Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

RegSvr32 issues, malware.


  • This topic is locked This topic is locked
3 replies to this topic

#1 vulpuslsx

vulpuslsx

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 26 September 2016 - 07:19 PM

I've got my scan ready. I'm going to paste it in a PasteBin, cause it's a massive log file and I don't want to spam the post. http://pastebin.com/BFyG5w8E
 
Mod Edit:  Pasted log into post - Hamluis.


 downloadcloneembedreportprint text 120.51 KB
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-09-2016
Ran by Jaden (administrator) on DESKTOP-B2EF1HA (26-09-2016 20:08:44)
Running from A:\Downloads
Loaded Profiles: Jaden (Available Profiles: Jaden)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(SanDisk) C:\Program Files (x86)\SanDisk\SSD Dashboard\SanDiskSSDDashboardService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Flux Software LLC) C:\Users\Jaden\AppData\Local\FluxSoftware\Flux\flux.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe
() C:\Program Files (x86)\very\furnas.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.1\Lightshot.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) A:\Downloads\FRST64 (1).exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1767944 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-07-06] (Apple Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-26] (Microsoft Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [454792 2016-06-07] (Power Software Ltd)
HKU\S-1-5-21-2701077328-3748694340-3980427299-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2857248 2016-08-23] (Valve Corporation)
HKU\S-1-5-21-2701077328-3748694340-3980427299-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [43984 2016-08-19] (Glarysoft Ltd)
HKU\S-1-5-21-2701077328-3748694340-3980427299-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3639280 2016-08-30] (Electronic Arts)
HKU\S-1-5-21-2701077328-3748694340-3980427299-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [247344 2016-09-15] ()
HKU\S-1-5-21-2701077328-3748694340-3980427299-1001\...\Run: [Discord] => C:\Users\Jaden\AppData\Local\Discord\app-0.0.296\Discord.exe [62471352 2016-08-24] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-2701077328-3748694340-3980427299-1001\...\Run: [f.lux] => C:\Users\Jaden\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-2701077328-3748694340-3980427299-1001\...\Run: [HP Deskjet 3510 series (NET)] => C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2701077328-3748694340-3980427299-1001\...\Run: [Ahworks] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Jaden\AppData\Local\Ugmedia\dhqwuckp.dll
HKU\S-1-5-21-2701077328-3748694340-3980427299-1001\...\Run: [furnas] => C:\Program Files (x86)\very\furnas.exe [36762 2016-09-26] ()
HKU\S-1-5-21-2701077328-3748694340-3980427299-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8912088 2016-08-26] (Piriform Ltd)
HKU\S-1-5-21-2701077328-3748694340-3980427299-1001\...\Run: [buzzes] => "C:\Program Files (x86)\strongly\tilts.exe"
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
Startup: C:\Users\Jaden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3510 series (Network).lnk [2016-09-26]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 3510 series (Network).lnk -> C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{ce0d6dd3-c344-40c4-8fa2-3fc981c01944}: [DhcpNameServer] 75.75.76.76 75.75.75.75

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2701077328-3748694340-3980427299-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-07-26] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-26] (Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2016-07-30] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-07-26] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-26] (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)

FireFox:
========
FF ProfilePath: C:\Users\Jaden\AppData\Roaming\Mozilla\Firefox\Profiles\oyca47wd.default
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-26] (Oracle Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-07-28] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-07-28] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-07-28] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-07-28] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-26] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-07-10] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-07-10] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-26] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-26] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin HKU\S-1-5-21-2701077328-3748694340-3980427299-1001: @nsroblox.roblox.com/launcher -> C:\Users\Jaden\AppData\Local\Roblox\Versions\version-256edf8e82cb478d\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-2701077328-3748694340-3980427299-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\Jaden\AppData\Local\Roblox\Versions\version-256edf8e82cb478d\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Extension: (Firefox Hotfix) - C:\Users\Jaden\AppData\Roaming\Mozilla\Firefox\Profiles\oyca47wd.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-25]
FF Extension: (Running Share Manager) - C:\Users\Jaden\AppData\Roaming\Mozilla\Firefox\Profiles\oyca47wd.default\Extensions\{7DABAB63-27F8-B15D-37BC-61F6AD2DF88B} [2016-09-26] [not signed]
FF Extension: (Adblock Plus) - C:\Users\Jaden\AppData\Roaming\Mozilla\Firefox\Profiles\oyca47wd.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-08-08]
FF HKU\S-1-5-21-2701077328-3748694340-3980427299-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => not found

