640 2015-07-27] (Creative Technology Ltd)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [153960 2016-04-29] (Dell)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-03-10] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-03-10] (Dell Inc.)
R2 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [1037568 2014-09-19] (Intel Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-14] (NVIDIA Corporation)
R2 GraphicsAmplifierWindowsService; C:\Program Files\Alienware\Graphics Amplifier\GraphicsAmplifierWindowsService.exe [7680 2014-11-10] (Alienware) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [362920 2015-11-04] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel® Corporation)
S3 ioloEnergyBooster; C:\Program Files\Alienware\Command Center\ioloEnergyBooster.exe [6145872 2012-11-01] (iolo technologies, LLC)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [158496 2014-10-10] (Intel Corporation)
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\x64\vssbridge64.exe [152488 2015-12-22] (AO Kaspersky Lab)
R2 lxdi_device; C:\WINDOWS\system32\lxdicoms.exe [876976 2007-06-11] ( )
R2 lxdi_device; C:\WINDOWS\SysWOW64\lxdicoms.exe [517040 2007-06-11] ( )
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [3520872 2015-09-22] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation)
S3 Origin Client Service; D:\Origin\OriginClientService.exe [2007048 2015-08-08] (Electronic Arts)
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [387584 2014-09-19] (Qualcomm Atheros) [File not signed]
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31928 2016-04-22] (Dell Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-07-16] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-06-30] (Microsoft Corporation)
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\Dr.Fone for iOS (CPC)\DriverInstall.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [97968 2014-09-11] (Qualcomm Atheros, Inc.)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [146016 2015-12-14] (BlueStack Systems)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
R3 cthda; C:\Windows\system32\drivers\cthda.sys [1075496 2015-07-27] (Creative Technology Ltd)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-02-26] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-09-11] (Dell Computer Corporation)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R3 dptf_acpi; C:\Windows\System32\drivers\dptf_acpi.sys [41824 2014-09-19] (Intel Corporation)
R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [38720 2014-09-19] (Intel Corporation)
S3 dump_wmimmc; C:\MoveGames\DMO_GSP\GameGuard\dump_wmimmc.sys [183144 2015-11-27] ()
R0 EMSC; C:\Windows\System32\drivers\EMSC.SYS [17720 2012-07-10] ()
R0 EMSC; C:\Windows\SysWOW64\drivers\EMSC.SYS [15160 2012-07-10] ()
R3 esif_lf; C:\Windows\System32\drivers\esif_lf.sys [216360 2014-09-19] (Intel Corporation)
S3 facap; C:\Windows\system32\DRIVERS\facap.sys [37888 2012-09-03] (Windows ® Win 7 DDK provider)
R3 Ke2200; C:\Windows\System32\drivers\e22w8x64.sys [130224 2014-03-27] (Qualcomm Atheros, Inc.)
R3 kiox_ff_driver; C:\Windows\System32\drivers\kiox_ff_driver.sys [32736 2014-10-09] (Kionix, Inc.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-09-11] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [79752 2015-12-01] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [78200 2015-12-02] (AO Kaspersky Lab)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [30328 2015-06-24] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [182664 2015-12-11] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\drivers\klhk.sys [237488 2016-04-29] (AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP16.0.1\Bases\klids.sys [182360 2016-08-15] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [987568 2016-04-29] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [51288 2016-04-29] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [52608 2015-11-11] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45960 2015-12-07] (AO Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [87944 2015-10-06] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [112520 2015-12-03] (AO Kaspersky Lab)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [194440 2015-12-03] (AO Kaspersky Lab)
R0 kxdiskprot; C:\Windows\System32\DRIVERS\kxdiskprot.sys [30664 2014-10-09] (Kionix, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-08-15] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-10-10] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R3 Qcamain10x64; C:\Windows\System32\drivers\Qcamain10x64.sys [2409144 2016-04-08] (Qualcomm Atheros, Inc.)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [751632 2015-05-14] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-07-16] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-07-11] (Intel Corporation)
S3 PCDSRVC{90AB3B40-A9A6E5C8-06020200}_0; \??\c:\program files\alienware\supportassist\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-15 21:44 - 2016-08-15 21:45 - 00000000 ____D C:\FRST
2016-08-15 20:34 - 2016-08-15 20:34 - 00000000 ____D C:\ProgramData\PCDr
2016-08-15 20:14 - 2016-08-15 20:14 - 00002350 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-15 20:14 - 2016-08-15 20:14 - 00002338 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-08-15 20:11 - 2016-08-15 21:22 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-15 20:11 - 2016-08-15 21:16 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-15 20:11 - 2016-08-15 20:17 - 00003974 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-08-15 20:11 - 2016-08-15 20:17 - 00003742 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-08-15 20:08 - 2016-08-15 20:08 - 00000000 ____D C:\Users\Carlos\Desktop\Old Firefox Data
2016-08-15 19:40 - 2015-07-31 16:29 - 00000119 ____H C:\DBAR_Ver.txt
2016-08-15 19:36 - 2016-08-15 19:36 - 00325708 _____ C:\Users\Carlos\Desktop\bookmarks.html
2016-08-15 19:36 - 2016-08-15 19:36 - 00175787 _____ C:\Users\Carlos\Desktop\bookmarks-2016-08-15.json
2016-08-15 18:06 - 2016-08-15 18:06 - 00012699 _____ C:\Users\Carlos\Desktop\ookk.txt
2016-08-15 17:35 - 2016-08-15 21:16 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-08-15 17:35 - 2016-08-15 17:35 - 00002196 _____ C:\Users\Public\Desktop\Kaspersky Total Security.lnk
2016-08-15 17:35 - 2016-08-15 17:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security
