Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

cd-steam.info / zodiac-game.info on startup


  • This topic is locked This topic is locked
24 replies to this topic

#1 curkeuc

curkeuc

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 16 September 2016 - 03:59 PM

hi, this one day i booted up my pc and noticed that a window of google chrome has popped up. the site's address was zodiac-game.info. ever since i tried many ways i've found on the internet to get rid of this pop up, i tried different antiviruses, tried removing the startup process and at first it worked but after restart the startup process keeps coming back. then i found this site and decided to give it a go. the FRST.txt is:

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-09-2016
Ran by USER (administrator) on USER-PC (16-09-2016 19:11:12)
Running from E:\Downloads
Loaded Profiles: USER (Available Profiles: USER & Smurf & Guest)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(Enigma Software Group USA, LLC.) C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_host.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_host.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Valve Corporation) E:\Program Files (x86)\Steam\Steam.exe
(BitTorrent Inc.) C:\Users\USER\AppData\Roaming\uTorrent\uTorrent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(ROCCAT GmbH) E:\Program Files (x86)\ROCCAT\Isku FX Keyboard\IskuFXMonitor.exe
(ROCCAT GmbH Co., Ltd.) E:\Program Files (x86)\ROCCAT\Roccat Talk\Roccat Talk.exe
(ROCCAT GmbH) E:\Program Files (x86)\ROCCAT\Kone Pure Mouse\KonePureMonitor.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe
(BitTorrent Inc.) C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.8_42576\utorrentie.exe
(BitTorrent Inc.) C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.8_42576\utorrentie.exe
(Valve Corporation) E:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13671792 2014-03-14] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2014-04-11] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)
HKLM-x32\...\Run: [RoccatIskuFX] => E:\Program Files (x86)\ROCCAT\Isku FX Keyboard\IskuFXMonitor.exe [540672 2014-10-19] (ROCCAT GmbH)
HKLM-x32\...\Run: [RoccatKonePure] => E:\Program Files (x86)\ROCCAT\Kone Pure Mouse\KonePureMonitor.EXE [561152 2014-01-20] (ROCCAT GmbH)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [6718224 2016-08-26] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [204560 2016-09-07] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-4126855326-3008047531-3105444804-1000\...\Run: [USER] => explorer.exe hxxp://sd-steam.info <===== ATTENTION
HKU\S-1-5-21-4126855326-3008047531-3105444804-1000\...\Run: [Steam] => E:\Program Files (x86)\Steam\steam.exe [2857248 2016-08-23] (Valve Corporation)
HKU\S-1-5-21-4126855326-3008047531-3105444804-1000\...\Run: [uTorrent] => C:\Users\USER\AppData\Roaming\uTorrent\uTorrent.exe [2139840 2016-09-15] (BitTorrent Inc.)
HKU\S-1-5-21-4126855326-3008047531-3105444804-1000\...\Run: [DAEMON Tools Ultra Agent] => C:\Program Files\DAEMON Tools Ultra\DTAgent.exe [4526424 2016-03-05] (Disc Soft Ltd)
HKU\S-1-5-21-4126855326-3008047531-3105444804-1000\...\MountPoints2: F - F:\setup.exe
HKU\S-1-5-21-4126855326-3008047531-3105444804-1000\...\MountPoints2: {0d6a7ea9-2369-11e6-bdb2-74d435b9da20} - H:\autorun.exe
HKU\S-1-5-21-4126855326-3008047531-3105444804-1000\...\MountPoints2: {0e4751ae-fdb9-11e5-a594-74d435b9da20} - F:\setup.exe
HKU\S-1-5-21-4126855326-3008047531-3105444804-1000\...\MountPoints2: {9824562b-0bd0-11e6-92c6-74d435b9da20} - G:\SETUP.EXE
HKU\S-1-5-21-4126855326-3008047531-3105444804-1000\...\MountPoints2: {d40a2d90-e463-11e5-9a22-74d435b9da20} - F:\SETUP.EXE
HKU\S-1-5-21-4126855326-3008047531-3105444804-1000\...\MountPoints2: {fef0e352-ce87-11e4-9c8d-806e6f6e6963} - D:\Run.exe
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} =>  No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Roccat Talk.lnk [2015-03-20]
ShortcutTarget: Roccat Talk.lnk -> E:\Program Files (x86)\ROCCAT\Roccat Talk\Roccat Talk.exe (ROCCAT GmbH Co., Ltd.)
Startup: C:\Users\Smurf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Steam.lnk [2015-12-04]
ShortcutTarget: Steam.lnk -> E:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
Startup: C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Procmon.exe [2016-08-22] (Sysinternals - www.sysinternals.com)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{4C43288F-3282-4E19-BCD6-ABAE55DEC303}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{F4BA3646-1ED9-444F-9878-E04A9C4A36F7}: [DhcpNameServer] 192.168.42.129
 
Internet Explorer:
==================
HKU\S-1-5-21-4126855326-3008047531-3105444804-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE07&ocid=UE07DHP
URLSearchHook: HKLM-x32 - (No Name) - {9843474f-6082-4a44-b63d-5559d9e8c6a8} - No File
URLSearchHook: HKU\S-1-5-21-4126855326-3008047531-3105444804-1000 - (No Name) - {9843474f-6082-4a44-b63d-5559d9e8c6a8} - No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-07-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-07-12] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-07-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-09-16] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: No Name -> {9843474f-6082-4a44-b63d-5559d9e8c6a8} -> No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-07-12] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-09-16] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-4126855326-3008047531-3105444804-1000 -> No Name - {9843474F-6082-4A44-B63D-5559D9E8C6A8} -  No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\ZuvAP3TW.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-13] ()
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-13] ()
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-09-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-09-16] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameEU.dll [2015-05-12] (Nexon)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-19] (Microsoft Corporation)
FF Extension: (Avira Browser Safety) - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\ZuvAP3TW.default\Extensions\abs@avira.com [2016-08-19]
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll => No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll => No File
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll => No File
CHR Profile: C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adblock Plus) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-08-23]
CHR Extension: (Chrome Remote Desktop) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2016-07-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-08]
CHR Extension: (Chrome Media Router) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-16]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-4126855326-3008047531-3105444804-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gpjadgphgbohfhmlfhmnojgljckjgamm] - C:\Users\USER\AppData\Local\CRE\gpjadgphgbohfhmlfhmnojgljckjgamm.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gpjadgphgbohfhmlfhmnojgljckjgamm] - C:\Users\USER\AppData\Local\CRE\gpjadgphgbohfhmlfhmnojgljckjgamm.crx <not found>
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2159320 2016-08-22] (Adobe Systems, Incorporated)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [674552 2016-08-26] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5285344 2016-08-26] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1097488 2016-09-07] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [760024 2016-08-26] (AVG Technologies CZ, s.r.o.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1409032 2016-08-09] ()
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_host.exe [76616 2016-06-20] (Google Inc.)
R3 Disc Soft Ultra Bus Service; C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe [1340760 2015-08-10] (Disc Soft Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-14] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-04-11] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [296432 2014-04-09] (Intel Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2011-09-06] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation)
S3 Origin Client Service; E:\Program Files (x86)\Origin\OriginClientService.exe [2119688 2016-04-23] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2016-06-17] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [107832 2016-06-17] ()
R2 SpyHunter 4 Service; C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe [327064 2010-05-18] (Enigma Software Group USA, LLC.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AndnetBus; C:\Windows\System32\DRIVERS\lgandnetbus64.sys [29184 2015-05-12] (LG Electronics Inc.)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [30720 2015-05-12] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [37376 2015-05-12] (LG Electronics Inc.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [310016 2016-08-23] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272640 2016-07-27] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [260352 2016-06-01] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [262400 2016-08-02] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [299264 2016-07-27] (AVG Technologies CZ, s.r.o.)
R0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o.)
R3 dtultrascsibus; C:\Windows\System32\DRIVERS\dtultrascsibus.sys [30264 2016-03-05] (Disc Soft Ltd)
R3 dtultrausbbus; C:\Windows\System32\DRIVERS\dtultrausbbus.sys [47160 2016-03-05] (Disc Soft Ltd)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [494864 2013-08-29] (Intel Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-08-19] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-04-11] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-16 19:10 - 2016-09-16 19:11 - 00000000 ____D C:\FRST
2016-09-16 18:52 - 2016-09-16 18:55 - 00000000 ____D C:\AdwCleaner
2016-09-16 18:43 - 2016-09-16 18:43 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-09-16 18:43 - 2016-09-16 18:43 - 00003280 _____ C:\Windows\System32\Tasks\{150046A4-C2F1-44FB-8B1A-3F067050CB17}
2016-09-16 18:43 - 2016-09-16 18:43 - 00000000 ____D C:\Users\USER\AppData\LocalLow\Oracle
2016-09-16 18:43 - 2016-09-16 18:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-09-16 18:43 - 2016-09-16 18:43 - 00000000 ____D C:\Program Files (x86)\Java
2016-09-16 18:41 - 2016-09-16 18:41 - 00000000 ____D C:\Users\USER\AppData\Roaming\Sun
2016-09-16 18:41 - 2016-09-16 18:41 - 00000000 ____D C:\Users\USER\.oracle_jre_usage
2016-09-15 21:56 - 2016-09-15 21:56 - 00000000 ____D C:\Users\Guest\AppData\Local\CrashDumps
2016-09-15 20:10 - 2016-09-15 20:10 - 00000984 _____ C:\Users\Public\Desktop\AVG.lnk
2016-09-15 19:53 - 2016-09-15 19:53 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-09-15 19:53 - 2016-09-15 19:53 - 00000000 ____D C:\Users\Guest\AppData\Local\Ubisoft
2016-08-28 12:33 - 2016-08-28 12:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eidos
2016-08-25 18:17 - 2016-08-25 18:17 - 00000934 _____ C:\Users\Public\Desktop\Call of Duty - Black Ops Call MP.lnk
2016-08-25 18:17 - 2016-08-25 18:17 - 00000924 _____ C:\Users\Public\Desktop\Call of Duty - Black Ops.lnk
2016-08-25 18:17 - 2016-08-25 18:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision
2016-08-24 19:49 - 2016-08-24 19:49 - 00000000 ____D C:\Users\USER\AppData\Local\ESET
2016-08-24 11:38 - 2016-08-24 11:38 - 00000191 _____ C:\Users\USER\Desktop\Inside.url
2016-08-23 23:19 - 2016-08-23 23:19 - 00000000 ____D C:\Users\USER\AppData\LocalLow\Playdead
2016-08-23 23:18 - 2016-08-23 23:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inside
2016-08-23 16:31 - 2016-08-23 16:31 - 00310016 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2016-08-22 17:39 - 2016-08-22 17:39 - 00007602 _____ C:\Users\USER\AppData\Local\Resmon.ResmonCfg
2016-08-22 17:18 - 2016-08-22 17:18 - 00000000 ____D C:\Windows\pss
2016-08-22 11:48 - 2016-08-22 11:48 - 00000000 ____D C:\Users\USER\AppData\Local\Kozmos.si
2016-08-22 11:48 - 2016-08-22 11:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kiwi Application Monitor
2016-08-19 18:33 - 2016-08-19 18:33 - 00000000 ____D C:\Users\USER\AppData\Roaming\Mozilla
2016-08-19 13:17 - 2016-08-19 13:17 - 00000000 ____D C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2016-08-19 13:17 - 2016-08-19 13:17 - 00000000 ____D C:\sh4ldr
2016-08-19 13:16 - 2016-08-19 13:17 - 00000000 ____D C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2016-08-19 13:11 - 2016-08-19 13:11 - 00000000 ____D C:\Program Files (x86)\Enigma Software Group
2016-08-19 12:53 - 2016-08-19 12:53 - 00000000 _____ C:\autoexec.bat
2016-08-19 12:52 - 2016-08-19 12:52 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2016-08-18 23:22 - 2016-08-18 23:22 - 00000000 ____D C:\Users\USER\AppData\Local\UnrealEngine
2016-08-18 23:22 - 2016-08-18 23:22 - 00000000 ____D C:\Users\USER\AppData\Local\DeadByDaylight
2016-08-18 00:23 - 2016-08-18 00:23 - 00989391 _____ C:\Users\USER\Desktop\שאלה 2 ערעור.pdf
2016-08-17 23:47 - 2016-08-17 23:49 - 00000000 ____D C:\Users\USER\AppData\Roaming\NAPS2
2016-08-17 23:47 - 2016-08-17 23:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NAPS2
2016-08-17 23:47 - 2016-03-27 16:33 - 00150736 _____ (TWAIN Working Group) C:\Windows\SysWOW64\twaindsm.dll
2016-08-17 18:14 - 2016-07-08 18:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-08-17 18:14 - 2016-07-08 18:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-16 19:11 - 2015-03-20 13:54 - 00000000 ____D C:\Users\USER\AppData\Roaming\uTorrent
2016-09-16 19:09 - 2015-04-03 22:53 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-09-16 19:05 - 2009-07-14 07:45 - 00022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-16 19:05 - 2009-07-14 07:45 - 00022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-16 18:57 - 2015-09-18 12:48 - 00000000 ____D C:\Users\USER\AppData\LocalLow\uTorrent
2016-09-16 18:57 - 2015-03-19 21:05 - 00000000 ____D C:\ProgramData\MFAData
2016-09-16 18:57 - 2015-03-19 16:40 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-16 18:57 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-16 18:43 - 2015-04-14 21:14 - 00000000 ____D C:\ProgramData\Oracle
2016-09-16 18:35 - 2015-03-19 16:40 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-15 22:23 - 2016-07-19 16:18 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-09-15 20:10 - 2015-12-04 14:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2016-09-15 20:09 - 2015-07-04 11:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-09-15 20:09 - 2015-04-03 22:53 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-09-15 20:09 - 2015-04-03 22:53 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-09-15 20:09 - 2015-04-03 22:53 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-09-15 20:09 - 2015-04-03 22:53 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-09-15 20:09 - 2015-04-03 22:53 - 00000000 ____D C:\Windows\system32\Macromed
2016-09-04 21:15 - 2015-03-28 23:40 - 00000000 __SHD C:\Users\Guest\IntelGraphicsProfiles
2016-09-04 21:15 - 2015-03-20 19:55 - 00000000 ____D C:\Users\Guest\AppData\Local\Google
2016-08-28 12:33 - 2015-03-19 16:45 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-08-27 15:22 - 2009-07-14 08:13 - 00006584 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-26 15:12 - 2016-01-16 17:50 - 00000000 ____D C:\Users\USER\AppData\Roaming\TS3Client
2016-08-26 15:06 - 2015-04-17 15:50 - 00000000 ____D C:\Program Files\Rockstar Games
2016-08-26 15:06 - 2015-04-17 15:50 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2016-08-26 12:13 - 2015-03-28 14:57 - 00000000 ____D C:\Users\USER\AppData\Local\Ubisoft Game Launcher
2016-08-25 18:20 - 2016-06-17 10:58 - 00000000 ____D C:\Users\USER\AppData\Local\Activision
2016-08-24 22:08 - 2016-01-18 23:46 - 00000000 ____D C:\Users\USER\AppData\Local\CrashDumps
2016-08-24 11:38 - 2016-01-08 15:50 - 00000000 ___RD C:\Users\USER\Desktop\Main game shortcuts
2016-08-23 09:20 - 2015-03-31 21:01 - 00000000 ____D C:\ProgramData\CanonIJPLM
2016-08-22 11:51 - 2015-03-19 16:42 - 00000000 ____D C:\ProgramData\Package Cache
2016-08-22 11:35 - 2015-11-09 19:44 - 00000000 ____D C:\Users\USER\Documents\Outlook Files
2016-08-21 13:42 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\rescache
2016-08-20 19:37 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\inf
2016-08-20 10:43 - 2015-03-20 14:29 - 00573952 ___SH C:\Users\USER\Desktop\Thumbs.db
2016-08-19 18:39 - 2015-05-29 21:02 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-08-19 15:28 - 2015-03-22 18:59 - 147640136 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-08-19 13:35 - 2016-06-27 14:21 - 00003772 _____ C:\Windows\System32\Tasks\AutoRearm
2016-08-19 13:35 - 2015-05-17 21:43 - 00000000 ____D C:\Windows\AutoRearm
2016-08-19 13:14 - 2015-03-20 13:59 - 00000000 ____D C:\Windows\system32\appmgmt
2016-08-18 21:36 - 2015-03-19 16:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-08-18 00:37 - 2015-03-28 13:56 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-08-17 23:44 - 2015-08-17 19:17 - 00000000 ___RD C:\Users\USER\Documents\Scanned Documents
 
