Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Loadstart.net?


  • This topic is locked This topic is locked
5 replies to this topic

#1 amorrow23

amorrow23

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 08 October 2016 - 12:21 PM

I may have more than just particular virus... But every time I browse the internet, I get ads whenever I click on something. I followed the steps from the forum:

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help.

This virus is on every web browser that I use and it's getting very annoying... I tried browsing the web and trying to get rid of it but I'm too nervous that I'll end up getting a black screen. When I was trying to do it myself, other search engines such as Conduit Search/Toolbar, Muvic Smartbar, Newpoptab.com, Snap.do, and many Adwares were also located on my laptop...

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-10-2016
Ran by AMorrow (administrator) on AIESHA (08-10-2016 11:16:17)
Running from C:\Users\bitem_000\Downloads
Loaded Profiles: AMorrow (Available Profiles: AMorrow)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Opera Software) C:\Program Files (x86)\Opera\34.0.2036.25\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\34.0.2036.25\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\34.0.2036.25\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\34.0.2036.25\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\34.0.2036.25\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\34.0.2036.25\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\34.0.2036.25\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\34.0.2036.25\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\34.0.2036.25\opera.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-08] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-21] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [179040 2013-10-15] (TOSHIBA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [NielsenOnline] => C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe
HKLM-x32\...\Run: [Aeria Ignite] => "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-08-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GGOnline] => [X]
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2335575561-2103832806-512499992-1001\...\Run: [Akamai NetSession Interface] => C:\Users\bitem_000\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2335575561-2103832806-512499992-1001\...\Run: [Pinger] => "C:\Program Files (x86)\Pinger\Pinger.exe"
HKU\S-1-5-21-2335575561-2103832806-512499992-1001\...\Run: [MyComGames] => "C:\Users\bitem_000\AppData\Local\MyComGames\MyComGames.exe" -autostart
HKU\S-1-5-21-2335575561-2103832806-512499992-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3582240 2016-06-02] (Nota Inc.)
HKU\S-1-5-21-2335575561-2103832806-512499992-1001\...\Run: [Advanced SystemCare 9] => "C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe" /Auto
HKU\S-1-5-21-2335575561-2103832806-512499992-1001\...\Run: [BingSvc] => C:\Users\bitem_000\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2016-03-23] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-2335575561-2103832806-512499992-1001\...\Run: [Spotify Web Helper] => C:\Users\bitem_000\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1555056 2016-08-12] (Spotify Ltd)
HKU\S-1-5-21-2335575561-2103832806-512499992-1001\...\Run: [Spotify] => C:\Users\bitem_000\AppData\Roaming\Spotify\Spotify.exe [6937200 2016-08-12] (Spotify Ltd)
HKU\S-1-5-21-2335575561-2103832806-512499992-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe
HKU\S-1-5-21-2335575561-2103832806-512499992-1001\...\Run: [MurGee.com Auto Clicker] => C:\Users\bitem_000\AppData\Roaming\Auto Clicker\AutoClicker.exe :silent
HKU\S-1-5-21-2335575561-2103832806-512499992-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2335575561-2103832806-512499992-1001\...\MountPoints2: {02b49778-9ce3-11e4-82b4-008cfaa5d91a} - "E:\Setup.exe"
HKU\S-1-5-21-2335575561-2103832806-512499992-1001\...\MountPoints2: {56d4651a-db29-11e4-82b9-008cfaa5d91a} - "E:\setup.exe"
HKU\S-1-5-21-2335575561-2103832806-512499992-1001\...\MountPoints2: {56d46869-db29-11e4-82b9-008cfaa5d91a} - "E:\setup.exe"
HKU\S-1-5-21-2335575561-2103832806-512499992-1001\...\MountPoints2: {e7c2ca7a-6c78-11e5-8312-008cfaa5d91a} - "E:\setup.exe"
HKU\S-1-5-21-2335575561-2103832806-512499992-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [788480 2014-10-28] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{3D79F727-A26D-4D17-A4A5-E6E915D23E73}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{D02C5239-404F-40E8-AD48-28696C4A28D1}: [DhcpNameServer] 75.75.75.75 75.75.76.76
ManualProxies:

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2335575561-2103832806-512499992-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-2335575561-2103832806-512499992-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SL5I&ocid=SL5IDHP&osmkt=en-us
HKU\S-1-5-21-2335575561-2103832806-512499992-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://search.yahoo.com/?fr=avantsearch6
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\.DEFAULT -> DefaultScope {E28F1A0C-59B2-4998-9720-49AA1AD54A99} URL =
SearchScopes: HKU\.DEFAULT -> {E28F1A0C-59B2-4998-9720-49AA1AD54A99} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-11-12] (IObit)
BHO: RandomPPrIce -> {19fc9b93-e4ed-48b1-b233-f03360bfc49c} -> C:\Program Files (x86)\RandomPPrIce\b2hfeAeiAB7xr7.x64.dll => No File
BHO: 50CoupoNS -> {348a8283-8b9e-4f48-a360-50eb01ef3fee} -> C:\Program Files (x86)\50CoupoNS\oqbuUsy0pHDXtZ.x64.dll => No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: RoboSavier -> {9fce6b6e-51fc-4288-82af-f8184880ed73} -> C:\Program Files (x86)\RoboSavier\KR8AKJRTvxnIdY.x64.dll => No File
BHO: DieaLExpresS -> {b0bebb42-6198-44f7-a901-a2fb550384ff} -> C:\Program Files (x86)\DieaLExpresS\V4b93PUN2YiGWP.x64.dll => No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: AlLCheuapPriice -> {d6f86340-02a0-4c72-83b3-5cbb6eea4c52} -> C:\Program Files (x86)\AlLCheuapPriice\hQ0YVkdDFDyeTH.x64.dll => No File
BHO: JoniCioupoin -> {e722e2f1-adc2-4077-ab67-3e9cd7e4d528} -> C:\Program Files (x86)\JoniCioupoin\Amv83dKWB73XJK.x64.dll => No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-06-30] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-30] (Oracle Corporation)
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll No File

FireFox:
========
FF DefaultProfile: cp3j4k1y.default
FF ProfilePath: C:\Users\bitem_000\AppData\Roaming\Mozilla\Firefox\Profiles\cp3j4k1y.default [2016-10-08]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\cp3j4k1y.default -> Bing
FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\cp3j4k1y.default -> Bing
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\cp3j4k1y.default -> Bing
FF Homepage: Mozilla\Firefox\Profiles\cp3j4k1y.default -> hxxp://www.msn.com/?pc=SL5I&ocid=SL5IDHP&osmkt=en-us
FF Keyword.URL: Mozilla\Firefox\Profiles\cp3j4k1y.default -> hxxp://www.bing.com/search?FORM=SL5IDF&PC=SL5I&q=
FF Extension: (Bing Search) - C:\Users\bitem_000\AppData\Roaming\Mozilla\Firefox\Profiles\cp3j4k1y.default\Extensions\bingsearch.full@microsoft.com.xpi [2016-03-23]
FF SearchPlugin: C:\Users\bitem_000\AppData\Roaming\Mozilla\Firefox\Profiles\cp3j4k1y.default\searchplugins\bing-.xml [2016-03-23]
FF HKLM-x32\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\netsight@nielsen.xpi => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-20] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-08-24] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-20] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1220162.dll [2015-08-31] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-30] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\Microsoft Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [No File]
FF Plugin-x32: @omaha.maxiget.com/Maxiget Updater;version=3 -> C:\Program Files (x86)\Maxiget\Updater\70.3.29.7018\npMaxigetUpdater3.dll [No File]
FF Plugin-x32: @omaha.maxiget.com/Maxiget Updater;version=9 -> C:\Program Files (x86)\Maxiget\Updater\70.3.29.7018\npMaxigetUpdater3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [No File]
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-08-24] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2335575561-2103832806-512499992-1001: @my.com/Games -> C:\Users\bitem_000\AppData\Local\MyComGames\NPMyComDetector.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Users\bitem_000\AppData\Roaming\mozilla\plugins\npatgpc.dll [2016-09-08] (Cisco WebEx LLC)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\1116703081.cfg [2016-10-01] <==== ATTENTION

