Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

another yourconnectivity.net topic


  • This topic is locked This topic is locked
4 replies to this topic

#1 Artbroken

Artbroken

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:06:40 PM

Posted 03 October 2016 - 03:22 PM

Hello, I have a program opening up new windows in my browser, usually informing me to contact microsoft, or that microsoft is going to cut off my internet, etc...

 

I've run free malwarebytes once, which quarantined it for a few minutes.

 

Thanks in advance!

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:40 PM

Posted 04 October 2016 - 08:35 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-09-2016
Ran by Owner (30-09-2016 16:41:32)
Running from C:\Users\Owner\Downloads
Windows 10 Home Version 1607 (X64) (2016-09-23 00:01:26)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-486330092-2043152581-973268027-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-486330092-2043152581-973268027-503 - Limited - Disabled)
Guest (S-1-5-21-486330092-2043152581-973268027-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-486330092-2043152581-973268027-1004 - Limited - Enabled)
Owner (S-1-5-21-486330092-2043152581-973268027-1002 - Administrator - Enabled) => C:\Users\Owner
UpdatusUser (S-1-5-21-486330092-2043152581-973268027-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ActiveGS (HKLM-x32\...\{F576BBE9-11D0-4F02-B8F0-7CCA9C159937}) (Version: 3.7.1019 - Second Sight Software/FTA)
Adobe Reader X (10.1.6) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.6 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.3.142.61507 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.3.142.61507 - Alcor Micro Corp.) Hidden
Amnesia - The Dark Descent (HKLM-x32\...\1207659259_is1) (Version: 2.1.0.10 - GOG.com)
Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Assassin's Creed (HKLM-x32\...\{8CFA9151-6404-409A-AF22-4632D04582FD}) (Version: 1.02 - Ubisoft)
Assassin's Creed II (HKLM-x32\...\{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}) (Version: 1.00 - Ubisoft)
ASUS Fan Filter Checker (HKLM-x32\...\{2B0E8920-47D0-4F4D-BE03-76397409B837}) (Version: 1.0.0001 - ASUS)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.2 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.5 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.8 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.3 - ASUS)
ASUS ROG Gaming Mouse (HKLM-x32\...\{3B9E171F-A955-4834-B877-447C0A437260}) (Version: 2.00.018 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0002 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.7 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.4 - ASUS)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.10.168 - ASUSTEK)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0022 - ASUS)
Bioforge (HKLM-x32\...\GOGPACKBIOFORGE_is1) (Version: 2.0.0.13 - GOG.com)
BioShock (HKLM-x32\...\{E280923D-C5D9-4728-8C79-AC9A0DC75875}) (Version: 2.5.0000 - 2K Games)
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version: - Irrational Games)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Dead Space™ (HKLM-x32\...\{4D87DC92-C328-46EC-A7B4-9C88129DC696}) (Version: 1.0.222.0 - Electronic Arts)
Deus Ex GOTY (HKLM-x32\...\GOGPACKDEUSEX_is1) (Version: 2.0.0.11 - GOG.com)
Deus Ex: Human Revolution (HKLM-x32\...\Steam App 28050) (Version: - Eidos Montreal)
Deus Ex: Mankind Divided™ (HKLM\...\Steam App 337000) (Version: - Eidos Montreal)
Dishonored (HKLM-x32\...\Steam App 205100) (Version: 1.0 - Bethesda Softworks)
Dolphin VR 4.0 (HKLM-x32\...\Dolphin) (Version: 4.0 - Dolphin Team)
Doom 3 (HKLM-x32\...\InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}) (Version: 1.00.0000 - Activision)
Doom 3 (x32 Version: 1.00.0000 - Activision) Hidden
Doom Builder 2.1 (HKLM-x32\...\Doom Builder 2_is1) (Version: - CodeImp)
DOOM II with Master Levels (HKLM-x32\...\1435848814_is1) (Version: 2.0.0.6 - GOG.com)
DOSBoxnoalttab (HKLM\...\{81c4a0a9-8fb0-4a2d-aec1-efce279f57a6}.sdb) (Version: - )
Duke Nukem 3D (HKLM-x32\...\GOGPACKDUKE3D_is1) (Version: 2.0.0.85 - GOG.com)
Duke3D (HKLM\...\{b5f456c9-720b-410c-8b24-59e92772053b}.sdb) (Version: - )
Fallout (HKLM-x32\...\Steam App 38400) (Version: - Interplay Inc.)
Far Cry (HKLM-x32\...\GOGPACKFARCRY_is1) (Version: 2.0.0.9 - GOG.com)
Far Cry Demo (HKLM-x32\...\InstallShield_{471BB1D9-6F59-4093-B46D-373772D5C111}) (Version: 1.00.0000 - Ubisoft)
Far Cry Demo (x32 Version: 1.00.0000 - Ubisoft) Hidden