==================== Files in the root of some directories =======
 
2016-08-22 17:39 - 2016-08-22 17:39 - 0007602 _____ () C:\Users\USER\AppData\Local\Resmon.ResmonCfg
2015-03-19 16:45 - 2015-03-19 16:45 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\Guest\AppData\Local\Temp\avgnt.exe
C:\Users\USER\AppData\Local\Temp\avgnt.exe
C:\Users\USER\AppData\Local\Temp\avguirn_082067643930.exe
C:\Users\USER\AppData\Local\Temp\libeay32.dll
C:\Users\USER\AppData\Local\Temp\msvcr120.dll
C:\Users\USER\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-08-16 20:32
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:52 AM

Posted 16 September 2016 - 09:13 PM

Hi curkeuc :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules;
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone;
    This being said, I have a full time job, and I also have night classes on Mondays and Wednesdays, which means that if you reply during these two days, it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread;
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Malwarebytes Anti-Malware is able to remove that infection. Follow the instructions below please.

0isDeWa.pngMalwarebytes Anti-Malware - Clean Mode
  • Download and install the free version of Malwarebytes Anti-Malware
    Note: It's your choice if you want to enable the free trial of Malwarebytes Premium or not. Enabling it will give you real-time protection from the program, as well as access to all the Premium features.
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point;
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the Update Now button;
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan;
  • Let the scan run, the time required to complete the scan depends of your system and computer specs;
  • Once the scan is complete, make sure that the checkbox by Threat is checked (it means that every item detected is checked), then click on the Remove Selected button;
  • Click on Save Results after the deletion (in the bottom-right corner) and select Copy to clipboard. Paste the content in your next reply;
After a restart (or two if you want), did the pop-up comeback?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 curkeuc

curkeuc
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 17 September 2016 - 06:09 AM

i didn't find "save results" but i did find "scan log" in the history category after restart. the pop up did not come back after restart! thank you so much! if you need anything else from me just ask. also, can i delete the malwarebytes application? the scan log is:

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 9/17/2016
Scan Time: 1:53 PM
Logfile: 
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.09.17.03
Rootkit Database: v2016.08.15.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: USER
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 399060
Time Elapsed: 4 min, 4 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 8
PUP.Optional.InstallMonster, HKLM\SOFTWARE\CLASSES\Shift Happens.DynamicNS, Quarantined, [ef48353e6139de58fec28d5fc93b6898], 
PUP.Optional.InstallMonster, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Shift Happens.DynamicNS, Quarantined, [65d283f0f0aa55e1f3cd0be1e1238f71], 
PUP.Optional.InstallMonster, HKLM\SOFTWARE\CLASSES\WOW6432NODE\Shift Happens.DynamicNS, Quarantined, [65d283f0f0aa55e1f3cd0be1e1238f71], 
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\GPJADGPHGBOHFHMLFHMNOJGLJCKJGAMM, Quarantined, [0532afc42a7089adb1f29346020055ab], 
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-4126855326-3008047531-3105444804-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\GPJADGPHGBOHFHMLFHMNOJGLJCKJGAMM, Quarantined, [2215c1b2c4d69b9b149031a81ce6aa56], 
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-4126855326-3008047531-3105444804-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2A3C3783-ECB7-403E-A1AF-30AD8E7A7C47}, Quarantined, [57e06f045a4040f67609f79ad132dc24], 
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-4126855326-3008047531-3105444804-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7C8BEDF1-AFE8-4C75-A901-D3A052DAFDD4}, Quarantined, [181fb3c08812da5c0778e0b159aa748c], 
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-4126855326-3008047531-3105444804-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\CHCT3284953, Quarantined, [8ea9086b712972c4740c3a57a65dbb45], 
 
Registry Values: 5
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\gpjadgphgbohfhmlfhmnojgljckjgamm|path, C:\Users\USER\AppData\Local\CRE\gpjadgphgbohfhmlfhmnojgljckjgamm.crx, Quarantined, [0532afc42a7089adb1f29346020055ab]
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-4126855326-3008047531-3105444804-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\gpjadgphgbohfhmlfhmnojgljckjgamm|path, C:\Users\USER\AppData\Local\CRE\gpjadgphgbohfhmlfhmnojgljckjgamm.crx, Quarantined, [2215c1b2c4d69b9b149031a81ce6aa56]
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-4126855326-3008047531-3105444804-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2A3C3783-ECB7-403E-A1AF-30AD8E7A7C47}|AppPath, C:\Users\USER\AppData\Local\Tbccint\CT3284953, Quarantined, [57e06f045a4040f67609f79ad132dc24]
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-4126855326-3008047531-3105444804-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7C8BEDF1-AFE8-4C75-A901-D3A052DAFDD4}|AppPath, C:\Users\USER\AppData\Local\Tbccint\CT3284953, Quarantined, [181fb3c08812da5c0778e0b159aa748c]
PUP.Optional.StartPage.USACVAR, HKU\S-1-5-21-4126855326-3008047531-3105444804-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|USER, explorer.exe http://sd-steam.info, Quarantined, [a7909ed5aded96a00eac3a9bf311f907]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 33
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\CacheIcons, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\AddedAppDialog, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\DefualtImages, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\DetectedAppDialog, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\EngineFirstTimeDialog, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\NewSearchProtectorDialog, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\NewSearchProtectorDialog\images, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\SearchProtectorBubbleDialog, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\SearchProtectorBubbleDialog\images, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\SearchProtectorDialog, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\SearchProtectorDialog\Images, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\SearchProtectorRetakeoverDialog, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\SearchProtectorRetakeoverDialog\Images, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\ToolbarFirstTimeDialog, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\ToolbarFirstTimeDialog\images, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\ToolbarUntrustedAppsApprovalDialog, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\UntrustedAddedAppDialog, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\UntrustedAppApprovalDialog, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\UntrustedAppPendingDialog, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\EmailNotifier, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\ExternalComponent, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Logs, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\MyStuffApps, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Repository, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Repository\conduit_CT3284953_CT3284953, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Repository\conduit_CT3284953_CT3284953\DynamicDialogs, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Repository\conduit_CT3284953_CT3284953\ToolbarHiddenSettings, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Repository\conduit_CT3284953_CT3284953\ToolbarLogin, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Repository\conduit_CT3284953_CT3284953\ToolbarSettings, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Repository\conduit_CT3284953_he, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Repository\conduit_CT3284953_he\ToolbarTranslation, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
 
Files: 101
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\cctoolbar.cfg, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\CacheIcons\http___storage_stgbssint_com_88_297_CT2979788_Images_634373296497375000_png.png, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\CacheIcons\http___storage_stgbssint_com_bankImages_ContextMenu_About_png.png, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\CacheIcons\http___storage_stgbssint_com_bankImages_ContextMenu_Browse_png.png, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\CacheIcons\http___storage_stgbssint_com_bankImages_ContextMenu_Contact_png.png, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\CacheIcons\http___storage_stgbssint_com_bankImages_ContextMenu_Hide_png.png, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\CacheIcons\http___storage_stgbssint_com_images_SearchEngines_news_icon_gif.gif, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\CacheIcons\http___storage_stgbssint_com_images_searchengines_search_icon_gif.gif, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\CacheIcons\http___storage_stgbssint_com_images_searchengines_softonic_gif.gif, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\CacheIcons\http___storage_stgbssint_com_images_SearchEngines_tfd_gif.gif, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\CacheIcons\http___storage_stgbssint_com_images_SearchEngines_video_gif.gif, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\CacheIcons\http___storage_stgbssint_com_bankImages_ContextMenu_MoreFromPublisher_png.png, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\CacheIcons\http___storage_stgbssint_com_bankImages_ContextMenu_More_png.png, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\CacheIcons\http___storage_stgbssint_com_bankImages_ContextMenu_Options_png.png, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\CacheIcons\http___storage_stgbssint_com_bankImages_ContextMenu_Privacy_png.png, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\CacheIcons\http___storage_stgbssint_com_bankImages_ContextMenu_Refresh_png.png, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\CacheIcons\http___storage_stgbssint_com_bankImages_ContextMenu_Upgrade_png.png, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\CacheIcons\http___storage_stgbssint_com_images_eula_png.png, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\CacheIcons\http___storage_stgbssint_com_images_main_menu_about_gif.gif, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\CacheIcons\http___storage_stgbssint_com_images_main_menu_clear_history_gif.gif, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\CacheIcons\http___storage_stgbssint_com_images_main_menu_options_gif.gif, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\CacheIcons\http___storage_stgbssint_com_images_main_menu_refresh_gif.gif, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\CacheIcons\http___storage_stgbssint_com_images_main_menu_shrink_gif.gif, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\CacheIcons\http___storage_stgbssint_com_images_Menu_uninstall-icon_png.png, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\CacheIcons\http___storage_stgbssint_com_bankImages_ContextMenu_LikeIcon_png.png, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\CacheIcons\http___storage_stgbssint_com_images_SearchEngines_images_search_gif.gif, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\RoundedCornersIE9.css, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\DialogsAPI.js, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\excanvas.js, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\generalDialogStyle.css, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\PIE.htc, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\RoundedCorners.css, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\settings.js, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\version.txt, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\AddedAppDialog\app-added.js, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\AddedAppDialog\main.html, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\DefualtImages\icon.png, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\DetectedAppDialog\app-2go.js, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\DetectedAppDialog\main.html, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\EngineFirstTimeDialog\EngineFirstTimeDialog.js, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\EngineFirstTimeDialog\main.html, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\EngineFirstTimeDialog\right-click.gif, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\NewSearchProtectorDialog\main.html, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\NewSearchProtectorDialog\SearchProtector.css, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\NewSearchProtectorDialog\SearchProtector.js, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\NewSearchProtectorDialog\images\ok-button.png, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\NewSearchProtectorDialog\images\separation-line.png, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\NewSearchProtectorDialog\images\warning.png, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\SearchProtectorBubbleDialog\bubble.css, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\SearchProtectorBubbleDialog\bubble.js, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\SearchProtectorBubbleDialog\main.html, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\SearchProtectorBubbleDialog\images\information.png, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\SearchProtectorBubbleDialog\images\x-default-LTR.png, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\SearchProtectorBubbleDialog\images\x-default-RTL.png, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\SearchProtectorBubbleDialog\images\x-mouseover-LTR.png, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\SearchProtectorBubbleDialog\images\x-mouseover-RTL.png, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\SearchProtectorDialog\main.html, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\SearchProtectorDialog\SearchProtector.css, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\SearchProtectorDialog\SearchProtector.js, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\SearchProtectorDialog\Images\info.png, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\SearchProtectorDialog\Images\ok-on.png, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\SearchProtectorDialog\Images\ok.png, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\SearchProtectorRetakeoverDialog\main.html, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\SearchProtectorRetakeoverDialog\SearchProtectorRetakeover.css, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\SearchProtectorRetakeoverDialog\SearchProtectorRetakeover.js, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\SearchProtectorRetakeoverDialog\Images\Icon.png, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\SearchProtectorRetakeoverDialog\Images\info.png, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\SearchProtectorRetakeoverDialog\Images\ok-on.png, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\SearchProtectorRetakeoverDialog\Images\ok.png, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\ToolbarFirstTimeDialog\main.html, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\ToolbarFirstTimeDialog\ToolbarFirstTimeDialog.css, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\ToolbarFirstTimeDialog\ToolbarFirstTimeDialog.js, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\ToolbarFirstTimeDialog\images\app-store-icon.png, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\ToolbarFirstTimeDialog\images\arrow.png, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\ToolbarFirstTimeDialog\images\divider.png, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\ToolbarFirstTimeDialog\images\emailNotifier.gif, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\ToolbarFirstTimeDialog\images\facebook.png, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\ToolbarFirstTimeDialog\images\radio.GIF, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\ToolbarFirstTimeDialog\images\Thumbs.db, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\ToolbarFirstTimeDialog\images\truste_welcome.GIF, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\ToolbarFirstTimeDialog\images\weather.GIF, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\ToolbarUntrustedAppsApprovalDialog\main.html, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\ToolbarUntrustedAppsApprovalDialog\ToolbarUntrustedAppsApprovalDialog.js, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\UntrustedAddedAppDialog\main.html, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\UntrustedAddedAppDialog\UT-app-dialog-added.js, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\UntrustedAppApprovalDialog\main.html, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\UntrustedAppApprovalDialog\UT-app-dialog-needs-your-approval.js, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\UntrustedAppPendingDialog\main.html, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Dialogs\UntrustedAppPendingDialog\UT-app-dialog-is-waiting.js, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\ExternalComponent\http___contextmenu_toolbar_tbccint_com__name=GottenApps&locale=he&ctid=CT3284953&dum=2.xml, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\ExternalComponent\http___contextmenu_toolbar_tbccint_com__name=OtherApps&locale=he&ctid=CT3284953&dum=2.xml, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\ExternalComponent\http___contextmenu_toolbar_tbccint_com__name=SharedApps&locale=he&ctid=CT3284953&dum=2.xml, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\ExternalComponent\http___contextmenu_toolbar_tbccint_com__name=Toolbar&locale=he&ctid=CT3284953&UM=8&dum=2.xml, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Repository\conduit_CT3284953_CT3284953\DynamicDialogs\data.txt, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Repository\conduit_CT3284953_CT3284953\ToolbarHiddenSettings\data.txt, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Repository\conduit_CT3284953_CT3284953\ToolbarLogin\data.bck.txt, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Repository\conduit_CT3284953_CT3284953\ToolbarLogin\data.txt, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Repository\conduit_CT3284953_CT3284953\ToolbarSettings\data.bck.txt, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Repository\conduit_CT3284953_CT3284953\ToolbarSettings\data.txt, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Repository\conduit_CT3284953_he\ToolbarTranslation\data.bck.txt, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
PUP.Optional.ConduitTB.Gen, C:\Users\USER\AppData\LocalLow\YesStreamer_Bar\Repository\conduit_CT3284953_he\ToolbarTranslation\data.txt, Quarantined, [f047ff744d4d6acc443329b036cc31cf], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:52 AM