2016-08-15 17:35 - 2016-08-15 17:35 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2016-08-15 17:35 - 2016-04-29 03:29 - 00987568 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2016-08-15 17:35 - 2016-04-29 03:29 - 00237488 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klhk.sys
2016-08-15 17:35 - 2015-12-11 17:31 - 00182664 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys
2016-08-15 17:35 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll
2016-08-15 16:37 - 2016-08-15 16:37 - 00001397 _____ C:\Users\Carlos\Desktop\thr.txt
2016-08-15 09:43 - 2016-08-15 09:43 - 00000000 ___HD C:\$WINDOWS.~BT
2016-08-15 07:06 - 2016-08-15 21:16 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-08-15 07:06 - 2016-08-15 07:27 - 00001171 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-08-15 07:06 - 2016-08-15 07:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-08-15 07:06 - 2016-08-15 07:06 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-08-15 07:06 - 2016-08-15 07:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-08-15 07:06 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-08-15 07:06 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-08-15 07:06 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-08-15 06:55 - 2016-08-15 06:55 - 00000028 _____ C:\Users\Carlos\Desktop\strtup.txt
2016-08-15 06:44 - 2016-08-15 06:44 - 00000901 _____ C:\Users\Carlos\Desktop\JRT.txt
2016-08-15 06:22 - 2016-08-15 06:22 - 00268388 _____ C:\WINDOWS\Minidump\081516-21000-01.dmp
2016-08-15 05:54 - 2016-08-15 20:38 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-08-15 05:54 - 2016-08-15 05:54 - 00268820 _____ C:\WINDOWS\Minidump\081516-20015-01.dmp
2016-08-15 05:50 - 2016-08-15 05:50 - 00323412 _____ C:\WINDOWS\Minidump\081516-73140-01.dmp
2016-08-15 05:43 - 2016-08-15 21:26 - 00000000 ____D C:\AdwCleaner
2016-08-15 04:37 - 2016-08-15 19:22 - 00000000 ____D C:\Users\Carlos\AppData\Local\syslog
2016-08-14 19:51 - 2016-07-10 21:34 - 01887800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvCamera64.dll
2016-08-14 19:51 - 2016-07-10 21:34 - 01595840 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvCamera32.dll
2016-08-14 19:51 - 2016-07-10 17:37 - 00127424 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2016-08-14 19:50 - 2016-08-14 19:50 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2016-08-14 19:50 - 2016-08-14 19:50 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-08-14 19:50 - 2016-05-03 21:23 - 00129824 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2016-08-14 19:50 - 2016-05-03 21:22 - 00130848 _____ C:\WINDOWS\system32\vulkan-1.dll
2016-08-14 19:50 - 2016-05-03 21:22 - 00045344 _____ C:\WINDOWS\system32\vulkaninfo.exe
2016-08-14 19:50 - 2016-05-03 21:22 - 00040224 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2016-08-14 19:49 - 2016-07-10 21:34 - 39977920 _____ C:\WINDOWS\system32\nvcompiler.dll
2016-08-14 19:49 - 2016-07-10 21:34 - 35117112 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2016-08-14 19:49 - 2016-07-10 21:34 - 31680568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2016-08-14 19:49 - 2016-07-10 21:34 - 25442240 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2016-08-14 19:49 - 2016-07-10 21:34 - 20417200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2016-08-14 19:49 - 2016-07-10 21:34 - 17764408 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2016-08-14 19:49 - 2016-07-10 21:34 - 17463992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2016-08-14 19:49 - 2016-07-10 21:34 - 14487768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2016-08-14 19:49 - 2016-07-10 21:34 - 10700592 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2016-08-14 19:49 - 2016-07-10 21:34 - 10656296 _____ C:\WINDOWS\system32\nvptxJitCompiler.dll
2016-08-14 19:49 - 2016-07-10 21:34 - 10243600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2016-08-14 19:49 - 2016-07-10 21:34 - 09028360 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2016-08-14 19:49 - 2016-07-10 21:34 - 08742360 _____ C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2016-08-14 19:49 - 2016-07-10 21:34 - 08622576 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2016-08-14 19:49 - 2016-07-10 21:34 - 02868160 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2016-08-14 19:49 - 2016-07-10 21:34 - 02497984 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2016-08-14 19:49 - 2016-07-10 21:34 - 01939000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6436881.dll
2016-08-14 19:49 - 2016-07-10 21:34 - 01571776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6436881.dll
2016-08-14 19:49 - 2016-07-10 21:34 - 00999872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2016-08-14 19:49 - 2016-07-10 21:34 - 00930360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2016-08-14 19:49 - 2016-07-10 21:34 - 00909248 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2016-08-14 19:49 - 2016-07-10 21:34 - 00852024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2016-08-14 19:49 - 2016-07-10 21:34 - 00802816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2016-08-14 19:49 - 2016-07-10 21:34 - 00801792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2016-08-14 19:49 - 2016-07-10 21:34 - 00694488 _____ C:\WINDOWS\system32\nvfatbinaryLoader.dll
2016-08-14 19:49 - 2016-07-10 21:34 - 00644184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2016-08-14 19:49 - 2016-07-10 21:34 - 00642440 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2016-08-14 19:49 - 2016-07-10 21:34 - 00583920 _____ C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2016-08-14 19:49 - 2016-07-10 21:34 - 00444472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2016-08-14 19:49 - 2016-07-10 21:34 - 00413488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2016-08-14 19:49 - 2016-07-10 21:34 - 00393152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2016-08-14 19:49 - 2016-07-10 21:34 - 00345800 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2016-08-14 19:49 - 2016-07-10 21:34 - 00177952 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2016-08-14 19:49 - 2016-07-10 21:34 - 00155952 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2016-08-14 15:51 - 2016-08-14 15:51 - 00000222 _____ C:\Users\Carlos\Desktop\No Man's Sky.url