Chrome:
=======
CHR DefaultSearchKeyword: Default -> lp
CHR Profile: C:\Users\Jaden\AppData\Local\Google\Chrome\User Data\Default [2016-09-26]
CHR Extension: (Google Slides) - C:\Users\Jaden\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-07-26]
CHR Extension: (Google Docs) - C:\Users\Jaden\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-07-26]
CHR Extension: (Google Drive) - C:\Users\Jaden\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-26]
CHR Extension: (YouTube) - C:\Users\Jaden\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-26]
CHR Extension: (Adblock Plus) - C:\Users\Jaden\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-08-25]
CHR Extension: (Dark Theme v3) - C:\Users\Jaden\AppData\Local\Google\Chrome\User Data\Default\Extensions\djlgdeklopcjagknhlchbdjekgpgenad [2016-09-26]
CHR Extension: (Google Sheets) - C:\Users\Jaden\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-07-26]
CHR Extension: (Google Docs Offline) - C:\Users\Jaden\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-26]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Jaden\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-09-05]
CHR Extension: (Auto HD For YouTube™) - C:\Users\Jaden\AppData\Local\Google\Chrome\User Data\Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak [2016-07-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jaden\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-26]
CHR Extension: (Gmail) - C:\Users\Jaden\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-26]
CHR Extension: (Chrome Media Router) - C:\Users\Jaden\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-21]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1648840 2016-08-05] (Foxit Software Inc.)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342456 2016-06-21] (Futuremark)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-14] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2122248 2016-08-30] (Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1310448 2016-09-15] (Overwolf LTD)
R2 SanDisk SSD Dashboard Service; C:\Program Files (x86)\SanDisk\SSD Dashboard\SanDiskSSDDashboardService.exe [373760 2016-06-24] (SanDisk) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-07-16] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7534864 2016-08-25] (TeamViewer GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BioNTDrv; C:\Program Files\Paragon Software\Partition Manager 14 Free\program\BioNTDrv.SYS [19208 2014-11-17] (Paragon Software Group)
R3 CMUSBDAC; C:\Windows\system32\DRIVERS\CMUSBDAC.sys [3778592 2016-07-26] (C-MEDIA)
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d65x64.sys [559080 2016-07-26] (Intel Corporation)
R1 GUBootStartup; C:\WINDOWS\System32\drivers\GUBootStartup.sys [20160 2016-08-16] (Glarysoft Ltd)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispiwu.inf_amd64_9ff5ab165faead52\nvlddmkm.sys [13754936 2016-08-27] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 XSplit_Dummy; C:\Windows\system32\drivers\xspltspk.sys [26200 2015-05-26] (SplitmediaLabs Limited)

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-09-2016
Ran by Jaden (26-09-2016 20:09:13)
Running from A:\Downloads
Windows 10 Pro Version 1607 (X64) (2016-09-26 05:15:20)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2701077328-3748694340-3980427299-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2701077328-3748694340-3980427299-503 - Limited - Disabled)
Guest (S-1-5-21-2701077328-3748694340-3980427299-501 - Limited - Disabled)
Jaden (S-1-5-21-2701077328-3748694340-3980427299-1001 - Administrator - Enabled) => C:\Users\Jaden