Posted 17 September 2016 - 08:48 AM

Since Malwarebytes came back with so many PUP detections, we'll just run JRT and AdwCleaner to make sure that there's nothing left.

iT103hr.pngJunkware Removal Tool (JRT)
  • Download Junkware Removal Tool (JRT) and move it to your Desktop;
  • Right-click on JRT.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Press on any key to launch the scan and let it complete;
    tLsXbWy.png
    Credits : BleepingComputer.com
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;
zcMPezJ.pngAdwCleaner - Fix Mode
  • Download AdwCleaner and move it to your Desktop;
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the EULA (I accept), let the database update, then click on Scan;
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Cleaning button. This will kill all the active processes;
    CfdTLN1.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply;
Your next reply(ies) should include:
  • Copy/pasted content of JRT.txt;
  • Copy/pasted content of the AdwCleaner clean log;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 curkeuc

curkeuc
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 20 September 2016 - 02:20 AM

sorry for not replying, im kind of busy these days. i will replay with what you asked for in 2-3 days



#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:52 AM

Posted 20 September 2016 - 07:14 AM

All good, thanks for letting me know, I'll wait :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 curkeuc

curkeuc
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 22 September 2016 - 01:58 PM

JRT log is:

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 7 Professional x64 
Ran by USER (Administrator) on Thu 09/22/2016 at 21:51:28.30
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 39 
 
Failed to delete: C:\Users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9R221LM8 (Temporary Internet Files Folder) 
Failed to delete: C:\Users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HHGB1D58 (Temporary Internet Files Folder) 
Failed to delete: C:\Users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MJR8QXDW (Temporary Internet Files Folder) 
Failed to delete: C:\Users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UOW9X50L (Temporary Internet Files Folder) 
Failed to delete: C:\Users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XX9F397Q (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\USER\AppData\Roaming\3909 (Folder) 
Successfully deleted: C:\Users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\20OA7KPC (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3F3SZS6N (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EBL9EV7Q (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EZN95V2Z (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LTRJ68Y6 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q52OM9U7 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R6FEGPO1 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S19RYJP6 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TO3QAZLE (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z11E1MP8 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\20OA7KPC (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3F3SZS6N (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9R221LM8 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EBL9EV7Q (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EZN95V2Z (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HHGB1D58 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LTRJ68Y6 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MJR8QXDW (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q52OM9U7 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R6FEGPO1 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S19RYJP6 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TO3QAZLE (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UOW9X50L (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XX9F397Q (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z11E1MP8 (Temporary Internet Files Folder) 
 
 
 
Registry: 5 
 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9843474F-6082-4A44-B63D-5559D9E8C6A8} (Registry Value) 
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9843474f-6082-4a44-b63d-5559d9e8c6a8} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9843474f-6082-4a44-b63d-5559d9e8c6a8} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 09/22/2016 at 21:52:41.15
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
 
AdwCleaner log is:
 
 
 
# AdwCleaner v6.020 - Logfile created 22/09/2016 at 21:55:40
# Updated on 14/09/2016 by ToolsLib
# Database : 2016-09-22.1 [Server]
# Operating System : Windows 7 Professional Service Pack 1 (X64)
# Username : USER - USER-PC
# Running from : C:\Users\USER\Desktop\AdwCleaner (1).exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
 
 
***** [ Files ] *****
 
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
 
 
***** [ Web browsers ] *****
 
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [5811 Bytes] - [16/09/2016 18:55:33]
C:\AdwCleaner\AdwCleaner[C2].txt - [825 Bytes] - [22/09/2016 21:55:40]
C:\AdwCleaner\AdwCleaner[S0].txt - [5303 Bytes] - [16/09/2016 18:53:31]
C:\AdwCleaner\AdwCleaner[S1].txt - [1290 Bytes] - [22/09/2016 21:55:28]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1043 Bytes] ##########
 


#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:52 AM

Posted 22 September 2016 - 02:18 PM

Alright, let's grab a fresh set of FRST logs.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.
  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds;
  • Check the Addition.txt option;
  • Click on the Scan button;
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files;
  • Copy and paste the content of both FRST.txt and Addition.txt in your next reply;
Also, how's your computer running? Did the pop-up comeback?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 curkeuc

curkeuc
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 23 September 2016 - 08:05 AM

the pop-up didnt appear ever since. the FRST.txt is:

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-09-2016
Ran by USER (administrator) on USER-PC (23-09-2016 16:03:36)
Running from C:\Users\USER\Desktop
Loaded Profiles: USER (Available Profiles: USER & Smurf & Guest)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(Enigma Software Group USA, LLC.) C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_host.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_host.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Valve Corporation) E:\Program Files (x86)\Steam\Steam.exe
(ROCCAT GmbH Co., Ltd.) E:\Program Files (x86)\ROCCAT\Roccat Talk\Roccat Talk.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(ROCCAT GmbH) E:\Program Files (x86)\ROCCAT\Isku FX Keyboard\IskuFXMonitor.exe
(ROCCAT GmbH) E:\Program Files (x86)\ROCCAT\Kone Pure Mouse\KonePureMonitor.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe
(Valve Corporation) E:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Valve Corporation) E:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) E:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Farbar) C:\Users\USER\Desktop\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13671792 2014-03-14] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2014-04-11] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-15] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1767760 2016-06-15] (NVIDIA Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)
HKLM-x32\...\Run: [RoccatIskuFX] => E:\Program Files (x86)\ROCCAT\Isku FX Keyboard\IskuFXMonitor.exe [540672 2014-10-19] (ROCCAT GmbH)
HKLM-x32\...\Run: [RoccatKonePure] => E:\Program Files (x86)\ROCCAT\Kone Pure Mouse\KonePureMonitor.EXE [561152 2014-01-20] (ROCCAT GmbH)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [6718224 2016-08-26] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [218896 2016-09-13] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)
HKU\S-1-5-21-4126855326-3008047531-3105444804-1000\...\Run: [Steam] => E:\Program Files (x86)\Steam\steam.exe [2857248 2016-08-23] (Valve Corporation)
HKU\S-1-5-21-4126855326-3008047531-3105444804-1000\...\Run: [uTorrent] => C:\Users\USER\AppData\Roaming\uTorrent\uTorrent.exe [2139840 2016-09-15] (BitTorrent Inc.)
HKU\S-1-5-21-4126855326-3008047531-3105444804-1000\...\Run: [DAEMON Tools Ultra Agent] => C:\Program Files\DAEMON Tools Ultra\DTAgent.exe [4526424 2016-03-05] (Disc Soft Ltd)
HKU\S-1-5-21-4126855326-3008047531-3105444804-1000\...\MountPoints2: F - F:\setup.exe
HKU\S-1-5-21-4126855326-3008047531-3105444804-1000\...\MountPoints2: {0d6a7ea9-2369-11e6-bdb2-74d435b9da20} - H:\autorun.exe
HKU\S-1-5-21-4126855326-3008047531-3105444804-1000\...\MountPoints2: {0e4751ae-fdb9-11e5-a594-74d435b9da20} - F:\setup.exe
HKU\S-1-5-21-4126855326-3008047531-3105444804-1000\...\MountPoints2: {9824562b-0bd0-11e6-92c6-74d435b9da20} - G:\SETUP.EXE
HKU\S-1-5-21-4126855326-3008047531-3105444804-1000\...\MountPoints2: {d40a2d90-e463-11e5-9a22-74d435b9da20} - F:\SETUP.EXE
HKU\S-1-5-21-4126855326-3008047531-3105444804-1000\...\MountPoints2: {fef0e352-ce87-11e4-9c8d-806e6f6e6963} - D:\Run.exe
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} =>  No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Roccat Talk.lnk [2015-03-20]
ShortcutTarget: Roccat Talk.lnk -> E:\Program Files (x86)\ROCCAT\Roccat Talk\Roccat Talk.exe (ROCCAT GmbH Co., Ltd.)
Startup: C:\Users\Smurf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Steam.lnk [2015-12-04]
ShortcutTarget: Steam.lnk -> E:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{4C43288F-3282-4E19-BCD6-ABAE55DEC303}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{F4BA3646-1ED9-444F-9878-E04A9C4A36F7}: [DhcpNameServer] 192.168.42.129
 