Chrome:
=======
CHR Profile: C:\Users\bitem_000\AppData\Local\Google\Chrome\User Data\Default [2016-10-06]
CHR Extension: (Google Slides) - C:\Users\bitem_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-26]
CHR Extension: (Google Docs) - C:\Users\bitem_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-26]
CHR Extension: (Google Drive) - C:\Users\bitem_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-26]
CHR Extension: (YouTube) - C:\Users\bitem_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-26]
CHR Extension: (Google Search) - C:\Users\bitem_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-26]
CHR Extension: (Google Sheets) - C:\Users\bitem_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-26]
CHR Extension: (Google Docs Offline) - C:\Users\bitem_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (AdBlock) - C:\Users\bitem_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-09-25]
CHR Extension: (Cisco WebEx Extension) - C:\Users\bitem_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2016-04-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\bitem_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-02]
CHR Extension: (Gmail) - C:\Users\bitem_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-26]
CHR Extension: (Chrome Media Router) - C:\Users\bitem_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-25]
CHR HKLM-x32\...\Chrome\Extension: [bpgmmbefnahabhcchpfkobeindpppflc] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eihhgekonheiliaidomffpplfhecmkag] - hxxps://clients2.google.com/service/update2/crx

Opera:
=======
OPR StartupUrls: "hxxp://google.com/"
OPR Session Restore: -> is enabled.
OPR Extension: (Translate) - C:\Users\bitem_000\AppData\Roaming\Opera Software\Opera Stable\Extensions\ibnombjmjocaccigcefonnipcnlaeaed [2015-09-22]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-08-24] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2207960 2016-09-26] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3192560 2016-07-26] (Microsoft Corporation)
S4 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation) [File not signed]
S4 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation)
S2 NAT; C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe [232424 2013-10-11] (Symantec Corporation)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [524800 2014-10-28] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S4 AdvancedSystemCareService9; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [X]
S3 BstHdAndroidSvc; "C:\Program Files (x86)\Bluestacks\HD-Service.exe" BstHdAndroidSvc Android [X]
S2 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [X]
S3 BstHdPlusAndroidSvc; "C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe" BstHdPlusAndroidSvc Android [X]
S3 Disc Soft Lite Bus Service; "C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe" [X]
S3 Disc Soft Pro Bus Service; "C:\Program Files\DAEMON Tools Pro\DiscSoftBusService.exe" [X]
S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [X]
S2 mglupdate; C:\Program Files (x86)\Maxiget\Updater\MaxigetUpdater.exe /svc [X]
S3 mglupdatem; C:\Program Files (x86)\Maxiget\Updater\MaxigetUpdater.exe /medsvc [X]
S2 NielsenUpdate; C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe [X]
S4 Origin Client Service; "C:\Program Files (x86)\Origin\OriginClientService.exe" [X]
S2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 ccSet_NAT; C:\Windows\system32\drivers\NATx64\010A000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-08-17] (Disc Soft Ltd)
R3 dtproscsibus; C:\Windows\System32\drivers\dtproscsibus.sys [30352 2015-10-08] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2016-01-21] (REALiX™)
S3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [404184 2016-01-28] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [4520152 2016-01-28] (Realtek Semiconductor Corporation                           )
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-11-06] (Razer, Inc.)
S3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33960 2016-01-28] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [36712 2016-01-28] (Toshiba Corporation)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2016-01-28] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 AppObserver; \??\C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\appobserver64.sys [X]
S3 BstHdDrv; \??\C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [X]
S3 BstkDrv; \??\C:\Program Files (x86)\Bluestacks\BstkDrv.sys [X]
S3 cpuz138; \??\C:\Users\BITEM_~1\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X]
S3 dump_wmimmc; \??\C:\Webzen\ASTA\bin32\GameGuard\dump_wmimmc.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 hxsyol; \??\C:\AeriaGames\AuraKingdom\avital\hxsy64.sys [X]
S1 nnfwdk; \??\C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\nnfwdk64.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-08 11:16 - 2016-10-08 11:28 - 00023000 _____ C:\Users\bitem_000\Downloads\FRST.txt
2016-10-08 11:15 - 2016-10-08 11:15 - 02405376 _____ (Farbar) C:\Users\bitem_000\Downloads\FRST64.exe
2016-10-07 06:44 - 2016-10-07 06:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2016-10-07 06:44 - 2016-10-07 06:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2016-10-07 06:41 - 2016-10-07 06:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2016-10-07 06:40 - 2016-10-07 06:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Sync Framework
2016-10-07 06:38 - 2016-10-07 06:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2016-10-07 06:37 - 2016-10-07 06:37 - 00000000 ____D C:\Windows\SHELLNEW
2016-10-07 06:37 - 2016-10-07 06:37 - 00000000 ____D C:\Program Files\Microsoft Office
2016-10-07 06:37 - 2016-10-07 06:37 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2016-10-07 06:36 - 2016-10-07 06:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-10-07 06:36 - 2016-10-07 06:36 - 00000000 __RHD C:\MSOCache
2016-10-07 06:29 - 2016-10-07 06:34 - 681867016 _____ (Microsoft Corporation) C:\Users\bitem_000\Downloads\ProfessionalPlus.exe
2016-10-06 21:40 - 2016-10-06 22:13 - 01631928 _____ (Malwarebytes) C:\Users\bitem_000\Downloads\JRT(1).exe
2016-10-06 20:21 - 2016-10-06 20:21 - 11579432 _____ (SurfRight B.V.) C:\Users\bitem_000\Downloads\hitmanpro_x64.exe
2016-10-06 17:17 - 2016-10-06 17:17 - 00001101 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-10-06 17:17 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-10-06 17:17 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-10-06 17:17 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-10-06 17:16 - 2016-10-06 17:17 - 22851472 _____ (Malwarebytes ) C:\Users\bitem_000\Downloads\mbam-setup-2.2.1.1043.exe
2016-10-06 17:14 - 2016-10-06 17:14 - 00003885 _____ C:\Users\bitem_000\Desktop\JRT.txt
2016-10-06 17:09 - 2016-10-06 17:09 - 01631928 _____ (Malwarebytes) C:\Users\bitem_000\Downloads\JRT.exe
2016-10-06 17:02 - 2016-10-06 17:05 - 00000000 ____D C:\AdwCleaner
2016-10-06 17:02 - 2016-10-06 17:02 - 03861056 _____ C:\Users\bitem_000\Downloads\AdwCleaner.exe
2016-10-06 12:17 - 2016-10-06 12:17 - 00000000 _____ C:\autoexec.bat
2016-10-06 12:16 - 2016-10-06 20:08 - 00000000 ____D C:\Users\bitem_000\AppData\Roaming\Enigma Software Group
2016-10-06 12:16 - 2016-10-06 12:16 - 00000000 ____D C:\sh4ldr
2016-10-06 12:15 - 2016-10-06 20:08 - 00000000 ____D C:\Program Files\Enigma Software Group
2016-10-06 08:53 - 2016-10-07 06:46 - 00000000 ____D C:\Users\Public\Documents\AdobeGC
2016-10-04 20:55 - 2016-10-05 09:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-10-03 14:52 - 2016-10-03 14:52 - 00000000 ____D C:\Users\bitem_000\AppData\Local\Tempzxpsignd0b931ebf1782899