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe After Effects CS6 (HKLM-x32\...\{4817D846-700B-474E-A31B-80892B3E92E3}) (Version: 11 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 22.0.0.153 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Ansel (Version: 368.81 - NVIDIA Corporation) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
AutoHotkey 1.1.24.01 (HKLM\...\AutoHotkey) (Version: 1.1.24.01 - Lexikos)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Camtasia Studio 8 (HKLM-x32\...\{80AE23DF-71A4-4E3F-B931-F93AB5DF0BDD}) (Version: 8.4.2.1768 - TechSmith Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.22 - Piriform)
CEVO CS:GO Client Beta version 2.0 (HKLM-x32\...\CEVO CS:GO Client Beta_is1) (Version: 2.0 - )
Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
Discord (HKU\S-1-5-21-2701077328-3748694340-3980427299-1001\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
f.lux (HKU\S-1-5-21-2701077328-3748694340-3980427299-1001\...\Flux) (Version:  - )
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.0.2.805 - Foxit Software Inc.)
Futuremark SystemInfo (HKLM-x32\...\{C7FF0DD8-90C1-4612-B41F-0CA013062953}) (Version: 4.47.597.0 - Futuremark)
Glary Utilities 5.58 (HKLM-x32\...\Glary Utilities 5) (Version: 5.58.0.79 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\Grand Theft Auto V_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, ProZorg_tm)
Grand Theft Auto V (HKLM-x32\...\R3JhbmRUaGVmdEF1dG9W_is1) (Version: 1 - )
HP Deskjet 3510 series Basic Device Software (HKLM\...\{7F20F2D1-C425-4432-96BA-EBD0C2181493}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
Intel® Network Connections 20.2.4001.0 (HKLM\...\PROSetDX) (Version: 20.2.4001.0 - Intel)
iTunes (HKLM\...\{E109B4A3-9883-4E6E-9A19-4D7E1A88AFE8}) (Version: 12.4.2.4 - Apple Inc.)
Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Lightshot-5.4.0.1 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.1 - Skillbrains)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
MiniTool Partition Wizard Free 9.1 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
Mozilla Firefox 48.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 48.0 (x86 en-US)) (Version: 48.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.2 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.2 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 368.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 368.81 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA Graphics Driver 368.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 368.81 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenIV (HKU\S-1-5-21-2701077328-3748694340-3980427299-1001\...\OpenIV) (Version: 2.8.703 - .black/OpenIV Team)
OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.12.2.60376 - Electronic Arts, Inc.)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.98.16.0 - Overwolf Ltd.)
Paragon Partition Manager™ 14 Free (HKLM\...\{47E5588F-C3A0-11DE-9857-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.6 - Power Software Ltd)
Prism Video File Converter (HKLM-x32\...\Prism) (Version: 2.62 - NCH Software)
qBittorrent 3.3.7 (HKLM-x32\...\qBittorrent) (Version: 3.3.7 - The qBittorrent project)
ROBLOX Player for Jaden (HKU\S-1-5-21-2701077328-3748694340-3980427299-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.7.8 - Rockstar Games)
SanDisk SSD Dashboard (HKLM-x32\...\SanDisk SSD Dashboard) (Version: 1.4.3 - Western Digital Corporation or its affiliates)
SanDisk SSD Dashboard Service (HKLM-x32\...\{760A9A9B-238A-4EC2-ABFD-88F340D676BC}) (Version: 1.0.2 - SanDisk Corporation)
Shairport4w (HKU\S-1-5-21-2701077328-3748694340-3980427299-1001\...\Shairport4w) (Version: 1.0.8.8 - Frank Friemel)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Skype™ 7.25 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.25.106 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.65452 - TeamViewer)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2701077328-3748694340-3980427299-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Jaden\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2701077328-3748694340-3980427299-1001_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Jaden\AppData\Local\Roblox\Versions\version-256edf8e82cb478d\RobloxProxy64.dll (ROBLOX Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02EE562F-3EF7-4875-96EB-7E50063307B6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {04D7EBC5-18C9-4EB9-A463-6450A05B380D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-26] (Google Inc.)
Task: {1A88D291-F1E9-46C1-9129-B6384D3D8912} - \GU5SkipUAC -> No File <==== ATTENTION
Task: {59F3E353-333B-4070-B4B4-C4B70B8FB548} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-26] (Piriform Ltd)
Task: {68F2768B-22CD-4AE1-956C-17155587F509} - \Overwolf Updater Task -> No File <==== ATTENTION
Task: {6B808330-A0B9-4DF1-A09D-F0705B94EF29} - \User_Feed_Synchronization-{D2205FF3-823C-4772-8A18-4D7A06194717} -> No File <==== ATTENTION
Task: {9A05F29C-4011-45BC-B568-2C5AF8289932} - \update-S-1-5-21-2701077328-3748694340-3980427299-1001 -> No File <==== ATTENTION
Task: {BB8E03CA-AE36-4C78-B926-A9323E97C73F} - \update-sys -> No File <==== ATTENTION
Task: {C4AC37D1-17BB-4A23-B7DD-7F9CDF2E04C2} - \OneDrive Standalone Update Task -> No File <==== ATTENTION
Task: {DB6AB80C-A09B-4C62-917C-7DB018115F88} - \e02c4bd5-54d5-4470-9ea0-a68d88112c00 -> No File <==== ATTENTION
Task: {DFC051B5-2DAF-4444-9B4C-04A90D45BAB3} - \GlaryInitialize 5 -> No File <==== ATTENTION
Task: {F309DD5B-2DBE-43F8-95A4-17E273B445FD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-26] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\update-S-1-5-21-2701077328-3748694340-3980427299-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Jaden\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.html
Shortcut: C:\Users\Jaden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Ехplоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat ()
Shortcut: C:\Users\Jaden\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat ()