2016-08-12 16:06 - 2016-08-12 16:06 - 00000000 ____D C:\Users\Carlos\AppData\Roaming\HelloGames
2016-08-12 12:43 - 2016-08-12 13:41 - 00000000 ____D C:\Users\Carlos\Desktop\gib
2016-08-09 22:49 - 2016-08-03 06:14 - 01505984 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-08-09 22:49 - 2016-08-03 06:14 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-09 22:49 - 2016-08-03 06:14 - 00050368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-08-09 22:49 - 2016-08-03 05:36 - 07469408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-08-09 22:49 - 2016-08-03 05:36 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-08-09 22:49 - 2016-08-03 05:36 - 00037744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2016-08-09 22:49 - 2016-08-03 05:30 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-08-09 22:49 - 2016-08-03 05:23 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-08-09 22:49 - 2016-08-03 05:23 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-08-09 22:49 - 2016-08-03 05:22 - 01322760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-08-09 22:49 - 2016-08-03 05:22 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-08-09 22:49 - 2016-08-03 05:22 - 00465248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-08-09 22:49 - 2016-08-03 05:22 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-08-09 22:49 - 2016-08-03 05:21 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-08-09 22:49 - 2016-08-03 05:21 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-09 22:49 - 2016-08-03 05:21 - 00566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-08-09 22:49 - 2016-08-03 05:21 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-08-09 22:49 - 2016-08-03 05:20 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-08-09 22:49 - 2016-08-03 05:20 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-08-09 22:49 - 2016-08-03 05:19 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-09 22:49 - 2016-08-03 05:19 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-09 22:49 - 2016-08-03 05:13 - 01988448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-08-09 22:49 - 2016-08-03 05:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-08-09 22:49 - 2016-08-03 05:13 - 00393056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-08-09 22:49 - 2016-08-03 04:51 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-08-09 22:49 - 2016-08-03 04:51 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-08-09 22:49 - 2016-08-03 04:46 - 22384128 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-08-09 22:49 - 2016-08-03 04:44 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-08-09 22:49 - 2016-08-03 04:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-08-09 22:49 - 2016-08-03 04:44 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2016-08-09 22:49 - 2016-08-03 04:43 - 16985088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-08-09 22:49 - 2016-08-03 04:41 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-08-09 22:49 - 2016-08-03 04:41 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-08-09 22:49 - 2016-08-03 04:40 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-08-09 22:49 - 2016-08-03 04:40 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-08-09 22:49 - 2016-08-03 04:40 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-08-09 22:49 - 2016-08-03 04:39 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-08-09 22:49 - 2016-08-03 04:39 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-08-09 22:49 - 2016-08-03 04:38 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-08-09 22:49 - 2016-08-03 04:38 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-08-09 22:49 - 2016-08-03 04:37 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-08-09 22:49 - 2016-08-03 04:36 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-08-09 22:49 - 2016-08-03 04:36 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-08-09 22:49 - 2016-08-03 04:35 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-08-09 22:49 - 2016-08-03 04:35 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2016-08-09 22:49 - 2016-08-03 04:33 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-08-09 22:49 - 2016-08-03 04:31 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-08-09 22:49 - 2016-08-03 04:31 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
2016-08-09 22:49 - 2016-08-03 04:30 - 24613888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-09 22:49 - 2016-08-03 04:30 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-08-09 22:49 - 2016-08-03 04:29 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-08-09 22:49 - 2016-08-03 04:29 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-08-09 22:49 - 2016-08-03 04:29 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-08-09 22:49 - 2016-08-03 04:29 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-09 22:49 - 2016-08-03 04:29 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-08-09 22:49 - 2016-08-03 04:29 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-08-09 22:49 - 2016-08-03 04:29 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-08-09 22:49 - 2016-08-03 04:28 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-08-09 22:49 - 2016-08-03 04:28 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-08-09 22:49 - 2016-08-03 04:28 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-08-09 22:49 - 2016-08-03 04:27 - 07536640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-08-09 22:49 - 2016-08-03 04:27 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-08-09 22:49 - 2016-08-03 04:27 - 01717760 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-09 22:49 - 2016-08-03 04:27 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-08-09 22:49 - 2016-08-03 04:20 - 13390336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-08-09 22:49 - 2016-08-03 04:18 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-08-09 22:49 - 2016-08-03 04:18 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-08-09 22:49 - 2016-08-03 04:18 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-09 22:49 - 2016-08-03 04:17 - 02175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-08-09 22:49 - 2016-08-03 04:16 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2016-08-09 22:49 - 2016-08-03 04:16 - 03589120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-08-09 22:49 - 2016-08-03 04:16 