2016-10-03 14:51 - 2016-10-03 14:51 - 00000000 ____D C:\Users\bitem_000\AppData\Local\Tempzxpsignb179e7bc2ff9b792
2016-10-03 14:51 - 2016-10-03 14:51 - 00000000 ____D C:\Users\bitem_000\AppData\Local\Tempzxpsign4f372807afb3f1e5
2016-10-03 00:02 - 2016-10-03 00:02 - 00001476 _____ C:\Users\bitem_000\Desktop\CopyTrans Control Center.lnk
2016-10-02 23:36 - 2016-10-02 23:36 - 00000000 ____D C:\Users\bitem_000\AppData\Local\Tempzxpsignab46d083d5a9e130
2016-10-02 23:35 - 2016-10-02 23:35 - 00000000 ____D C:\Users\bitem_000\AppData\Local\Tempzxpsignaf52cb8a68c96cc9
2016-10-02 23:35 - 2016-10-02 23:35 - 00000000 ____D C:\Users\bitem_000\AppData\Local\Tempzxpsign1b21e87c9c06d4db
2016-10-02 23:11 - 2016-10-02 23:11 - 00000000 ____D C:\Users\bitem_000\AppData\Local\Tempzxpsignfddabf20ea5ebbab
2016-10-02 23:11 - 2016-10-02 23:11 - 00000000 ____D C:\Users\bitem_000\AppData\Local\Tempzxpsign611d233e082b7f1f
2016-10-02 23:11 - 2016-10-02 23:11 - 00000000 ____D C:\Users\bitem_000\AppData\Local\Tempzxpsign2ee5194d2cfa6003
2016-10-02 22:28 - 2016-10-02 22:28 - 00000000 ____D C:\Users\bitem_000\AppData\Local\Tempzxpsignbdd440a05e566a78
2016-10-02 22:28 - 2016-10-02 22:28 - 00000000 ____D C:\Users\bitem_000\AppData\Local\Tempzxpsign9b408f15a61fcd02
2016-10-02 22:28 - 2016-10-02 22:28 - 00000000 ____D C:\Users\bitem_000\AppData\Local\Tempzxpsign52e614e92e8240f4
2016-10-02 18:50 - 2016-10-07 23:41 - 00000000 ____D C:\Users\bitem_000\AppData\Local\Firestorm
2016-10-02 18:50 - 2016-10-02 18:50 - 00001164 _____ C:\Users\Public\Desktop\Firestorm-Release.lnk
2016-10-02 18:49 - 2016-10-02 18:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firestorm-Release
2016-10-02 18:47 - 2016-10-02 18:50 - 00000000 ____D C:\Program Files (x86)\Firestorm-Release
2016-10-01 17:45 - 2016-10-01 17:45 - 00000000 ____D C:\Users\bitem_000\AppData\Local\Tempzxpsignd222e879b88ee068
2016-10-01 17:44 - 2016-10-01 17:44 - 00000000 ____D C:\Users\bitem_000\AppData\Local\Tempzxpsigndf88bedcaa26af5f
2016-10-01 17:44 - 2016-10-01 17:44 - 00000000 ____D C:\Users\bitem_000\AppData\Local\Tempzxpsignd7d8cabfcc2c0a6a
2016-10-01 16:01 - 2016-10-01 16:01 - 00000000 ____D C:\Users\bitem_000\AppData\Local\Tempzxpsignad63ec559abc39f3
2016-10-01 15:59 - 2016-10-01 15:59 - 00000000 ____D C:\Users\bitem_000\AppData\Local\Tempzxpsign70df5a2f089268f5
2016-10-01 15:59 - 2016-10-01 15:59 - 00000000 ____D C:\Users\bitem_000\AppData\Local\Tempzxpsign2a8bb5eaee763441
2016-10-01 15:06 - 2016-10-01 15:06 - 00000000 ____D C:\Users\bitem_000\AppData\Local\Tempzxpsignba047bd493295579
2016-10-01 15:06 - 2016-10-01 15:06 - 00000000 ____D C:\Users\bitem_000\AppData\Local\Tempzxpsignb316abdf37d52b90
2016-10-01 15:06 - 2016-10-01 15:06 - 00000000 ____D C:\Users\bitem_000\AppData\Local\Tempzxpsign67203fbb4d4f3882
2016-10-01 11:05 - 2016-10-01 11:05 - 00000000 ____D C:\Users\bitem_000\AppData\Local\Tempzxpsign22b34874a2ced195
2016-10-01 11:04 - 2016-10-01 11:04 - 00000000 ____D C:\Users\bitem_000\AppData\Local\Tempzxpsignf3eb64bd1e36c4ec
2016-10-01 11:04 - 2016-10-01 11:04 - 00000000 ____D C:\Users\bitem_000\AppData\Local\Tempzxpsign9cb39e036bb3cb35
2016-10-01 11:04 - 2016-10-01 11:04 - 00000000 ____D C:\Users\bitem_000\AppData\Local\Tempzxpsign47a3db0a3d314e9f
2016-10-01 11:04 - 2016-10-01 11:04 - 00000000 ____D C:\Users\bitem_000\AppData\Local\Tempzxpsign331f759789f8635c
2016-10-01 11:04 - 2016-10-01 11:04 - 00000000 ____D C:\Users\bitem_000\AppData\Local\Tempzxpsign33048325dd7b9ac1
2016-10-01 11:04 - 2016-10-01 11:04 - 00000000 ____D C:\Users\bitem_000\AppData\Local\Tempzxpsign0a875603d28ef37a
2016-10-01 10:56 - 2016-10-01 10:56 - 00001097 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2015.5.lnk
2016-10-01 10:45 - 2016-10-01 10:45 - 00000000 ____D C:\Users\bitem_000\AppData\Roaming\BANDISOFT
2016-10-01 10:39 - 2016-10-01 10:39 - 00001158 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2016-10-01 10:39 - 2016-10-01 10:39 - 00001146 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2016-09-28 19:16 - 2016-09-28 19:16 - 00000000 ____D C:\Users\bitem_000\AppData\Roaming\IObit
2016-09-28 19:12 - 2016-09-28 19:12 - 00000000 ____D C:\Users\bitem_000\AppData\Local\VideoEditor
2016-09-28 19:10 - 2016-09-28 19:10 - 00000000 ____D C:\Users\bitem_000\AppData\Roaming\DAEMON Tools Pro
2016-09-28 18:43 - 2016-09-28 18:43 - 00004157 _____ C:\ProgramData\czchsjpj.srw
2016-09-28 18:19 - 2016-09-28 18:19 - 00000000 ____D C:\Windows\es
2016-09-28 17:41 - 2016-09-28 18:46 - 00000000 ____D C:\Users\bitem_000\Documents\Bandicam
2016-09-28 17:30 - 2016-09-28 17:30 - 00000000 ____D C:\Program Files (x86)\BandiMPEG1
2016-09-26 20:53 - 2016-09-26 20:53 - 00000000 ____D C:\Program Files (x86)\GoodGames
2016-09-26 20:50 - 2016-09-26 20:51 - 05959464 _____ C:\EOS_Setup_20140507A.exe
2016-09-26 20:41 - 2016-09-26 20:41 - 00000000 ____D C:\Program Files (x86)\True Digital Plus
2016-09-24 00:00 - 2016-09-24 00:00 - 00000000 ____D C:\Users\bitem_000\AppData\Local\Icecream
2016-09-24 00:00 - 2016-09-24 00:00 - 00000000 ____D C:\Users\bitem_000\.Icecream Screen Recorder
2016-09-23 23:54 - 2016-09-23 23:54 - 00000000 ____D C:\Users\bitem_000\AppData\Local\ScreenCapture
2016-09-23 23:54 - 2016-09-23 23:54 - 00000000 ____D C:\Users\bitem_000\AppData\Local\Movavi
2016-09-23 23:52 - 2016-09-23 23:52 - 00004924 _____ C:\ProgramData\lbogtyso.zat
2016-09-22 10:44 - 2016-09-22 10:44 - 00040448 ____H C:\Users\bitem_000\Downloads\~WRL0001.tmp
2016-09-20 11:33 - 2016-10-07 18:22 - 00000000 ____D C:\Users\bitem_000\AppData\Roaming\Firestorm
2016-09-18 10:07 - 2016-09-06 20:11 - 00828408 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-09-18 10:07 - 2016-09-06 20:11 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-09-14 14:31 - 2016-09-14 14:31 - 00000000 ____D C:\NVIDIA
2016-09-14 14:18 - 2016-08-20 18:45 - 07076864 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2016-09-14 14:18 - 2016-08-20 18:27 - 01445376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-09-14 14:18 - 2016-08-20 18:22 - 00435200 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-09-14 14:18 - 2016-08-20 18:05 - 05273600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2016-09-14 14:18 - 2016-08-20 17:50 - 00360448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-09-14 14:18 - 2016-08-20 17:42 - 07795712 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-09-14 14:18 - 2016-08-20 17:27 - 05268480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-09-14 14:18 - 2016-08-09 17:47 - 00803176 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-09-14 14:18 - 2016-08-09 17:47 - 00611576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-09-14 14:18 - 2016-08-04 09:17 - 00416768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-09-14 14:18 - 2016-08-03 13:06 - 00675328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-09-14 14:18 - 2016-08-03 13:05 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-09-14 14:18 - 2016-07-09 11:10 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll
2016-09-14 14:18 - 2016-07-08 17:35 - 00101208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2016-09-14 14:18 - 2016-07-08 09:17 - 00377344 _____ (Microsoft Corporation) C:\Windows\system32\mprddm.dll
2016-09-14 14:18 - 2016-07-08 09:17 - 00319488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprddm.dll
2016-09-14 14:18 - 2016-07-07 17:32 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys
2016-09-14 14:18 - 2016-07-07 17:10 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\mprdim.dll
