Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CPU extremely high unless task manager


  • This topic is locked This topic is locked
16 replies to this topic

#1 JohnsonO9

JohnsonO9

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:18 AM

Posted 10 September 2016 - 02:23 PM

Hi there,

 

 

Lately I am experiencing some unexplained lacks and crashes which I don't think are normal and I notice very high usage in my cpu performance but when I open the task manager it suddenly drops.

Due to no free time in this period I cannot deal with this myself therefore I am seeking for your assistance

 

Below is the text from the FRST file.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by George(administrator) on George-PC (10-09-2016 21:39:03)
Running from C:\Users\George \Downloads
Loaded Profiles: George & MsDtsServer110 & MSSQLServerOLAPService & ReportServer & MSSQLFDLauncher & MSSQLSERVER (Available Profiles: George& MsDtsServer110 & MSSQLServerOLAPService & ReportServer & MSSQLFDLauncher & MSSQLSERVER)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Qualcomm Atheros) C:\Program Files (x86)\Qualcomm Atheros\Qualcomm Atheros 61x4 Wireless LAN&Bluetooth Installer\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files\DebugDiag\DbgSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSAS11.MSSQLSERVER\OLAP\bin\msmdsrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\fdhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\DebugDiag\DbgHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(TweakBit) C:\Program Files (x86)\TweakBit\Driver Updater\DriverUpdater.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\DebugDiag\DbgHost.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-08-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-08-28] (Realtek Semiconductor)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9107104 2016-09-01] (AVAST Software)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [508656 2012-08-31] (Dolby Laboratories Inc.)
HKU\S-1-5-21-3654362358-1251383480-3926992401-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4290240 2016-03-01] (Disc Soft Ltd)
HKU\S-1-5-21-3654362358-1251383480-3926992401-1000\...\Run: [GoogleChromeAutoLaunch_7EE17024250634CFC34979AE582D5B09] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [961352 2016-08-03] (Google Inc.)
HKU\S-1-5-21-3654362358-1251383480-3926992401-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3654362358-1251383480-3926992401-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3654362358-1251383480-3926992401-1000\...\MountPoints2: F - F:\Setup.exe
HKU\S-1-5-21-3654362358-1251383480-3926992401-1000\...\MountPoints2: {f9807ca9-e699-11e5-a701-000000005aad} - F:\Setup.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2016-02-19] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [175040 2014-12-24] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [157024 2014-12-24] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-08-29] (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{BCF22F8F-8106-40B9-BB29-5C8767BB6E3F}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3654362358-1251383480-3926992401-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-02-09] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-07-20] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-08-29] (AVAST Software)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-02-09] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-20] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-02-09] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-07-20] (Oracle Corporation)
BHO-x32: Microsoft Web Test Recorder 10.0 Helper -> {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} -> C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2012-07-26] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-08-29] (AVAST Software)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-02-09] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-20] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\zkffa3ly.default
FF Homepage: hxxps://www.google.gr/
FF NetworkProxy: "proxy_over_tls", false
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-26] ()
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-20] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-26] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-20] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Extension: (Customize about:newtab) - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\zkffa3ly.default\extensions\customizenewtab@alejandrobrizuela.com.ar.xpi [2016-07-26]
FF Extension: (Stylish) - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\zkffa3ly.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2016-08-11]
FF Extension: (Avira Browser Safety) - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\zkffa3ly.default\Extensions\abs@avira.com [2016-09-05]
FF Extension: (AdBlocker Ultimate) - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\zkffa3ly.default\Extensions\adblockultimate@adblockultimate.net.xpi [2016-07-28]
FF Extension: (Firefox Hotfix) - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\zkffa3ly.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-09]
FF Extension: (Personas Plus) - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\zkffa3ly.default\Extensions\personas@christopher.beard.xpi [2016-07-29]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-08-29]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-08-29]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2016-07-22]
 