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 07:42 - 2016-07-16 07:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-09-26 05:08 - 2016-09-26 05:08 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-26 01:10 - 2016-08-01 08:54 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-07-05 18:23 - 2016-07-05 18:23 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-07-05 18:23 - 2016-07-05 18:23 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-07-26 23:38 - 2016-06-14 16:03 - 00288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-07-26 23:38 - 2016-06-14 16:03 - 00367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-07-26 23:38 - 2016-06-14 16:03 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-07-26 23:38 - 2016-06-14 16:03 - 03611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-07-26 23:38 - 2016-06-14 16:03 - 02665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-07-26 23:38 - 2016-06-14 16:03 - 01988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-07-26 23:38 - 2016-06-14 16:03 - 01840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-07-26 23:38 - 2016-06-14 16:03 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-07-26 23:38 - 2016-06-14 16:03 - 00034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-07-26 23:38 - 2016-06-14 16:03 - 00920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2016-09-26 05:08 - 2016-09-26 05:08 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-26 01:16 - 2016-09-26 01:16 - 01864384 _____ () C:\Users\Jaden\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\ClientTelemetry.dll
2016-05-17 18:42 - 2016-05-17 18:42 - 00230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2016-09-26 05:08 - 2016-09-26 05:08 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-09-26 05:08 - 2016-09-26 05:08 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-09-26 05:08 - 2016-09-26 05:08 - 09760256 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-09-26 05:08 - 2016-09-26 05:08 - 01401344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-09-26 05:08 - 2016-09-26 05:08 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-09-26 05:08 - 2016-09-26 05:08 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-09-26 05:08 - 2016-09-26 05:08 - 02438144 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-09-26 05:08 - 2016-09-26 05:08 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-09-26 04:50 - 2016-09-26 04:50 - 00036762 _____ () C:\Program Files (x86)\very\furnas.exe
2016-09-26 17:18 - 2016-09-13 22:52 - 02280264 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\libglesv2.dll
2016-09-26 17:18 - 2016-09-13 22:52 - 00107848 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\libegl.dll
2016-08-15 18:53 - 2016-08-15 18:53 - 00017408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-08-15 18:53 - 2016-08-15 18:53 - 13475840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-07-28 14:11 - 2016-07-28 14:11 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2016-07-27 03:54 - 2016-07-27 03:54 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-07-26 23:38 - 2016-06-14 16:03 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-09-26 01:16 - 2016-09-26 01:16 - 01383616 _____ () C:\Users\Jaden\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\ClientTelemetry.dll
2016-09-26 01:17 - 2016-09-26 01:17 - 00118976 _____ () C:\Users\Jaden\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\FileSyncViews.dll
2016-08-19 04:31 - 2016-08-19 04:31 - 00086992 _____ () C:\Program Files (x86)\Glary Utilities 5\zlib1.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 07:04 - 2016-09-26 06:36 - 00000948 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 oscount.techsmith.com
127.0.0.1 activation.cloud.techsmith.com
162.222.194.13       cocomo.tremorhub.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2701077328-3748694340-3980427299-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jaden\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 75.75.76.76 - 75.75.75.75
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE"
HKU\S-1-5-21-2701077328-3748694340-3980427299-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2701077328-3748694340-3980427299-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2701077328-3748694340-3980427299-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2701077328-3748694340-3980427299-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_C80B7BE06CB2112D57CF30CB81254E22"
HKU\S-1-5-21-2701077328-3748694340-3980427299-1001\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-2701077328-3748694340-3980427299-1001\...\StartupApproved\Run: => "Overwolf"
HKU\S-1-5-21-2701077328-3748694340-3980427299-1001\...\StartupApproved\Run: => "Discord"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{9F24F688-A2F2-4365-844B-3BD3B242C426}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{38EF1A56-0F2C-43A6-8A20-FBC12284DBA8}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{CAF95D10-A2BC-4AFD-A1E2-C389B67968FF}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\DeviceSetup.exe