FINAL FANTASY XI (HKLM-x32\...\InstallShield_{678F6475-D227-432A-94FF-806178A34520}) (Version: 1.00 - SQUARE ENIX CO., LTD.)
FINAL FANTASY XI (x32 Version: 1.00 - SQUARE ENIX CO., LTD.) Hidden
FINAL FANTASY XI Seekers of Adoulin (x32 Version: 1.50.1 - SQUARE ENIX CO., LTD.) Hidden
FINAL FANTASY XI: Chains of Promathia (HKLM-x32\...\InstallShield_{3C0619B4-4A2C-4244-8077-488E420DF907}) (Version: 1.20.1 - SQUARE ENIX CO., LTD.)
FINAL FANTASY XI: Chains of Promathia (x32 Version: 1.20.1 - SQUARE ENIX CO., LTD.) Hidden
FINAL FANTASY XI: Rise of the Zilart (HKLM-x32\...\InstallShield_{6FC76C41-8C1D-4B43-85E7-0BAA2002F1BE}) (Version: 1.00 - SQUARE ENIX CO., LTD.)
FINAL FANTASY XI: Rise of the Zilart (x32 Version: 1.00 - SQUARE ENIX CO., LTD.) Hidden
FINAL FANTASY XI: Seekers of Adoulin (HKLM-x32\...\InstallShield_{E86A33A7-6C77-48F3-9D72-2D8F4C1AD5AC}) (Version: 1.50.1 - SQUARE ENIX CO., LTD.)
FINAL FANTASY XI: Treasures of Aht Urhgan (HKLM-x32\...\InstallShield_{A606C6FF-12E7-40BE-B777-D8F360FF00CD}) (Version: 1.30.1 - SQUARE ENIX CO., LTD.)
FINAL FANTASY XI: Treasures of Aht Urhgan (x32 Version: 1.30.1 - SQUARE ENIX CO., LTD.) Hidden
FINAL FANTASY XI: Wings of the Goddess (HKLM-x32\...\InstallShield_{5B037ED7-0755-48D4-9554-808E5AF50F17}) (Version: 1.40.1 - SQUARE ENIX CO., LTD.)
FINAL FANTASY XI: Wings of the Goddess (x32 Version: 1.40.1 - SQUARE ENIX CO., LTD.) Hidden
FINAL FANTASY XIV - A Realm Reborn (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
GameTracker Lite (HKLM-x32\...\GameTracker Lite) (Version: - ClanServers Hosting LLC.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Grim Fandango Remastered (HKLM-x32\...\1207667183_is1) (Version: 2.0.0.2 - GOG.com)
GTAIII (HKLM-x32\...\{92B94569-6683-4617-8C54-EB27A1B51B30}) (Version: - )
Half-Life (HKLM-x32\...\Half-Life) (Version: - )
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36354 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
iTunes (HKLM\...\{58D7E5F7-BAD1-49C5-93C8-B655736EDA00}) (Version: 12.4.0.119 - Apple Inc.)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
KParser (HKLM-x32\...\{B754035B-2B0B-4E0A-94C6-5DD4C388DE7E}) (Version: 1.6 - Wayward Gamers)
Legend of Grimrock (HKLM-x32\...\GOGPACKGRIMROCK_is1) (Version: 2.0.0.17 - GOG.com)
LIMBO (HKLM-x32\...\Steam App 48000) (Version: - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mark of the Ninja (HKLM-x32\...\Steam App 214560) (Version: - )
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50709.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Might and Magic VI Limited Edition (HKLM-x32\...\GOGPACKMM6LE_is1) (Version: 2.0.0.41 - GOG.com)
Monaco (HKLM-x32\...\Steam App 113020) (Version: - )
nGlide 1.03 (HKLM-x32\...\nGlide) (Version: 1.03 - Zeus Software)
NVIDIA 3D Vision Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 9.1.10.2728 - Electronic Arts, Inc.)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
PlayOnline Viewer & Tetra Master (HKLM-x32\...\InstallShield_{47004155-7376-403E-89E9-4C9F44AAF0D0}) (Version: 1.18.00 - SQUARE ENIX CO., LTD.)
PlayOnline Viewer & Tetra Master (x32 Version: 1.18.00 - SQUARE ENIX CO., LTD.) Hidden
POLUtils (HKLM-x32\...\POLUtils) (Version: - )
Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)
Quake - The Offering (HKLM-x32\...\1435828198_is1) (Version: 2.0.0.6 - GOG.com)
Quake II (HKLM-x32\...\Steam App 2320) (Version: - id Software)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
RarZilla Free Unrar (HKLM-x32\...\RarZilla Free Unrar) (Version: 7 - Philipp Winterberg)
Riftcat (HKLM-x32\...\{a5b5c611-d248-4314-b78e-032af8da172c}) (Version: 0.5.4.2 - Riftcat)
Riftcat Client (x32 Version: 1.0.0.3 - Riftcat) Hidden
Samsung SideSync (HKLM-x32\...\Samsung SideSync) (Version: 4.6.0.56 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
Sierra Utilities (HKLM-x32\...\Sierra Utilities) (Version: - )
SimCity 2000 Special Edition (HKLM-x32\...\{59D2C751-F7BE-4E9F-9C8C-1F16013802C7}) (Version: 2.0.0.1 - Electronic Arts)
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 1.0.0.0 - Electronic Arts)
SixaxisPairTool 0.3.0 (HKLM-x32\...\SixaxisPairTool_is1) (Version: 0.3.0 - Dancing Pixel Studios)
SlimDX Runtime .NET 2.0 (January 2012) (HKLM-x32\...\{014A2868-BE56-4888-A16C-693989B8F153}) (Version: 2.0.13.43 - SlimDX Group)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version: - Valve)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SUABnR (HKLM-x32\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