Chrome: 
=======
CHR HomePage: Profile 1 -> hxxp://www.google.com/
CHR Profile: C:\Users\George\AppData\Local\Google\Chrome\User Data\Default
CHR Profile: C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-06]
CHR Extension: (Google Docs) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-06]
CHR Extension: (Google Drive) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-06]
CHR Extension: (YouTube) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-06]
CHR Extension: (Anonymous Proxy Browser) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cjnfcmkfdcoeckplikldabeggcohmbmj [2016-05-06]
CHR Extension: (Tampermonkey) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-09-08]
CHR Extension: (Block site) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2016-07-16]
CHR Extension: (Avast SafePrice) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-09-09]
CHR Extension: (Google Sheets) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-06]
CHR Extension: (Avira Browser Safety) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-09-08]
CHR Extension: (Google Docs Offline) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-06]
CHR Extension: (AdBlock) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-08-26]
CHR Extension: (Avast Online Security) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-06-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-06]
CHR Extension: (Gmail) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-06]
CHR Extension: (Chrome Media Router) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-30]
CHR Profile: C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Slides) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-30]
CHR Extension: (Google Docs) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-30]
CHR Extension: (Google Drive) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-30]
CHR Extension: (YouTube) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-30]
CHR Extension: (Google Sheets) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-30]
CHR Extension: (Google Docs Offline) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-30]
CHR Extension: (AdBlock) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-06-02]
CHR Extension: (Avast Online Security) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-05-30]
CHR Extension: (goo.gl URL Shortener) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\iblijlcdoidgdpfknkckljiocdbnlagk [2016-05-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-30]
CHR Extension: (Gmail) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-30]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2159320 2016-08-22] (Adobe Systems, Incorporated)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Qualcomm Atheros 61x4 Wireless LAN&Bluetooth Installer\Bluetooth Suite\adminservice.exe [309376 2015-01-30] (Qualcomm Atheros) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-08-29] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [223600 2016-08-29] (AVAST Software)
R2 DbgSvc; C:\Program Files\DebugDiag\DbgSvc.exe [451848 2011-07-12] (Microsoft Corporation)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1444544 2016-03-01] (Disc Soft Ltd)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328296 2014-10-24] (Intel Corporation)
R2 MsDtsServer110; C:\Program Files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe [218200 2012-02-11] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R3 MSSQLFDLauncher; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [49752 2012-02-11] (Microsoft Corporation)
R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [191064 2012-02-11] (Microsoft Corporation)
R2 MSSQLServerOLAPService; C:\Program Files\Microsoft SQL Server\MSAS11.MSSQLSERVER\OLAP\bin\msmdsrv.exe [61538904 2012-02-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
S2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-05] ()
R2 ReportServer; C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2348632 2012-02-11] (Microsoft Corporation)
S3 SQL Server Distributed Replay Client; C:\Program Files (x86)\Microsoft SQL Server\110\Tools\DReplayClient\DReplayClient.exe [137304 2012-02-11] (Microsoft Corporation)
S3 SQL Server Distributed Replay Controller; C:\Program Files (x86)\Microsoft SQL Server\110\Tools\DReplayController\DReplayController.exe [342104 2012-02-11] (Microsoft Corporation)
S3 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [597080 2012-02-11] (Microsoft Corporation)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6940944 2016-02-16] (TeamViewer GmbH)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-07-26] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [65248 2015-04-23] (Advanced Micro Devices, Inc.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-08-29] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-08-29] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-08-29] (AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [28312 2016-08-29] (AVAST Software)
R1 aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [453192 2016-08-29] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-08-29] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-08-29] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969560 2016-08-29] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513496 2016-08-29] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-08-29] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-08-29] (AVAST Software)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-03-10] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-03-10] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 ETDSMBus; C:\Windows\System32\DRIVERS\ETDSMBus.sys [32992 2016-07-03] (ELAN Microelectronic Corp.)
S3 gkernel; C:\Users\George\AppData\Local\Temp\gkernel.sys [33992 2016-02-23] ()
R2 IntelHaxm; C:\Windows\System32\DRIVERS\IntelHaxm.sys [84992 2015-01-30] (Intel  Corporation)
R3 JmUsbCcgp; C:\Windows\System32\DRIVERS\jmccgp.sys [17136 2009-07-29] (JMicron Technology Corp.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [190032 2016-04-04] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
S3 npf; C:\Windows\System32\drivers\npf.sys [36600 2016-03-16] (Riverbed Technology, Inc.)
R3 Qcamain; C:\Windows\System32\DRIVERS\Qcamain7x64.sys [2356648 2016-08-09] (Qualcomm Atheros, Inc.)
S4 RsFx0200; C:\Windows\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-09-23] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [130880 2015-12-15] (Razer, Inc.)
S3 VSPerfDrv110; C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-10 21:40 - 2016-09-10 21:40 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-09-10 21:39 - 2016-09-10 21:40 - 00030727 _____ C:\Users\George\Downloads\FRST.txt
2016-09-10 21:38 - 2016-09-10 21:39 - 00000000 ____D C:\FRST
2016-09-10 21:13 - 2016-09-10 21:13 - 02397696 _____ (Farbar) C:\Users\George\Downloads\FRST64.exe
2016-09-10 21:10 - 2016-09-10 21:10 - 16563352 _____ (Malwarebytes Corp.) C:\Users\George\Downloads\mbar-1.09.3.1001.exe
2016-09-10 21:07 - 2016-09-10 21:07 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_point64_01011.Wdf
2016-09-10 21:06 - 2016-09-10 21:06 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ETDSMBus_01011.Wdf
2016-09-10 21:01 - 2016-09-10 21:08 - 00000000 ____D C:\Windows\LastGood
2016-09-10 21:01 - 2016-08-23 04:17 - 01035272 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2016-09-10 21:01 - 2016-08-23 04:17 - 00082544 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2016-09-10 21:01 - 2016-08-09 00:04 - 02356648 _____ (Qualcomm Atheros, Inc.) C:\Windows\system32\Drivers\Qcamain7x64.sys
2016-09-10 21:01 - 2016-08-09 00:04 - 00770704 _____ C:\Windows\system32\Drivers\qca61x420.bin
2016-09-10 21:01 - 2016-07-27 05:12 - 00816648 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3xhc.sys
2016-09-10 21:01 - 2016-07-27 02:12 - 00407048 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3hub.sys
2016-09-10 21:01 - 2016-07-03 22:56 - 01804704 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll
2016-09-10 21:01 - 2016-07-03 22:56 - 00032992 _____ (ELAN Microelectronic Corp.) C:\Windows\system32\Drivers\ETDSMBus.sys
2016-09-10 21:01 - 2016-04-28 04:40 - 00598368 _____ (Qualcomm Atheros) C:\Windows\system32\Drivers\btfilter.sys
2016-09-10 21:01 - 2015-12-09 14:09 - 00068904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\point64.sys
2016-09-10 20:56 - 2016-09-10 20:57 - 22851472 _____ (Malwarebytes ) C:\Users\George\Downloads\mbam-setup-2.2.1.1043.exe
2016-09-10 20:50 - 2016-09-10 20:51 - 00000000 ____D C:\Program Files\ReviverSoft
2016-09-10 20:50 - 2016-09-10 20:50 - 12767008 _____ (ReviverSoft) C:\Users\George\Downloads\DriverReviverSetup.exe
2016-09-06 17:13 - 2016-09-06 17:13 - 04117216 _____ (Husdawg, LLC) C:\Users\George\Desktop\Detection.exe
2016-09-06 12:00 - 2016-09-06 12:00 - 00112203 _____ C:\Users\George\Desktop\win-source.zip
2016-09-05 22:33 - 2016-09-10 09:16 - 00000000 ____D C:\Users\George\AppData\LocalLow\uTorrent
2016-09-05 21:20 - 2016-09-05 21:20 - 21253305 _____ C:\Users\George\Desktop\C-Programming-Ebook.pdf
2016-09-05 21:14 - 2016-09-05 21:14 - 01782028 _____ C:\Users\George\Desktop\Accelerated C++ Programming.pdf
2016-09-05 18:53 - 2016-09-10 20:38 - 00000000 ____D C:\ProgramData\Avira
2016-09-05 17:15 - 2016-04-07 09:23 - 00001793 _____ C:\Users\George\Desktop\To 23.01.2021.avastlic
2016-09-05 17:13 - 2016-04-07 09:23 - 00001748 _____ C:\Users\George\Desktop\To 11.04.2018.avastlic
2016-09-03 17:35 - 2016-09-03 17:38 - 00004536 _____ C:\Users\George\AppData\Roaming\CamStudio.cfg
2016-09-03 17:35 - 2016-09-03 17:38 - 00000408 _____ C:\Users\George\AppData\Roaming\CamShapes.ini
2016-09-03 17:35 - 2016-09-03 17:38 - 00000408 _____ C:\Users\George\AppData\Roaming\CamLayout.ini
2016-09-03 17:35 - 2016-09-03 17:38 - 00000110 _____ C:\Users\George\AppData\Roaming\Camdata.ini
2016-09-03 17:33 - 2016-09-03 17:33 - 00000000 ____D C:\Users\George\Documents\My CamStudio Videos
2016-09-03 17:32 - 2016-09-03 17:37 - 00000096 _____ C:\Users\George\AppData\Roaming\version2.xml
2016-09-03 17:32 - 2016-09-03 17:37 - 00000000 ____D C:\Users\George\Documents\My CamStudio Temp Files
2016-09-03 15:22 - 2016-09-03 15:22 - 01646972 _____ C:\Users\George\Downloads\0.rar
2016-09-02 15:52 - 2016-09-03 20:45 - 00000000 ____D C:\Users\George\Documents\New Unity Project
2016-09-02 15:52 - 2016-09-03 16:23 - 00000000 ____D C:\Users\George\AppData\LocalLow\DefaultCompany
2016-09-02 15:37 - 2016-09-03 16:22 - 00000000 ____D C:\Users\George\AppData\Roaming\Unity
2016-09-02 15:37 - 2016-09-03 16:21 - 00000000 ____D C:\ProgramData\Unity
2016-09-02 15:37 - 2016-09-02 15:52 - 00000000 ____D C:\Users\George\AppData\LocalLow\Unity
2016-09-02 15:37 - 2016-09-02 15:37 - 00000000 ____D C:\Users\George\AppData\Local\Unity
2016-08-30 18:26 - 2016-08-30 18:26 - 00000000 ____D C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2015 Tools for Unity
2016-08-30 18:26 - 2016-08-30 18:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio Tools for Unity
2016-08-30 18:24 - 2016-08-30 18:24 - 00000000 ____D C:\Users\George\Documents\Visual Studio 2015
2016-08-30 18:10 - 2016-08-30 18:10 - 00000000 ____D C:\Program Files (x86)\AppInsights
2016-08-30 17:56 - 2016-08-30 17:56 - 00000000 ____D C:\Program Files (x86)\ShellDir
2016-08-30 17:53 - 2016-08-30 17:53 - 00000000 ____D C:\Program Files (x86)\Microsoft Office365 Tools
2016-08-30 17:52 - 2016-08-30 17:52 - 00000000 ____D C:\ProgramData\NuGet
2016-08-30 17:51 - 2016-08-30 17:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression
2016-08-30 17:50 - 2016-08-30 17:50 - 00001534 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blend for Visual Studio 2015.lnk
2016-08-30 17:49 - 2016-08-30 18:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 12.0
2016-08-30 17:49 - 2016-08-30 17:49 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 12.0
2016-08-30 17:46 - 2016-08-30 17:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015
2016-08-30 17:40 - 2016-08-30 17:40 - 00001535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015.lnk
2016-08-30 17:35 - 2016-08-30 18:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 14.0
2016-08-30 17:04 - 2016-09-04 18:35 - 00000000 ____D C:\Program Files (x86)\GtkSharp
2016-08-30 17:03 - 2016-08-30 17:03 - 00000883 _____ C:\Users\Public\Desktop\Unity 5.4.0f3 (64-bit).lnk
2016-08-30 17:03 - 2016-08-30 17:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity 5.4.0f3 (64-bit)
2016-08-30 17:00 - 2016-08-30 17:03 - 00000000 ____D C:\Program Files\Unity
2016-08-30 16:53 - 2016-08-30 16:53 - 00718392 _____ C:\Users\George\Desktop\UnityDownloadAssistant-5.4.0f3.exe
2016-08-29 15:06 - 2016-08-29 15:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-08-29 15:06 - 2016-08-29 15:05 - 00453192 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetSec.sys
2016-08-29 15:05 - 2016-08-29 15:05 - 00391496 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-08-29 15:05 - 2016-08-29 15:05 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-08-29 15:05 - 2016-08-29 15:05 - 00028312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetNd6.sys
2016-08-28 14:33 - 2016-08-28 14:52 - 00000000 ____D C:\Users\George\.zenmap
2016-08-28 14:32 - 2016-08-28 14:32 - 00000000 ____D C:\Program Files\WinPcap
2016-08-28 14:31 - 2016-08-28 14:32 - 00000000 ____D C:\Program Files (x86)\Nmap
2016-08-28 14:31 - 2016-08-28 14:31 - 26426084 _____ (Insecure.org) C:\Users\George\Desktop\nmap-7.12-setup.exe
2016-08-25 16:03 - 2016-08-26 10:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-08-24 13:13 - 2016-08-24 13:17 - 00017408 ___SH C:\Users\George\Thumbs.db
2016-08-21 13:21 - 2016-09-10 20:35 - 00001024 _____ C:\.rnd
2016-08-21 13:20 - 2016-08-21 13:12 - 00000000 ____D C:\Users\George\Documents\quickfix-bin-vs11-1.14.3
2016-08-18 14:16 - 2016-08-18 14:16 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_dc3d_01011.Wdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-10 21:40 - 2016-07-27 21:54 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-09-10 21:39 - 2016-07-27 21:54 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-09-10 21:39 - 2016-04-20 17:20 - 00000000 ____D C:\Program Files\DebugDiag
2016-09-10 21:39 - 2016-02-14 09:20 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-10 21:37 - 2009-07-14 07:45 - 00026160 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-10 21:37 - 2009-07-14 07:45 - 00026160 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-10 21:30 - 2016-05-25 17:17 - 00000000 ____D C:\Users\George\AppData\Roaming\Skype
2016-09-10 21:08 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\inf
2016-09-10 21:05 - 2016-02-14 23:02 - 00753974 _____ C:\Windows\system32\perfh008.dat
2016-09-10 21:05 - 2016-02-14 23:02 - 00173524 _____ C:\Windows\system32\perfc008.dat
2016-09-10 21:05 - 2009-07-14 08:13 - 01916104 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-10 21:01 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\Registration
2016-09-10 20:58 - 2009-07-14 05:34 - 00000541 _____ C:\Windows\win.ini
2016-09-10 20:43 - 2016-02-19 18:15 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-09-10 20:38 - 2016-03-22 18:16 - 00000660 _____ C:\Windows\Tasks\MATLAB R2015a Startup Accelerator.job
2016-09-10 20:38 - 2016-02-13 20:48 - 00000000 ____D C:\ProgramData\Package Cache
2016-09-10 20:34 - 2016-02-22 12:51 - 00000091 _____ C:\HaxLogs.txt
2016-09-10 20:34 - 2016-02-14 09:20 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-10 20:33 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-10 20:24 - 2016-02-13 21:04 - 00000000 ____D C:\Users\George\AppData\Roaming\uTorrent
2016-09-10 20:01 - 2016-05-31 15:19 - 00000402 _____ C:\Windows\Tasks\update-sys.job
2016-09-10 19:41 - 2016-05-31 15:19 - 00000402 _____ C:\Windows\Tasks\update-S-1-5-21-3654362358-1251383480-3926992401-1000.job
2016-09-09 13:30 - 2016-02-13 20:42 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-09-09 11:07 - 2016-02-25 18:51 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-09-08 20:02 - 2016-03-15 10:31 - 00000000 ____D C:\Users\George\Documents\Outlook Files
2016-09-08 13:57 - 2016-07-01 19:01 - 00000000 ____D C:\Users\MSSQLFDLauncher
2016-09-08 13:55 - 2016-07-01 19:02 - 00000000 ____D C:\Users\ReportServer
2016-09-08 13:55 - 2016-07-01 19:01 - 00000000 ____D C:\Users\MSSQLSERVER
2016-09-08 13:54 - 2016-07-01 19:02 - 00000000 ____D C:\Users\MsDtsServer110
2016-09-07 12:53 - 2016-02-15 23:07 - 00000000 ____D C:\Users\George\Desktop\program
2016-09-06 08:14 - 2016-03-15 22:09 - 00004180 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-09-04 18:35 - 2016-05-24 13:35 - 00000000 ____D C:\Windows\system32\appmgmt
2016-09-04 09:31 - 2016-05-16 23:21 - 00000000 ____D C:\Program Files (x86)\Arena
2016-09-03 15:34 - 2016-02-22 13:21 - 00000000 ____D C:\Users\George\AppData\Local\Microsoft Help
2016-09-02 16:59 - 2016-07-01 18:30 - 00000000 ____D C:\Users\George\Documents\Visual Studio 2010
2016-09-02 14:33 - 2016-02-14 17:17 - 00000000 ____D C:\Users\George\Documents\Visual Studio 2012
2016-08-30 18:42 - 2016-02-27 05:41 - 00000632 __RSH C:\Users\George\ntuser.pol
2016-08-30 18:42 - 2016-02-13 20:23 - 00000000 ____D C:\Users\George
2016-08-30 18:26 - 2009-07-14 08:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-08-30 18:06 - 2016-02-14 16:48 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2016-08-30 17:59 - 2016-02-14 16:52 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2016-08-30 17:52 - 2016-02-14 17:01 - 00000000 ____D C:\Program Files (x86)\NuGet
2016-08-30 17:52 - 2016-02-14 17:01 - 00000000 ____D C:\Program Files (x86)\Microsoft WCF Data Services
2016-08-30 17:48 - 2016-02-14 16:52 - 00000000 ____D C:\Windows\SysWOW64\1033
2016-08-30 17:43 - 2016-02-14 16:59 - 00000000 ____D C:\Program Files (x86)\Windows Kits
2016-08-30 17:43 - 2016-02-14 16:53 - 00000000 ____D C:\Program Files (x86)\Microsoft Help Viewer
2016-08-30 17:42 - 2016-02-14 16:48 - 00000000 ____D C:\Windows\system32\1033
2016-08-30 17:41 - 2016-02-14 16:52 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2016-08-30 17:30 - 2016-02-13 20:38 - 01894608 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-08-30 17:18 - 2016-02-14 16:29 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-08-29 22:55 - 2016-05-25 17:17 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-08-29 22:54 - 2016-02-14 09:31 - 00000000 ____D C:\ProgramData\Skype
2016-08-29 15:20 - 2016-03-23 09:22 - 00003904 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1458714166
2016-08-29 15:05 - 2016-03-23 09:22 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-08-29 15:05 - 2016-03-15 22:09 - 00969560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-08-29 15:05 - 2016-03-15 22:09 - 00513496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-08-29 15:05 - 2016-03-15 22:09 - 00292704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-08-29 15:05 - 2016-03-15 22:09 - 00163416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-08-29 15:05 - 2016-03-15 22:09 - 00108816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-08-29 15:05 - 2016-03-15 22:09 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-08-29 15:05 - 2016-03-15 22:09 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-08-29 15:05 - 2016-03-15 22:09 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-08-26 10:15 - 2016-03-20 22:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-08-23 04:17 - 2016-02-27 03:48 - 00116296 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2016-08-22 16:32 - 2016-02-13 21:01 - 00000000 ____D C:\Users\George\AppData\Local\Eclipse
2016-08-22 16:32 - 2016-02-13 21:01 - 00000000 ____D C:\Users\George\.p2
2016-08-22 16:31 - 2016-02-13 21:00 - 00000000 ____D C:\Users\George\Documents\eclipse
2016-08-16 15:42 - 2016-02-22 12:51 - 00000000 ____D C:\Users\George\.android
 