2016-09-14 14:18 - 2016-07-07 17:01 - 00272896 _____ (Microsoft Corporation) C:\Windows\system32\rasppp.dll
2016-09-14 14:18 - 2016-07-07 16:04 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\rasman.dll
2016-09-14 14:18 - 2016-07-07 15:44 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\vpnike.dll
2016-09-14 14:18 - 2016-07-07 15:41 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\rascustom.dll
2016-09-14 14:18 - 2016-07-07 15:34 - 00542720 _____ (Microsoft Corporation) C:\Windows\system32\rasmans.dll
2016-09-14 14:18 - 2016-07-07 15:29 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\rasapi32.dll
2016-09-14 14:18 - 2016-07-07 15:18 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprdim.dll
2016-09-14 14:18 - 2016-07-07 15:11 - 01661064 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-09-14 14:18 - 2016-07-07 15:11 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-09-14 14:18 - 2016-07-07 14:14 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasapi32.dll
2016-09-14 14:18 - 2016-07-04 00:09 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-09-14 14:18 - 2016-07-03 22:45 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\rdpclip.exe
2016-09-14 14:18 - 2016-07-03 22:37 - 02897920 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2016-09-14 14:18 - 2016-07-03 22:33 - 00657920 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2016-09-14 14:18 - 2016-07-03 22:04 - 02539008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2016-09-14 14:18 - 2016-07-03 22:02 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2016-09-14 14:18 - 2016-07-03 21:19 - 03547136 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-09-14 14:18 - 2016-07-01 15:39 - 00197352 _____ (Microsoft Corporation) C:\Windows\system32\dssenh.dll
2016-09-14 14:18 - 2016-07-01 15:39 - 00157016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dssenh.dll
2016-09-14 14:18 - 2016-01-10 12:08 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2016-09-14 14:17 - 2016-07-07 17:18 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\iprtrmgr.dll
2016-09-14 14:17 - 2016-07-07 15:59 - 01080320 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2016-09-14 14:17 - 2016-07-07 15:29 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2016-09-14 14:17 - 2016-07-07 15:23 - 00285184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtrmgr.dll
2016-09-14 14:17 - 2016-07-07 15:11 - 00185856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasppp.dll
2016-09-14 14:17 - 2016-07-07 14:35 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasman.dll
2016-09-14 14:16 - 2016-09-08 16:51 - 00443224 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-09-14 14:16 - 2016-09-08 16:51 - 00332632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-09-14 14:16 - 2016-08-22 11:06 - 00179248 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-09-14 14:16 - 2016-08-22 11:06 - 00100184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-09-14 14:16 - 2016-08-20 20:03 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-09-14 14:16 - 2016-08-20 20:01 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-09-14 14:16 - 2016-08-20 20:01 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-09-14 14:16 - 2016-08-20 19:17 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-09-14 14:16 - 2016-08-20 18:26 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-09-14 14:16 - 2016-08-20 17:55 - 00104960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-09-14 14:15 - 2016-08-31 22:08 - 20312064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-09-14 14:15 - 2016-08-31 21:46 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-09-14 14:15 - 2016-08-31 21:24 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-09-14 14:15 - 2016-08-31 20:39 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-09-14 14:15 - 2016-08-31 20:30 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-09-14 14:15 - 2016-08-31 20:27 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-09-14 14:15 - 2016-08-31 20:24 - 04607488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-09-14 14:15 - 2016-08-31 19:45 - 25770496 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-09-14 14:15 - 2016-08-31 19:43 - 02445824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-09-14 14:15 - 2016-08-31 19:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-09-14 14:15 - 2016-08-31 19:38 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-09-14 14:15 - 2016-08-31 19:24 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-09-14 14:15 - 2016-08-31 19:10 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-09-14 14:15 - 2016-08-31 19:06 - 06047232 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-09-14 14:15 - 2016-08-31 18:38 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-09-14 14:15 - 2016-08-31 18:28 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-09-14 14:15 - 2016-08-31 18:15 - 15411712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-09-14 14:15 - 2016-08-31 18:10 - 02921472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-09-14 14:15 - 2016-08-31 17:58 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-09-14 14:15 - 2016-08-31 17:47 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-09-14 14:15 - 2016-08-26 00:51 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-09-14 14:15 - 2016-08-25 23:44 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-09-14 14:15 - 2016-08-25 23:41 - 02881536 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2016-09-14 14:15 - 2016-08-25 23:00 - 01049600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2016-09-14 14:12 - 2016-08-14 14:34 - 01541248 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-09-14 14:12 - 2016-08-14 13:25 - 04171264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-09-14 14:12 - 2016-08-14 11:14 - 01376768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-09-14 14:12 - 2016-08-13 02:41 - 07445848 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-09-14 14:12 - 2016-08-13 02:40 - 01737080 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-09-14 14:12 - 2016-08-13 02:40 - 01663184 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-09-14 14:12 - 2016-08-13 02:40 - 01523208 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2016-09-14 14:12 - 2016-08-13 02:40 - 01490120 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-09-14 14:12 - 2016-08-13 02:40 - 01358952 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2016-09-14 14:12 - 2016-08-12 19:04 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-09-14 14:12 - 2016-08-11 11:26 - 01156608 _____ (Microsoft Corporation) C:\Windows\system32\wwanmm.dll
2016-09-14 14:12 - 2016-08-11 11:17 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\pnidui.dll
2016-09-14 14:12 - 2016-08-11 11:16 - 00455680 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll
2016-09-14 13:08 - 2016-09-14 13:08 - 00002022 _____ C:\Users\bitem_000\Desktop\EOSLand Laucnher.lnk
2016-09-14 13:08 - 2016-09-14 13:08 - 00000000 ____D C:\Users\bitem_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EoSLand
2016-09-14 12:43 - 2016-09-14 12:43 - 00000000 ____D C:\Program Files (x86)\EoSLand
2016-09-14 12:16 - 2016-09-14 12:21 - 00000000 ____D C:\Program Files\EOS
2016-09-13 11:07 - 2016-09-13 11:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auto Clicker
2016-09-12 09:20 - 2016-09-12 09:20 - 00000000 ____D C:\Users\bitem_000\AppData\Roaming\GT
2016-09-12 08:20 - 2016-09-12 08:20 - 00000000 ____D C:\Users\Public\Documents\Arc
2016-09-12 08:16 - 2016-09-12 08:16 - 00000000 ____D C:\Users\bitem_000\Downloads\Log