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-08-09 22:49 - 2016-08-03 04:16 - 01732096 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-09 22:49 - 2016-08-03 04:15 - 07833088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-08-09 22:49 - 2016-08-03 04:14 - 04895232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-08-09 22:49 - 2016-08-03 04:14 - 01997824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-08-09 22:49 - 2016-08-03 04:13 - 03025920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-08-09 22:49 - 2016-08-03 04:13 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-08-09 22:49 - 2016-08-03 04:12 - 02746368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-08-09 22:49 - 2016-08-03 04:11 - 04171264 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-08-09 22:49 - 2016-08-03 00:52 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2016-08-09 22:49 - 2016-08-03 00:34 - 00501592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-08-09 22:49 - 2016-08-03 00:34 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-08-09 22:49 - 2016-08-03 00:33 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-08-09 22:49 - 2016-08-03 00:31 - 02921368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-09 22:49 - 2016-08-03 00:31 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-08-09 22:49 - 2016-08-03 00:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-08-09 22:49 - 2016-08-03 00:30 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-08-09 22:49 - 2016-08-03 00:30 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-08-09 22:49 - 2016-08-03 00:30 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-08-09 22:49 - 2016-08-02 23:57 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-08-09 22:49 - 2016-08-02 23:48 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-08-09 22:49 - 2016-08-02 23:47 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-08-09 22:49 - 2016-08-02 23:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-08-09 22:49 - 2016-08-02 23:44 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll
2016-08-09 22:49 - 2016-08-02 23:42 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-08-09 22:49 - 2016-08-02 23:40 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2016-08-09 22:49 - 2016-08-02 23:39 - 19351040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-08-09 22:49 - 2016-08-02 23:37 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-08-09 22:49 - 2016-08-02 23:35 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe
2016-08-09 22:49 - 2016-08-02 23:34 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-08-09 22:49 - 2016-08-02 23:34 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-08-09 22:49 - 2016-08-02 23:33 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-08-09 22:49 - 2016-08-02 23:33 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-08-09 22:49 - 2016-08-02 23:33 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-08-09 22:49 - 2016-08-02 23:32 - 12585984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-08-09 22:49 - 2016-08-02 23:32 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-08-09 22:49 - 2016-08-02 23:32 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-08-09 22:49 - 2016-08-02 23:32 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-08-09 22:49 - 2016-08-02 23:31 - 06743040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-08-09 22:49 - 2016-08-02 23:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-08-09 22:49 - 2016-08-02 23:29 - 12133376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-08-09 22:49 - 2016-08-02 23:28 - 03663360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-08-09 22:49 - 2016-08-02 23:25 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-08-09 22:49 - 2016-08-02 23:25 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2016-08-09 22:49 - 2016-08-02 23:23 - 05660672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-08-09 22:49 - 2016-08-02 23:23 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-08-09 22:49 - 2016-08-02 23:22 - 02501120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-08-09 22:49 - 2016-08-02 23:22 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-08-09 22:49 - 2016-08-02 23:21 - 01708032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-08-09 22:49 - 2016-08-02 23:19 - 02180096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-08-09 22:39 - 2016-08-03 05:22 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-08-09 22:39 - 2016-08-03 05:11 - 00422744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-08-09 22:39 - 2016-08-03 04:40 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2016-08-09 22:39 - 2016-08-03 04:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-08-09 22:39 - 2016-08-03 04:34 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-08-09 22:39 - 2016-08-03 04:33 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-08-09 22:39 - 2016-08-03 04:31 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-08-09 22:39 - 2016-08-03 04:30 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-08-09 22:39 - 2016-08-02 23:37 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-08-09 22:39 - 2016-08-02 23:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-08-07 22:18 - 2016-08-15 07:27 - 00000932 _____ C:\Users\Public\Desktop\World of Warcraft.lnk
2016-08-07 22:18 - 2016-08-07 22:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2016-08-07 13:22 - 2016-08-15 07:27 - 00001213 _____ C:\Users\Public\Desktop\Battle.net.lnk
2016-08-07 13:22 - 2016-08-10 02:26 - 00000000 ____D C:\Users\Carlos\AppData\Local\Battle.net
2016-08-07 13:22 - 2016-08-07 13:22 - 00000000 ____D C:\Users\Carlos\AppData\Local\Blizzard Entertainment
2016-08-07 13:22 - 2016-08-07 13:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2016-08-07 13:22 - 2016-08-07 13:22 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2016-08-07 13:16 - 2016-08-10 01:46 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-08-07 13:15 - 2016-08-07 13:25 - 00000000 ____D C:\Users\Carlos\AppData\Roaming\Battle.net
2016-08-07 13:14 - 2016-08-07 13:16 - 00000000 ____D C:\ProgramData\Battle.net
2016-08-04 16:11 - 2016-08-04 16:11 - 00003412 _____ C:\WINDOWS\System32\Tasks\PCDDataUploadTask
2016-08-04 16:11 - 2016-08-04 16:11 - 00003298 _____ C:\WINDOWS\System32\Tasks\SystemToolsDailyTest