==================== Files in the root of some directories =======
 
2016-09-03 17:35 - 2016-09-03 17:38 - 0000110 _____ () C:\Users\George\AppData\Roaming\Camdata.ini
2016-09-03 17:35 - 2016-09-03 17:38 - 0000408 _____ () C:\Users\George\AppData\Roaming\CamLayout.ini
2016-09-03 17:35 - 2016-09-03 17:38 - 0000408 _____ () C:\Users\George\AppData\Roaming\CamShapes.ini
2016-09-03 17:35 - 2016-09-03 17:38 - 0004536 _____ () C:\Users\George\AppData\Roaming\CamStudio.cfg
2016-09-03 17:32 - 2016-09-03 17:37 - 0000096 _____ () C:\Users\George\AppData\Roaming\version2.xml
2016-03-16 20:10 - 2016-03-16 20:10 - 0007610 _____ () C:\Users\George\AppData\Local\Resmon.ResmonCfg
2016-05-31 15:19 - 2016-05-31 15:19 - 0000003 _____ () C:\Users\George\AppData\Local\updater.log
2016-05-31 15:19 - 2016-08-08 23:04 - 0000424 _____ () C:\Users\George\AppData\Local\UserProducts.xml
2016-08-01 14:22 - 2016-08-01 14:22 - 0000000 _____ () C:\Users\George\AppData\Local\{2DC1B4A0-2572-4BF6-901D-33070F08DE50}
2016-02-13 20:45 - 2016-02-13 20:45 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\George\AppData\Local\Temp\avgnt.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-09-06 06:03
 
==================== End of FRST.txt ============================

Attached Files


Edited by JohnsonO9, 11 September 2016 - 08:26 AM.


BC AdBot (Login to Remove)

 


#2 JohnsonO9

JohnsonO9
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:18 AM

Posted 12 September 2016 - 04:06 AM

So can someone from this forum help me out?



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:18 AM

Posted 15 September 2016 - 02:25 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/626496 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 JohnsonO9

JohnsonO9
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:18 AM

Posted 16 September 2016 - 08:47 AM

My new FRST
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-09-2016
Ran by George (administrator) on George-PC (16-09-2016 16:35:48)
Running from C:\Users\George\Downloads
Loaded Profiles: George & MsDtsServer110 & MSSQLServerOLAPService & ReportServer (Available Profiles: George & MsDtsServer110 & MSSQLServerOLAPService & ReportServer & MSSQLFDLauncher & MSSQLSERVER)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Qualcomm Atheros) C:\Program Files (x86)\Qualcomm Atheros\Qualcomm Atheros 61x4 Wireless LAN&Bluetooth Installer\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files\DebugDiag\DbgSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSAS11.MSSQLSERVER\OLAP\bin\msmdsrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Hammer & Chisel, Inc.) C:\Users\George\AppData\Local\Discord\app-0.0.296\Discord.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Hammer & Chisel, Inc.) C:\Users\George\AppData\Local\Discord\app-0.0.296\Discord.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Hammer & Chisel, Inc.) C:\Users\George\AppData\Local\Discord\app-0.0.296\Discord.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\DebugDiag\DbgHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(BitTorrent Inc.) C:\Users\George\AppData\Roaming\uTorrent\uTorrent.exe
(BitTorrent Inc.) C:\Users\George\AppData\Roaming\uTorrent\updates\3.4.8_42576\utorrentie.exe
(BitTorrent Inc.) C:\Users\George\AppData\Roaming\uTorrent\updates\3.4.8_42576\utorrentie.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\George\Downloads\FRST64 (1).exe
(Microsoft Corporation) C:\Program Files\DebugDiag\DbgHost.exe
(Microsoft Corporation) C:\Program Files\DebugDiag\DbgHost.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-08-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-08-28] (Realtek Semiconductor)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9107616 2016-09-12] (AVAST Software)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [508656 2012-08-31] (Dolby Laboratories Inc.)
HKU\S-1-5-21-3654362358-1251383480-3926992401-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4290240 2016-03-01] (Disc Soft Ltd)
HKU\S-1-5-21-3654362358-1251383480-3926992401-1000\...\Run: [GoogleChromeAutoLaunch_7EE17024250634CFC34979AE582D5B09] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [961352 2016-08-03] (Google Inc.)
HKU\S-1-5-21-3654362358-1251383480-3926992401-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2857248 2016-08-23] (Valve Corporation)
HKU\S-1-5-21-3654362358-1251383480-3926992401-1000\...\Run: [Discord] => C:\Users\George\AppData\Local\Discord\app-0.0.296\Discord.exe [62471352 2016-08-24] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-3654362358-1251383480-3926992401-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3654362358-1251383480-3926992401-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3654362358-1251383480-3926992401-1000\...\MountPoints2: F - F:\Setup.exe
HKU\S-1-5-21-3654362358-1251383480-3926992401-1000\...\MountPoints2: {f9807ca9-e699-11e5-a701-000000005aad} - F:\Setup.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2016-02-19] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [175040 2014-12-24] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [157024 2014-12-24] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-08-29] (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{BCF22F8F-8106-40B9-BB29-5C8767BB6E3F}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3654362358-1251383480-3926992401-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-02-09] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-07-20] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-08-29] (AVAST Software)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-02-09] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-20] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-02-09] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-07-20] (Oracle Corporation)
BHO-x32: Microsoft Web Test Recorder 10.0 Helper -> {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} -> C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2012-07-26] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-08-29] (AVAST Software)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-02-09] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-20] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\zkffa3ly.default
FF Homepage: hxxps://www.google.gr/
FF NetworkProxy: "proxy_over_tls", false
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-26] ()
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-20] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-26] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-20] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Extension: (Customize about:newtab) - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\zkffa3ly.default\extensions\customizenewtab@alejandrobrizuela.com.ar.xpi [2016-07-26]
FF Extension: (Stylish) - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\zkffa3ly.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2016-08-11]
FF Extension: (AdBlocker Ultimate) - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\zkffa3ly.default\Extensions\adblockultimate@adblockultimate.net.xpi [2016-07-28]
FF Extension: (Firefox Hotfix) - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\zkffa3ly.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-09]
FF Extension: (Personas Plus) - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\zkffa3ly.default\Extensions\personas@christopher.beard.xpi [2016-07-29]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-08-29]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-08-29]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2016-07-22]
 