SUABnR (x32 Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.5 - Synaptics Incorporated)
System Shock - Enhanced Edition (HKLM-x32\...\1439995156_is1) (Version: 2.1.0.4 - GOG.com)
System Shock 2 (HKLM-x32\...\GOGPACKSSHOCK2_is1) (Version: 2.1.0.19 - GOG.com)
System Shock Demo (HKLM-x32\...\2116300560_is1) (Version: 2.1.0.3 - GOG.com)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.4.83.1010 - Electronic Arts Inc.)
The Ultimate DOOM (HKLM-x32\...\1435827232_is1) (Version: 2.0.0.3 - GOG.com)
Thief 2 - The Metal Age (HKLM-x32\...\GOGPACKTHIEF2_is1) (Version: 2.0.0.18 - GOG.com)
Thief GOLD (HKLM-x32\...\GOGPACKTHIEF1GOLD_is1) (Version: 2.0.0.46 - GOG.com)
Tom Clancy's Splinter Cell Chaos Theory (HKLM-x32\...\{888DD888-82BE-4D85-BCB2-2E042CD3E844}) (Version: 1.05.157 - Ubisoft)
Tom Clancy's Splinter Cell Conviction (HKLM-x32\...\{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}) (Version: 1.00.000 - Ubisoft)
Tomb Raider 1+2+3 (HKLM-x32\...\GOGPACKTOMBRAIDER123_is1) (Version: 2.0.0.7 - GOG.com)
Turok (HKLM-x32\...\1444038183_is1) (Version: 2.2.0.7 - GOG.com)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Ultima 4 - Quest of the Avatar (HKLM-x32\...\GOGPACKULTIMA4FREE_is1) (Version: 2.0.0.19 - GOG.com)
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{2BC6BC08-9E31-4B36-8715-E170F6173942}) (Version: 2.16.0404 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{54F10727-0D7A-4B24-9D8E-F4BB59CB9148}) (Version: 2.16.0307 - Samsung Electronics Co., Ltd.)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
Vizzed Retro Game Room (HKLM-x32\...\{FF6F50C5-823C-435B-83B8-52559BB6DA09}) (Version: 2.41 - Vizzed)
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinZip 17.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DB}) (Version: 17.5.10480 - WinZip Computing, S.L. )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-486330092-2043152581-973268027-1002_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {001379C4-719A-45D5-8BFA-EF6B8379D8AD} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {09A47947-32BD-492E-A65C-57C3E4B7E78D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {0AE22F6E-761E-4F2D-95D8-5ECE45077032} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {17BB3DE1-2301-4AD9-9FF9-9AD6E9DAFC5F} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-07-25] (ASUSTeK Computer Inc.)
Task: {20762285-BCB2-48F1-A7F0-62ACFA4DFAB8} - \WPD\SqmUpload_S-1-5-21-486330092-2043152581-973268027-1002 -> No File <==== ATTENTION
Task: {2780DBA5-43E2-49F5-A879-983610981476} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {2B6CB331-AC81-4F1C-AD3E-197F01B2B930} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {326F4399-F9CB-48F0-B45E-AAB2C2DFF353} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe
Task: {3C6FDE57-E1EB-4905-AAA9-95469B077250} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {3E3F2A3E-0614-4920-9888-C3D3E81875EE} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {45CFB269-5B66-4188-8838-EFC571ED48B0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {54526460-03DE-419D-8281-A03F98E9D4BC} - System32\Tasks\{B6DC2A69-0ABA-4E7C-A3ED-145DD579EFAE} => pcalua.exe -a E:\AutorunEx.exe -d E:\
Task: {67961E60-11D1-4806-9FE1-30EF5168E117} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {77EFBED9-C9FD-4B2D-AD5B-BBB8108C6A44} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16] (Intel Corporation)
Task: {8699290A-0F38-4E13-8851-D40070F3447D} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16] (Intel Corporation)
Task: {95C11A8C-6F7D-43F1-BC6D-E3BD91FD9F94} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {B3B128D6-1400-40D2-8EE4-CD59513302D9} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-04] (ASUS)
Task: {B45DAF39-2A4C-4A1B-8A2C-8CD4F4D93CA9} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {C47337D4-C932-4E43-8523-B1C1D9C9406D} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-07-24] (ASUSTek Computer Inc.)
Task: {C915CCDE-B353-48F9-AEEF-1A5DA6948DCD} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {CCBF2BF0-60D7-4EAA-83D5-F73ECB4E5B16} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-08-22] (Microsoft Corporation)
Task: {D3CAFF3B-8EBC-48F8-996C-189DDAE7F112} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-09-13] (Microsoft Corporation)
Task: {D4A4DDDD-C7F6-4B23-A8DF-4D339EDA08CB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {DE14075F-C86F-47A4-B68C-521AC4D1E3B6} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameTracker Lite\Visit GameTracker Website.lnk -> hxxp://www.gametracker.com/