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-08 11:24 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\AppReadiness
2016-10-08 11:16 - 2016-03-22 21:48 - 00000000 ____D C:\FRST
2016-10-08 11:09 - 2014-12-08 11:37 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2335575561-2103832806-512499992-1001
2016-10-08 11:04 - 2016-07-28 15:31 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-08 11:04 - 2014-09-21 19:30 - 00000928 _____ C:\Windows\Tasks\MaxigetUpdaterTaskMachineCore.job
2016-10-08 11:04 - 2014-02-11 19:35 - 00000000 __RDO C:\Users\bitem_000\SkyDrive
2016-10-08 10:58 - 2015-01-28 02:37 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-10-08 10:38 - 2015-01-28 02:37 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-10-08 10:37 - 2014-09-21 19:30 - 00000932 _____ C:\Windows\Tasks\MaxigetUpdaterTaskMachineUA.job
2016-10-08 10:36 - 2016-07-28 15:31 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-10-07 23:43 - 2014-09-04 17:53 - 03561984 ___SH C:\Users\bitem_000\Desktop\Thumbs.db
2016-10-07 18:27 - 2014-12-20 11:40 - 00003786 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{4C5D6D2E-E230-41F4-9419-96D2038CAF7D}
2016-10-07 18:26 - 2014-09-22 21:06 - 00000000 ____D C:\Program Files (x86)\Opera
2016-10-07 18:19 - 2013-08-22 09:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-07 18:19 - 2013-08-22 09:44 - 00516152 _____ C:\Windows\system32\FNTCACHE.DAT
2016-10-07 06:43 - 2013-08-28 18:54 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-10-07 06:40 - 2015-07-09 01:32 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2016-10-07 06:38 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-10-07 06:37 - 2013-08-22 08:25 - 00000167 _____ C:\Windows\win.ini
2016-10-07 06:32 - 2014-08-04 19:58 - 00000000 ____D C:\Users\bitem_000\AppData\Local\Adobe
2016-10-06 22:14 - 2014-02-11 19:28 - 00000000 ____D C:\Users\bitem_000
2016-10-06 20:22 - 2014-02-28 23:45 - 00000000 ____D C:\Users\bitem_000\AppData\Local\CrashDumps
2016-10-06 17:18 - 2016-03-23 10:50 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-10-06 17:17 - 2016-03-23 10:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-10-06 17:17 - 2016-03-23 10:50 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-10-06 15:19 - 2013-08-22 08:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2016-10-06 14:43 - 2016-04-28 20:20 - 00002188 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-06 14:43 - 2016-04-28 20:20 - 00002176 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-10-06 14:43 - 2016-01-18 22:40 - 00001130 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-10-06 14:43 - 2015-07-22 13:33 - 00001142 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-10-06 14:43 - 2014-02-11 19:30 - 00001453 _____ C:\Users\bitem_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-10-05 21:32 - 2016-07-04 21:32 - 00000000 ____D C:\Users\bitem_000\AppData\Local\Spotify
2016-10-05 21:32 - 2016-07-04 21:31 - 00000000 ____D C:\Users\bitem_000\AppData\Roaming\Spotify
2016-10-05 11:05 - 2013-08-22 10:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-10-05 11:03 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\Inf
2016-10-05 09:45 - 2016-01-18 18:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-10-03 13:07 - 2016-01-18 22:09 - 00000000 ____D C:\Users\bitem_000\AppData\Roaming\IMVU
2016-10-03 00:02 - 2015-03-17 11:35 - 00000000 ____D C:\Users\bitem_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopyTrans Control Center
2016-10-02 20:13 - 2013-12-03 06:53 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI
2016-10-02 19:49 - 2013-08-22 10:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-10-02 14:33 - 2016-04-19 08:22 - 00000000 ____D C:\Users\bitem_000\AppData\Roaming\SecondLife
2016-10-01 11:03 - 2014-02-11 19:30 - 00000000 ____D C:\Users\bitem_000\AppData\Roaming\Adobe
2016-10-01 11:01 - 2015-04-18 22:59 - 00000000 ____D C:\Program Files\Adobe
2016-10-01 11:01 - 2015-04-16 13:13 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-10-01 10:56 - 2015-08-12 17:29 - 00000000 ____D C:\Users\bitem_000\Documents\Adobe
2016-10-01 10:49 - 2015-04-18 22:54 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-10-01 10:44 - 2015-04-08 18:33 - 00000000 ____D C:\Users\bitem_000\Desktop\Aiesha Student Classes
2016-10-01 10:24 - 2014-09-22 21:06 - 00001224 _____ C:\Users\Public\Desktop\Opera.lnk
2016-10-01 10:24 - 2014-09-22 21:06 - 00001152 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-09-27 11:03 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\NDF
2016-09-26 21:42 - 2014-03-27 00:50 - 02751488 ___SH C:\Users\bitem_000\Downloads\Thumbs.db
2016-09-24 12:14 - 2013-08-22 10:20 - 00000000 ____D C:\Windows\CbsTemp
2016-09-22 10:45 - 2014-02-11 19:29 - 00000000 ____D C:\Users\bitem_000\AppData\Local\Packages
2016-09-21 08:37 - 2016-07-08 21:09 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-09-18 11:43 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\SysWOW64\setup
2016-09-18 11:43 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\setup
2016-09-18 10:26 - 2014-02-17 21:55 - 00000000 ____D C:\Windows\system32\MRT
2016-09-18 10:08 - 2014-02-17 21:55 - 144199024 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-09-14 12:30 - 2016-03-23 17:08 - 00000000 ____D C:\Users\bitem_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames
2016-09-14 11:50 - 2015-05-11 13:46 - 00000000 ____D C:\Users\bitem_000\AppData\Local\Akamai
2016-09-12 13:28 - 2016-01-19 08:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCSOFT
2016-09-12 13:28 - 2013-12-03 07:45 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-09-12 13:26 - 2016-03-09 18:40 - 00000000 ____D C:\Users\bitem_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nexon
2016-09-12 09:09 - 2015-09-07 12:44 - 00000000 ___HD C:\ArcTemp
2016-09-12 08:14 - 2014-08-24 22:03 - 00000000 ____D C:\Users\bitem_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-09-10 13:05 - 2016-01-19 11:17 - 00000000 ____D C:\ProgramData\Gyazo
2016-09-08 16:14 - 2016-04-28 20:26 - 00000000 ____D C:\Users\bitem_000\AppData\Local\WebEx
2016-09-08 16:14 - 2016-01-18 18:31 - 00000000 ____D C:\Users\bitem_000\AppData\Roaming\Mozilla