Chrome: 
=======
CHR HomePage: Profile 1 -> hxxp://www.google.com/
CHR Profile: C:\Users\George\AppData\Local\Google\Chrome\User Data\Default
CHR Profile: C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-06]
CHR Extension: (Google Docs) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-06]
CHR Extension: (Google Drive) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-06]
CHR Extension: (YouTube) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-06]
CHR Extension: (Tampermonkey) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-09-08]
CHR Extension: (Block site) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2016-07-16]
CHR Extension: (Avast SafePrice) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-09-09]
CHR Extension: (Google Sheets) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-06]
CHR Extension: (Google Docs Offline) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-06]
CHR Extension: (AdBlock) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-08-26]
CHR Extension: (Avast Online Security) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-06-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-06]
CHR Extension: (Gmail) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-06]
CHR Extension: (Chrome Media Router) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-30]
CHR Profile: C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Slides) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-30]
CHR Extension: (Google Docs) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-30]
CHR Extension: (Google Drive) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-30]
CHR Extension: (YouTube) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-30]
CHR Extension: (Adobe Acrobat) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2016-09-14]
CHR Extension: (Avast SafePrice) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-09-14]
CHR Extension: (Google Sheets) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-30]
CHR Extension: (Avira Browser Safety) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-09-14]
CHR Extension: (Google Docs Offline) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-30]
CHR Extension: (AdBlock) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-09-15]
CHR Extension: (Avast Online Security) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-05-30]
CHR Extension: (goo.gl URL Shortener) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\iblijlcdoidgdpfknkckljiocdbnlagk [2016-05-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-30]
CHR Extension: (Gmail) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-30]
CHR Extension: (Chrome Media Router) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-14]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2159320 2016-08-22] (Adobe Systems, Incorporated)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Qualcomm Atheros 61x4 Wireless LAN&Bluetooth Installer\Bluetooth Suite\adminservice.exe [309376 2015-01-30] (Qualcomm Atheros) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-08-29] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [223600 2016-08-29] (AVAST Software)
R2 DbgSvc; C:\Program Files\DebugDiag\DbgSvc.exe [451848 2011-07-12] (Microsoft Corporation)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1444544 2016-03-01] (Disc Soft Ltd)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328296 2014-10-24] (Intel Corporation)
R2 MsDtsServer110; C:\Program Files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe [218200 2012-02-11] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
S3 MSSQLFDLauncher; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [49752 2012-02-11] (Microsoft Corporation)
S2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [191064 2012-02-11] (Microsoft Corporation)
R2 MSSQLServerOLAPService; C:\Program Files\Microsoft SQL Server\MSAS11.MSSQLSERVER\OLAP\bin\msmdsrv.exe [61538904 2012-02-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-05] ()
R2 ReportServer; C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2348632 2012-02-11] (Microsoft Corporation)
S3 SQL Server Distributed Replay Client; C:\Program Files (x86)\Microsoft SQL Server\110\Tools\DReplayClient\DReplayClient.exe [137304 2012-02-11] (Microsoft Corporation)
S3 SQL Server Distributed Replay Controller; C:\Program Files (x86)\Microsoft SQL Server\110\Tools\DReplayController\DReplayController.exe [342104 2012-02-11] (Microsoft Corporation)
S3 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [597080 2012-02-11] (Microsoft Corporation)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7534864 2016-08-25] (TeamViewer GmbH)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-07-26] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [65248 2015-04-23] (Advanced Micro Devices, Inc.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-08-29] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-08-29] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-08-29] (AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [28312 2016-08-29] (AVAST Software)
R1 aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [453192 2016-08-29] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-08-29] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-08-29] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-09-14] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513496 2016-08-29] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-08-29] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-08-29] (AVAST Software)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-03-10] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-03-10] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 ETDSMBus; C:\Windows\System32\DRIVERS\ETDSMBus.sys [32992 2016-07-03] (ELAN Microelectronic Corp.)
S3 gkernel; C:\Users\George\AppData\Local\Temp\gkernel.sys [33992 2016-02-23] ()
R2 IntelHaxm; C:\Windows\System32\DRIVERS\IntelHaxm.sys [84992 2015-01-30] (Intel  Corporation)
R3 JmUsbCcgp; C:\Windows\System32\DRIVERS\jmccgp.sys [17136 2009-07-29] (JMicron Technology Corp.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [190032 2016-04-04] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
S3 npf; C:\Windows\System32\drivers\npf.sys [36600 2016-03-16] (Riverbed Technology, Inc.)
R3 Qcamain; C:\Windows\System32\DRIVERS\Qcamain7x64.sys [2356648 2016-08-09] (Qualcomm Atheros, Inc.)
S4 RsFx0200; C:\Windows\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-09-23] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [130880 2015-12-15] (Razer, Inc.)
S3 VSPerfDrv110; C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-16 16:35 - 2016-09-16 16:35 - 02399232 _____ (Farbar) C:\Users\George\Downloads\FRST64 (1).exe
2016-09-16 14:31 - 2016-09-16 14:31 - 00000000 ____D C:\Users\George\AppData\LocalLow\uTorrent
2016-09-14 10:43 - 2016-09-14 10:48 - 00000000 ____D C:\Users\George\BrawlhallaReplays
2016-09-14 10:37 - 2016-09-14 10:37 - 00000000 ____D C:\Users\George\AppData\Roaming\BrawlhallaAir
2016-09-14 10:34 - 2016-09-14 10:34 - 00000222 _____ C:\Users\George\Desktop\Brawlhalla.url
2016-09-14 10:32 - 2016-09-14 10:32 - 00000000 ____D C:\Users\George\AppData\Local\Steam
2016-09-14 10:29 - 2016-09-15 13:28 - 00000000 ____D C:\Program Files (x86)\Steam
2016-09-14 10:29 - 2016-09-14 10:29 - 00000967 _____ C:\Users\Public\Desktop\Steam.lnk
2016-09-14 10:29 - 2016-09-14 10:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2016-09-11 16:30 - 2016-09-11 16:30 - 00121169 _____ C:\Users\George\Downloads\FRST (1).txt
2016-09-11 16:30 - 2016-09-11 16:30 - 00044971 _____ C:\Users\George\Downloads\Addition (1).txt
2016-09-10 22:54 - 2016-09-10 22:54 - 00050217 _____ C:\Users\George\Desktop\text.txt
2016-09-10 21:51 - 2016-09-11 10:43 - 00046458 _____ C:\Users\George\Desktop\FRST.txt
2016-09-10 21:50 - 2016-09-11 10:42 - 00061226 _____ C:\Users\George\Desktop\Addition.txt
2016-09-10 21:40 - 2016-09-10 22:08 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-09-10 21:40 - 2016-09-10 21:45 - 00062194 _____ C:\Users\George\Downloads\Addition.txt
2016-09-10 21:39 - 2016-09-16 16:35 - 00033028 _____ C:\Users\George\Downloads\FRST.txt
2016-09-10 21:39 - 2016-09-10 22:08 - 00000000 ____D C:\Users\George\Desktop\mbar
2016-09-10 21:38 - 2016-09-16 16:35 - 00000000 ____D C:\FRST
2016-09-10 21:13 - 2016-09-10 21:13 - 02397696 _____ (Farbar) C:\Users\George\Downloads\FRST64.exe
2016-09-10 21:10 - 2016-09-10 21:10 - 16563352 _____ (Malwarebytes Corp.) C:\Users\George\Downloads\mbar-1.09.3.1001.exe
2016-09-10 21:07 - 2016-09-10 21:07 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_point64_01011.Wdf
2016-09-10 21:06 - 2016-09-10 21:06 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ETDSMBus_01011.Wdf
2016-09-10 21:01 - 2016-08-23 04:17 - 01035272 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2016-09-10 21:01 - 2016-08-23 04:17 - 00082544 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2016-09-10 21:01 - 2016-08-09 00:04 - 02356648 _____ (Qualcomm Atheros, Inc.) C:\Windows\system32\Drivers\Qcamain7x64.sys
2016-09-10 21:01 - 2016-08-09 00:04 - 00770704 _____ C:\Windows\system32\Drivers\qca61x420.bin
2016-09-10 21:01 - 2016-07-27 05:12 - 00816648 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3xhc.sys
2016-09-10 21:01 - 2016-07-27 02:12 - 00407048 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3hub.sys
2016-09-10 21:01 - 2016-07-03 22:56 - 01804704 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll
2016-09-10 21:01 - 2016-07-03 22:56 - 00032992 _____ (ELAN Microelectronic Corp.) C:\Windows\system32\Drivers\ETDSMBus.sys
2016-09-10 21:01 - 2016-04-28 04:40 - 00598368 _____ (Qualcomm Atheros) C:\Windows\system32\Drivers\btfilter.sys
2016-09-10 21:01 - 2015-12-09 14:09 - 00068904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\point64.sys
2016-09-10 20:56 - 2016-09-10 20:57 - 22851472 _____ (Malwarebytes ) C:\Users\George\Downloads\mbam-setup-2.2.1.1043.exe
2016-09-10 20:50 - 2016-09-10 20:51 - 00000000 ____D C:\Program Files\ReviverSoft
2016-09-10 20:50 - 2016-09-10 20:50 - 12767008 _____ (ReviverSoft) C:\Users\George\Downloads\DriverReviverSetup.exe
2016-09-06 17:14 - 2016-09-06 17:14 - 04117216 _____ (Husdawg, LLC) C:\Users\George\Desktop\Detection(1).exe
2016-09-06 17:13 - 2016-09-06 17:13 - 04117216 _____ (Husdawg, LLC) C:\Users\George\Desktop\Detection.exe
2016-09-06 12:00 - 2016-09-06 12:00 - 00112203 _____ C:\Users\George\Desktop\win-source.zip
2016-09-05 21:14 - 2016-09-05 21:14 - 01782028 _____ C:\Users\George\Desktop\Accelerated C++ Programming.pdf
2016-09-05 18:53 - 2016-09-10 20:38 - 00000000 ____D C:\ProgramData\Avira
2016-09-03 17:35 - 2016-09-03 17:38 - 00004536 _____ C:\Users\George\AppData\Roaming\CamStudio.cfg
2016-09-03 17:35 - 2016-09-03 17:38 - 00000408 _____ C:\Users\George\AppData\Roaming\CamShapes.ini