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-15 21:34 - 2015-06-17 14:07 - 00004148 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{0BB8C311-DBBA-4FE6-93A8-B3F8D1CDA80E}
2016-08-15 21:24 - 2015-04-08 23:53 - 00000000 ____D C:\Program Files (x86)\AlienRespawn
2016-08-15 21:21 - 2015-07-11 21:23 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-08-15 21:20 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF
2016-08-15 21:20 - 2015-07-30 13:32 - 00881036 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-08-15 21:16 - 2015-12-21 19:42 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-08-15 21:16 - 2015-06-17 13:35 - 00000000 __SHD C:\Users\Carlos\IntelGraphicsProfiles
2016-08-15 21:15 - 2015-12-21 19:48 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-15 21:15 - 2015-12-21 19:43 - 00000000 ____D C:\ProgramData\NVIDIA
2016-08-15 21:15 - 2015-10-30 01:28 - 01048576 ___SH C:\WINDOWS\system32\config\BBI
2016-08-15 21:11 - 2015-08-27 11:21 - 03133018 _____ C:\WINDOWS\ntbtlog.txt
2016-08-15 20:14 - 2015-06-17 14:09 - 00000000 ____D C:\Users\Carlos\AppData\Local\Google
2016-08-15 20:14 - 2015-06-17 14:09 - 00000000 ____D C:\Program Files (x86)\Google
2016-08-15 20:04 - 2016-05-18 15:10 - 00000000 ____D C:\Program Files (x86)\Wondershare
2016-08-15 19:40 - 2015-12-25 02:58 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-08-15 19:28 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-08-15 19:27 - 2015-12-21 19:43 - 00000000 ____D C:\Users\Carlos
2016-08-15 18:16 - 2015-12-06 22:44 - 00000000 ____D C:\Users\Carlos\AppData\Roaming\iFunbox_UserCache
2016-08-15 17:39 - 2016-07-09 18:25 - 00000000 ____D C:\Users\Carlos\Desktop\IGG-Stardew.Valley.v1.07.H2
2016-08-15 17:35 - 2016-04-04 11:23 - 00000000 ____D C:\Users\TEMP.Milo.000
2016-08-15 17:35 - 2016-04-04 11:19 - 00000000 ____D C:\Users\TEMP.Milo
2016-08-15 17:35 - 2015-11-09 23:53 - 00000000 ____D C:\Users\TEMP
2016-08-15 17:35 - 2015-10-30 02:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-08-15 17:35 - 2015-10-30 01:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-08-15 17:35 - 2015-07-10 04:05 - 00000000 ____D C:\Users\Default.migrated
2016-08-15 16:20 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-15 09:43 - 2015-12-21 19:41 - 00000000 ___DC C:\WINDOWS\Panther
2016-08-15 09:35 - 2015-06-17 20:15 - 00000000 ____D C:\Users\Carlos\AppData\Roaming\vlc
2016-08-15 09:31 - 2015-06-17 18:47 - 00000000 ____D C:\Users\Carlos\dwhelper
2016-08-15 08:17 - 2015-04-08 23:53 - 00000000 ____D C:\Program Files (x86)\Steam
2016-08-15 07:27 - 2016-07-04 12:59 - 00001088 _____ C:\Users\Public\Desktop\iExplorer.lnk
2016-08-15 07:27 - 2016-04-23 21:28 - 00001446 _____ C:\Users\Public\Desktop\Marvel Heroes Launcher.lnk
2016-08-15 07:27 - 2016-01-23 03:47 - 00001449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2016-08-15 07:27 - 2016-01-23 03:47 - 00001380 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2016-08-15 07:27 - 2015-12-25 03:01 - 00001744 _____ C:\Users\Carlos\AppData\Roaming\Microsoft\Windows\Start Menu\BlueStacks.lnk
2016-08-15 07:27 - 2015-12-25 03:01 - 00001684 _____ C:\Users\Public\Desktop\BlueStacks.lnk
2016-08-15 07:27 - 2015-12-21 19:46 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-08-15 07:27 - 2015-12-03 22:47 - 00001270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2016-08-15 07:27 - 2015-08-29 01:42 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-08-15 07:27 - 2015-07-30 13:39 - 00002370 _____ C:\Users\Carlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-08-15 07:27 - 2015-06-25 14:39 - 00000709 _____ C:\Users\Public\Desktop\Marvel Heroes (TestCenter).lnk