Internet Explorer:
==================
HKU\S-1-5-21-4126855326-3008047531-3105444804-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE07&ocid=UE07DHP
URLSearchHook: HKLM-x32 - (No Name) - {9843474f-6082-4a44-b63d-5559d9e8c6a8} - No File
URLSearchHook: HKU\S-1-5-21-4126855326-3008047531-3105444804-1000 - (No Name) - {9843474f-6082-4a44-b63d-5559d9e8c6a8} - No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-09-16] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-09-16] (Oracle Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\ZuvAP3TW.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-19] ()
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-19] ()
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-09-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-09-16] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameEU.dll [2015-05-12] (Nexon)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Extension: (Avira Browser Safety) - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\ZuvAP3TW.default\Extensions\abs@avira.com [2016-08-19]
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll => No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll => No File
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll => No File
CHR Profile: C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default [2016-09-23]
CHR Extension: (Adblock Plus) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-08-23]
CHR Extension: (Chrome Remote Desktop) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2016-07-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-08]
CHR Extension: (Chrome Media Router) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-23]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2159320 2016-08-22] (Adobe Systems, Incorporated)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [674552 2016-08-26] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5285344 2016-08-26] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1149712 2016-09-13] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [760024 2016-08-26] (AVG Technologies CZ, s.r.o.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1409032 2016-08-09] ()
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_host.exe [76616 2016-06-20] (Google Inc.)
R3 Disc Soft Ultra Bus Service; C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe [1340760 2015-08-10] (Disc Soft Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-06-15] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-04-11] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [296432 2014-04-09] (Intel Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2011-09-06] ()
S4 MBAMScheduler; E:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; E:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-15] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-06-15] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-15] (NVIDIA Corporation)
S3 Origin Client Service; E:\Program Files (x86)\Origin\OriginClientService.exe [2119688 2016-04-23] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2016-06-17] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [107832 2016-06-17] ()
R2 SpyHunter 4 Service; C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe [327064 2010-05-18] (Enigma Software Group USA, LLC.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AndnetBus; C:\Windows\System32\DRIVERS\lgandnetbus64.sys [29184 2015-05-12] (LG Electronics Inc.)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [30720 2015-05-12] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [37376 2015-05-12] (LG Electronics Inc.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [310016 2016-08-23] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272640 2016-07-27] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [260352 2016-06-01] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [262400 2016-08-02] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [299264 2016-07-27] (AVG Technologies CZ, s.r.o.)
R0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o.)
R3 dtultrascsibus; C:\Windows\System32\DRIVERS\dtultrascsibus.sys [30264 2016-03-05] (Disc Soft Ltd)
R3 dtultrausbbus; C:\Windows\System32\DRIVERS\dtultrausbbus.sys [47160 2016-03-05] (Disc Soft Ltd)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [494864 2013-08-29] (Intel Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-08-19] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-04-11] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-23 16:03 - 2016-09-23 16:03 - 00020520 _____ C:\Users\USER\Desktop\FRST.txt
2016-09-23 16:02 - 2016-09-23 16:02 - 02402816 _____ (Farbar) C:\Users\USER\Desktop\FRST64 (1).exe
2016-09-22 22:31 - 2016-09-22 22:31 - 00000000 ____D C:\Users\USER\AppData\Roaming\NotepadPlusPlusApp
2016-09-22 22:30 - 2016-09-22 22:31 - 00000000 ____D C:\Users\USER\AppData\Roaming\HPReyos
2016-09-22 21:57 - 2016-09-22 21:57 - 00001122 _____ C:\Users\USER\Desktop\AdwCleaner[C2].txt
2016-09-22 21:54 - 2016-09-22 21:54 - 03861056 _____ C:\Users\USER\Desktop\AdwCleaner (1).exe
2016-09-22 21:52 - 2016-09-22 21:52 - 00007565 _____ C:\Users\USER\Desktop\JRT.txt
2016-09-22 21:51 - 2016-09-22 21:51 - 01610560 _____ (Malwarebytes) C:\Users\USER\Desktop\JRT.exe
2016-09-21 21:48 - 2016-09-21 22:15 - 00000000 ____D C:\Users\USER\Desktop\תמונות היסטוריה
2016-09-21 21:46 - 2016-09-22 22:41 - 00003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2016-09-20 23:22 - 2016-09-20 23:22 - 00000000 ____D C:\Users\USER\AppData\Roaming\BitTorrent
2016-09-20 23:03 - 2016-08-05 18:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-09-20 23:03 - 2016-08-05 18:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-09-17 17:16 - 2016-09-01 22:26 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-09-17 17:16 - 2016-09-01 21:41 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-09-17 17:16 - 2016-09-01 06:18 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-09-17 17:16 - 2016-09-01 06:08 - 20312064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-09-17 17:16 - 2016-09-01 05:48 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-09-17 17:16 - 2016-09-01 05:46 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-09-17 17:16 - 2016-09-01 05:46 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-09-17 17:16 - 2016-09-01 05:46 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-09-17 17:16 - 2016-09-01 05:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-09-17 17:16 - 2016-09-01 05:34 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-09-17 17:16 - 2016-09-01 05:31 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-09-17 17:16 - 2016-09-01 05:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-09-17 17:16 - 2016-09-01 05:26 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-09-17 17:16 - 2016-09-01 05:24 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-09-17 17:16 - 2016-09-01 05:24 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-09-17 17:16 - 2016-09-01 05:23 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-09-17 17:16 - 2016-09-01 05:08 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-09-17 17:16 - 2016-09-01 04:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-09-17 17:16 - 2016-09-01 04:57 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-09-17 17:16 - 2016-09-01 04:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-09-17 17:16 - 2016-09-01 04:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-09-17 17:16 - 2016-09-01 04:48 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-09-17 17:16 - 2016-09-01 04:45 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-09-17 17:16 - 2016-09-01 04:34 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-09-17 17:16 - 2016-09-01 04:30 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-09-17 17:16 - 2016-09-01 04:29 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-09-17 17:16 - 2016-09-01 04:29 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-09-17 17:16 - 2016-09-01 04:27 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-09-17 17:16 - 2016-09-01 04:24 - 04607488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-09-17 17:16 - 2016-09-01 03:45 - 25770496 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-09-17 17:16 - 2016-09-01 03:43 - 02445824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-09-17 17:16 - 2016-09-01 03:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-09-17 17:16 - 2016-09-01 03:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-09-17 17:16 - 2016-09-01 03:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-09-17 17:16 - 2016-09-01 03:38 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-09-17 17:16 - 2016-09-01 03:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-09-17 17:16 - 2016-09-01 03:24 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-09-17 17:16 - 2016-09-01 03:24 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-09-17 17:16 - 2016-09-01 03:24 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-09-17 17:16 - 2016-09-01 03:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-09-17 17:16 - 2016-09-01 03:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-09-17 17:16 - 2016-09-01 03:16 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-09-17 17:16 - 2016-09-01 03:15 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-09-17 17:16 - 2016-09-01 03:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-09-17 17:16 - 2016-09-01 03:11 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-09-17 17:16 - 2016-09-01 03:11 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-09-17 17:16 - 2016-09-01 03:10 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-09-17 17:16 - 2016-09-01 03:10 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-09-17 17:16 - 2016-09-01 03:06 - 06047232 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-09-17 17:16 - 2016-09-01 03:03 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-09-17 17:16 - 2016-09-01 02:59 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-09-17 17:16 - 2016-09-01 02:51 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-09-17 17:16 - 2016-09-01 02:50 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-09-17 17:16 - 2016-09-01 02:47 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-09-17 17:16 - 2016-09-01 02:46 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-09-17 17:16 - 2016-09-01 02:44 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-09-17 17:16 - 2016-09-01 02:42 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-09-17 17:16 - 2016-09-01 02:31 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-09-17 17:16 - 2016-09-01 02:29 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-09-17 17:16 - 2016-09-01 02:28 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-09-17 17:16 - 2016-09-01 02:27 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-09-17 17:16 - 2016-09-01 02:26 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-09-17 17:16 - 2016-09-01 02:15 - 15411712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-09-17 17:16 - 2016-09-01 02:10 - 02921472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-09-17 17:16 - 2016-09-01 01:58 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-09-17 17:16 - 2016-09-01 01:47 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-09-17 17:05 - 2016-09-17 17:05 - 00675464 _____ C:\Windows\Minidump\091716-91385-01.dmp
2016-09-17 17:01 - 2016-08-26 02:28 - 40070200 _____ C:\Windows\system32\nvcompiler.dll
2016-09-17 17:01 - 2016-08-26 02:28 - 35182648 _____ C:\Windows\SysWOW64\nvcompiler.dll
2016-09-17 17:01 - 2016-08-26 02:28 - 34801088 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2016-09-17 17:01 - 2016-08-26 02:28 - 28207672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2016-09-17 17:01 - 2016-08-26 02:28 - 14093368 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-09-17 17:01 - 2016-08-26 02:28 - 10865704 _____ C:\Windows\system32\nvptxJitCompiler.dll
2016-09-17 17:01 - 2016-08-26 02:28 - 10737632 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-09-17 17:01 - 2016-08-26 02:28 - 10278080 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-09-17 17:01 - 2016-08-26 02:28 - 09086856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2016-09-17 17:01 - 2016-08-26 02:28 - 08875408 _____ C:\Windows\SysWOW64\nvptxJitCompiler.dll
2016-09-17 17:01 - 2016-08-26 02:28 - 08680696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2016-09-17 17:01 - 2016-08-26 02:28 - 03594808 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-09-17 17:01 - 2016-08-26 02:28 - 03160512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-09-17 17:01 - 2016-08-26 02:28 - 01920960 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437270.dll
2016-09-17 17:01 - 2016-08-26 02:28 - 01586744 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437270.dll
2016-09-17 17:01 - 2016-08-26 02:28 - 00956352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2016-09-17 17:01 - 2016-08-26 02:28 - 00941504 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2016-09-17 17:01 - 2016-08-26 02:28 - 00892864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2016-09-17 17:01 - 2016-08-26 02:28 - 00686896 _____ C:\Windows\system32\nvfatbinaryLoader.dll
2016-09-17 17:01 - 2016-08-26 02:28 - 00575984 _____ C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2016-09-17 17:01 - 2016-08-26 02:28 - 00520912 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2016-09-17 17:01 - 2016-08-26 02:28 - 00493608 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2016-09-17 17:01 - 2016-08-26 02:28 - 00437696 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2016-09-17 17:01 - 2016-08-26 02:28 - 00436088 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2016-09-17 17:01 - 2016-08-26 02:28 - 00408784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2016-09-17 17:01 - 2016-08-26 02:28 - 00390200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2016-09-17 17:01 - 2016-08-26 02:28 - 00181488 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2016-09-17 17:01 - 2016-08-26 02:28 - 00159352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2016-09-17 17:01 - 2016-08-26 02:28 - 00153368 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2016-09-17 17:01 - 2016-08-26 02:28 - 00131536 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2016-09-17 17:01 - 2016-08-26 02:28 - 00000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2016-09-17 17:01 - 2016-08-26 02:28 - 00000669 _____ C:\Windows\system32\nv-vk64.json
2016-09-17 16:49 - 2016-06-06 19:50 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-09-17 16:49 - 2016-06-06 19:50 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-09-17 16:49 - 2016-06-06 19:50 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-09-17 16:49 - 2016-06-06 19:50 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-09-17 16:49 - 2016-06-06 18:23 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-09-17 16:49 - 2016-06-06 18:23 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-09-17 16:49 - 2016-06-06 18:23 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-09-17 16:49 - 2016-06-06 18:23 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2016-09-17 16:49 - 2016-05-14 01:09 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-09-17 16:49 - 2016-05-14 01:09 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-09-17 16:49 - 2016-05-14 01:09 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-09-17 16:49 - 2016-05-14 01:07 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-09-17 16:49 - 2016-05-14 00:55 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-09-17 16:49 - 2016-05-14 00:53 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-09-17 16:49 - 2016-05-14 00:53 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-09-17 16:49 - 2016-05-14 00:52 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-09-17 16:49 - 2016-05-14 00:52 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-09-17 16:49 - 2016-05-14 00:52 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-09-17 16:49 - 2016-05-14 00:52 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-09-17 16:49 - 2016-05-14 00:50 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-09-17 16:49 - 2016-05-14 00:38 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-09-17 16:49 - 2016-05-14 00:38 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-09-17 16:49 - 2016-05-14 00:38 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-09-17 16:49 - 2016-05-14 00:38 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-09-17 16:49 - 2016-05-12 20:14 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-09-17 16:49 - 2016-05-12 18:18 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-09-17 16:49 - 2016-05-12 18:18 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-09-17 16:49 - 2016-05-04 20:21 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-09-17 16:49 - 2016-05-04 20:17 - 03244032 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-09-17 16:49 - 2016-05-04 20:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-09-17 16:49 - 2016-05-04 20:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-09-17 16:49 - 2016-05-04 20:17 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-09-17 16:49 - 2016-05-04 20:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-09-17 16:49 - 2016-05-04 20:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-09-17 16:49 - 2016-05-04 20:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-09-17 16:49 - 2016-05-04 20:16 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-09-17 16:49 - 2016-05-04 20:16 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-09-17 16:49 - 2016-05-04 18:04 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-09-17 16:49 - 2016-05-04 17:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-09-17 13:51 - 2016-09-17 17:05 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-09-17 13:51 - 2016-09-17 13:51 - 00000791 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-09-17 13:51 - 2016-09-17 13:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-09-17 13:51 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-09-17 13:51 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-09-17 13:51 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-09-17 01:49 - 2016-09-02 18:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-09-17 01:49 - 2016-09-02 18:35 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-09-17 01:49 - 2016-09-02 18:35 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-09-17 01:49 - 2016-09-02 18:35 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-09-17 01:49 - 2016-09-02 18:35 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-09-17 01:49 - 2016-09-02 18:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-09-17 