ShortcutWithArgument: C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "
ShortcutWithArgument: C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 07:42 - 2016-07-16 07:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-09-22 23:11 - 2016-09-22 23:11 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-22 19:21 - 2016-08-01 08:54 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-04-22 01:07 - 2016-04-22 01:07 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-22 01:07 - 2016-04-22 01:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-08-04 14:34 - 2012-08-04 14:34 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2016-09-22 23:11 - 2016-09-22 23:11 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-27 16:40 - 2016-09-27 16:40 - 01864384 _____ () C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\ClientTelemetry.dll
2016-09-22 23:11 - 2016-09-22 23:11 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-09-22 23:11 - 2016-09-22 23:11 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-09-22 23:11 - 2016-09-22 23:11 - 09760256 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-09-22 23:11 - 2016-09-22 23:11 - 01401344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-09-22 23:11 - 2016-09-22 23:11 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-09-22 23:11 - 2016-09-22 23:11 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-09-22 23:11 - 2016-09-22 23:11 - 02438144 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-09-22 23:11 - 2016-09-22 23:11 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2012-04-16 18:45 - 2012-04-16 18:45 - 00119808 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\updateui.exe
2016-09-27 17:24 - 2016-09-27 17:25 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.190.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-09-27 17:24 - 2016-09-27 17:25 - 00178176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.190.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-09-27 17:24 - 2016-09-27 17:25 - 35250688 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.190.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-09-09 02:01 - 2016-09-09 02:01 - 11412144 _____ () C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe
2012-12-13 02:35 - 2011-09-19 14:40 - 00466944 _____ () C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe
2015-11-27 11:58 - 2015-11-27 11:58 - 00040448 _____ () C:\Program Files (x86)\Vizzed\Vizzed Retro Game Room\VizzedRgrServiceLoader.exe
2016-09-22 23:11 - 2016-09-22 23:11 - 00114176 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Dss.BackgroundTask.dll
2016-09-22 23:11 - 2016-09-22 23:11 - 00115712 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\DeviceSideServicesActionUriHandler.dll
2016-09-22 23:11 - 2016-09-22 23:11 - 00522752 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.NodeWinrtWrap.dll
2016-07-16 07:43 - 2016-07-16 10:27 - 00040448 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\winrt-projections\bin\Winrt_Projections.node
2016-07-16 07:43 - 2016-07-16 10:26 - 00813056 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http\bin\NodeRT_Windows_Web_Http.node
2016-07-16 07:43 - 2016-07-16 10:27 - 00963584 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.headers\bin\NodeRT_Windows_Web_Http_Headers.node
2016-07-16 07:43 - 2016-07-16 10:27 - 00249344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.filters\bin\NodeRT_Windows_Web_Http_Filters.node
2016-07-16 07:43 - 2016-07-16 10:27 - 00572416 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.storage.streams\bin\NodeRT_Windows_Storage_Streams.node
2016-07-16 07:43 - 2016-07-16 10:27 - 00403968 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.foundation\bin\NodeRT_Windows_Foundation.node
2016-07-16 07:43 - 2016-07-16 10:27 - 00183296 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\nodert-buffer-utils\bin\NodeRT_Buffer_Utils.node
2016-07-16 07:43 - 2016-07-16 10:26 - 00288256 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.cortana.pal\bin\NodeRT_Windows_Cortana_PAL.node
2016-09-21 15:57 - 2016-09-21 15:57 - 00055808 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11608.1001.49.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll
2012-12-13 02:26 - 2012-06-25 14:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2011-08-16 00:15 - 2011-08-16 00:15 - 00382464 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtXml4.dll
2011-08-17 20:48 - 2011-08-17 20:48 - 00195584 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\libgsoap.dll
2012-04-16 15:37 - 2012-04-16 15:37 - 00071680 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\ServiceManagerStarter.dll
2011-08-16 00:12 - 2011-08-16 00:12 - 02603520 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtCore4.dll
2011-08-17 20:48 - 2011-08-17 20:48 - 00322048 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\log4cplus.dll
2011-08-15 23:23 - 2011-08-15 23:23 - 00062464 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\zlib1.dll
2011-08-16 00:12 - 2011-08-16 00:12 - 01006592 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtNetwork4.dll
2012-04-16 15:42 - 2012-04-16 15:42 - 00015872 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\featureController.dll
2011-08-17 20:41 - 2011-08-17 20:41 - 00400384 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\sqlite3.dll
2012-04-16 15:41 - 2012-04-16 15:41 - 00484864 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\DeviceProfile.dll
2012-04-16 15:56 - 2012-04-16 15:56 - 00500032 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\plugin\PServerPlugin.dll
2012-04-16 15:38 - 2012-04-16 15:38 - 00013824 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\eventsSender.dll
2011-07-19 20:05 - 2011-07-19 20:05 - 14978048 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtWebKit4.dll
2011-08-16 00:17 - 2011-08-16 00:17 - 09224704 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtGui4.dll
2011-07-19 20:04 - 2011-07-19 20:04 - 00317952 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\phonon4.dll
2012-06-07 18:12 - 2012-06-07 18:12 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2016-09-27 16:40 - 2016-09-27 16:40 - 01383616 _____ () C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\ClientTelemetry.dll
2016-09-27 16:40 - 2016-09-27 16:40 - 00118976 _____ () C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\FileSyncViews.dll
2016-05-04 05:15 - 2016-05-04 05:15 - 01289216 _____ () C:\Program Files (x86)\Samsung\SideSync4\cairo.dll
2016-09-09 02:17 - 2016-09-09 02:17 - 02661040 _____ () C:\Program Files (x86)\Samsung\SideSync4\NativeSideSyncFramework.dll
2016-09-09 02:19 - 2016-09-09 02:19 - 00853680 _____ () C:\Program Files (x86)\Samsung\SideSync4\SCommon.dll