FirewallRules: [UDP Query User{468F6942-A030-4BE2-A1E3-148051D0B8E0}A:\programs\grand theft auto v\grand theft auto v\gta5.exe] => (Allow) A:\programs\grand theft auto v\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{5211A339-87C9-4705-8DCB-5B7704A72364}A:\programs\grand theft auto v\grand theft auto v\gta5.exe] => (Allow) A:\programs\grand theft auto v\grand theft auto v\gta5.exe
FirewallRules: [{C7F176B0-4867-45DE-875D-DBB8878F555A}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{A2833EA8-5528-4D6B-B650-39BA40FA733F}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{B16635EB-2194-4E70-A4FD-EFDDDA784C4B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{1EECD0D7-7FBB-4304-AA81-E5D9B60E88CF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{CA6169FE-0826-4C15-91AB-A63F217244D5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{5EEB6CF9-0D4B-42AD-BF6D-B0DC0BC5AD85}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{834E805B-66F5-409E-81A8-E8F7251FBC1C}] => (Allow) C:\Program Files (x86)\Shairport4w\Shairport4w.exe
FirewallRules: [{1843D81B-6F3D-4660-86A8-2A5D2147EA41}] => (Allow) C:\Program Files (x86)\Shairport4w\Shairport4w.exe
FirewallRules: [{096417F8-BAE7-4BB5-9FC6-C8E6AE158BFA}] => (Allow) LPort=8317
FirewallRules: [{2F6E207F-A358-4029-9ECE-9C9C9A32410D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D2B65BDE-0832-4E58-AC1D-BFD90F27E705}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D043C5BF-E3B0-43D7-9B35-7B0F9214F0E4}] => (Allow) LPort=1688
FirewallRules: [UDP Query User{81CF9EAE-946E-497F-BC60-DAF72DB98836}C:\program files (x86)\battlefield 4\bf4.exe] => (Allow) C:\program files (x86)\battlefield 4\bf4.exe
FirewallRules: [TCP Query User{97A6FC7B-CA63-4CA3-A74F-FB301F68C04F}C:\program files (x86)\battlefield 4\bf4.exe] => (Allow) C:\program files (x86)\battlefield 4\bf4.exe
FirewallRules: [{BD12EF05-FB26-4F66-B00C-EBB961C3F5CE}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{DCD9AD41-AA9C-4971-9B2C-474D7A91B6FC}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{955EBE23-D5B2-41CC-BC16-7F8ED60BE8D3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{76205E9C-333B-4B73-B374-297873898457}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{D0CEFD6B-B344-4AF2-BA46-0949EE09832D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{54B6D9EF-B3AB-48A0-8AC4-A26E58744D06}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{4016C3C5-2A6A-413C-BD0D-86A22036E26A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A3D32E04-1D9F-4999-84A5-75836E2419C0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{68AE29F3-40F7-42DD-B708-E3140A431CCB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{23DBFCFB-DBEE-448D-B3F9-9A0B967B6AE8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{A2047078-9D7F-4695-A4B1-BBE94EDD7C11}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7629902A-4E48-4163-9B81-89DA1DCC7CCF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{9FA4B76E-4C1F-4442-AE8B-BBBBA72116E6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{F1051ACB-01E1-4D86-81AF-780CF44570B5}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{336A8881-15E4-454B-B091-9F24B02E492F}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{312DC24B-DDB4-423D-ABE0-67668B3FD3C9}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{E7346325-087B-4D24-819B-215B34B719E6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C81EB092-AE45-45FD-A614-958F87BC6C9A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4123DCEF-8587-4F92-ACFE-DED0465B421B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0DD9F4DB-7BFB-4E7D-BCF7-892F1351A6B2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{87B1BC71-FE02-4C1A-9D3E-CA643525E30F}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{BFFE540F-B9F7-4302-BFC2-9DA390F9D314}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{29EEC7EB-A1EF-49B3-8F58-47A133ADE9BB}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{486A41F6-D3CE-4C9C-8575-2D52AFF24306}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{D4420A5B-A7D5-4983-9B77-0F9DD7B7401A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{65B31BC9-766C-41FE-8423-48CA5082A72D}A:\programs\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) A:\programs\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{772B327A-FDC0-4BA5-BF78-53324A6E1147}A:\programs\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) A:\programs\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{7B8EFF10-CA40-491A-B859-11D5B1CFD3C8}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩獵履楗剮畯整⹄硥e
FirewallRules: [{F9478C85-6F8B-41BA-AB25-1184360C577B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/26/2016 06:06:36 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (09/26/2016 06:06:25 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (09/26/2016 05:56:05 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (09/26/2016 05:55:55 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (09/26/2016 05:55:18 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007139F
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (09/26/2016 05:55:13 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x800706BE
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (09/26/2016 05:55:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   25 B.1.1.2.D.2.F.4.A.2.3.C.3.3.C.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR DESKTOP-B2EF1HA-2.local.