2016-09-03 17:35 - 2016-09-03 17:38 - 00000408 _____ C:\Users\George\AppData\Roaming\CamLayout.ini
2016-09-03 17:35 - 2016-09-03 17:38 - 00000110 _____ C:\Users\George\AppData\Roaming\Camdata.ini
2016-09-03 17:33 - 2016-09-03 17:33 - 00000000 ____D C:\Users\George\Documents\My CamStudio Videos
2016-09-03 17:32 - 2016-09-03 17:37 - 00000096 _____ C:\Users\George\AppData\Roaming\version2.xml
2016-09-03 17:32 - 2016-09-03 17:37 - 00000000 ____D C:\Users\George\Documents\My CamStudio Temp Files
2016-09-03 15:22 - 2016-09-03 15:22 - 01646972 _____ C:\Users\George\Downloads\0.rar
2016-09-02 15:52 - 2016-09-03 20:45 - 00000000 ____D C:\Users\George\Documents\New Unity Project
2016-09-02 15:52 - 2016-09-03 16:23 - 00000000 ____D C:\Users\George\AppData\LocalLow\DefaultCompany
2016-09-02 15:37 - 2016-09-03 16:22 - 00000000 ____D C:\Users\George\AppData\Roaming\Unity
2016-09-02 15:37 - 2016-09-03 16:21 - 00000000 ____D C:\ProgramData\Unity
2016-09-02 15:37 - 2016-09-02 15:52 - 00000000 ____D C:\Users\George\AppData\LocalLow\Unity
2016-09-02 15:37 - 2016-09-02 15:37 - 00000000 ____D C:\Users\George\AppData\Local\Unity
2016-08-30 18:26 - 2016-08-30 18:26 - 00000000 ____D C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2015 Tools for Unity
2016-08-30 18:26 - 2016-08-30 18:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio Tools for Unity
2016-08-30 18:24 - 2016-08-30 18:24 - 00000000 ____D C:\Users\George\Documents\Visual Studio 2015
2016-08-30 18:10 - 2016-08-30 18:10 - 00000000 ____D C:\Program Files (x86)\AppInsights
2016-08-30 17:56 - 2016-08-30 17:56 - 00000000 ____D C:\Program Files (x86)\ShellDir
2016-08-30 17:53 - 2016-08-30 17:53 - 00000000 ____D C:\Program Files (x86)\Microsoft Office365 Tools
2016-08-30 17:52 - 2016-08-30 17:52 - 00000000 ____D C:\ProgramData\NuGet
2016-08-30 17:51 - 2016-08-30 17:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression
2016-08-30 17:50 - 2016-08-30 17:50 - 00001534 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blend for Visual Studio 2015.lnk
2016-08-30 17:49 - 2016-08-30 18:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 12.0
2016-08-30 17:49 - 2016-08-30 17:49 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 12.0
2016-08-30 17:46 - 2016-08-30 17:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015
2016-08-30 17:40 - 2016-08-30 17:40 - 00001535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015.lnk
2016-08-30 17:35 - 2016-08-30 18:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 14.0
2016-08-30 17:04 - 2016-09-04 18:35 - 00000000 ____D C:\Program Files (x86)\GtkSharp
2016-08-30 17:03 - 2016-08-30 17:03 - 00000883 _____ C:\Users\Public\Desktop\Unity 5.4.0f3 (64-bit).lnk
2016-08-30 17:03 - 2016-08-30 17:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity 5.4.0f3 (64-bit)
2016-08-30 17:00 - 2016-08-30 17:03 - 00000000 ____D C:\Program Files\Unity
2016-08-30 16:53 - 2016-08-30 16:53 - 00718392 _____ C:\Users\George\Desktop\UnityDownloadAssistant-5.4.0f3.exe
2016-08-29 15:06 - 2016-08-29 15:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-08-29 15:06 - 2016-08-29 15:05 - 00453192 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetSec.sys
2016-08-29 15:05 - 2016-08-29 15:05 - 00391496 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-08-29 15:05 - 2016-08-29 15:05 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-08-29 15:05 - 2016-08-29 15:05 - 00028312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetNd6.sys
2016-08-28 15:01 - 2016-08-28 15:01 - 04237070 _____ C:\Users\George\Desktop\(MSPress) Writing Secure Code.pdf
2016-08-28 14:33 - 2016-08-28 14:52 - 00000000 ____D C:\Users\George\.zenmap
2016-08-28 14:32 - 2016-08-28 14:32 - 00000000 ____D C:\Program Files\WinPcap
2016-08-28 14:31 - 2016-08-28 14:32 - 00000000 ____D C:\Program Files (x86)\Nmap
2016-08-28 14:31 - 2016-08-28 14:31 - 26426084 _____ (Insecure.org) C:\Users\George\Desktop\nmap-7.12-setup.exe
2016-08-25 21:53 - 2016-09-07 11:02 - 00000000 ____D C:\Users\George\Desktop\New folder (3)
2016-08-25 16:03 - 2016-08-26 10:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-08-24 13:13 - 2016-08-24 13:17 - 00017408 ___SH C:\Users\George\Thumbs.db
2016-08-21 13:21 - 2016-09-15 13:26 - 00001024 _____ C:\.rnd
2016-08-21 13:20 - 2016-08-21 13:12 - 00000000 ____D C:\Users\George\Documents\quickfix-bin-vs11-1.14.3
2016-08-18 14:16 - 2016-08-18 14:16 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_dc3d_01011.Wdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-16 16:36 - 2016-02-13 21:04 - 00000000 ____D C:\Users\George\AppData\Roaming\uTorrent
2016-09-16 16:35 - 2016-04-20 17:20 - 00000000 ____D C:\Program Files\DebugDiag
2016-09-16 16:31 - 2016-05-25 17:17 - 00000000 ____D C:\Users\George\AppData\Roaming\Skype
2016-09-16 16:30 - 2009-07-14 07:45 - 00026160 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-16 16:30 - 2009-07-14 07:45 - 00026160 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-16 16:01 - 2016-05-31 15:19 - 00000402 _____ C:\Windows\Tasks\update-sys.job
2016-09-16 15:41 - 2016-05-31 15:19 - 00000402 _____ C:\Windows\Tasks\update-S-1-5-21-3654362358-1251383480-3926992401-1000.job
2016-09-16 15:39 - 2016-02-14 09:20 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-16 14:24 - 2016-02-14 23:02 - 00753974 _____ C:\Windows\system32\perfh008.dat
2016-09-16 14:24 - 2016-02-14 23:02 - 00173524 _____ C:\Windows\system32\perfc008.dat
2016-09-16 14:24 - 2009-07-14 08:13 - 01916104 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-16 14:24 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\inf
2016-09-16 13:07 - 2016-03-22 18:16 - 00000660 _____ C:\Windows\Tasks\MATLAB R2015a Startup Accelerator.job
2016-09-16 11:36 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\Registration
2016-09-16 11:26 - 2016-03-15 22:09 - 00004180 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-09-16 01:39 - 2016-02-14 09:20 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-15 13:30 - 2009-07-14 05:34 - 00000541 _____ C:\Windows\win.ini
2016-09-15 13:24 - 2016-02-22 12:51 - 00000091 _____ C:\HaxLogs.txt
2016-09-15 13:24 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-14 19:17 - 2016-05-28 07:42 - 00000000 ____D C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2016-09-14 19:17 - 2016-05-28 07:42 - 00000000 ____D C:\Users\George\AppData\Roaming\discord
2016-09-14 19:17 - 2016-05-28 07:41 - 00000000 ____D C:\Users\George\AppData\Local\SquirrelTemp
2016-09-14 10:43 - 2016-02-13 20:23 - 00000000 ____D C:\Users\George
2016-09-14 07:27 - 2016-02-22 12:24 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-09-14 07:24 - 2016-03-15 22:09 - 00969184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2016-09-13 13:31 - 2016-02-25 18:51 - 00000971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-09-13 13:31 - 2016-02-25 18:51 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-09-10 23:43 - 2016-02-19 18:15 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-09-10 21:40 - 2016-07-27 21:54 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-09-10 21:40 - 2016-03-16 00:19 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-09-10 21:39 - 2016-07-27 21:54 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-09-10 20:38 - 2016-02-13 20:48 - 00000000 ____D C:\ProgramData\Package Cache
2016-09-09 13:30 - 2016-02-13 20:42 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-09-08 20:02 - 2016-03-15 10:31 - 00000000 ____D C:\Users\George\Documents\Outlook Files
2016-09-08 13:57 - 2016-07-01 19:01 - 00000000 ____D C:\Users\MSSQLFDLauncher
2016-09-08 13:55 - 2016-07-01 19:02 - 00000000 ____D C:\Users\ReportServer
2016-09-08 13:55 - 2016-07-01 19:01 - 00000000 ____D C:\Users\MSSQLSERVER
2016-09-08 13:54 - 2016-07-01 19:02 - 00000000 ____D C:\Users\MsDtsServer110
2016-09-07 12:53 - 2016-02-15 23:07 - 00000000 ____D C:\Users\George\Desktop\program
2016-09-04 18:35 - 2016-05-24 13:35 - 00000000 ____D C:\Windows\system32\appmgmt
2016-09-04 09:31 - 2016-05-16 23:21 - 00000000 ____D C:\Program Files (x86)\Arena
2016-09-03 15:34 - 2016-02-22 13:21 - 00000000 ____D C:\Users\George\AppData\Local\Microsoft Help
2016-09-02 16:59 - 2016-07-01 18:30 - 00000000 ____D C:\Users\George\Documents\Visual Studio 2010
2016-09-02 14:33 - 2016-02-14 17:17 - 00000000 ____D C:\Users\George\Documents\Visual Studio 2012
2016-08-30 18:42 - 2016-02-27 05:41 - 00000632 __RSH C:\Users\George\ntuser.pol
2016-08-30 18:26 - 2009-07-14 08:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-08-30 18:06 - 2016-02-14 16:48 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2016-08-30 17:59 - 2016-02-14 16:52 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2016-08-30 17:52 - 2016-02-14 17:01 - 00000000 ____D C:\Program Files (x86)\NuGet
2016-08-30 17:52 - 2016-02-14 17:01 - 00000000 ____D C:\Program Files (x86)\Microsoft WCF Data Services
2016-08-30 17:48 - 2016-02-14 16:52 - 00000000 ____D C:\Windows\SysWOW64\1033
2016-08-30 17:43 - 2016-02-14 16:59 - 00000000 ____D C:\Program Files (x86)\Windows Kits
2016-08-30 17:43 - 2016-02-14 16:53 - 00000000 ____D C:\Program Files (x86)\Microsoft Help Viewer
2016-08-30 17:42 - 2016-02-14 16:48 - 00000000 ____D C:\Windows\system32\1033
2016-08-30 17:41 - 2016-02-14 16:52 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2016-08-30 17:30 - 2016-02-13 20:38 - 01894608 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-08-30 17:18 - 2016-02-14 16:29 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-08-29 22:55 - 2016-05-25 17:17 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-08-29 22:54 - 2016-02-14 09:31 - 00000000 ____D C:\ProgramData\Skype
2016-08-29 15:20 - 2016-03-23 09:22 - 00003904 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1458714166
2016-08-29 15:05 - 2016-03-23 09:22 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-08-29 15:05 - 2016-03-15 22:09 - 00513496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-08-29 15:05 - 2016-03-15 22:09 - 00292704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-08-29 15:05 - 2016-03-15 22:09 - 00163416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-08-29 15:05 - 2016-03-15 22:09 - 00108816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-08-29 15:05 - 2016-03-15 22:09 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-08-29 15:05 - 2016-03-15 22:09 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-08-29 15:05 - 2016-03-15 22:09 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-08-26 10:15 - 2016-03-20 22:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-08-23 04:17 - 2016-02-27 03:48 - 00116296 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2016-08-22 16:32 - 2016-02-13 21:01 - 00000000 ____D C:\Users\George\AppData\Local\Eclipse
2016-08-22 16:32 - 2016-02-13 21:01 - 00000000 ____D C:\Users\George\.p2
2016-08-22 16:31 - 2016-02-13 21:00 - 00000000 ____D C:\Users\George\Documents\eclipse
 