2016-09-09 02:22 - 2016-09-09 02:22 - 04730544 _____ () C:\Program Files (x86)\Samsung\SideSync4\SLocales.dll
2016-05-04 05:15 - 2016-05-04 05:15 - 00230529 _____ () C:\Program Files (x86)\Samsung\SideSync4\libpng14-14.dll
2016-05-04 05:15 - 2016-05-04 05:15 - 00100352 _____ () C:\Program Files (x86)\Samsung\SideSync4\zlib1.dll
2016-05-04 05:15 - 2016-05-04 05:15 - 00091136 _____ () C:\Program Files (x86)\Samsung\SideSync4\ThoughtWorks.QRCode.dll
2016-09-17 15:03 - 2016-09-13 20:38 - 01806152 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\libglesv2.dll
2016-09-17 15:03 - 2016-09-13 20:38 - 00094024 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-486330092-2043152581-973268027-1002\...\vizzed.com -> www.vizzed.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-486330092-2043152581-973268027-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\asus\wallpapers\asus.jpg
DNS Servers: 209.18.47.62 - 209.18.47.61
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "ASUSPRP"
HKU\S-1-5-21-486330092-2043152581-973268027-1002\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-486330092-2043152581-973268027-1002\...\StartupApproved\Run: => "GameTracker"
HKU\S-1-5-21-486330092-2043152581-973268027-1002\...\StartupApproved\Run: => "EADM"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{BBD968D2-4AE7-4CF5-A491-5A6DA274C817}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [UDP Query User{3A87BF72-642E-4324-9CD4-B4821A0FD2FE}C:\program files (x86)\electronic arts\dead space\dead space.exe] => (Allow) C:\program files (x86)\electronic arts\dead space\dead space.exe
FirewallRules: [TCP Query User{53A844C0-73FB-4635-95B4-1780CA71290B}C:\program files (x86)\electronic arts\dead space\dead space.exe] => (Allow) C:\program files (x86)\electronic arts\dead space\dead space.exe
FirewallRules: [{7C3AD03F-AAEA-4B9D-A0BD-7DD98531618B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Deus Ex Mankind Divided\retail\DXMD.exe
FirewallRules: [{C33122A6-8271-40A2-BCDB-8222C4A14B17}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Deus Ex Mankind Divided\retail\DXMD.exe
FirewallRules: [{8B9489C7-EFAF-4232-A116-3803E4E12A4C}] => (Allow) C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe
FirewallRules: [{6FA04429-25DE-4192-9EA0-8BE9A94BF7A3}] => (Allow) C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe
FirewallRules: [UDP Query User{D719CA6E-6056-4661-869B-0C1C3590952F}C:\gog games\system shock demo\systemshockdemo.exe] => (Allow) C:\gog games\system shock demo\systemshockdemo.exe
FirewallRules: [TCP Query User{815503F8-9184-456F-A605-3E94B9A80E24}C:\gog games\system shock demo\systemshockdemo.exe] => (Allow) C:\gog games\system shock demo\systemshockdemo.exe
FirewallRules: [{979F2E4A-1364-43C5-AA3F-956D8662704B}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{81508559-3F39-4AF3-A34D-E843B4321012}] => (Allow) C:\Program Files (x86)\Riftcat\VRidge.exe
FirewallRules: [{E0FE15D8-8635-4379-9A37-79E8079CFFBD}] => (Allow) C:\Program Files (x86)\Riftcat\VRidge.exe
FirewallRules: [{382AF628-3B9C-45D3-8F60-690B91F260B5}] => (Allow) C:\Program Files (x86)\Riftcat\Riftcat.exe
FirewallRules: [{1BB23016-5567-48A6-B063-167EE73C1529}] => (Allow) C:\Program Files (x86)\Riftcat\Riftcat.exe
FirewallRules: [{9BA05BA0-07BC-475E-882B-C4A28D1DA626}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{FF12A8C7-28AC-4D2B-A320-35FF8728F999}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{177B274E-E6BA-44E0-BB32-7ADEF18751C5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout\FalloutLauncher.exe
FirewallRules: [{8BC00F29-E907-4434-B847-A0A128500449}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout\FalloutLauncher.exe
FirewallRules: [{CE23BC48-5C05-4A0C-A95E-F42765F6EF4A}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{8AD19E09-8665-4FC1-8A40-4537BE97DD0D}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{09E2D0E3-121F-4F14-81A5-35634511BD7D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{10922B32-DF0F-4565-B640-B97FA3FA3FFF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{06CF6963-FCEB-4906-A38E-59EDA17FBF3F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{00C9D529-E3DC-4E26-83E4-8B293E822688}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{EF719F9C-E11D-4B31-A84C-CF497CC744F3}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{CA12DCC7-887B-4306-9F29-44A2A0D299ED}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{67719286-5CC8-4C60-8E70-C5A09D384AC6}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity 2000 SE\Game\Game\DOSBox\DOSBox.exe
FirewallRules: [{CB284877-A505-477F-821B-C57A6D2B6DCC}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity 2000 SE\Game\Game\DOSBox\DOSBox.exe
FirewallRules: [{7BCB33A0-F4DE-44CA-B602-BE09A0B0B744}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{9B7B629C-4E1A-48BC-B516-E07577A096BB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{493383D1-E79D-4852-98F1-D08247659B0E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{7669142D-F7C5-4DD9-A471-18FB78B6F7A6}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{3190AF95-99BB-46D7-9232-26F3BEAC44CC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{75606482-31A1-4257-A498-D3DE058D26EC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B894DC20-9B68-40EE-ADD5-A82AF07CA4FC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Limbo\limbo.exe
FirewallRules: [{94D5F636-DB00-48A2-AB69-DDBAA100C774}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Limbo\limbo.exe
FirewallRules: [{974CC0BE-8F35-4512-A833-CEDA967D9BFE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Deus Ex - Human Revolution\dxhr.exe
FirewallRules: [{68CFCD5A-8C5F-47F2-8B4F-0C5C32C4CC80}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Deus Ex - Human Revolution\dxhr.exe
FirewallRules: [{18122D4F-88FF-43C1-AA79-88BE1177C405}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{3FD869EE-44F1-4793-8158-B7FCD9F5F10F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{41B1D602-8A2A-402C-B15A-1109DFA9A66E}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{E8786070-E1CB-4453-BB70-5FD596CCA782}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{A5FB456A-398B-4975-BEC7-60BF41EDE168}] => (Allow) C:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell Conviction\src\system\conviction_game.exe
FirewallRules: [{25C20BEA-A7E3-482D-B0D8-48E35A0D4170}] => (Allow) C:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell Conviction\src\system\conviction_game.exe
FirewallRules: [{88B1755E-54D0-47CE-AB60-C19311FD5C34}] => (Allow) C:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell Conviction\src\system\gu.exe
FirewallRules: [{A3C9854A-2EA8-471C-A8F1-6635FC5C4932}] => (Allow) C:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell Conviction\src\system\gu.exe