2016-08-15 07:27 - 2015-06-18 19:13 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-08-15 07:26 - 2016-07-09 15:09 - 00000735 _____ C:\Users\Carlos\Desktop\Final Fantasy VI.lnk
2016-08-15 07:26 - 2015-04-08 23:51 - 00000000 ____D C:\WINDOWS\nvmup
2016-08-15 06:22 - 2016-01-06 06:17 - 00000000 ____D C:\WINDOWS\Minidump
2016-08-15 05:15 - 2016-01-31 00:33 - 00000000 ____D C:\Users\Carlos\AppData\Local\CrashDumps
2016-08-15 04:34 - 2013-08-22 10:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-08-15 04:33 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2016-08-14 19:51 - 2015-12-21 19:42 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-08-14 19:51 - 2015-12-21 19:42 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-08-14 19:51 - 2015-04-08 23:54 - 00000000 ____D C:\Temp
2016-08-14 12:23 - 2016-06-19 19:34 - 00000000 ____D C:\Users\Carlos\Desktop\New folder
2016-08-14 12:23 - 2015-12-17 02:46 - 00000000 ____D C:\Users\Carlos\Desktop\vba
2016-08-12 01:51 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\rescache
2016-08-11 20:36 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-08-11 15:15 - 2015-09-02 16:55 - 00000000 ____D C:\Users\Carlos\AppData\Roaming\NVIDIA
2016-08-10 23:48 - 2016-06-16 04:00 - 00000677 _____ C:\Users\Carlos\.swfinfo
2016-08-10 03:48 - 2015-06-17 17:32 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-08-10 03:32 - 2015-10-30 04:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-10 03:32 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-10 03:32 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-08-10 03:19 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-08-10 03:19 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-08-10 03:19 - 2015-06-19 13:21 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-10 03:14 - 2015-06-19 13:21 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-09 20:25 - 2016-05-25 03:29 - 00280940 ____N C:\WINDOWS\Minidump\080916-15718-01.dmp
2016-08-07 19:33 - 2015-06-17 14:16 - 00000000 ____D C:\Users\Carlos\Documents\My Games
2016-08-04 16:11 - 2015-04-08 23:47 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alienware
2016-07-31 04:50 - 2016-07-09 18:26 - 00000000 ____D C:\Users\Carlos\AppData\Local\Deployment
2016-07-29 23:38 - 2015-08-31 19:32 - 00000000 ____D C:\Users\Carlos\AppData\Roaming\BitTorrent
2016-07-27 14:25 - 2015-06-19 13:38 - 00504488 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-07-25 19:01 - 2015-10-30 02:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-07-25 19:01 - 2015-06-17 22:26 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-07-18 01:55 - 2015-11-28 20:45 - 13675584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2016-07-17 04:53 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\PrintDialog
2016-07-17 04:53 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2016-07-17 04:53 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-07-17 04:53 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\Provisioning
2016-07-17 04:53 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-07-17 04:53 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-07-17 04:53 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-07-17 04:53 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files\Windows Defender
2016-07-17 04:53 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-07-17 04:53 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-07-16 22:49 - 2015-08-23 15:03 - 00000000 ____D C:\Users\Carlos\AppData\Local\ElevatedDiagnostics