==================== Files in the root of some directories =======
 
2016-09-03 17:35 - 2016-09-03 17:38 - 0000110 _____ () C:\Users\George\AppData\Roaming\Camdata.ini
2016-09-03 17:35 - 2016-09-03 17:38 - 0000408 _____ () C:\Users\George\AppData\Roaming\CamLayout.ini
2016-09-03 17:35 - 2016-09-03 17:38 - 0000408 _____ () C:\Users\George\AppData\Roaming\CamShapes.ini
2016-09-03 17:35 - 2016-09-03 17:38 - 0004536 _____ () C:\Users\George\AppData\Roaming\CamStudio.cfg
2016-09-03 17:32 - 2016-09-03 17:37 - 0000096 _____ () C:\Users\George\AppData\Roaming\version2.xml
2016-03-16 20:10 - 2016-03-16 20:10 - 0007610 _____ () C:\Users\George\AppData\Local\Resmon.ResmonCfg
2016-05-31 15:19 - 2016-05-31 15:19 - 0000003 _____ () C:\Users\George\AppData\Local\updater.log
2016-05-31 15:19 - 2016-08-08 23:04 - 0000424 _____ () C:\Users\George\AppData\Local\UserProducts.xml
2016-08-01 14:22 - 2016-08-01 14:22 - 0000000 _____ () C:\Users\George\AppData\Local\{2DC1B4A0-2572-4BF6-901D-33070F08DE50}
2016-02-13 20:45 - 2016-02-13 20:45 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\George\AppData\Local\Temp\avgnt.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-09-15 01:00
 
==================== End of FRST.txt ============================


#5 Jo*

Jo*

  • Malware Response Team
  • 3,400 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:18 AM

Posted 16 September 2016 - 10:01 AM

:welcome: to BleepingComputer.

Hi there,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / music / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


One question to this Task:
Task: {2AD351F2-C3C1-4725-944A-41C1D0737C87} - System32\Tasks\TweakBit\Driver Updater\Start Driver Updater *n logon => C:\Program Files (x86)\TweakBit\Driver Updater\DriverUpdater.exe [2015-06-02] (TweakBit) <==== ATTENTION

Do you know TweakBit Driver Updater / did you install that?

---

:step1: Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


:step2: Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step3: Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    The actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#6 JohnsonO9

JohnsonO9
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:18 AM

Posted 16 September 2016 - 03:42 PM

Okay, first of all yes, I had installed the TweakBit

 

checkup.txt ->

 Results of screen317's Security Check version 1.014 --- 12/23/15  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
Avast Antivirus                 
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Little Registry Cleaner   
 Microsoft VisualStudio JavaScript Project System 
 Java 8 Update 101  
 Microsoft VisualStudio JavaScript Language Service 
 Visual Studio Extensions for Windows Library for JavaScript 
 Java version 32-bit out of Date!
 Adobe Flash Player 22.0.0.209  
 Mozilla Firefox (48.0.2) 
 Google Chrome (51.0.2704.103) 
 Google Chrome (52.0.2743.116) 
 Google Chrome (SetupMetrics...) 
````````Process Check: objlist.exe by Laurent````````
 Microsoft Security Essentials MSMpEng.exe 
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast afwServ.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1% 
````````````````````End of Log``````````````````````
 
Malwarebytes Anti-Rootkit did not find any malware and 

 

 

AdwCleaner[R0].txt ->

 

# AdwCleaner v6.020 - Logfile created 16/09/2016 at 23:36:41

# Updated on 14/09/2016 by ToolsLib
# Database : 2016-09-16.2 [Server]
# Operating System : Windows 7 Ultimate Service Pack 1 (X64)
# Username : George- GEORGE-PC
# Running from : C:\Users\MWorkstation\Downloads\AdwCleaner (1).exe
# Mode: Scan
 
 
 
***** [ Services ] *****
 
No malicious services found.
 