FirewallRules: [{B3BB2722-9312-4C06-8B54-736B8ED3D3C6}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{69D0EBEC-2F66-469B-83AC-2F9B67596894}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [TCP Query User{0B9D2A55-2A1E-4420-9BD9-4C34CA776865}C:\program files (x86)\playonline\squareenix\playonlineviewer\pol.exe] => (Allow) C:\program files (x86)\playonline\squareenix\playonlineviewer\pol.exe
FirewallRules: [UDP Query User{4F3E9571-8DF1-41F6-9024-12B0BEA4E757}C:\program files (x86)\playonline\squareenix\playonlineviewer\pol.exe] => (Allow) C:\program files (x86)\playonline\squareenix\playonlineviewer\pol.exe
FirewallRules: [TCP Query User{A0B358D2-2A32-4435-8CCA-FEDD3F3021FB}C:\program files (x86)\playonline\squareenix\playonlineviewer\pol.exe] => (Allow) C:\program files (x86)\playonline\squareenix\playonlineviewer\pol.exe
FirewallRules: [UDP Query User{D77090DD-1450-4C6A-8B02-EB2D76067D89}C:\program files (x86)\playonline\squareenix\playonlineviewer\pol.exe] => (Allow) C:\program files (x86)\playonline\squareenix\playonlineviewer\pol.exe
FirewallRules: [{33C14BC9-2DBF-4E75-A357-609D475AC1A6}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe
FirewallRules: [{800EF2A3-8730-4C87-B3B2-BACAE8F0E308}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe
FirewallRules: [{F1B825DF-A19B-4848-83C4-3010BC391F04}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{D339E229-FE00-4C8B-90C2-23665D820C3D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{1488B6F9-DFE9-4480-BB7A-53ED366A2C8E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\artbroken\source sdk base 2007\hl2.exe
FirewallRules: [{CB5068F1-8145-499D-B288-B3CE07FE8408}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\artbroken\source sdk base 2007\hl2.exe
FirewallRules: [{98FA4A6D-718A-4211-8E72-989AA9F123F2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{B9BDF001-7372-4448-BF10-14BC801208AE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{368BE05D-09EA-46F9-BE7B-7054F95AF209}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\Benchmark.bat
FirewallRules: [{06BB56B7-7C7E-404E-A7BD-725D267E20B2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\Benchmark.bat
FirewallRules: [{31DADCDA-41BD-457A-89EF-7EBD95188942}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{0B6A9F65-FB10-432A-B9D0-6C705149FDCC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{3890E187-00AE-4563-A463-F63EE3792BB9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Monaco\MONACO.exe
FirewallRules: [{204886BA-FAA5-464C-AF26-17309A44D781}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Monaco\MONACO.exe
FirewallRules: [{83D9963D-1E17-4EE6-9AC9-419AC60ECA8F}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{12FC77F2-7B46-48E5-AE15-29FEF56E26DC}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{65AD47D9-4B4F-441C-90D3-044BBADF7898}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [{DDF9F735-DED4-4945-A8E5-96E15FD3ABA6}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [{D3BA4C1F-BB02-4068-89B9-3E2580CE0694}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\mark_of_the_ninja\bin\game.exe
FirewallRules: [{24FF5BEE-D1FA-426C-8934-388290C7399A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\mark_of_the_ninja\bin\game.exe
FirewallRules: [{408C6907-C3D6-407B-B80C-E77AA9D375A2}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe
FirewallRules: [{B3FE57DF-515C-4E75-A8EB-B0C52EB3DB24}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe
FirewallRules: [{7656386B-623B-462A-9D83-DA43CD3B5919}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe
FirewallRules: [{49D8EB63-470A-4471-B4F4-433C0AA887EC}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe
FirewallRules: [{FEE48DB0-0A3C-40C3-B1C6-459D7D5D87D4}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe
FirewallRules: [{5498D2CA-E888-4311-82C2-EA79C11502F0}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe
FirewallRules: [{24BC79A2-CA79-4D07-9A91-6CF82FB6798A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{82FD5F38-CFB9-4ACF-9F39-1DE0024DC18B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{E8771F88-78BE-41AE-86F8-6D3A8A348A05}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\Benchmark.bat
FirewallRules: [{B5C00949-EA4A-427F-9DDC-D2B4FDEC0F43}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\Benchmark.bat
FirewallRules: [{CE33D9EF-2436-43ED-9FD8-241A979BBA5C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Monaco\MONACO.exe
FirewallRules: [{5DFFDABE-853B-4621-82C0-D9B6FF195BE5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Monaco\MONACO.exe
FirewallRules: [TCP Query User{804E338D-DA27-411D-8419-CF7C7CA46807}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [UDP Query User{BC305675-D3B7-40AA-A708-90A4E9678DBB}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [{665FEC04-B5D9-4EE5-A784-0D1826DC2C87}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{0CEAEFA2-D689-4C7B-94F9-9ABC52D82C4A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{78A333F9-E736-4399-85D6-E3F4DC2EBF42}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{9FCD2559-3A8B-4BF9-AF83-786166810077}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{5BCB2308-0B8F-43F5-B376-79BF885D33A9}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe
FirewallRules: [{0E7E3758-2548-47BA-AB4F-A059C3CE0F52}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe
FirewallRules: [{F2EE9489-196C-4706-B9F6-09060FCBFB19}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe
FirewallRules: [{76C4CB78-2B37-4B75-8181-AC1B6D6E80C2}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe
FirewallRules: [{B77B07BA-53F7-4CDD-B0E9-5BDE05DCE447}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed II\UPlayBrowser.exe
FirewallRules: [{F15BC572-A988-4929-B39C-C8C527BCD531}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed II\UPlayBrowser.exe
FirewallRules: [{6CC6FBE2-BDC4-4AAF-80F5-1380373896A5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Quake 2\quake2.exe
FirewallRules: [{5E4C074E-56D9-420D-BD40-16521115D2A4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Quake 2\quake2.exe
FirewallRules: [TCP Query User{5954B2B9-A28F-4CD7-A5F7-216F95D84D14}C:\sierra\half-life\hl.exe] => (Allow) C:\sierra\half-life\hl.exe
FirewallRules: [UDP Query User{2D0BE95B-2F46-4EBD-BBCB-A4F3573DEAF3}C:\sierra\half-life\hl.exe] => (Allow) C:\sierra\half-life\hl.exe
FirewallRules: [{7C360B8C-392D-438D-946D-55918B718208}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{05207732-C7FD-472C-AD43-41646D035B03}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A4DF4E19-9EE5-48CD-95FF-174711D07213}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C614DD68-4699-4493-A7F2-3C2077166F5B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