Error: (09/26/2016 05:55:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.4:5353   23 B.1.1.2.D.2.F.4.A.2.3.C.3.3.C.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR DESKTOP-B2EF1HA.local.

Error: (09/26/2016 05:55:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   25 A.C.A.8.4.1.4.E.5.2.7.9.9.D.8.5.0.B.2.D.0.0.2.0.B.8.9.0.1.0.6.2.ip6.arpa. PTR DESKTOP-B2EF1HA-2.local.

Error: (09/26/2016 05:55:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.4:5353   23 A.C.A.8.4.1.4.E.5.2.7.9.9.D.8.5.0.B.2.D.0.0.2.0.B.8.9.0.1.0.6.2.ip6.arpa. PTR DESKTOP-B2EF1HA.local.


System errors:
=============
Error: (09/26/2016 06:06:10 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/26/2016 06:06:03 PM) (Source: Application Popup) (EventID: 56) (User: )
Description: ACPI5

Error: (09/26/2016 05:55:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/26/2016 05:55:34 PM) (Source: Application Popup) (EventID: 56) (User: )
Description: ACPI5

Error: (09/26/2016 05:55:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/26/2016 05:54:52 PM) (Source: Application Popup) (EventID: 56) (User: )
Description: ACPI5


==================== Memory info ===========================

Processor: Intel® Core™ i5-6600 CPU @ 3.30GHz
Percentage of memory in use: 17%
Total physical RAM: 16294.39 MB
Available physical RAM: 13509.17 MB
Total Virtual: 19238.39 MB
Available Virtual: 16183.27 MB

==================== Drives ================================

Drive a: (Programs and Files) (Fixed) (Total:931.5 GB) (Free:683.5 GB) NTFS
Drive c: () (Fixed) (Total:223.08 GB) (Free:122.83 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 0C39C872)

Partition: GPT.

==================== End of Addition.txt ============================

Edited by nasdaq, 27 September 2016 - 10:43 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,225 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:24 PM

Posted 27 September 2016 - 10:54 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

ATTENTION: System Restore is disabled
Turn System Restore On for Drives in Windows 10
http://www.tenforums.com/tutorials/4533-system-protection-turn-off-drives-windows-10-a.html
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

() C:\Program Files (x86)\very\furnas.exe
HKU\S-1-5-21-2701077328-3748694340-3980427299-1001\...\Run: [Ahworks] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Jaden\AppData\Local\Ugmedia\dhqwuckp.dll
HKU\S-1-5-21-2701077328-3748694340-3980427299-1001\...\Run: [furnas] => C:\Program Files (x86)\very\furnas.exe [36762 2016-09-26] ()
HKU\S-1-5-21-2701077328-3748694340-3980427299-1001\...\Run: [buzzes] => "C:\Program Files (x86)\strongly\tilts.exe"
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2701077328-3748694340-3980427299-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF HKU\S-1-5-21-2701077328-3748694340-3980427299-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => not found
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jaden\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-26]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
Task: {1A88D291-F1E9-46C1-9129-B6384D3D8912} - \GU5SkipUAC -> No File <==== ATTENTION
Task: {68F2768B-22CD-4AE1-956C-17155587F509} - \Overwolf Updater Task -> No File <==== ATTENTION
Task: {6B808330-A0B9-4DF1-A09D-F0705B94EF29} - \User_Feed_Synchronization-{D2205FF3-823C-4772-8A18-4D7A06194717} -> No File <==== ATTENTION
Task: {9A05F29C-4011-45BC-B568-2C5AF8289932} - \update-S-1-5-21-2701077328-3748694340-3980427299-1001 -> No File <==== ATTENTION
Task: {BB8E03CA-AE36-4C78-B926-A9323E97C73F} - \update-sys -> No File <==== ATTENTION
Task: {C4AC37D1-17BB-4A23-B7DD-7F9CDF2E04C2} - \OneDrive Standalone Update Task -> No File <==== ATTENTION
Task: {DB6AB80C-A09B-4C62-917C-7DB018115F88} - \e02c4bd5-54d5-4470-9ea0-a68d88112c00 -> No File <==== ATTENTION
Task: {DFC051B5-2DAF-4444-9B4C-04A90D45BAB3} - \GlaryInitialize 5 -> No File <==== ATTENTION
Shortcut: C:\Users\Jaden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Int?rn?t ??pl?r?r.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat ()
Shortcut: C:\Users\Jaden\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\??zill? Fir?f??.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat ()
C:\Program Files (x86)\very
C:\Program Files (x86)\strongly
C:\Program Files (x86)\Internet Explorer\iexplore.bat
C:\Program Files (x86)\Mozilla Firefox\firefox.bat

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please post the log and let me know if the problem persists.