 
***** [ Folders ] *****
 
Folder Found:  C:\Users\George\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
Folder Found:  C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Little Registry Cleaner
Folder Found:  C:\Windows\SysNative\Tasks\TweakBit
Folder Found:  C:\Windows\SysNative\Tasks\TweakBit
Folder Found:  C:\ProgramData\TweakBit
Folder Found:  C:\ProgramData\Application Data\TweakBit
Folder Found:  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TweakBit
Folder Found:  C:\Program Files (x86)\TweakBit
Folder Found:  C:\Program Files (x86)\Little Registry Cleaner
Folder Found:  C:\extensions
Folder Found:  C:\Users\Public\Documents\dmp
 
 
***** [ Files ] *****
 
File Found:  C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxps_static.cmptch.com_0.localstorage
File Found:  C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxps_static.cmptch.com_0.localstorage-journal
File Found:  C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_animeshow.tv_0.localstorage
File Found:  C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 2\Local Storage\hxxp_animeshow.tv_0.localstorage
File Found:  C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_animeshow.tv_0.localstorage-journal
File Found:  C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 2\Local Storage\hxxp_animeshow.tv_0.localstorage-journal
File Found:  C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_www.studymyway.com_0.localstorage
File Found:  C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_www.studymyway.com_0.localstorage-journal
File Found:  C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_animeshow.tv_0.localstorage
File Found:  C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 2\Local Storage\hxxp_animeshow.tv_0.localstorage
File Found:  C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_animeshow.tv_0.localstorage-journal
File Found:  C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 2\Local Storage\hxxp_animeshow.tv_0.localstorage-journal
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
Task Found:  TweakBit\Driver Updater\Start Driver Updater оn logon
 
 
***** [ Registry ] *****
 
Key Found:  HKU\S-1-5-21-3654362358-1251383480-3926992401-1000\Software\Little Registry Cleaner
Key Found:  HKCU\Software\Little Registry Cleaner
Key Found:  HKLM\SOFTWARE\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
Key Found:  HKLM\SOFTWARE\{E6276374-DE18-4AA5-A365-9016A2F98A2D}
Key Found:  HKLM\SOFTWARE\{G6276374-DEEE-4AAA-A355-9016A2F98A2D}
Key Found:  HKLM\SOFTWARE\Little Registry Cleaner
Key Found:  HKLM\SOFTWARE\TWEAKBIT
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Little Registry Cleaner
Key Found:  [x64] HKCU\Software\Little Registry Cleaner
Key Found:  HKCU\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}
 
 
***** [ Web browsers ] *****
 
Firefox pref Found:  [C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\zkffa3ly.default\prefs.js] - "extensions.ntk.HISTORY" -  "[{\"title\":\"YouTube\",\"icon\":\"hxxp://g.etfv.co/hxxps://www.youtube.com/\",
Firefox pref Found:  [C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\zkffa3ly.default\prefs.js] - "extensions.ntk.thumbsUrls" -  "hxxps://www.youtube.com/;hxxps://mail.google.com/mail/u/0/#inbox;hxxps://acc
Chrome pref Found:  [C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com
Chrome pref Found:  [C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Web data] - oursurfing
Chrome pref Found:  [C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found:  [C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Web data] - yessearches
 
*************************
 
C:\AdwCleaner\AdwCleaner[S0].txt - [4736 Bytes] - [16/09/2016 23:36:41]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4809 Bytes] ##########

Edited by JohnsonO9, 17 September 2016 - 04:50 AM.


#7 Jo*

Jo*

  • Malware Response Team
  • 3,400 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:18 AM

Posted 16 September 2016 - 04:50 PM

Hello,

:step1: Run Malwarebytes Anti-Rootkit again: Double click mbar.exe to run the tool.
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • Scan your system for malware
  • If malware is found, click on the Cleanup
  • button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • then please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step2: Double click on AdwCleaner.exe to run the tool again.
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove". Look through the scan results and uncheck any entries that you do not wish to remove.
  • This time, click on the Cleaning button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***


:step3: Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#8 JohnsonO9

JohnsonO9
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:18 AM

Posted 17 September 2016 - 04:52 AM

Okay, first of all Malwarebytes Anti-Root did not find any threats.\

 

Here is the AdwCleaner.txt

 

# AdwCleaner v6.020 - Logfile created 17/09/2016 at 12:34:46
# Updated on 14/09/2016 by ToolsLib
# Database : 2016-09-17.1 [Server]
# Operating System : Windows 7 Ultimate Service Pack 1 (X64)
# Username : George - GEORGE-PC
# Running from : C:\Users\George\Downloads\AdwCleaner.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\Users\George\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
[-] Folder deleted: C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Little Registry Cleaner
[-] Folder deleted: C:\Windows\SysNative\Tasks\TweakBit
[#] Folder deleted on reboot: C:\Windows\SysNative\Tasks\TweakBit
[-] Folder deleted: C:\ProgramData\TweakBit
[#] Folder deleted on reboot: C:\ProgramData\Application Data\TweakBit
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TweakBit
[-] Folder deleted: C:\Program Files (x86)\TweakBit
[-] Folder deleted: C:\Program Files (x86)\Little Registry Cleaner
[-] Folder deleted: C:\extensions
[-] Folder deleted: C:\Users\Public\Documents\dmp
 
 
***** [ Files ] *****
 
[-] File deleted: C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxps_static.cmptch.com_0.localstorage
[-] File deleted: C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxps_static.cmptch.com_0.localstorage-journal
[-] File deleted: C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_animeshow.tv_0.localstorage
[-] File deleted: C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 2\Local Storage\hxxp_animeshow.tv_0.localstorage
[-] File deleted: C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_animeshow.tv_0.localstorage-journal
[-] File deleted: C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 2\Local Storage\hxxp_animeshow.tv_0.localstorage-journal
[-] File deleted: C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_www.studymyway.com_0.localstorage
[-] File deleted: C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_www.studymyway.com_0.localstorage-journal
[#] File deleted: C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_animeshow.tv_0.localstorage
[#] File deleted: C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 2\Local Storage\hxxp_animeshow.tv_0.localstorage
[#] File deleted: C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_animeshow.tv_0.localstorage-journal
[#] File deleted: C:\Users\George\AppData\Local\Google\Chrome\User Data\Profile 2\Local Storage\hxxp_animeshow.tv_0.localstorage-journal
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKU\S-1-5-21-3654362358-1251383480-3926992401-1000\Software\Little Registry Cleaner
[#] Key deleted on reboot: HKCU\Software\Little Registry Cleaner
[-] Key deleted: HKLM\SOFTWARE\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
[-] Key deleted: HKLM\SOFTWARE\{E6276374-DE18-4AA5-A365-9016A2F98A2D}
[-] Key deleted: HKLM\SOFTWARE\{G6276374-DEEE-4AAA-A355-9016A2F98A2D}
[-] Key deleted: HKLM\SOFTWARE\Little Registry Cleaner
[-] Key deleted: HKLM\SOFTWARE\TWEAKBIT
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Little Registry Cleaner
[#] Key deleted on reboot: [x64] HKCU\Software\Little Registry Cleaner
[-] Key deleted: HKCU\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}
 
 
***** [ Web browsers ] *****
 
[-] Chrome preferences cleaned: 
[-] Chrome preferences cleaned: "extensions.ntk.thumbsUrls" -  "hxxps://www.youtube.com/;hxxps://mail.google.com/mail/u/0/#inbox;hxxps://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=hxxps://mail.google.com/mail/&ss=1&scc=1&ltmpl=default&ltmplcache=2&emr=1&osid=1;hxxps://www.google.gr/;hxxps://www.chess.com/;hxxps://userstyles.org/;hxxps://www.chesscademy.com/;hxxps://addons.mozilla.org/en-US/firefox/themes/;hxxp://stackoverflow.com/;hxxps://support.mozilla.org/en-US/kb/about-tiles-new-tab;hxxp://animeshow.tv/;hxxps://thepiratebay.org/;hxxp://www.bbc.com/;hxxp://www.cnet.com/news/;hxxp://edition.cnn.com/;hxxp://maxcdn.thedesigninspiration.com/wp-content/uploads/2012/11/Wallpaper-l-003.jpg"
[-] [C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: oursurfing
[-] [C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: yessearches
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [5200 Bytes] - [17/09/2016 12:34:46]
C:\AdwCleaner\AdwCleaner[S0].txt - [4892 Bytes] - [16/09/2016 23:36:41]
C:\AdwCleaner\AdwCleaner[S1].txt - [4961 Bytes] - [17/09/2016 12:28:00]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [5419 Bytes] ##########
 
and here is the JRT.txt
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 7 Ultimate x64 
Ran by George (Administrator) on Sat 09/17/2016 at 12:43:59.21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 45 
 
Successfully deleted: C:\Windows\system32\Tasks\update-S-1-5-21-3654362358-1251383480-3926992401-1000 (Task)
Successfully deleted: C:\Windows\system32\Tasks\update-sys (Task)
Successfully deleted: C:\Windows\Tasks\update-S-1-5-21-3654362358-1251383480-3926992401-1000.job (Task) 
Successfully deleted: C:\Windows\Tasks\update-sys.job (Task) 
Successfully deleted: C:\Program Files\reviversoft (Folder) 
Successfully deleted: C:\Users\George\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\George\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\18Y73S62 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\George\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3C7FHL57 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\George\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3D3NBZ6G (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\George\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\George\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6C03SXVR (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\George\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\George\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G9MB79OC (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\George\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H0M1QI17 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\George\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HIN7S30N (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\George\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K7E6PGEY (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\George\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\George\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P6ECDCYD (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\George\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PIQSJ696 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\George\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PM96FSXM (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\George\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QOD7E3RK (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\George\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RFMVEBIW (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\George\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RIEMM0RT (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\George\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U3A1M4VP (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\George\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V3ND59JC (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\18Y73S62 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3C7FHL57 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3D3NBZ6G (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6C03SXVR (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G9MB79OC (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H0M1QI17 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HIN7S30N (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K7E6PGEY (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P6ECDCYD (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PIQSJ696 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PM96FSXM (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QOD7E3RK (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RFMVEBIW (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RIEMM0RT (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U3A1M4VP (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V3ND59JC (Temporary Internet Files Folder) 
 
 
 
Registry: 1 
 
Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_7EE17024250634CFC34979AE582D5B09 (Registry Value) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 09/17/2016 at 12:47:49.70
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
I don't know if its worth mentioning but when I was running Junkware Removal tool and was scanning for shortcuts my CPU usage spiked.