==================== Files in the root of some directories =======

2015-05-07 22:08 - 2016-05-13 15:33 - 0558080 _____ () C:\Users\bitem_000\AppData\Roaming\SharedSettings.ccs
2015-09-10 22:10 - 2015-09-12 14:27 - 0005120 _____ () C:\Users\bitem_000\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-11 21:04 - 2014-11-11 21:04 - 0003918 _____ () C:\Users\bitem_000\AppData\Local\recently-used.xbel
2016-09-28 18:43 - 2016-09-28 18:43 - 0004157 _____ () C:\ProgramData\czchsjpj.srw
2014-01-06 01:40 - 2014-01-06 01:40 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-09-23 23:52 - 2016-09-23 23:52 - 0004924 _____ () C:\ProgramData\lbogtyso.zat

Some files in TEMP:
====================
C:\Users\bitem_000\AppData\Local\Temp\bdfilters.dll
C:\Users\bitem_000\AppData\Local\Temp\libeay32.dll
C:\Users\bitem_000\AppData\Local\Temp\msvcr120.dll
C:\Users\bitem_000\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-02-05 11:35

==================== End of FRST.txt ============================

Attached Files


Edited by amorrow23, 08 October 2016 - 12:32 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:24 PM

Posted 09 October 2016 - 10:31 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [NielsenOnline] => C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe
HKLM-x32\...\Run: [GGOnline] => [X]
HKU\S-1-5-21-2335575561-2103832806-512499992-1001\...\Run: [BingSvc] => C:\Users\bitem_000\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2016-03-23] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-2335575561-2103832806-512499992-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2335575561-2103832806-512499992-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2335575561-2103832806-512499992-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://search.yahoo.com/?fr=avantsearch6
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO: RandomPPrIce -> {19fc9b93-e4ed-48b1-b233-f03360bfc49c} -> C:\Program Files (x86)\RandomPPrIce\b2hfeAeiAB7xr7.x64.dll => No File
BHO: 50CoupoNS -> {348a8283-8b9e-4f48-a360-50eb01ef3fee} -> C:\Program Files (x86)\50CoupoNS\oqbuUsy0pHDXtZ.x64.dll => No File
BHO: RoboSavier -> {9fce6b6e-51fc-4288-82af-f8184880ed73} -> C:\Program Files (x86)\RoboSavier\KR8AKJRTvxnIdY.x64.dll => No File
BHO: DieaLExpresS -> {b0bebb42-6198-44f7-a901-a2fb550384ff} -> C:\Program Files (x86)\DieaLExpresS\V4b93PUN2YiGWP.x64.dll => No File
BHO: AlLCheuapPriice -> {d6f86340-02a0-4c72-83b3-5cbb6eea4c52} -> C:\Program Files (x86)\AlLCheuapPriice\hQ0YVkdDFDyeTH.x64.dll => No File
BHO: JoniCioupoin -> {e722e2f1-adc2-4077-ab67-3e9cd7e4d528} -> C:\Program Files (x86)\JoniCioupoin\Amv83dKWB73XJK.x64.dll => No File
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll No File
FF HKLM-x32\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\netsight@nielsen.xpi => not found
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [No File]
FF Plugin-x32: @omaha.maxiget.com/Maxiget Updater;version=3 -> C:\Program Files (x86)\Maxiget\Updater\70.3.29.7018\npMaxigetUpdater3.dll [No File]
FF Plugin-x32: @omaha.maxiget.com/Maxiget Updater;version=9 -> C:\Program Files (x86)\Maxiget\Updater\70.3.29.7018\npMaxigetUpdater3.dll [No File]
FF Plugin HKU\S-1-5-21-2335575561-2103832806-512499992-1001: @my.com/Games -> C:\Users\bitem_000\AppData\Local\MyComGames\NPMyComDetector.dll [No File]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\1116703081.cfg [2016-10-01] <==== ATTENTION
CHR Extension: (Chrome Web Store Payments) - C:\Users\bitem_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-02]
CHR Extension: (Chrome Media Router) - C:\Users\bitem_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-25]
S4 AdvancedSystemCareService9; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [X]
S3 BstHdAndroidSvc; "C:\Program Files (x86)\Bluestacks\HD-Service.exe" BstHdAndroidSvc Android [X]
S2 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [X]
S3 BstHdPlusAndroidSvc; "C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe" BstHdPlusAndroidSvc Android [X]
S3 Disc Soft Lite Bus Service; "C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe" [X]
S3 Disc Soft Pro Bus Service; "C:\Program Files\DAEMON Tools Pro\DiscSoftBusService.exe" [X]
S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [X]
S2 mglupdate; C:\Program Files (x86)\Maxiget\Updater\MaxigetUpdater.exe /svc [X]
S3 mglupdatem; C:\Program Files (x86)\Maxiget\Updater\MaxigetUpdater.exe /medsvc [X]
S2 NielsenUpdate; C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe [X]
S4 Origin Client Service; "C:\Program Files (x86)\Origin\OriginClientService.exe" [X]
S2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [X]
S3 AppObserver; \??\C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\appobserver64.sys [X]
S3 BstHdDrv; \??\C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [X]
S3 BstkDrv; \??\C:\Program Files (x86)\Bluestacks\BstkDrv.sys [X]
S3 cpuz138; \??\C:\Users\BITEM_~1\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X]
S3 dump_wmimmc; \??\C:\Webzen\ASTA\bin32\GameGuard\dump_wmimmc.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 hxsyol; \??\C:\AeriaGames\AuraKingdom\avital\hxsy64.sys [X]
S1 nnfwdk; \??\C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\nnfwdk64.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {2064C46E-23B0-4811-BCD2-C3FEB88509B6} - \MaxigetUpdaterTaskMachineUA -> No File <==== ATTENTION
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {77EDD444-95AD-425C-A7DE-31CFBF64DF18} - \SpyHunter4Startup -> No File <==== ATTENTION
Task: {B227A4A7-E181-4FDC-9D44-A7CABC17DE94} - \MaxigetUpdaterTaskMachineCore -> No File <==== ATTENTION
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {C83C61CD-C50A-448A-8C81-753D2ADFD1C3} - \Optimize Start Menu Cache Files-S-1-5-21-2335575561-2103832806-512499992-500 -> No File <==== ATTENTION
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
Task: {E467010E-9490-4ADC-BA5C-8D4BB8D389AE} - \Advanced-System Protector_startup -> No File <==== ATTENTION
Task: C:\Windows\Tasks\MaxigetUpdaterTaskMachineCore.job => C:\Program Files (x86)\Maxiget\Updater\MaxigetUpdater.exe <==== ATTENTION
Task: C:\Windows\Tasks\MaxigetUpdaterTaskMachineUA.job => C:\Program Files (x86)\Maxiget\Updater\MaxigetUpdater.exe <==== ATTENTION
ShortcutWithArgument: C:\Users\bitem_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> "hxxp://loadstart.net/?ssid=1475335468&a=1107743&src=sh&uuid=ac69e89e-b4be-4b17-80e9-c21716616115,1475335456306"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> "hxxp://loadstart.net/?ssid=1475335468&a=1107743&src=sh&uuid=ac69e89e-b4be-4b17-80e9-c21716616115,1475335456306"
ShortcutWithArgument: C:\Users\Public\Desktop\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> "hxxp://loadstart.net/?ssid=1475335468&a=1107743&src=sh&uuid=ac69e89e-b4be-4b17-80e9-c21716616115,1475335456306"
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NielsenOnline
FirewallRules: [{4CC489E5-E08C-4809-9F64-0E5FAB06B304}] => (Allow) C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe
FirewallRules: [{A432173F-0F7F-42B0-B62D-A41793FC008A}] => (Allow) C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe
C:\Program Files (x86)\NetRatingsNetSight
C:\Users\bitem_000\AppData\Local\Microsoft\BingSvc\BingSvc.exe
C:\Users\bitem_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Users\bitem_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download to your Desktop the Junkware Removal Tool Download from this link.
http://www.bleepingcomputer.com/download/junkware-removal-tool/