01:49 - 2016-09-02 18:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-09-17 01:49 - 2016-09-02 18:31 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-09-17 01:49 - 2016-09-02 18:31 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-09-17 01:49 - 2016-09-02 18:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-09-17 01:49 - 2016-09-02 18:31 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-09-17 01:49 - 2016-09-02 18:31 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-09-17 01:49 - 2016-09-02 18:31 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-09-17 01:49 - 2016-09-02 18:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-09-17 01:49 - 2016-09-02 18:31 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-09-17 01:49 - 2016-09-02 18:31 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-09-17 01:49 - 2016-09-02 18:30 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-09-17 01:49 - 2016-09-02 18:30 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-09-17 01:49 - 2016-09-02 18:30 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-09-17 01:49 - 2016-09-02 18:30 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-09-17 01:49 - 2016-09-02 18:30 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-09-17 01:49 - 2016-09-02 18:30 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-09-17 01:49 - 2016-09-02 18:30 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-09-17 01:49 - 2016-09-02 18:30 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-09-17 01:49 - 2016-09-02 18:30 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-09-17 01:49 - 2016-09-02 18:30 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-09-17 01:49 - 2016-09-02 18:30 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-09-17 01:49 - 2016-09-02 18:30 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-09-17 01:49 - 2016-09-02 18:30 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-09-17 01:49 - 2016-09-02 18:30 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-09-17 01:49 - 2016-09-02 18:30 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-09-17 01:49 - 2016-09-02 18:30 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-09-17 01:49 - 2016-09-02 18:30 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-09-17 01:49 - 2016-09-02 18:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-09-17 01:49 - 2016-09-02 18:30 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-09-17 01:49 - 2016-09-02 18:30 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-09-17 01:49 - 2016-09-02 18:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-09-17 01:49 - 2016-09-02 18:30 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-09-17 01:49 - 2016-09-02 18:30 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-09-17 01:49 - 2016-09-02 18:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-09-17 01:49 - 2016-09-02 18:30 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-09-17 01:49 - 2016-09-02 18:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-09-17 01:49 - 2016-09-02 18:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-09-17 01:49 - 2016-09-02 18:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-09-17 01:49 - 2016-09-02 18:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-09-17 01:49 - 2016-09-02 18:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-09-17 01:49 - 2016-09-02 18:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-09-17 01:49 - 2016-09-02 18:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-09-17 01:49 - 2016-09-02 18:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-09-17 01:49 - 2016-09-02 18:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-09-17 01:49 - 2016-09-02 18:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-09-17 01:49 - 2016-09-02 18:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-09-17 01:49 - 2016-09-02 18:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-09-17 01:49 - 2016-09-02 18:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-09-17 01:49 - 2016-09-02 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-09-17 01:49 - 2016-09-02 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-09-17 01:49 - 2016-09-02 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-09-17 01:49 - 2016-09-02 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-09-17 01:49 - 2016-09-02 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-09-17 01:49 - 2016-09-02 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-09-17 01:49 - 2016-09-02 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-09-17 01:49 - 2016-09-02 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-09-17 01:49 - 2016-09-02 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-09-17 01:49 - 2016-09-02 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-09-17 01:49 - 2016-09-02 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-09-17 01:49 - 2016-09-02 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-09-17 01:49 - 2016-09-02 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-09-17 01:49 - 2016-09-02 18:21 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-09-17 01:49 - 2016-09-02 18:21 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-09-17 01:49 - 2016-09-02 18:18 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-09-17 01:49 - 2016-09-02 18:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-09-17 01:49 - 2016-09-02 18:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-09-17 01:49 - 2016-09-02 18:16 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-09-17 01:49 - 2016-09-02 18:16 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-09-17 01:49 - 2016-09-02 18:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-09-17 01:49 - 2016-09-02 18:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-09-17 01:49 - 2016-09-02 18:16 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-09-17 01:49 - 2016-09-02 18:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-09-17 01:49 - 2016-09-02 18:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-09-17 01:49 - 2016-09-02 18:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-09-17 01:49 - 2016-09-02 18:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-09-17 01:49 - 2016-09-02 18:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-09-17 01:49 - 2016-09-02 18:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-09-17 01:49 - 2016-09-02 18:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-09-17 01:49 - 2016-09-02 18:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-09-17 01:49 - 2016-09-02 18:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-09-17 01:49 - 2016-09-02 18:16 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-09-17 01:49 - 2016-09-02 18:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-09-17 01:49 - 2016-09-02 18:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-09-17 01:49 - 2016-09-02 18:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-09-17 01:49 - 2016-09-02 18:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-09-17 01:49 - 2016-09-02 18:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-09-17 01:49 - 2016-09-02 18:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-09-17 01:49 - 2016-09-02 18:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-09-17 01:49 - 2016-09-02 18:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-09-17 01:49 - 2016-09-02 18:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-09-17 01:49 - 2016-09-02 18:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-09-17 01:49 - 2016-09-02 18:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-09-17 01:49 - 2016-09-02 18:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-09-17 01:49 - 2016-09-02 18:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-09-17 01:49 - 2016-09-02 18:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-09-17 01:49 - 2016-09-02 18:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-09-17 01:49 - 2016-09-02 18:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-09-17 01:49 - 2016-09-02 18:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-09-17 01:49 - 2016-09-02 18:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-09-17 01:49 - 2016-09-02 18:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-09-17 01:49 - 2016-09-02 18:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-09-17 01:49 - 2016-09-02 18:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-09-17 01:49 - 2016-09-02 18:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-09-17 01:49 - 2016-09-02 18:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-09-17 01:49 - 2016-09-02 18:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-09-17 01:49 - 2016-09-02 18:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-09-17 01:49 - 2016-09-02 18:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-09-17 01:49 - 2016-09-02 18:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-09-17 01:49 - 2016-09-02 18:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-09-17 01:49 - 2016-09-02 18:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-09-17 01:49 - 2016-09-02 18:02 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-09-17 01:49 - 2016-09-02 18:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-09-17 01:49 - 2016-09-02 18:02 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-09-17 01:49 - 2016-09-02 18:01 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-09-17 01:49 - 2016-09-02 17:58 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-09-17 01:49 - 2016-09-02 17:57 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-09-17 01:49 - 2016-09-02 17:55 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-09-17 01:49 - 2016-09-02 17:54 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-09-17 01:49 - 2016-09-02 17:54 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-09-17 01:49 - 2016-09-02 17:53 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-09-17 01:49 - 2016-09-02 17:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-09-17 01:49 - 2016-09-02 17:53 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-09-17 01:49 - 2016-09-02 17:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-09-17 01:49 - 2016-09-02 17:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-09-17 01:49 - 2016-09-02 17:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-09-17 01:49 - 2016-09-02 17:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-09-17 01:49 - 2016-09-02 17:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-09-17 01:49 - 2016-09-02 17:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-09-17 01:49 - 2016-09-02 17:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-09-17 01:49 - 2016-09-02 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-09-17 01:49 - 2016-09-02 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-09-17 00:40 - 2016-08-12 19:26 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-09-17 00:40 - 2016-08-12 19:26 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-09-17 00:40 - 2016-08-12 19:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-09-16 23:15 - 2016-08-16 20:36 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-09-16 23:15 - 2016-08-16 05:48 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-09-16 23:15 - 2016-08-16 05:35 - 03218432 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-09-16 23:14 - 2016-07-07 18:36 - 01896168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2016-09-16 23:14 - 2016-07-07 18:36 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2016-09-16 23:14 - 2016-07-07 18:36 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2016-09-16 23:14 - 2016-07-07 18:08 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2016-09-16 23:14 - 2016-07-01 18:31 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-09-16 23:14 - 2016-07-01 18:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-09-16 23:14 - 2016-07-01 18:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-09-16 23:14 - 2016-07-01 18:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-09-16 22:53 - 2016-08-06 18:31 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-09-16 22:53 - 2016-08-06 18:15 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-09-16 19:10 - 2016-09-23 16:03 - 00000000 ____D C:\FRST
2016-09-16 18:52 - 2016-09-22 21:55 - 00000000 ____D C:\AdwCleaner
2016-09-16 18:43 - 2016-09-16 18:43 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-09-16 18:43 - 2016-09-16 18:43 - 00003280 _____ C:\Windows\System32\Tasks\{150046A4-C2F1-44FB-8B1A-3F067050CB17}
2016-09-16 18:43 - 2016-09-16 18:43 - 00000000 ____D C:\Users\USER\AppData\LocalLow\Oracle
2016-09-16 18:43 - 2016-09-16 18:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-09-16 18:43 - 2016-09-16 18:43 - 00000000 ____D C:\Program Files (x86)\Java
2016-09-16 18:41 - 2016-09-16 18:41 - 00000000 ____D C:\Users\USER\AppData\Roaming\Sun
2016-09-16 18:41 - 2016-09-16 18:41 - 00000000 ____D C:\Users\USER\.oracle_jre_usage
2016-09-15 21:56 - 2016-09-15 21:56 - 00000000 ____D C:\Users\Guest\AppData\Local\CrashDumps
2016-09-15 20:10 - 2016-09-15 20:10 - 00000984 _____ C:\Users\Public\Desktop\AVG.lnk
2016-09-15 19:53 - 2016-09-15 19:53 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-09-15 19:53 - 2016-09-15 19:53 - 00000000 ____D C:\Users\Guest\AppData\Local\Ubisoft
2016-08-28 12:33 - 2016-08-28 12:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eidos
2016-08-25 18:17 - 2016-08-25 18:17 - 00000934 _____ C:\Users\Public\Desktop\Call of Duty - Black Ops Call MP.lnk
2016-08-25 18:17 - 2016-08-25 18:17 - 00000924 _____ C:\Users\Public\Desktop\Call of Duty - Black Ops.lnk
2016-08-25 18:17 - 2016-08-25 18:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision
2016-08-24 19:49 - 2016-08-24 19:49 - 00000000 ____D C:\Users\USER\AppData\Local\ESET
2016-08-24 11:38 - 2016-08-24 11:38 - 00000191 _____ C:\Users\USER\Desktop\Inside.url
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-23 15:59 - 2016-03-21 22:20 - 00000000 ____D C:\Users\USER\AppData\Roaming\Skype
2016-09-23 15:59 - 2015-03-20 13:42 - 00000000 ____D C:\ProgramData\Skype
2016-09-23 15:58 - 2016-03-21 21:41 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-09-23 15:58 - 2016-01-16 17:50 - 00000000 ____D C:\Users\USER\AppData\Roaming\TS3Client
2016-09-23 15:57 - 2015-03-19 21:05 - 00000000 ____D C:\ProgramData\MFAData
2016-09-23 15:54 - 2015-03-19 16:40 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-23 15:53 - 2015-04-03 22:53 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-09-23 15:53 - 2015-03-19 16:40 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-22 22:49 - 2009-07-14 06:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-09-22 22:48 - 2015-04-17 13:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-09-22 22:48 - 2015-03-28 13:56 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-09-22 22:47 - 2009-07-14 06:20 - 00000000 ____D C:\Program Files\Common Files\System
2016-09-22 22:47 - 2009-07-14 05:34 - 00000387 _____ C:\Windows\win.ini
2016-09-22 22:31 - 2015-04-17 21:51 - 00000000 ____D C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2016-09-22 22:31 - 2015-04-17 21:51 - 00000000 ____D C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2016-09-22 22:28 - 2015-09-18 12:48 - 00000000 ____D C:\Users\USER\AppData\LocalLow\uTorrent
2016-09-22 22:28 - 2015-03-20 13:54 - 00000000 ____D C:\Users\USER\AppData\Roaming\uTorrent
2016-09-22 22:04 - 2009-07-14 07:45 - 00022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-22 22:04 - 2009-07-14 07:45 - 00022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-22 21:56 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-22 01:03 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\rescache
2016-09-19 22:09 - 2015-04-03 22:53 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-09-19 22:09 - 2015-04-03 22:53 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-09-19 22:09 - 2015-04-03 22:53 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-09-19 22:09 - 2015-04-03 22:53 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-09-19 22:09 - 2015-04-03 22:53 - 00000000 ____D C:\Windows\system32\Macromed
2016-09-17 17:05 - 2015-08-25 16:02 - 00000000 ____D C:\Windows\Minidump
2016-09-17 17:03 - 2015-03-19 16:56 - 00000000 ____D C:\ProgramData\NVIDIA
2016-09-17 17:02 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\inf
2016-09-17 16:25 - 2015-07-03 14:57 - 00000000 ____D C:\Users\USER\AppData\Local\ElevatedDiagnostics
2016-09-17 13:59 - 2009-07-14 08:32 - 00000000 ____D C:\Windows\addins
2016-09-17 13:53 - 2009-07-14 08:13 - 00006584 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-17 13:41 - 2009-07-14 07:45 - 05100952 _____ C:\Windows\system32\FNTCACHE.DAT
2016-09-17 01:48 - 2015-03-22 18:59 - 00000000 ____D C:\Windows\system32\MRT
2016-09-17 01:45 - 2015-03-22 18:59 - 144199024 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-09-16 18:43 - 2015-04-14 21:14 - 00000000 ____D C:\ProgramData\Oracle
2016-09-15 22:23 - 2016-07-19 16:18 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-09-15 20:10 - 2015-12-04 14:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2016-09-15 20:09 - 2015-07-04 11:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-09-04 21:15 - 2015-03-28 23:40 - 00000000 __SHD C:\Users\Guest\IntelGraphicsProfiles
2016-09-04 21:15 - 2015-03-20 19:55 - 00000000 ____D C:\Users\Guest\AppData\Local\Google
2016-08-28 12:33 - 2015-03-19 16:45 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-08-26 15:06 - 2015-04-17 15:50 - 00000000 ____D C:\Program Files\Rockstar Games
2016-08-26 15:06 - 2015-04-17 15:50 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2016-08-26 12:13 - 2015-03-28 14:57 - 00000000 ____D C:\Users\USER\AppData\Local\Ubisoft Game Launcher
2016-08-26 02:28 - 2016-05-27 13:35 - 01019960 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2016-08-26 02:28 - 2016-05-13 22:15 - 17463088 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2016-08-26 02:28 - 2016-05-13 22:15 - 17263792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2016-08-26 02:28 - 2015-12-10 13:36 - 00039731 _____ C:\Windows\system32\nvinfo.pb
2016-08-26 02:28 - 2015-05-18 21:47 - 03456888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2016-08-26 02:28 - 2015-03-19 16:54 - 19848080 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2016-08-26 02:28 - 2015-03-19 16:54 - 14352816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2016-08-26 02:28 - 2015-03-19 16:54 - 03917512 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2016-08-25 18:20 - 2016-06-17 10:58 - 00000000 ____D C:\Users\USER\AppData\Local\Activision
2016-08-24 22:08 - 2016-01-18 23:46 - 00000000 ____D C:\Users\USER\AppData\Local\CrashDumps
2016-08-24 11:38 - 2016-01-08 15:50 - 00000000 ___RD C:\Users\USER\Desktop\Main game shortcuts
 