#3 vulpuslsx

vulpuslsx
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 27 September 2016 - 06:53 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

ATTENTION: System Restore is disabled
Turn System Restore On for Drives in Windows 10
http://www.tenforums.com/tutorials/4533-system-protection-turn-off-drives-windows-10-a.html
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 

start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

() C:\Program Files (x86)\very\furnas.exe
HKU\S-1-5-21-2701077328-3748694340-3980427299-1001\...\Run: [Ahworks] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Jaden\AppData\Local\Ugmedia\dhqwuckp.dll
HKU\S-1-5-21-2701077328-3748694340-3980427299-1001\...\Run: [furnas] => C:\Program Files (x86)\very\furnas.exe [36762 2016-09-26] ()
HKU\S-1-5-21-2701077328-3748694340-3980427299-1001\...\Run: [buzzes] => "C:\Program Files (x86)\strongly\tilts.exe"
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2701077328-3748694340-3980427299-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF HKU\S-1-5-21-2701077328-3748694340-3980427299-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => not found
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jaden\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-26]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
Task: {1A88D291-F1E9-46C1-9129-B6384D3D8912} - \GU5SkipUAC -> No File <==== ATTENTION
Task: {68F2768B-22CD-4AE1-956C-17155587F509} - \Overwolf Updater Task -> No File <==== ATTENTION
Task: {6B808330-A0B9-4DF1-A09D-F0705B94EF29} - \User_Feed_Synchronization-{D2205FF3-823C-4772-8A18-4D7A06194717} -> No File <==== ATTENTION
Task: {9A05F29C-4011-45BC-B568-2C5AF8289932} - \update-S-1-5-21-2701077328-3748694340-3980427299-1001 -> No File <==== ATTENTION
Task: {BB8E03CA-AE36-4C78-B926-A9323E97C73F} - \update-sys -> No File <==== ATTENTION
Task: {C4AC37D1-17BB-4A23-B7DD-7F9CDF2E04C2} - \OneDrive Standalone Update Task -> No File <==== ATTENTION
Task: {DB6AB80C-A09B-4C62-917C-7DB018115F88} - \e02c4bd5-54d5-4470-9ea0-a68d88112c00 -> No File <==== ATTENTION
Task: {DFC051B5-2DAF-4444-9B4C-04A90D45BAB3} - \GlaryInitialize 5 -> No File <==== ATTENTION
Shortcut: C:\Users\Jaden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Int?rn?t ??pl?r?r.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat ()
Shortcut: C:\Users\Jaden\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\??zill? Fir?f??.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat ()
C:\Program Files (x86)\very
C:\Program Files (x86)\strongly
C:\Program Files (x86)\Internet Explorer\iexplore.bat
C:\Program Files (x86)\Mozilla Firefox\firefox.bat