==================== Files in the root of some directories =======

2015-12-25 02:35 - 2015-12-25 02:41 - 0002635 _____ () C:\Users\Carlos\AppData\Roaming\droid4xinstaller.log
2016-02-07 03:09 - 2016-02-07 03:09 - 0004881 _____ () C:\ProgramData\rxsmznjf.zcp

Some files in TEMP:
====================
C:\Users\Carlos\AppData\Local\Temp\libeay32.dll
C:\Users\Carlos\AppData\Local\Temp\msvcr120.dll
C:\Users\Carlos\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-07-23 02:46

==================== End of FRST.txt ============================

Attached Files


Edited by Kapeksy12, 15 August 2016 - 10:08 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:20 PM

Posted 16 August 2016 - 10:05 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please run the AdwCleaner tool and Clean everything that is reported.

===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

() D:\ChrDownloads\adwcleaner_6.000.exe
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Carlos\AppData\Local\MEGAsync\ShellExtX64.dll No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Carlos\AppData\Local\MEGAsync\ShellExtX64.dll No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Carlos\AppData\Local\MEGAsync\ShellExtX64.dll No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Carlos\AppData\Local\MEGAsync\ShellExtX32.dll No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Carlos\AppData\Local\MEGAsync\ShellExtX32.dll No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Carlos\AppData\Local\MEGAsync\ShellExtX32.dll No File
FF HKU\S-1-5-21-4176796193-3150544440-4270807610-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => not found
CHR Extension: (Chrome Web Store Payments) - C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-15]
CHR HKLM\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [ccfifbojenkenpkmnbnndeadpfdiffof] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi
CHR HKLM-x32\...\Chrome\Extension: [oelpkepjlgmehajehfeicfbjdiobdkfj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ojlcebdkbpjdpiligkdbbkdkfjmchbfd] - hxxps://clients2.google.com/service/update2/crx
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\Dr.Fone for iOS (CPC)\DriverInstall.exe [X]
S3 PCDSRVC{90AB3B40-A9A6E5C8-06020200}_0; \??\c:\program files\alienware\supportassist\pcdsrvc_x64.pkms [X]
Task: {199DF6C8-5A22-4F4E-87D8-9114952A611C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {5070FD30-1CA1-4D3B-92FF-317B761C3138} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {59CA7923-8476-4F21-809C-300BEE94B579} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {61010B01-9F88-45D3-AC7D-4B8939400051} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {89035EAF-0CF6-4CEA-A434-DC27B05B1E2D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {8DF390D8-716A-4B10-BEA5-4A7524204A97} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {AA27D60F-8061-4AEE-A780-C8B822839356} - \syslog -> No File <==== ATTENTION
Task: {BF7DAEAA-1AC3-454D-AC03-4822C85897F6} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {CC0AE78A-0C14-4AB0-8234-C0FDB9DF4A4E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {D04F921F-6E37-4DE7-8040-50A46C8E528C} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {EAB61C35-EC03-4B0F-AC79-7A792F7081E7} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {F6D91450-A4F7-48E4-99A9-59CD386ECF11} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
End

Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

Restart Chrome.
===

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.
==
Clean the Internet Explorer Cache.
https://kb.wisc.edu/page.php?id=15141

===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove the old version(s) of Java via the Control Panel > Programs and Features.
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)

===

Please post the logs and let me know if the problem persiists.

#3 Kapeksy12

Kapeksy12
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 16 August 2016 - 05:53 PM

Thank you so much for the reply and help, it seems to have solved all issues!

 

Here's the log:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-08-2016 01
Ran by Carlos (16-08-2016 17:34:15) Run:1
Running from D:\ChrDownloads
Loaded Profiles: Carlos (Available Profiles: Carlos & Carl)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

() D:\ChrDownloads\adwcleaner_6.000.exe
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Carlos\AppData\Local\MEGAsync\ShellExtX64.dll No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Carlos\AppData\Local\MEGAsync\ShellExtX64.dll No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Carlos\AppData\Local\MEGAsync\ShellExtX64.dll No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Carlos\AppData\Local\MEGAsync\ShellExtX32.dll No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Carlos\AppData\Local\MEGAsync\ShellExtX32.dll No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Carlos\AppData\Local\MEGAsync\ShellExtX32.dll No File
FF HKU\S-1-5-21-4176796193-3150544440-4270807610-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => not found
CHR Extension: (Chrome Web Store Payments) - C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-15]
CHR HKLM\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [ccfifbojenkenpkmnbnndeadpfdiffof] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi
CHR HKLM-x32\...\Chrome\Extension: [oelpkepjlgmehajehfeicfbjdiobdkfj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ojlcebdkbpjdpiligkdbbkdkfjmchbfd] - hxxps://clients2.google.com/service/update2/crx
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\Dr.Fone for iOS (CPC)\DriverInstall.exe [X]
S3 PCDSRVC{90AB3B40-A9A6E5C8-06020200}_0; \??\c:\program files\alienware\supportassist\pcdsrvc_x64.pkms [X]
Task: {199DF6C8-5A22-4F4E-87D8-9114952A611C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {5070FD30-1CA1-4D3B-92FF-317B761C3138} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {59CA7923-8476-4F21-809C-300BEE94B579} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {61010B01-9F88-45D3-AC7D-4B8939400051} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {89035EAF-0CF6-4CEA-A434-DC27B05B1E2D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {8DF390D8-716A-4B10-BEA5-4A7524204A97} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {AA27D60F-8061-4AEE-A780-C8B822839356} - \syslog -> No File <==== ATTENTION
Task: {BF7DAEAA-1AC3-454D-AC03-4822C85897F6} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {CC0AE78A-0C14-4AB0-8234-C0FDB9DF4A4E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {D04F921F-6E37-4DE7-8040-50A46C8E528C} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {EAB61C35-EC03-4B0F-AC79-7A792F7081E7} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {F6D91450-A4F7-48E4-99A9-59CD386ECF11} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
End
*****************