==================== Restore Points =========================

27-09-2016 16:43:30 Windows Update
29-09-2016 20:01:05 Windows Modules Installer

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

==================== End of Addition.txt ============================

#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:40 PM

Posted 04 October 2016 - 08:51 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:

AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => No File
ShortcutTarget: Verizon Wireless Software Utility Application for Android - Samsung.lnk ->  (No File)
GroupPolicy: Restriction <======= ATTENTION
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
Task: {001379C4-719A-45D5-8BFA-EF6B8379D8AD} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {09A47947-32BD-492E-A65C-57C3E4B7E78D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {20762285-BCB2-48F1-A7F0-62ACFA4DFAB8} - \WPD\SqmUpload_S-1-5-21-486330092-2043152581-973268027-1002 -> No File <==== ATTENTION
Task: {2780DBA5-43E2-49F5-A879-983610981476} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {3C6FDE57-E1EB-4905-AAA9-95469B077250} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {3E3F2A3E-0614-4920-9888-C3D3E81875EE} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {67961E60-11D1-4806-9FE1-30EF5168E117} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {95C11A8C-6F7D-43F1-BC6D-E3BD91FD9F94} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {B45DAF39-2A4C-4A1B-8A2C-8CD4F4D93CA9} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {C915CCDE-B353-48F9-AEEF-1A5DA6948DCD} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {D4A4DDDD-C7F6-4B23-A8DF-4D339EDA08CB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {DE14075F-C86F-47A4-B68C-521AC4D1E3B6} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset all the browsers installed on this computer.