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please post the log and let me know if the problem persists.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 25-09-2016
Ran by Jaden (27-09-2016 19:50:36) Run:1
Running from C:\Users\Jaden\Desktop
Loaded Profiles: Jaden (Available Profiles: Jaden)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
() C:\Program Files (x86)\very\furnas.exe
HKU\S-1-5-21-2701077328-3748694340-3980427299-1001\...\Run: [Ahworks] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Jaden\AppData\Local\Ugmedia\dhqwuckp.dll
HKU\S-1-5-21-2701077328-3748694340-3980427299-1001\...\Run: [furnas] => C:\Program Files (x86)\very\furnas.exe [36762 2016-09-26] ()
HKU\S-1-5-21-2701077328-3748694340-3980427299-1001\...\Run: [buzzes] => "C:\Program Files (x86)\strongly\tilts.exe"
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2701077328-3748694340-3980427299-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF HKU\S-1-5-21-2701077328-3748694340-3980427299-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => not found
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jaden\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-26]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
Task: {1A88D291-F1E9-46C1-9129-B6384D3D8912} - \GU5SkipUAC -> No File <==== ATTENTION
Task: {68F2768B-22CD-4AE1-956C-17155587F509} - \Overwolf Updater Task -> No File <==== ATTENTION
Task: {6B808330-A0B9-4DF1-A09D-F0705B94EF29} - \User_Feed_Synchronization-{D2205FF3-823C-4772-8A18-4D7A06194717} -> No File <==== ATTENTION
Task: {9A05F29C-4011-45BC-B568-2C5AF8289932} - \update-S-1-5-21-2701077328-3748694340-3980427299-1001 -> No File <==== ATTENTION
Task: {BB8E03CA-AE36-4C78-B926-A9323E97C73F} - \update-sys -> No File <==== ATTENTION
Task: {C4AC37D1-17BB-4A23-B7DD-7F9CDF2E04C2} - \OneDrive Standalone Update Task -> No File <==== ATTENTION
Task: {DB6AB80C-A09B-4C62-917C-7DB018115F88} - \e02c4bd5-54d5-4470-9ea0-a68d88112c00 -> No File <==== ATTENTION
Task: {DFC051B5-2DAF-4444-9B4C-04A90D45BAB3} - \GlaryInitialize 5 -> No File <==== ATTENTION
Shortcut: C:\Users\Jaden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Int?rn?t ??pl?r?r.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat ()
Shortcut: C:\Users\Jaden\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\??zill? Fir?f??.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat ()
C:\Program Files (x86)\very
C:\Program Files (x86)\strongly
C:\Program Files (x86)\Internet Explorer\iexplore.bat
C:\Program Files (x86)\Mozilla Firefox\firefox.bat
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Program Files (x86)\very\furnas.exe => No running process found
HKU\S-1-5-21-2701077328-3748694340-3980427299-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Ahworks => value removed successfully
HKU\S-1-5-21-2701077328-3748694340-3980427299-1001\Software\Microsoft\Windows\CurrentVersion\Run\\furnas => value removed successfully
HKU\S-1-5-21-2701077328-3748694340-3980427299-1001\Software\Microsoft\Windows\CurrentVersion\Run\\buzzes => value removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-2701077328-3748694340-3980427299-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\S-1-5-21-2701077328-3748694340-3980427299-1001\Software\Mozilla\SeaMonkey\Extensions\\mozilla_cc2@internetdownloadmanager.com => value removed successfully
C:\Users\Jaden\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\ngpampappnmepgilojfohadhhmbhlaek" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1A88D291-F1E9-46C1-9129-B6384D3D8912}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A88D291-F1E9-46C1-9129-B6384D3D8912}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GU5SkipUAC" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{68F2768B-22CD-4AE1-956C-17155587F509}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68F2768B-22CD-4AE1-956C-17155587F509}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Overwolf Updater Task" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6B808330-A0B9-4DF1-A09D-F0705B94EF29}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B808330-A0B9-4DF1-A09D-F0705B94EF29}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\User_Feed_Synchronization-{D2205FF3-823C-4772-8A18-4D7A06194717}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9A05F29C-4011-45BC-B568-2C5AF8289932}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A05F29C-4011-45BC-B568-2C5AF8289932}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\update-S-1-5-21-2701077328-3748694340-3980427299-1001" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BB8E03CA-AE36-4C78-B926-A9323E97C73F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BB8E03CA-AE36-4C78-B926-A9323E97C73F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\update-sys" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C4AC37D1-17BB-4A23-B7DD-7F9CDF2E04C2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C4AC37D1-17BB-4A23-B7DD-7F9CDF2E04C2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OneDrive Standalone Update Task" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DB6AB80C-A09B-4C62-917C-7DB018115F88}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB6AB80C-A09B-4C62-917C-7DB018115F88}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\e02c4bd5-54d5-4470-9ea0-a68d88112c00" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DFC051B5-2DAF-4444-9B4C-04A90D45BAB3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DFC051B5-2DAF-4444-9B4C-04A90D45BAB3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GlaryInitialize 5" => key removed successfully
"C:\Users\Jaden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Int?rn?t ??pl?r?r.lnk" => Could not move.
"C:\Users\Jaden\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\??zill? Fir?f??.lnk" => Could not move.
C:\Program Files (x86)\very => moved successfully
C:\Program Files (x86)\strongly => moved successfully
C:\Program Files (x86)\Internet Explorer\iexplore.bat => moved successfully
C:\Program Files (x86)\Mozilla Firefox\firefox.bat => moved successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 308208 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 23542549 B
Java, Flash, Steam htmlcache => 80360928 B
Windows/system/drivers => 723069 B
Edge => 2480 B
Chrome => 419545251 B
Firefox => 378665590 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 10502 B
Jaden => 388579332 B
 
RecycleBin => 0 B
EmptyTemp: => 1.2 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 19:50:43 ====
 
The issue is resolved, thank you! :) I rebooted, and I didn't get that annoying popup message like before.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,225 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:24 PM

Posted 28 September 2016 - 10:39 AM

Glad we could help.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users