==================== Files in the root of some directories =======
 
2016-08-22 17:39 - 2016-08-22 17:39 - 0007602 _____ () C:\Users\USER\AppData\Local\Resmon.ResmonCfg
2015-03-19 16:45 - 2015-03-19 16:45 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\Guest\AppData\Local\Temp\avgnt.exe
C:\Users\USER\AppData\Local\Temp\avgnt.exe
C:\Users\USER\AppData\Local\Temp\avguirn_082067643930.exe
C:\Users\USER\AppData\Local\Temp\libeay32.dll
C:\Users\USER\AppData\Local\Temp\msvcr120.dll
C:\Users\USER\AppData\Local\Temp\ose00000.exe
C:\Users\USER\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-09-17 16:18
 
==================== End of FRST.txt ============================
 
 
 
 
 
addition.txt is:
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-09-2016
Ran by USER (23-09-2016 16:03:52)
Running from C:\Users\USER\Desktop
Windows 7 Professional Service Pack 1 (X64) (2015-03-19 13:37:01)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4126855326-3008047531-3105444804-500 - Administrator - Disabled)
Guest (S-1-5-21-4126855326-3008047531-3105444804-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-4126855326-3008047531-3105444804-1002 - Limited - Enabled)
Smurf (S-1-5-21-4126855326-3008047531-3105444804-1003 - Administrator - Enabled) => C:\Users\Smurf
USER (S-1-5-21-4126855326-3008047531-3105444804-1000 - Administrator - Enabled) => C:\Users\USER
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-4126855326-3008047531-3105444804-1000\...\uTorrent) (Version: 3.4.8.42576 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Alien Swarm (HKLM\...\Steam App 630) (Version:  - Valve)
AlienFX for IskuFX (HKLM-x32\...\InstallShield_{2C3FC2CC-0A8B-409E-B487-8CD54F4DC1D4}) (Version: 1.02 - Roccat GmbH)
AlienFX for IskuFX (Version: 1.02 - Roccat GmbH) Hidden
AVG (HKLM\...\AvgZen) (Version: 1.91.2.35777 - AVG Technologies)
AVG (Version: 16.111.7797 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4656 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.111.7797 - AVG Technologies)
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.3.5.160 - AVG Technologies)
AVG Zen (Version: 1.91.11 - AVG Technologies) Hidden
Bandicam (HKLM-x32\...\Bandicam) (Version: 2.3.3.860 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
Blood and Bacon (HKLM\...\Steam App 434570) (Version:  - Big Corporation)
BlueJ (HKLM-x32\...\{7D66971C-652B-4065-A6B1-B3EE313C254B}) (Version: 3.1.5 - BlueJ Team)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Call of Duty: Black Ops (HKLM-x32\...\Call of Duty: Black Ops_is1) (Version:  - )
Call of Duty: World at War (HKLM\...\Steam App 10090) (Version:  - Treyarch)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Canon MX510 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX510_series) (Version:  - )
Canon MX510 series User Registration (HKLM-x32\...\Canon MX510 series User Registration) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.18 - Piriform)
Chrome Remote Desktop Host (HKLM-x32\...\{159AA592-31AA-4EAC-A6CB-B47AB2CB1476}) (Version: 52.0.2743.48 - Google Inc.)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Ultra (HKLM\...\DAEMON Tools Ultra) (Version: 4.0.1.0425 - Disc Soft Ltd)
Discord (HKU\S-1-5-21-4126855326-3008047531-3105444804-1000\...\Discord) (Version: 0.0.295 - Hammer & Chisel, Inc.)
DOOM (HKLM\...\Steam App 379720) (Version:  - id Software)
Euro Truck Simulator 2 (HKLM\...\Steam App 227300) (Version:  - SCS Software)
FMW 1 (Version: 1.132.1 - AVG Technologies) Hidden
Free Auto Shutdown (HKLM-x32\...\{06F6873A-C03B-4417-A7BB-8A7F788EBEB3}) (Version: 1.0.0 - Media Freeware)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.116 - Google Inc.)
Google Drive (HKLM-x32\...\{459CE109-4E46-4340-92BC-054642BC3BC2}) (Version: 1.31.2873.2758 - Google, Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
Inside (HKLM-x32\...\{9BD4503F-F711-491D-984A-AB4ABD66B8C2}_is1) (Version:  - Playdead)
Insurgency (HKLM-x32\...\Steam App 222880) (Version:  - New World Interactive)
Intel® Chipset Device Software (x32 Version: 10.0.13 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation)
Intel® Network Connections 18.8.136.0 (HKLM\...\PROSetDX) (Version: 18.8.136.0 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3540 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.0.3.1001 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.16 - Intel Corporation)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Kiwi Application Monitor (HKLM-x32\...\{FD9DD1A7-AC70-40F9-9540-9F8C7B99AD34}) (Version: 1.5.3 - Kozmos)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Lego Indiana Jones 2 (HKLM-x32\...\Steam App 32450) (Version:  - Traveller's Tales)
LG Mobile Driver (HKLM-x32\...\{3F490D0E-3131-438C-BCF9-7549CB88DF41}) (Version: 4.0.4 - LG Electronics)
LGUP 8994 DLL (HKLM-x32\...\{13E08E57-C57C-448C-9B48-82F8BAC613C3}) (Version: 0.0.1.18 - LG Electronics)
LGUP for Store (HKLM-x32\...\{27FDA0D1-5BEA-427A-913C-FF050C211674}) (Version: 1.14.3 - LG Electronics)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
MixPad Multitrack Recording Software (HKLM-x32\...\MixPad) (Version: 3.60 - NCH Software)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NotepadPlusPlusApp (HKU\S-1-5-21-4126855326-3008047531-3105444804-1000\...\NotepadPlusPlusApp) (Version:  - ) <==== ATTENTION
NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 365.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 365.19 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.7.2.53208 - Electronic Arts, Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7200 - Realtek Semiconductor Corp.)
ROCCAT Isku FX Keyboard Driver (HKLM-x32\...\{DC69933C-E7B0-455D-8E54-FAC1EEF046FF}) (Version:  - Roccat GmbH)
ROCCAT Kone Pure Mouse Driver (HKLM-x32\...\{4905245D-56E7-4176-BE68-962728B803D6}) (Version:  - Roccat GmbH)
Roccat Talk (HKLM-x32\...\{605D671E-1D1E-4840-84D9-BFACE17F160D}) (Version: 1.00.0015 - Roccat GmbH)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.9.6 - Rockstar Games)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
Skype™ 7.27 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.27.101 - Skype Technologies S.A.)
Sniper Elite 3 (HKLM\...\Steam App 238090) (Version:  - Rebellion)
Splinter Cell Blacklist (HKLM-x32\...\{2F5D7BAD-EAE3-49C9-8757-6BD879D03566}) (Version: 1.0.3.0 - Ubisoft)
SpyHunter (HKLM-x32\...\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}) (Version: 4.1.11 - Enigma Software Group USA, LLC)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKU\S-1-5-21-4126855326-3008047531-3105444804-1000\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
Tom Clancy's Rainbow Six Siege (HKLM\...\Steam App 359550) (Version:  - Ubisoft Montreal)
Tom Clancy's Splinter Cell (HKLM-x32\...\Uplay Install 109) (Version:  - Ubisoft)
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version:  - Crystal Dynamics)
Uplay (HKLM-x32\...\Uplay) (Version: 20.0 - Ubisoft)
Verdun (HKLM\...\Steam App 242860) (Version:  - M2H)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 4.30 - NCH Software)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 5.95 - NCH Software)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-4126855326-3008047531-3105444804-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {07E40388-BB72-48B7-A5BF-CF706081F883} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-19] (Adobe Systems Incorporated)
Task: {0FE0AEC6-E977-481C-8422-E5E0E5E146EB} - System32\Tasks\0116tbUpdateInfo => C:\ProgramData\Avg_Update_0116tb\0116tb_{F3FEA054-4907-4736-93E2-2319AE845C87}.exe
Task: {1F6F89EB-5F87-46AC-9C08-EB549D8A2257} - System32\Tasks\AutoRearm => C:\Windows\AutoRearm\AutoRearm.exe
Task: {297CECEF-FFFC-4EB3-8531-D96BA3382022} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {423614B5-ED80-4D03-A9B1-67F811719F78} - System32\Tasks\{315D29BE-5337-426E-BB1F-153F4C85A909} => Chrome.exe hxxp://ui.skype.com/ui/0/7.10.0.101/en/abandoninstall?source=lightinstaller&amp;page=tsMain
Task: {59259918-F909-4D85-9ED8-20CA1F452625} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {B42440EA-75B1-43F0-B3A4-BAF7100F75CE} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {D897DDBF-3F5F-4573-A966-35E9FC4C45AC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-06-01] (Piriform Ltd)
Task: {DD572A40-0512-4723-91F1-F87262531472} - System32\Tasks\{1C97F32D-275F-4D1A-9030-3D9442264C65} => Chrome.exe hxxp://ui.skype.com/ui/0/7.18.0.112/en/abandoninstall?source=lightinstaller&amp;page=tsInstall
Task: {DE57E8FA-BEA0-4F79-AD49-6C8E76A5FE5F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-08] (Adobe Systems Incorporated)
Task: {ED1B5F32-851D-45FF-8591-F47608186D9D} - System32\Tasks\{150046A4-C2F1-44FB-8B1A-3F067050CB17} => pcalua.exe -a "C:\Users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XX9F397Q\jre-8u101-windows-i586.exe" -d C:\Users\USER\Desktop
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\0116tbUpdateInfo.job => C:\ProgramData\Avg_Update_0116tb\0116tb_{F3FEA054-4907-4736-93E2-2319AE845C87}.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\USER\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.html
 