Restore point was successfully created.
Processes closed successfully.
D:\ChrDownloads\adwcleaner_6.000.exe => No running process found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending" => key removed successfully
"HKCR\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}" => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced" => key removed successfully
"HKCR\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}" => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing" => key removed successfully
"HKCR\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}" => key removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending" => key removed successfully
"HKCR\Wow6432Node\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}" => key removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced" => key removed successfully
"HKCR\Wow6432Node\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}" => key removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing" => key removed successfully
"HKCR\Wow6432Node\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}" => key removed successfully
HKU\S-1-5-21-4176796193-3150544440-4270807610-1001\Software\Mozilla\SeaMonkey\Extensions\\mozilla_cc2@internetdownloadmanager.com => value removed successfully
C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\lpeeaghdjmhlakojjcgfdhgcejdaefmi" => key removed successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\ngpampappnmepgilojfohadhhmbhlaek" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ccfifbojenkenpkmnbnndeadpfdiffof" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lpeeaghdjmhlakojjcgfdhgcejdaefmi" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\oelpkepjlgmehajehfeicfbjdiobdkfj" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ojlcebdkbpjdpiligkdbbkdkfjmchbfd" => key removed successfully
WsDrvInst => service removed successfully
PCDSRVC{90AB3B40-A9A6E5C8-06020200}_0 => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{199DF6C8-5A22-4F4E-87D8-9114952A611C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{199DF6C8-5A22-4F4E-87D8-9114952A611C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5070FD30-1CA1-4D3B-92FF-317B761C3138}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5070FD30-1CA1-4D3B-92FF-317B761C3138}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{59CA7923-8476-4F21-809C-300BEE94B579}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{59CA7923-8476-4F21-809C-300BEE94B579}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{61010B01-9F88-45D3-AC7D-4B8939400051}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{61010B01-9F88-45D3-AC7D-4B8939400051}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{89035EAF-0CF6-4CEA-A434-DC27B05B1E2D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{89035EAF-0CF6-4CEA-A434-DC27B05B1E2D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8DF390D8-716A-4B10-BEA5-4A7524204A97}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8DF390D8-716A-4B10-BEA5-4A7524204A97}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AA27D60F-8061-4AEE-A780-C8B822839356}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA27D60F-8061-4AEE-A780-C8B822839356}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\syslog" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BF7DAEAA-1AC3-454D-AC03-4822C85897F6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF7DAEAA-1AC3-454D-AC03-4822C85897F6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CC0AE78A-0C14-4AB0-8234-C0FDB9DF4A4E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC0AE78A-0C14-4AB0-8234-C0FDB9DF4A4E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D04F921F-6E37-4DE7-8040-50A46C8E528C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D04F921F-6E37-4DE7-8040-50A46C8E528C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EAB61C35-EC03-4B0F-AC79-7A792F7081E7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EAB61C35-EC03-4B0F-AC79-7A792F7081E7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F6D91450-A4F7-48E4-99A9-59CD386ECF11}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F6D91450-A4F7-48E4-99A9-59CD386ECF11}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 338607921 B
Java, Flash, Steam htmlcache => 119979422 B
Windows/system/drivers => 100066529 B
Edge => 9568654 B
Chrome => 7378268 B
Firefox => 385467278 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 8982 B
NetworkService => 813550 B
Carlos => 49689563 B
Carl => 19736471 B

RecycleBin => 515510888 B
EmptyTemp: => 1.4 GB temporary data Removed.

================================
 

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:20 PM

Posted 17 August 2016 - 08:28 AM

Looking good.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#5 Kapeksy12

Kapeksy12
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 17 August 2016 - 05:14 PM

Looking good.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

 

Thanks a lot again, I'll keep it safe! I'm glad I was able to get rid of all of it and my pc is back to its fullest!



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:20 PM

Posted 23 August 2016 - 08:30 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users