#9 Jo*

Jo*

  • Malware Response Team
  • 3,400 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:18 AM

Posted 17 September 2016 - 05:21 AM

Copy FRST / FSRT64.exe to your desktop!

Log on to all your user accounts now - without restarting !

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt




Start
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3654362358-1251383480-3926992401-1000\...\MountPoints2: F - F:\Setup.exe
HKU\S-1-5-21-3654362358-1251383480-3926992401-1000\...\MountPoints2: {f9807ca9-e699-11e5-a701-000000005aad} - F:\Setup.exe
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [No File]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
EmptyTemp:
End

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST / FSRT64 again as Administrator like we did before but this time press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

---

Download and run Chrome Software Cleaner

---

How the computer is running now?



***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#10 JohnsonO9

JohnsonO9
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:18 AM

Posted 17 September 2016 - 09:11 AM

Fixlog.txt

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 16-09-2016
Ran by George (17-09-2016 15:46:46) Run:1
Running from C:\Users\George\Desktop
Loaded Profiles: George & MSSQLServerOLAPService & ReportServer (Available Profiles: George & MsDtsServer110 & MSSQLServerOLAPService & ReportServer & MSSQLFDLauncher & MSSQLSERVER)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3654362358-1251383480-3926992401-1000\...\MountPoints2: F - F:\Setup.exe
HKU\S-1-5-21-3654362358-1251383480-3926992401-1000\...\MountPoints2: {f9807ca9-e699-11e5-a701-000000005aad} - F:\Setup.exe
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [No File]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
EmptyTemp:
End
*****************
 
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKU\S-1-5-21-3654362358-1251383480-3926992401-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F" => key removed successfully
"HKU\S-1-5-21-3654362358-1251383480-3926992401-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9807ca9-e699-11e5-a701-000000005aad}" => key removed successfully
HKCR\CLSID\{f9807ca9-e699-11e5-a701-000000005aad} => key not found. 
"HKLM\Software\Wow6432Node\MozillaPlugins\@t.garena.com/garenatalk" => key removed successfully
Synth3dVsc => service removed successfully
tsusbhub => service removed successfully
VGPU => service removed successfully
vmci => service removed successfully
VMnetAdapter => service removed successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 11311961 B
Java, Flash, Steam htmlcache => 38284866 B
Windows/system/drivers => 180609331 B
Edge => 0 B
Chrome => 1582864152 B
Firefox => 411666508 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 66356 B
systemprofile32 => 87462 B
LocalService => 66228 B
NetworkService => 2099438 B
George => 2902723506 B
MsDtsServer110 => 66228 B
MSSQLServerOLAPService => 66228 B
ReportServer => 66228 B
MSSQLFDLauncher => 66228 B
MSSQLSERVER => 66228 B
 
RecycleBin => 15367163 B
EmptyTemp: => 4.8 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 15:48:05 ====
 
I ran the Chrome Software Cleaner as well. It did make my chrome a bit faster I would say but still my CPU sometimes reaches 50% usage without real reason


#11 Jo*

Jo*

  • Malware Response Team
  • 3,400 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:18 AM

Posted 17 September 2016 - 09:49 AM

Hello,

:step1: Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 5 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7/8/10 users need to right click and choose Run as Administrator
You only need to get one of them to run, not all of them.Do not reboot your computer after running rkill as the malware programs will start again.


---


:step2: Malwarebytes' Anti-Malware
If this program is already installed: Skip the installation and run only the scan!
Download and install: Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
How to get logs: (Export log to save as txt)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.
(Copy to clipboard for pasting into forum replies or tickets)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

---


:step3: Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

---


:step4: How the computer is running now?


---


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#12 JohnsonO9

JohnsonO9
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:18 AM

Posted 17 September 2016 - 10:56 AM

Rkill txt->
 
Rkill 2.8.4 by Lawrence Abrams (Grinler)
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 09/17/2016 06:23:40 PM in x64 mode.
Windows Version: Windows 7 Ultimate Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Policies\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 09/17/2016 06:24:53 PM
Execution time: 0 hours(s), 1 minute(s), and 13 seconds(s)
 
malwarebytes txt ->
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 9/17/2016
Scan Time: 6:26 PM
Logfile: 
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.09.17.05
Rootkit Database: v2016.08.15.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: George
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 558372
Time Elapsed: 21 min, 13 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
It did not ask me to restart my computer.
 
and lastly the FSS.txt->
 
Farbar Service Scanner Version: 27-01-2016
Ran by George (administrator) on 17-09-2016 at 18:55:11
Running from "C:\Users\George\Downloads"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****
 
Edit: I just don't understand why my CPU drops from 40%-50% to 10%-20% every time I open my task manager and then rising up again upon closing it.
 
 

Edited by JohnsonO9, 17 September 2016 - 11:05 AM.


#13 Jo*

Jo*

  • Malware Response Team
  • 3,400 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:18 AM

Posted 17 September 2016 - 11:36 AM

ESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.
Open the scan log and copy and paste the content to your next reply.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#14 JohnsonO9

JohnsonO9
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:18 AM

Posted 17 September 2016 - 05:19 PM

ESSET.txt
 
C:\Users\All Users\KMSAuto\bin\TunMirror.exe MSIL/HackTool.TunMirror.A potentially unsafe application
C:\Users\All Users\KMSAuto\bin\TunMirror2.exe a variant of MSIL/HackTool.TunMirror.A potentially unsafe application
C:\AdwCleaner\quarantine\files\letwwmftdwbfsnuitiuhflhptdkrdiuy\Driver Updater\Downloader.exe a variant of Win32/Auslogics.A potentially unwanted application cleaned by deleting
C:\AdwCleaner\quarantine\files\letwwmftdwbfsnuitiuhflhptdkrdiuy\Driver Updater\DriverUpdater.exe a variant of Win32/Auslogics.A potentially unwanted application cleaned by deleting
C:\ProgramData\KMSAuto\bin\TunMirror.exe MSIL/HackTool.TunMirror.A potentially unsafe application cleaned by deleting
C:\ProgramData\KMSAuto\bin\TunMirror2.exe a variant of MSIL/HackTool.TunMirror.A potentially unsafe application cleaned by deleting
C:\Users\George\Downloads\TweakBit Driver Updater\driver-updater-setup.exe a variant of Win32/Auslogics.A potentially unwanted application deleted


#15 Jo*

Jo*

  • Malware Response Team
  • 3,400 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:18 AM

Posted 18 September 2016 - 04:01 AM

Your remaining issues are not malware related, if you need still help, please start a new topic at our MS Windows forum section.

===================================


***


It Appears That Your Pc Is Now Clean!


***


Clean up:


***


Right-click AdwCleaner.exe and select Run As Administrator.
  • Click on the Uninstall button.
  • A window will open, press the Confirm button.
  • AdwCleaner will uninstall now.

***


Clean up with delfix:
  • please download delfix to your desktop.
  • Close all other programms and start delfix.
  • Please check all the boxes and run the tool.
  • delfix will now delete all found traces of our removal process

***


Delete the log files our tools created; they are located at your desktop or at the
"c:\users\{.......}\Downloads" folder.
Highlight them, and press the del or delete key on the keyboard.
You can browse to the location of the file or folder using either My Computer or Windows Explorer.


***


Here are some Preventive tips to reduce the potential for spyware infection in the future

:step1: Browse more secure :step2: Make sure you keep your Windows OS current.
  • Windows XP users can visit Windows update regularly to download and install any critical updates and service packs.
  • Windows Vista / 7 / 8 users can update via
    Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane).
:step3: Avoid P2P
  • If you think you're using a "safe" P2P program, only the program is safe, not the data.
  • You will share files from unsafe sources, and these may be infected.
  • Some bad guys use P2P filesharing as an important chanel to spread their wares.
:step4: Use only one anti-virus software and keep it up-to-date.

:step5: Firewall
Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

:step6: Backup regularly
You never know when your PC will become unstable or become so infected that you can't recover it.

:step7: Use Strong passwords!

:step8: Email attachments
Do not open any unknown email attachments, which you received without asking for it!


Extra note:
Keep your Browser, Java, pdf Reader and Adobe Flash Up to Date.
And you could install Malwarebytes Anti-Exploit to run alongside your traditional anti-virus or anti-malware products.

Make sure your programs are up to date - because older versions may contain Security Leaks.


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users