ShortcutWithArgument: C:\Users\USER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5d696d521de238c3\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-03-19 16:56 - 2016-05-10 02:40 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-03-31 21:18 - 2011-09-06 14:32 - 00140456 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2016-05-13 22:25 - 2016-06-15 04:14 - 00369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-05-13 22:25 - 2016-06-15 04:14 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-05-13 22:25 - 2016-06-15 04:14 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-05-13 22:25 - 2016-06-15 04:14 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2015-07-30 14:41 - 2016-06-17 10:58 - 00066872 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-07-30 14:41 - 2016-06-17 10:58 - 00107832 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2016-05-13 22:25 - 2016-06-15 04:14 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-05-13 22:25 - 2016-06-15 04:14 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-05-13 22:25 - 2016-06-15 04:14 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-05-13 22:25 - 2016-06-15 04:14 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-05-13 22:26 - 2016-06-15 04:14 - 00167480 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\gamecaster64.dll
2016-05-13 22:26 - 2016-06-15 04:14 - 00862776 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\twitchsdk64.dll
2016-05-13 22:25 - 2016-06-15 04:14 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-05-13 22:25 - 2016-06-15 04:14 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2016-05-13 22:25 - 2016-06-15 04:14 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-03-19 23:25 - 2016-08-09 02:27 - 00785920 _____ () E:\Program Files (x86)\Steam\SDL2.dll
2015-03-19 23:25 - 2015-07-02 01:06 - 04962816 _____ () E:\Program Files (x86)\Steam\v8.dll
2015-03-19 23:25 - 2015-07-02 01:06 - 01556992 _____ () E:\Program Files (x86)\Steam\icui18n.dll
2015-03-19 23:25 - 2015-07-02 01:06 - 01187840 _____ () E:\Program Files (x86)\Steam\icuuc.dll
2015-03-19 23:25 - 2016-08-23 22:33 - 02321184 _____ () E:\Program Files (x86)\Steam\video.dll
2015-03-19 23:25 - 2016-01-27 10:49 - 02549760 _____ () E:\Program Files (x86)\Steam\libavcodec-56.dll
2015-03-19 23:25 - 2016-01-27 10:49 - 00442880 _____ () E:\Program Files (x86)\Steam\libavutil-54.dll
2015-03-19 23:25 - 2016-01-27 10:49 - 00491008 _____ () E:\Program Files (x86)\Steam\libavformat-56.dll
2015-03-19 23:25 - 2016-01-27 10:49 - 00332800 _____ () E:\Program Files (x86)\Steam\libavresample-2.dll
2015-03-19 23:25 - 2016-01-27 10:49 - 00485888 _____ () E:\Program Files (x86)\Steam\libswscale-3.dll
2015-03-19 23:25 - 2016-08-23 22:33 - 00835360 _____ () E:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-10 01:52 - 2016-07-05 01:17 - 00266560 _____ () E:\Program Files (x86)\Steam\openvr_api.dll
2015-03-20 14:33 - 2012-07-08 17:31 - 00061440 _____ () E:\Program Files (x86)\ROCCAT\Isku FX Keyboard\hiddriver.dll
2015-03-20 14:45 - 2012-06-23 15:54 - 00061440 _____ () E:\Program Files (x86)\ROCCAT\Kone Pure Mouse\hiddriver.dll
2015-12-16 21:24 - 2014-09-11 19:09 - 01498112 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2015-12-16 21:24 - 2014-05-19 18:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2016-04-08 12:58 - 2016-04-08 12:58 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll
2015-03-19 23:25 - 2016-08-04 23:56 - 49825056 _____ () E:\Program Files (x86)\Steam\bin\libcef.dll
2015-03-19 23:25 - 2015-09-25 02:52 - 00119208 _____ () E:\Program Files (x86)\Steam\winh264.dll
2016-09-17 19:36 - 2016-09-14 03:38 - 01806152 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\libglesv2.dll
2016-09-17 19:36 - 2016-09-14 03:38 - 00094024 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows\Temp:$DATA [16]
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformation [63]
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformation [63]
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\USER\Desktop\צילום קבלות.jpg:3or4kl4x13tuuug3Byamue2s4b [93]
AlternateDataStreams: C:\Users\USER\Desktop\צילום קבלות.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 05:34 - 2016-08-19 13:17 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4126855326-3008047531-3105444804-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\USER\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupfolder: C:^Users^USER^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ts3server_win64 - Shortcut.lnk => C:\Windows\pss\ts3server_win64 - Shortcut.lnk.Startup
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{1FD4067F-0896-4698-9DA0-763F414FE6C7}] => (Allow) E:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5B16FC38-9C2E-42C6-B9B0-09B97F71AC81}] => (Allow) E:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9AF74B98-59D6-4198-85A9-C5EE7D116822}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{5F2365D8-9839-49E8-BD7F-FE9AE53C6532}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{EEBDBDD7-F810-4E7D-A6CB-339F072B2E06}] => (Allow) C:\Users\USER\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A5E7A820-D1DA-489B-B1C0-DAAC25BA49D9}] => (Allow) C:\Users\USER\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C6EE6A20-F185-4468-ABD1-A24FAAA20FED}] => (Allow) E:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{B8939F86-2065-4D5E-AB4D-1D8AB79B607C}] => (Allow) E:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{CD0A9B8D-1C6C-4E98-8A72-5EB035603576}E:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) E:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{B76AA325-0194-4442-A4C2-16BEB75E26CF}E:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) E:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{9357724A-CB75-48B5-821A-6A35FBFE8C42}E:\program files (x86)\splinter cell blacklist\src\system\blacklist_dx11_game.exe] => (Allow) E:\program files (x86)\splinter cell blacklist\src\system\blacklist_dx11_game.exe
FirewallRules: [UDP Query User{12627B66-E918-4BDA-95CF-661242E66DA9}E:\program files (x86)\splinter cell blacklist\src\system\blacklist_dx11_game.exe] => (Allow) E:\program files (x86)\splinter cell blacklist\src\system\blacklist_dx11_game.exe
FirewallRules: [{7257215F-9D6D-4DC9-9B1C-95025350AEA6}] => (Allow) \crime.exe
FirewallRules: [{3ED66F6D-A2FD-411A-BAAB-D4E7141CBE47}] => (Allow) \crime.exe
FirewallRules: [{419B3FB4-011C-4299-9F3B-6EAF268FF5C6}] => (Allow) C:\ProgramData\NexonEU\NGM\NGM.exe
FirewallRules: [{D16707C0-304C-4933-ACBF-075713BCF5A8}] => (Allow) C:\ProgramData\NexonEU\NGM\NGM.exe
FirewallRules: [{0DDDED03-41D5-4848-BDC1-4181B94AEDA8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F5478600-4DFE-470A-B38B-6BAE606335AA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E4FF6A15-35EB-4F8D-8234-D3883543ED53}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AF1583E9-EA18-4EB9-BC3C-F8DC6186BAC5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6705EAA5-633F-4018-9527-F25EB0EC6A9D}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Lego Indiana Jones 2\LEGOIndy2.exe
FirewallRules: [{AC4F8DA8-82F8-4E4A-8E0B-9DC862DB938C}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Lego Indiana Jones 2\LEGOIndy2.exe
FirewallRules: [{952586FD-438D-4F94-9043-E11BBFFDC3F6}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{FA89AA00-98A9-4161-A834-56B5D997FF83}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{38335B90-C8AB-4996-A94F-F897608F6007}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{F0B8D9AB-1676-474C-B44D-EF6505FA2BDD}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [TCP Query User{EFCDC8FF-E91E-46D3-92E8-57B65AE9FFB7}C:\users\user\desktop\terraria.v1.3.0.1\terraria.exe] => (Allow) C:\users\user\desktop\terraria.v1.3.0.1\terraria.exe
FirewallRules: [UDP Query User{AEA44684-CF26-4398-A886-84E3A0D92BDF}C:\users\user\desktop\terraria.v1.3.0.1\terraria.exe] => (Allow) C:\users\user\desktop\terraria.v1.3.0.1\terraria.exe
FirewallRules: [TCP Query User{D7666C12-F83C-428E-B998-B75ADED20ECE}C:\users\user\desktop\terraria.v1.3.0.1\terrariaserver.exe] => (Allow) C:\users\user\desktop\terraria.v1.3.0.1\terrariaserver.exe
FirewallRules: [UDP Query User{F652CF1D-A842-4F0F-857E-AC4B9F59F462}C:\users\user\desktop\terraria.v1.3.0.1\terrariaserver.exe] => (Allow) C:\users\user\desktop\terraria.v1.3.0.1\terrariaserver.exe
FirewallRules: [TCP Query User{577E2803-2DA1-47C8-869D-E7343C058553}E:\program files (x86)\rocketleague\binaries\win32\rocketleague.exe] => (Allow) E:\program files (x86)\rocketleague\binaries\win32\rocketleague.exe
FirewallRules: [UDP Query User{459CD45E-78E2-4DBF-A295-229CBD52FB28}E:\program files (x86)\rocketleague\binaries\win32\rocketleague.exe] => (Allow) E:\program files (x86)\rocketleague\binaries\win32\rocketleague.exe
FirewallRules: [{321CFDBB-2E96-4F14-A4F0-F71479CD6D09}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{7BCEA8ED-86AD-411A-B268-7D452260BF7D}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Tomb Raider\TombRaider.exe
FirewallRules: [TCP Query User{21A737BF-E7D9-4D62-894C-1A32D42D93BD}E:\program files (x86)\hitman closed alpha\hitman_ca.exe] => (Allow) E:\program files (x86)\hitman closed alpha\hitman_ca.exe
FirewallRules: [UDP Query User{A940B62C-1A5C-4178-A0AA-BDFDE9D76E66}E:\program files (x86)\hitman closed alpha\hitman_ca.exe] => (Allow) E:\program files (x86)\hitman closed alpha\hitman_ca.exe
FirewallRules: [TCP Query User{14490841-F237-410C-89F8-EC98506045B2}E:\program files (x86)\portal 2\portal2.exe] => (Allow) E:\program files (x86)\portal 2\portal2.exe
FirewallRules: [UDP Query User{7AEF8993-3AD0-4490-8001-9C2F230505DA}E:\program files (x86)\portal 2\portal2.exe] => (Allow) E:\program files (x86)\portal 2\portal2.exe
FirewallRules: [TCP Query User{5C6A3483-C713-48C1-BD65-9FEA1CA50316}E:\program files (x86)\portal 2\portal2.exe] => (Allow) E:\program files (x86)\portal 2\portal2.exe
FirewallRules: [UDP Query User{F7E13AFB-7E95-4B6A-ADE2-B5C150F81095}E:\program files (x86)\portal 2\portal2.exe] => (Allow) E:\program files (x86)\portal 2\portal2.exe
FirewallRules: [{9EB9FAEC-61BD-4C0A-A84A-272BA2ACBDA1}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{6A4AEEF9-1535-4B79-AC46-AA63DE1B8154}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{B8306FA9-04B9-46E7-ADD8-2E11642AE51F}] => (Allow) E:\Program Files\Rockstar Games\Grand Theft Auto V\GTA5.exe
FirewallRules: [{6501F361-6F5D-41FD-B134-40DBCE681203}] => (Allow) E:\Program Files\Rockstar Games\Grand Theft Auto V\GTA5.exe
FirewallRules: [TCP Query User{96BDB2CB-B1AE-4FD6-8E4D-CFD0811F92DB}E:\program files\counter-strike\hl.exe] => (Allow) E:\program files\counter-strike\hl.exe
FirewallRules: [UDP Query User{04A5B027-6B5C-4ADF-8791-70A1CAB0DDCD}E:\program files\counter-strike\hl.exe] => (Allow) E:\program files\counter-strike\hl.exe
FirewallRules: [TCP Query User{452719DB-C181-476E-930D-CED6E8CAA7C7}E:\program files (x86)\broforce final release\broforce_beta.exe] => (Allow) E:\program files (x86)\broforce final release\broforce_beta.exe
FirewallRules: [UDP Query User{5FF1BA4B-05EC-4BCE-AEDB-64BA43FC100E}E:\program files (x86)\broforce final release\broforce_beta.exe] => (Allow) E:\program files (x86)\broforce final release\broforce_beta.exe
FirewallRules: [{EAA2C927-C2EB-4C01-BEA1-1E4CFF8AD829}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [{4D245715-197A-4DC2-A16A-BDE518C5BA35}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [{CF27B76C-384B-4BAB-9338-A463B139F8D5}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{8C25D156-49B9-4BA0-969E-BDB1DC082032}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{574FE223-DFB8-48EB-A4F3-8C4374E114D9}] => (Allow) LPort=49361
FirewallRules: [{42B0A524-E55C-49C5-B42F-E822594C9933}] => (Allow) LPort=5000
FirewallRules: [{B20FB45D-E39C-4814-8434-9251FCF67DE6}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{704DF412-4D82-4802-98DF-0C7D86167419}] => (Allow) LPort=2869
FirewallRules: [{23E78CDB-C19F-49AE-8209-4B62AD0DA34D}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{2EE57585-C219-4971-97FB-9DCB5D90CE05}C:\users\user\desktop\teamspeak3-server_win64\ts3server_win64.exe] => (Allow) C:\users\user\desktop\teamspeak3-server_win64\ts3server_win64.exe
FirewallRules: [UDP Query User{B6EFAF86-219F-4D4D-96A4-664DF04F0FE2}C:\users\user\desktop\teamspeak3-server_win64\ts3server_win64.exe] => (Allow) C:\users\user\desktop\teamspeak3-server_win64\ts3server_win64.exe
FirewallRules: [TCP Query User{A58A9FB0-6632-44C1-B3B6-09DC95AA3B01}E:\program files (x86)\counter-strike source\hl2.exe] => (Allow) E:\program files (x86)\counter-strike source\hl2.exe
FirewallRules: [UDP Query User{351B6EFD-67EF-4C1A-95E3-2CDBCEE42AFE}E:\program files (x86)\counter-strike source\hl2.exe] => (Allow) E:\program files (x86)\counter-strike source\hl2.exe
FirewallRules: [TCP Query User{1C45C26E-18A3-4AD3-A3FC-DF64F4004E68}C:\users\user\desktop\teamspeak3-server_win64\ts3server_win64.exe] => (Allow) C:\users\user\desktop\teamspeak3-server_win64\ts3server_win64.exe
FirewallRules: [UDP Query User{C44DAFCF-9472-41F3-A10C-B0EA28E6E512}C:\users\user\desktop\teamspeak3-server_win64\ts3server_win64.exe] => (Allow) C:\users\user\desktop\teamspeak3-server_win64\ts3server_win64.exe
FirewallRules: [{954F8661-28F6-4217-92CA-4279D5DC30A2}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Sniper Elite 3\Launcher\Sniper3Launcher.exe
FirewallRules: [{5BDAB6AE-6DEC-404A-856B-846B0B6DE3E0}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Sniper Elite 3\Launcher\Sniper3Launcher.exe
FirewallRules: [TCP Query User{C9CCAC58-D874-499F-8C2F-3D12ED0AFDA3}E:\program files (x86)\steam\steamapps\common\sniper elite 3\bin\sniperelite3.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\sniper elite 3\bin\sniperelite3.exe
FirewallRules: [UDP Query User{7AD6A8C4-0D07-41D8-82B9-27EDF88E10CE}E:\program files (x86)\steam\steamapps\common\sniper elite 3\bin\sniperelite3.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\sniper elite 3\bin\sniperelite3.exe
FirewallRules: [{04BFDC1D-D3F6-4B81-B899-ED78DC4A6DCF}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{DE57E399-A1D8-4E37-BBA1-3C62D4AB085B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{B90FA29F-4CCF-44D2-A126-EFF73C32CD21}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{A229631B-B0F1-42D5-AD84-A77A3E2DB46A}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\DOOM\DOOMx64.exe
FirewallRules: [{DE727A2B-837F-48F9-862B-4681946375D7}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\DOOM\DOOMx64.exe
FirewallRules: [{30A76D76-0638-4784-BA17-64AD153A2121}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{EDE66FC1-4110-4C3B-844F-468B17E7BD80}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{59FAE28F-75BF-4A5A-9692-878BFFCDD783}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{2D89AE75-9973-4577-94FE-3722EA875BE2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{0A4A5ABD-F567-4452-87D3-33AF4F14FEBD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{AE8745F2-0D62-4854-BCA4-5EA81F0C1C45}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{84B4E23F-786A-498B-81D6-B6FFF741C987}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{2C53D21A-F504-4B1B-BB11-ADFD75A9E50E}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Alien Swarm\swarm.exe
FirewallRules: [{AE6A763D-3188-488C-A655-9085F244D67C}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Alien Swarm\swarm.exe
FirewallRules: [{E7747155-9FBA-4E1E-BE47-637BF565C206}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Call of Duty World at War\CoDWaW.exe
FirewallRules: [{B23C351D-98C3-495A-8E2C-A19472610D42}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Call of Duty World at War\CoDWaW.exe
FirewallRules: [{BDDECA40-3BD8-4836-B9C5-F98D794EB4DD}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Call of Duty World at War\CoDWaWmp.exe
FirewallRules: [{0A31F682-2B4C-4C39-A6DB-3D40BCAC520A}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Call of Duty World at War\CoDWaWmp.exe
FirewallRules: [{E0FCC616-01D0-4FCF-AB9C-335509724955}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{C076063F-D6E4-403F-86F7-20A0A5DF190A}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{D96A319B-5A3F-4DAB-A694-E2F0AF09ED26}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{2900B555-48C2-4B34-A2FE-08CCB8EB91BF}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{8A44077D-EEEB-4EB9-9145-ED20D76CF36D}E:\program files (x86)\r.g. mechanics\wolfenstein - the new order\wolfneworder_x64.exe] => (Block) E:\program files (x86)\r.g. mechanics\wolfenstein - the new order\wolfneworder_x64.exe
FirewallRules: [UDP Query User{E90A14BA-0435-45DE-B1AD-7C59ACB04D74}E:\program files (x86)\r.g. mechanics\wolfenstein - the new order\wolfneworder_x64.exe] => (Block) E:\program files (x86)\r.g. mechanics\wolfenstein - the new order\wolfneworder_x64.exe
FirewallRules: [TCP Query User{F1E68F2C-B3F9-4B01-911D-2CEE62693B4F}E:\program files (x86)\broforce\broforce_beta.exe] => (Block) E:\program files (x86)\broforce\broforce_beta.exe
FirewallRules: [UDP Query User{4C6C865D-9091-4654-9656-1CFC7A7C28B3}E:\program files (x86)\broforce\broforce_beta.exe] => (Block) E:\program files (x86)\broforce\broforce_beta.exe
FirewallRules: [{23483862-0E32-4435-AB07-FDF88ECA478E}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Verdun\Verdun.exe
FirewallRules: [{9249134B-1DE0-4071-8D2F-5E33773B25C6}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Verdun\Verdun.exe
FirewallRules: [{8C6EEA39-A67F-4250-ABCC-EFB510E1C8A0}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_host.exe
FirewallRules: [{71F3CA17-CB3D-46AA-9FC4-FE8409DA336E}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{B1BEF2A5-C6D1-4EC0-9BEE-44E2E0065797}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{5AC86DD1-AB82-4B0B-83DA-C878327EEF0C}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{E191D261-CA26-48CC-8A8C-69DFC0DEAC91}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{16E605A4-A6C1-41ED-8F43-AD69E2A07975}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{9FE9A501-EC3B-4A0D-9367-CAE97948E7F5}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{CE51DFF7-A324-40C9-8FA9-006FA54FCD9D}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSixGame.exe
FirewallRules: [{91A6613F-FB19-4DF7-8EF2-EAD00ED0B227}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSixGame.exe
FirewallRules: [TCP Query User{1B7584EA-D986-4C1A-8D5A-E96B69064D41}E:\program files (x86)\we happy few\glimpsegame\binaries\win64\glimpsegame.exe] => (Block) E:\program files (x86)\we happy few\glimpsegame\binaries\win64\glimpsegame.exe
FirewallRules: [UDP Query User{D087CC5F-BDE9-40ED-A67C-516CEE9EC360}E:\program files (x86)\we happy few\glimpsegame\binaries\win64\glimpsegame.exe] => (Block) E:\program files (x86)\we happy few\glimpsegame\binaries\win64\glimpsegame.exe
FirewallRules: [{C5E3B10E-CA4B-42F7-80AC-965490509171}] => (Allow) E:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Splinter Cell\system\SplinterCell.exe
FirewallRules: [{A2A62981-13B2-4329-8635-AE38AC210299}] => (Allow) E:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Splinter Cell\system\SplinterCell.exe
FirewallRules: [{0904CAD4-8D7E-4864-B314-AB5C01B031AB}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Blood and Bacon\BloodandBacon.exe
FirewallRules: [{A329D890-0D79-42F8-BA15-045845F9C542}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Blood and Bacon\BloodandBacon.exe
FirewallRules: [{CA7928E1-11D2-40C2-A1A2-8E83D595FB13}] => (Allow) E:\Program Files (x86)\Rise of the Tomb Raider\Steam\Steam.exe
FirewallRules: [{B3977CEE-274A-4A1D-A413-7CE6271F78F3}] => (Allow) E:\Program Files (x86)\Rise of the Tomb Raider\Steam\Steam.exe
FirewallRules: [{CDB2014B-24B8-4D13-8621-CF732BFC41E7}] => (Allow) E:\Downloads\ABZUFUCVKI\ABZU_FULL_UNLOCKED\Steam\Steam.exe
FirewallRules: [{68F6DCB2-5E3B-4C3B-957B-6725AA1F9ECE}] => (Allow) E:\Downloads\ABZUFUCVKI\ABZU_FULL_UNLOCKED\Steam\Steam.exe
FirewallRules: [{39164CF9-BEED-48A5-9645-7EB56CB39D75}] => (Allow) E:\Program Files (x86)\ABZU\Steam\Steam.exe
FirewallRules: [{B3DAE955-F5CC-4C50-B06B-126B5E8DF79D}] => (Allow) E:\Program Files (x86)\ABZU\Steam\Steam.exe
FirewallRules: [{76712253-4B8C-4C74-8744-E899F2D88B61}] => (Allow) E:\Program Files (x86)\Tom Clancys Splinter Cell Chaos Thheory\System\SPLINTERCELL3.EXE
FirewallRules: [{DF56EB4B-70F5-4D55-9B06-733CB24FD787}] => (Allow) E:\Program Files (x86)\Tom Clancys Splinter Cell Chaos Thheory\System\SPLINTERCELL3.EXE
FirewallRules: [TCP Query User{F067B661-82C8-43D3-893D-836800B88344}E:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [UDP Query User{A9483BE7-F053-4A3D-8501-12D227F20B33}E:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [TCP Query User{E0574B68-1D54-4AFE-95A2-7F417B0B7C57}E:\program files (x86)\call of duty - black ops\blackops.exe] => (Allow) E:\program files (x86)\call of duty - black ops\blackops.exe
FirewallRules: [UDP Query User{21A391A4-C3A7-4903-B0C4-3EED79ADFE06}E:\program files (x86)\call of duty - black ops\blackops.exe] => (Allow) E:\program files (x86)\call of duty - black ops\blackops.exe
FirewallRules: [{255D1F10-E8E5-49F5-A402-F7392800D4B8}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{3E14478D-1531-4B26-8520-215294CCE781}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{925C6B93-2E3B-42F7-9BA9-7CA96FEC4177}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{16A0AE25-4925-4AC2-BC69-70E7FEA39922}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{2C124122-B531-4429-B392-0EB19DD592DA}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{BF6B109B-992B-451E-A3D1-0481FF4E4101}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{606526C2-9AC1-4B4C-80A5-B7E32D4C870B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{A57EC963-8266-4A60-9EF8-0BB98A9D581F}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{C6765603-56B3-430F-AD77-71FF57EF5519}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{3D21C072-4877-48A7-8848-D3EAC776374D}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{125DD01B-6347-4094-9B1C-E0233FD2A56F}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
 