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

Restart Chrome.
===

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F

Clean the Firefox Cache.
https://kb.iu.edu/d/ahic#firefox
<<<>>>

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.


Clean the Internet Explorer Cache.
https://kb.wisc.edu/page.php?id=15141
===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader Via the Control Panel > Programs > Programs and Features.
Adobe Reader X (10.1.6) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.6 - Adobe Systems Incorporated)
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove the old version(s) of Java via the Control Panel > Programs and Features.
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)

Please post the Fixlog.txt and let me know if the problem persists.

#4 Artbroken

Artbroken
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:06:40 PM

Posted 04 October 2016 - 07:11 PM

Hello Nasdaq :) 

 

Seems fine so far, and no redirects.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 03-10-2016
Ran by Owner (04-10-2016 16:11:49) Run:1
Running from C:\Users\Owner\Downloads
Loaded Profiles: Owner (Available Profiles: UpdatusUser & Owner)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => No File
ShortcutTarget: Verizon Wireless Software Utility Application for Android - Samsung.lnk ->  (No File)
GroupPolicy: Restriction <======= ATTENTION
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
Task: {001379C4-719A-45D5-8BFA-EF6B8379D8AD} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {09A47947-32BD-492E-A65C-57C3E4B7E78D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {20762285-BCB2-48F1-A7F0-62ACFA4DFAB8} - \WPD\SqmUpload_S-1-5-21-486330092-2043152581-973268027-1002 -> No File <==== ATTENTION
Task: {2780DBA5-43E2-49F5-A879-983610981476} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {3C6FDE57-E1EB-4905-AAA9-95469B077250} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {3E3F2A3E-0614-4920-9888-C3D3E81875EE} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {67961E60-11D1-4806-9FE1-30EF5168E117} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {95C11A8C-6F7D-43F1-BC6D-E3BD91FD9F94} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {B45DAF39-2A4C-4A1B-8A2C-8CD4F4D93CA9} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {C915CCDE-B353-48F9-AEEF-1A5DA6948DCD} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {D4A4DDDD-C7F6-4B23-A8DF-4D339EDA08CB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {DE14075F-C86F-47A4-B68C-521AC4D1E3B6} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
"C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL" => Value data removed successfully.
ShortcutTarget: Verizon Wireless Software Utility Application for Android - Samsung.lnk ->  (No File) => not found.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => key removed successfully
HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key not found. 
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{001379C4-719A-45D5-8BFA-EF6B8379D8AD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{001379C4-719A-45D5-8BFA-EF6B8379D8AD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{09A47947-32BD-492E-A65C-57C3E4B7E78D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{09A47947-32BD-492E-A65C-57C3E4B7E78D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{20762285-BCB2-48F1-A7F0-62ACFA4DFAB8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20762285-BCB2-48F1-A7F0-62ACFA4DFAB8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-486330092-2043152581-973268027-1002" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2780DBA5-43E2-49F5-A879-983610981476}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2780DBA5-43E2-49F5-A879-983610981476}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3C6FDE57-E1EB-4905-AAA9-95469B077250}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C6FDE57-E1EB-4905-AAA9-95469B077250}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3E3F2A3E-0614-4920-9888-C3D3E81875EE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E3F2A3E-0614-4920-9888-C3D3E81875EE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{67961E60-11D1-4806-9FE1-30EF5168E117}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{67961E60-11D1-4806-9FE1-30EF5168E117}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{95C11A8C-6F7D-43F1-BC6D-E3BD91FD9F94}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{95C11A8C-6F7D-43F1-BC6D-E3BD91FD9F94}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B45DAF39-2A4C-4A1B-8A2C-8CD4F4D93CA9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B45DAF39-2A4C-4A1B-8A2C-8CD4F4D93CA9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C915CCDE-B353-48F9-AEEF-1A5DA6948DCD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C915CCDE-B353-48F9-AEEF-1A5DA6948DCD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D4A4DDDD-C7F6-4B23-A8DF-4D339EDA08CB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D4A4DDDD-C7F6-4B23-A8DF-4D339EDA08CB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DE14075F-C86F-47A4-B68C-521AC4D1E3B6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DE14075F-C86F-47A4-B68C-521AC4D1E3B6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk => Shortcut argument removed successfully.
C:\Users\Public\Desktop\Google Chrome.lnk => Shortcut argument removed successfully.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 1424569 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 68792345 B
Java, Flash, Steam htmlcache => 345954136 B
Windows/system/drivers => 18166593 B
Edge => 13909954 B
Chrome => 945131177 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 476608 B
NetworkService => 10155420 B
UpdatusUser => 0 B
Owner => 68113770 B
 
RecycleBin => 672240 B
EmptyTemp: => 1.4 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 16:15:12 ====


#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:40 PM

Posted 05 October 2016 - 09:18 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users