Shutdown your antivirus to avoid any conflicts.
Right click the icon - disable for say 20 mins.
Right-mouse click JRT.exe and select Run as administrator (If using XP just double click on the icon to run it.)
The tool will open and start scanning your system.
Please be patient as this can take a while to complete.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
======

Your version(s) of Adobe Flash are out-or-date and vulnerable.
Go to Start > Control Panel > Programs and Features and uninstall the following programs:
Adobe Flash Player 20 NPAPI
Adobe Flash Player 20 PPAPI


Go to this page with Firefox to download the current version for your browser:
https://get.adobe.com/flashplayer/

Note:
Flash Player is pre-installed in Google Chrome and updates automatically!
Flash Player is pre-installed in IE/Hedge and updates automatically!
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove the old version(s) of Java via the Control Panel > Programs and Features.
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)

Please post the logs and let me know what problems persists.

#3 amorrow23

amorrow23
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 09 October 2016 - 10:53 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 04-10-2016
Ran by AMorrow (09-10-2016 10:40:33) Run:1
Running from C:\Users\bitem_000\Desktop\FRST
Loaded Profiles: AMorrow (Available Profiles: AMorrow)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [NielsenOnline] => C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe
HKLM-x32\...\Run: [GGOnline] => [X]
HKU\S-1-5-21-2335575561-2103832806-512499992-1001\...\Run: [BingSvc] => C:\Users\bitem_000\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2016-03-23] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-2335575561-2103832806-512499992-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2335575561-2103832806-512499992-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2335575561-2103832806-512499992-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://search.yahoo.com/?fr=avantsearch6
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO: RandomPPrIce -> {19fc9b93-e4ed-48b1-b233-f03360bfc49c} -> C:\Program Files (x86)\RandomPPrIce\b2hfeAeiAB7xr7.x64.dll => No File
BHO: 50CoupoNS -> {348a8283-8b9e-4f48-a360-50eb01ef3fee} -> C:\Program Files (x86)\50CoupoNS\oqbuUsy0pHDXtZ.x64.dll => No File
BHO: RoboSavier -> {9fce6b6e-51fc-4288-82af-f8184880ed73} -> C:\Program Files (x86)\RoboSavier\KR8AKJRTvxnIdY.x64.dll => No File
BHO: DieaLExpresS -> {b0bebb42-6198-44f7-a901-a2fb550384ff} -> C:\Program Files (x86)\DieaLExpresS\V4b93PUN2YiGWP.x64.dll => No File
BHO: AlLCheuapPriice -> {d6f86340-02a0-4c72-83b3-5cbb6eea4c52} -> C:\Program Files (x86)\AlLCheuapPriice\hQ0YVkdDFDyeTH.x64.dll => No File
BHO: JoniCioupoin -> {e722e2f1-adc2-4077-ab67-3e9cd7e4d528} -> C:\Program Files (x86)\JoniCioupoin\Amv83dKWB73XJK.x64.dll => No File
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll No File
FF HKLM-x32\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\netsight@nielsen.xpi => not found
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [No File]
FF Plugin-x32: @omaha.maxiget.com/Maxiget Updater;version=3 -> C:\Program Files (x86)\Maxiget\Updater\70.3.29.7018\npMaxigetUpdater3.dll [No File]
FF Plugin-x32: @omaha.maxiget.com/Maxiget Updater;version=9 -> C:\Program Files (x86)\Maxiget\Updater\70.3.29.7018\npMaxigetUpdater3.dll [No File]
FF Plugin HKU\S-1-5-21-2335575561-2103832806-512499992-1001: @my.com/Games -> C:\Users\bitem_000\AppData\Local\MyComGames\NPMyComDetector.dll [No File]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\1116703081.cfg [2016-10-01] <==== ATTENTION
CHR Extension: (Chrome Web Store Payments) - C:\Users\bitem_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-02]
CHR Extension: (Chrome Media Router) - C:\Users\bitem_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-25]
S4 AdvancedSystemCareService9; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [X]
S3 BstHdAndroidSvc; "C:\Program Files (x86)\Bluestacks\HD-Service.exe" BstHdAndroidSvc Android [X]
S2 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [X]
S3 BstHdPlusAndroidSvc; "C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe" BstHdPlusAndroidSvc Android [X]
S3 Disc Soft Lite Bus Service; "C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe" [X]
S3 Disc Soft Pro Bus Service; "C:\Program Files\DAEMON Tools Pro\DiscSoftBusService.exe" [X]
S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [X]
S2 mglupdate; C:\Program Files (x86)\Maxiget\Updater\MaxigetUpdater.exe /svc [X]
S3 mglupdatem; C:\Program Files (x86)\Maxiget\Updater\MaxigetUpdater.exe /medsvc [X]
S2 NielsenUpdate; C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe [X]
S4 Origin Client Service; "C:\Program Files (x86)\Origin\OriginClientService.exe" [X]
S2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [X]
S3 AppObserver; \??\C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\appobserver64.sys [X]
S3 BstHdDrv; \??\C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [X]
S3 BstkDrv; \??\C:\Program Files (x86)\Bluestacks\BstkDrv.sys [X]
S3 cpuz138; \??\C:\Users\BITEM_~1\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X]
S3 dump_wmimmc; \??\C:\Webzen\ASTA\bin32\GameGuard\dump_wmimmc.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 hxsyol; \??\C:\AeriaGames\AuraKingdom\avital\hxsy64.sys [X]
S1 nnfwdk; \??\C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\nnfwdk64.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {2064C46E-23B0-4811-BCD2-C3FEB88509B6} - \MaxigetUpdaterTaskMachineUA -> No File <==== ATTENTION
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {77EDD444-95AD-425C-A7DE-31CFBF64DF18} - \SpyHunter4Startup -> No File <==== ATTENTION
Task: {B227A4A7-E181-4FDC-9D44-A7CABC17DE94} - \MaxigetUpdaterTaskMachineCore -> No File <==== ATTENTION
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {C83C61CD-C50A-448A-8C81-753D2ADFD1C3} - \Optimize Start Menu Cache Files-S-1-5-21-2335575561-2103832806-512499992-500 -> No File <==== ATTENTION
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
Task: {E467010E-9490-4ADC-BA5C-8D4BB8D389AE} - \Advanced-System Protector_startup -> No File <==== ATTENTION
Task: C:\Windows\Tasks\MaxigetUpdaterTaskMachineCore.job => C:\Program Files (x86)\Maxiget\Updater\MaxigetUpdater.exe <==== ATTENTION
Task: C:\Windows\Tasks\MaxigetUpdaterTaskMachineUA.job => C:\Program Files (x86)\Maxiget\Updater\MaxigetUpdater.exe <==== ATTENTION
ShortcutWithArgument: C:\Users\bitem_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> "hxxp://loadstart.net/?ssid=1475335468&a=1107743&src=sh&uuid=ac69e89e-b4be-4b17-80e9-c21716616115,1475335456306"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> "hxxp://loadstart.net/?ssid=1475335468&a=1107743&src=sh&uuid=ac69e89e-b4be-4b17-80e9-c21716616115,1475335456306"
ShortcutWithArgument: C:\Users\Public\Desktop\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> "hxxp://loadstart.net/?ssid=1475335468&a=1107743&src=sh&uuid=ac69e89e-b4be-4b17-80e9-c21716616115,1475335456306"
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NielsenOnline
FirewallRules: [{4CC489E5-E08C-4809-9F64-0E5FAB06B304}] => (Allow) C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe
FirewallRules: [{A432173F-0F7F-42B0-B62D-A41793FC008A}] => (Allow) C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe
C:\Program Files (x86)\NetRatingsNetSight
C:\Users\bitem_000\AppData\Local\Microsoft\BingSvc\BingSvc.exe
C:\Users\bitem_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Users\bitem_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\NielsenOnline => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\GGOnline => value removed successfully
HKU\S-1-5-21-2335575561-2103832806-512499992-1001\Software\Microsoft\Windows\CurrentVersion\Run\\BingSvc => value removed successfully
HKU\S-1-5-21-2335575561-2103832806-512499992-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLowDiskSpaceChecks => value removed successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-2335575561-2103832806-512499992-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\S-1-5-21-2335575561-2103832806-512499992-1001\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{19fc9b93-e4ed-48b1-b233-f03360bfc49c}" => key removed successfully