==================== Restore Points =========================
 
22-09-2016 22:46:47 Removed Microsoft Office Professional Plus 2013
22-09-2016 22:46:59 PROPLUSR
22-09-2016 22:49:03 ‏‏הוסר כלי ההגהה של Microsoft Office 2013 - עברית
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/22/2016 10:49:04 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddWin32ServiceFiles: Unable to back up image of service HPReyos Service since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
.
 
Error: (09/22/2016 10:47:05 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddWin32ServiceFiles: Unable to back up image of service HPReyos Service since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
.
 
Error: (09/22/2016 10:46:48 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddWin32ServiceFiles: Unable to back up image of service HPReyos Service since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
.
 
Error: (09/22/2016 09:58:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (09/22/2016 07:29:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (09/22/2016 03:44:22 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (09/22/2016 03:36:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (09/21/2016 09:41:00 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (09/21/2016 09:32:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (09/20/2016 11:00:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
 
System errors:
=============
Error: (09/23/2016 03:57:43 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{4C43288F-3282-4E19-BCD6-ABAE55DEC303}.
The backup browser is stopping.
 
Error: (09/22/2016 10:31:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HPReyos Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (09/22/2016 09:57:25 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
 
Error: (09/22/2016 09:55:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 2 time(s).
 
Error: (09/22/2016 09:55:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (09/22/2016 09:55:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (09/22/2016 09:55:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (09/22/2016 09:55:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Disc Soft Ultra Bus Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (09/22/2016 09:55:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (09/22/2016 09:55:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Streamer Network Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 24%
Total physical RAM: 16268.9 MB
Available physical RAM: 12348.93 MB
Total Virtual: 32535.98 MB
Available Virtual: 27577.04 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:111.69 GB) (Free:36.03 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:1863.01 GB) (Free:687.56 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: CEF72022)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: D79F335E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:52 AM

Posted 23 September 2016 - 09:07 AM

Good :) Your logs are almost clean, we'll just run a small FRST fix to take care of a few remnants and missing file entries.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Right-click on your Desktop, select New and click on Text Document. Name it fixlist (make sure it's a .txt file) and press on Enter;
  • Open the file you just created and copy/paste the content below in it, then save it (Ctrl + S);
    CloseProcesses:
    CreateRestorePoint:
    
    ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} =>  No File
    
    URLSearchHook: HKLM-x32 - (No Name) - {9843474f-6082-4a44-b63d-5559d9e8c6a8} - No File
    URLSearchHook: HKU\S-1-5-21-4126855326-3008047531-3105444804-1000 - (No Name) - {9843474f-6082-4a44-b63d-5559d9e8c6a8} - No File
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    
    S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
    S3 gdrv; \??\C:\Windows\gdrv.sys [X]
    
    Task: {423614B5-ED80-4D03-A9B1-67F811719F78} - System32\Tasks\{315D29BE-5337-426E-BB1F-153F4C85A909} => Chrome.exe hxxp://ui.skype.com/ui/0/7.10.0.101/en/abandoninstall?source=lightinstaller&amp;page=tsMain
    Task: {DD572A40-0512-4723-91F1-F87262531472} - System32\Tasks\{1C97F32D-275F-4D1A-9030-3D9442264C65} => Chrome.exe hxxp://ui.skype.com/ui/0/7.18.0.112/en/abandoninstall?source=lightinstaller&amp;page=tsInstall
    Task: {ED1B5F32-851D-45FF-8591-F47608186D9D} - System32\Tasks\{150046A4-C2F1-44FB-8B1A-3F067050CB17} => pcalua.exe -a "C:\Users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XX9F397Q\jre-8u101-windows-i586.exe" -d C:\Users\USER\Desktop
    
    AlternateDataStreams: C:\Windows\Temp:$DATA [16]
    AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformation [63]
    AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformation [63]
    AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
    AlternateDataStreams: C:\Users\USER\Desktop\????? ?????.jpg:3or4kl4x13tuuug3Byamue2s4b [93]
    AlternateDataStreams: C:\Users\USER\Desktop\????? ?????.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
    
    C:\Windows\gdrv.sys
    C:\Windows\system32\drivers\EagleX64.sys
    
    EmptyTemp:
    
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Click on the Fix button;
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Copy and paste its content in your next reply;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 curkeuc

curkeuc
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 23 September 2016 - 12:29 PM

actually, the app restarted my pc, and on boot up a log didnt open, but a fixlog.txt appeared on my desktop:

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-09-2016
Ran by USER (23-09-2016 20:24:50) Run:1
Running from C:\Users\USER\Desktop
Loaded Profiles: USER (Available Profiles: USER & Smurf & Guest)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
 
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} =>  No File
 
URLSearchHook: HKLM-x32 - (No Name) - {9843474f-6082-4a44-b63d-5559d9e8c6a8} - No File
URLSearchHook: HKU\S-1-5-21-4126855326-3008047531-3105444804-1000 - (No Name) - {9843474f-6082-4a44-b63d-5559d9e8c6a8} - No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
 
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
 
Task: {423614B5-ED80-4D03-A9B1-67F811719F78} - System32\Tasks\{315D29BE-5337-426E-BB1F-153F4C85A909} => Chrome.exe hxxp://ui.skype.com/ui/0/7.10.0.101/en/abandoninstall?source=lightinstaller&amp;page=tsMain
Task: {DD572A40-0512-4723-91F1-F87262531472} - System32\Tasks\{1C97F32D-275F-4D1A-9030-3D9442264C65} => Chrome.exe hxxp://ui.skype.com/ui/0/7.18.0.112/en/abandoninstall?source=lightinstaller&amp;page=tsInstall
Task: {ED1B5F32-851D-45FF-8591-F47608186D9D} - System32\Tasks\{150046A4-C2F1-44FB-8B1A-3F067050CB17} => pcalua.exe -a "C:\Users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XX9F397Q\jre-8u101-windows-i586.exe" -d C:\Users\USER\Desktop
 
AlternateDataStreams: C:\Windows\Temp:$DATA [16]
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformation [63]
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformation [63]
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\USER\Desktop\????? ?????.jpg:3or4kl4x13tuuug3Byamue2s4b [93]
AlternateDataStreams: C:\Users\USER\Desktop\????? ?????.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
 
C:\Windows\gdrv.sys
C:\Windows\system32\drivers\EagleX64.sys
 
EmptyTemp:
*****************
 
Processes closed successfully.
Restore point was successfully created.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GDriveSharedOverlay" => key removed successfully
HKCR\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => key not found. 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{9843474f-6082-4a44-b63d-5559d9e8c6a8} => value removed successfully
HKU\S-1-5-21-4126855326-3008047531-3105444804-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{9843474f-6082-4a44-b63d-5559d9e8c6a8} => value removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
EagleX64 => service removed successfully
gdrv => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{423614B5-ED80-4D03-A9B1-67F811719F78}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{423614B5-ED80-4D03-A9B1-67F811719F78}" => key removed successfully
C:\Windows\System32\Tasks\{315D29BE-5337-426E-BB1F-153F4C85A909} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{315D29BE-5337-426E-BB1F-153F4C85A909}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DD572A40-0512-4723-91F1-F87262531472}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD572A40-0512-4723-91F1-F87262531472}" => key removed successfully
C:\Windows\System32\Tasks\{1C97F32D-275F-4D1A-9030-3D9442264C65} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1C97F32D-275F-4D1A-9030-3D9442264C65}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ED1B5F32-851D-45FF-8591-F47608186D9D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ED1B5F32-851D-45FF-8591-F47608186D9D}" => key removed successfully
C:\Windows\System32\Tasks\{150046A4-C2F1-44FB-8B1A-3F067050CB17} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{150046A4-C2F1-44FB-8B1A-3F067050CB17}" => key removed successfully
C:\Windows\Temp => ":$DATA" ADS removed successfully.
"C:\Windows\SysWOW64\zlib.dll" => ":DocumentSummaryInformation" ADS not found.
"C:\Windows\SysWOW64\zlib.dll" => ":SummaryInformation" ADS not found.
C:\Windows\SysWOW64\zlib.dll => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
"C:\Users\USER\Desktop\????? ?????.jpg" => ":3or4kl4x13tuuug3Byamue2s4b" ADS not found.
"C:\Users\USER\Desktop\????? ?????.jpg" => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS not found.
"C:\Windows\gdrv.sys" => not found.
"C:\Windows\system32\drivers\EagleX64.sys" => not found.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 22487408 B
Java, Flash, Steam htmlcache => 275440940 B
Windows/system/drivers => 404524385 B
Edge => 0 B
Chrome => 276138619 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 58504173 B
systemprofile32 => 79346 B
LocalService => 66228 B
NetworkService => 66228 B
USER => 1290801047 B
Smurf => 8066569 B
Guest => 80399369 B
 
RecycleBin => 17379 B
EmptyTemp: => 2.3 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 20:25:14 ====


#12 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:52 AM

Posted 23 September 2016 - 12:45 PM

The script worked well for the most part except for the ADS. Since I created the fix in Notepad++, characters were messed up for 2 files on your desktop, showing as ?'s instead. So we'll re-run that part. You'll need to save the log using Unicode encoding (I added the instruction for it).

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Right-click on your Desktop, select New and click on Text Document. Name it fixlist (make sure it's a .txt file) and press on Enter;
  • Open the file you just created and copy/paste the content below in it, then save it (Ctrl + S) and change the Encoding box to Unicode at the bottom;
    CloseProcesses:
    
    AlternateDataStreams: C:\Windows\Temp:$DATA [16]
    AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformation [63]
    AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformation [63]
    AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
    AlternateDataStreams: C:\Users\USER\Desktop\צילום קבלות.jpg:3or4kl4x13tuuug3Byamue2s4b [93]
    AlternateDataStreams: C:\Users\USER\Desktop\צילום קבלות.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
    
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Click on the Fix button;
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Copy and paste its content in your next reply;

Edited by Aura, 23 September 2016 - 12:46 PM.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#13 curkeuc

curkeuc
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 24 September 2016 - 12:25 PM

what do you mean by "and change the Encoding box to Unicode at the bottom"? on the "save" window? on the notepad app?


Edited by curkeuc, 24 September 2016 - 01:00 PM.


#14 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:52 AM

Posted 24 September 2016 - 03:27 PM

In the Save window, yes. Here:

h1SOpOP.png

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#15 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:52 AM

Posted 28 September 2016 - 08:47 AM

Hi curkeuc,

Are you still with me?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users