"HKCR\CLSID\{19fc9b93-e4ed-48b1-b233-f03360bfc49c}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{348a8283-8b9e-4f48-a360-50eb01ef3fee}" => key removed successfully
"HKCR\CLSID\{348a8283-8b9e-4f48-a360-50eb01ef3fee}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9fce6b6e-51fc-4288-82af-f8184880ed73}" => key removed successfully
"HKCR\CLSID\{9fce6b6e-51fc-4288-82af-f8184880ed73}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b0bebb42-6198-44f7-a901-a2fb550384ff}" => key removed successfully
"HKCR\CLSID\{b0bebb42-6198-44f7-a901-a2fb550384ff}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d6f86340-02a0-4c72-83b3-5cbb6eea4c52}" => key removed successfully
"HKCR\CLSID\{d6f86340-02a0-4c72-83b3-5cbb6eea4c52}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e722e2f1-adc2-4077-ab67-3e9cd7e4d528}" => key removed successfully
"HKCR\CLSID\{e722e2f1-adc2-4077-ab67-3e9cd7e4d528}" => key removed successfully
"HKCR\PROTOCOLS\Handler\wlpg" => key removed successfully
HKCR\CLSID\{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} => key not found. 
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\netsight@nielsen.com => value removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@nexon.net/NxGame" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@omaha.maxiget.com/Maxiget Updater;version=3" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@omaha.maxiget.com/Maxiget Updater;version=9" => key removed successfully
"HKU\S-1-5-21-2335575561-2103832806-512499992-1001\Software\MozillaPlugins\@my.com/Games" => key removed successfully
C:\Users\bitem_000\AppData\Local\MyComGames\NPMyComDetector.dll => not found.
C:\Program Files (x86)\mozilla firefox\1116703081.cfg => moved successfully
C:\Users\bitem_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\bitem_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
AdvancedSystemCareService9 => service removed successfully
BstHdAndroidSvc => service removed successfully
BstHdLogRotatorSvc => service removed successfully
BstHdPlusAndroidSvc => service removed successfully
Disc Soft Lite Bus Service => service removed successfully
Disc Soft Pro Bus Service => service removed successfully
LiveUpdateSvc => service removed successfully
mglupdate => service removed successfully
mglupdatem => service removed successfully
NielsenUpdate => service removed successfully
Origin Client Service => service removed successfully
Razer Game Scanner Service => service removed successfully
AppObserver => service removed successfully
BstHdDrv => service removed successfully
BstkDrv => service removed successfully
cpuz138 => service removed successfully
dump_wmimmc => service removed successfully
EagleX64 => service removed successfully
hxsyol => service removed successfully
nnfwdk => service removed successfully
WinRing0_1_2_0 => service removed successfully
xhunter1 => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0D8A891D-890C-4808-84D8-2F436AB14653}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D8A891D-890C-4808-84D8-2F436AB14653}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1274336E-AB06-46B6-A48C-0671C5557CC6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1274336E-AB06-46B6-A48C-0671C5557CC6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Maintenance Configurator" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1687544D-7247-4F5A-965A-A6E920E55278}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1687544D-7247-4F5A-965A-A6E920E55278}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Manual Maintenance" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2064C46E-23B0-4811-BCD2-C3FEB88509B6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2064C46E-23B0-4811-BCD2-C3FEB88509B6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MaxigetUpdaterTaskMachineUA" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6F02587F-8A2B-4552-97F6-DEEF229E335B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F02587F-8A2B-4552-97F6-DEEF229E335B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Idle Maintenance" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{77EDD444-95AD-425C-A7DE-31CFBF64DF18}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{77EDD444-95AD-425C-A7DE-31CFBF64DF18}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpyHunter4Startup => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B227A4A7-E181-4FDC-9D44-A7CABC17DE94}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B227A4A7-E181-4FDC-9D44-A7CABC17DE94}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MaxigetUpdaterTaskMachineCore" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B7992938-01F1-4F40-A0EC-0D23D2F0F152}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B7992938-01F1-4F40-A0EC-0D23D2F0F152}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Regular Maintenance" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C83C61CD-C50A-448A-8C81-753D2ADFD1C3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C83C61CD-C50A-448A-8C81-753D2ADFD1C3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimize Start Menu Cache Files-S-1-5-21-2335575561-2103832806-512499992-500" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CFD7C21A-808B-487B-A6EC-8A10E44E8360}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFD7C21A-808B-487B-A6EC-8A10E44E8360}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SettingSync\BackupTask" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E467010E-9490-4ADC-BA5C-8D4BB8D389AE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E467010E-9490-4ADC-BA5C-8D4BB8D389AE}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced-System Protector_startup => key not found. 
C:\Windows\Tasks\MaxigetUpdaterTaskMachineCore.job => moved successfully
C:\Windows\Tasks\MaxigetUpdaterTaskMachineUA.job => moved successfully
C:\Users\bitem_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk => Shortcut argument removed successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk => Shortcut argument removed successfully.
C:\Users\Public\Desktop\Opera.lnk => Shortcut argument removed successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NielsenOnline => key not found. 
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4CC489E5-E08C-4809-9F64-0E5FAB06B304} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A432173F-0F7F-42B0-B62D-A41793FC008A} => value removed successfully
C:\Program Files (x86)\NetRatingsNetSight => moved successfully
C:\Users\bitem_000\AppData\Local\Microsoft\BingSvc\BingSvc.exe => moved successfully
"C:\Users\bitem_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda" => not found.
"C:\Users\bitem_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm" => not found.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 30841963 B
Java, Flash, Steam htmlcache => 121700567 B
Windows/system/drivers => 50250748 B
Edge => 0 B
Chrome => 421341687 B
Firefox => 409061311 B
Opera => 511092959 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 11351783 B
systemprofile32 => 142880920 B
LocalService => 134793 B
NetworkService => 1037710 B
bitem_000 => 882744137 B
 
RecycleBin => 282903908 B
EmptyTemp: => 2.7 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 10:47:52 ====


#4 amorrow23

amorrow23
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 09 October 2016 - 10:59 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 8.1 x64 
Ran by AMorrow (Administrator) on Sun 10/09/2016 at 10:54:10.66
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 0 
 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 10/09/2016 at 10:57:46.81
End of JRT log


#5 amorrow23

amorrow23
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 09 October 2016 - 11:11 AM

I am not seeing any problems anymore, thank you very much!



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:24 PM

Posted 10 October 2016 - 09:42 AM

Glad we could help.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users