Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

cdhtr.exe entry point not found


  • Please log in to reply
2 replies to this topic

#1 Pk4ever2011

Pk4ever2011

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 29 October 2016 - 10:45 AM

I am having issues with this and from what i understand it is why my sound will not work in google chrome. From reading tons of forums it is a malware can some please help me fix? my FRST is bleow


Edited by Pk4ever2011, 29 October 2016 - 11:19 AM.


BC AdBot (Login to Remove)

 


#2 Pk4ever2011

Pk4ever2011
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 29 October 2016 - 11:18 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-10-2016
Ran by Ag3nt Orla (29-10-2016 11:15:20)
Running from C:\Users\Ag3nt Orla\Downloads
Windows 8.1 Pro N (Update) (X64) (2013-11-19 16:17:58)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-424224209-3076295648-1451782106-500 - Administrator - Disabled)
Ag3nt Orla (S-1-5-21-424224209-3076295648-1451782106-1001 - Administrator - Enabled) => C:\Users\Ag3nt Orla
Guest (S-1-5-21-424224209-3076295648-1451782106-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-424224209-3076295648-1451782106-1009 - Limited - Enabled)
UpdatusUser (S-1-5-21-424224209-3076295648-1451782106-1007 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-424224209-3076295648-1451782106-1001\...\uTorrent) (Version: 3.4.9.42606 - BitTorrent Inc.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.5.0.600 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Adobe Flash Player 23 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-424224209-3076295648-1451782106-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
AVG 2013 (Version: 13.0.2904 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.3209 - AVG Technologies) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.10 - Piriform)
Destiny of Ancient Kingdoms™ (HKLM\...\Steam App 497940) (Version:  - Utopia Dream Entertainment Alliance (Pty) Ltd - South Africa)
Epson Connect (HKLM-x32\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version:  - )
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.6.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{BECE9CCD-83F6-4BAA-9B26-227DF7D2E932}) (Version: 3.01.0000 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-400 Series Printer Uninstall (HKLM\...\EPSON XP-400 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
FINAL FANTASY XIV - A Realm Reborn (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.71 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Handset USB Driver (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2088.1.A01B06 - )
InterActual Player (HKLM-x32\...\InterActual Player) (Version:  - )
iTunes (HKLM\...\{58D7E5F7-BAD1-49C5-93C8-B655736EDA00}) (Version: 12.4.0.119 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 4.2.14.16426 - LeapFrog)
LeapFrog Connect (x32 Version: 4.2.14.16426 - LeapFrog) Hidden
LeapFrog Tag Junior Plugin (x32 Version: 4.2.9.15649 - LeapFrog) Hidden
Learning Lodge™ (HKLM-x32\...\VTechDownloadManager) (Version:  - VTech)
Lexia Core5 (HKLM-x32\...\Lexia Core5 2.1.41) (Version: 2.1.41 - Lexia Learning Systems LLC)
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4e2a-80D2-1D0FF6ACBFBA}) (Version: 3.10.1.0 - LG Electronics)
Media Player Product Tool 5.30 (HKLM-x32\...\{9E17C94B-913A-48A4-B1A8-8CE25157C170}) (Version: 5.30 -  )
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}) (Version: 6.3.0 - Motorola Mobility LLC)
Mozilla Firefox 33.1.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1.1 (x86 en-US)) (Version: 33.1.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MP3 Player Utilities 3.5.02 (HKLM-x32\...\{0DE7211B-A7CB-4112-8D62-142A0EBDFAD9}) (Version: 3.5.02 -  )
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero Backup Drivers (HKLM\...\{D600D357-5CB9-4DE9-8FD4-14E208BD1970}) (Version: 1.0.10000.1.0 - Nero AG)
NVIDIA 3D Vision Controller Driver 326.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 326.19 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 353.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.82 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.7 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.7 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.82 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0604 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.9 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.9 - NVIDIA Corporation)
Only If (HKLM-x32\...\Steam App 298260) (Version:  - Creability)
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
Perfect Uninstaller v6.3.4.0 (HKLM\...\Perfect Uninstaller_is1) (Version:  - www.PerfectUninstaller.net)
Pinball Arcade (HKLM-x32\...\Steam App 238260) (Version:  - FarSight Studios)
PlanetSide 2 (HKU\S-1-5-21-424224209-3076295648-1451782106-1001\...\DG0-PlanetSide 2) (Version:  - Sony Online Entertainment)
PlanetSide 2 (HKU\S-1-5-21-424224209-3076295648-1451782106-1001\...\SOE-PlanetSide 2) (Version: 1.0.3.183 - Sony Online Entertainment)
PlanetSide 2 Live Test (HKU\S-1-5-21-424224209-3076295648-1451782106-1001\...\SOE-PlanetSide 2 Test) (Version: 1.0.3.183 - Sony Online Entertainment)
Pokki Download Helper (HKU\S-1-5-21-424224209-3076295648-1451782106-1001\...\PokkiDownloadHelper) (Version: 1.3.1.282 - Pokki)
Real Time Stat Tracker (HKLM-x32\...\{A50D1D92-5640-43C1-9B8B-E4B331455F7F}) (Version: 0.8.2.10 - Recursion)
Reimage Repair (HKLM\...\Reimage Repair) (Version: 1.8.4.8 - Reimage) <==== ATTENTION
Revo Uninstaller 2.0.1 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.1 - VS Revo Group, Ltd.)
SHIELD Streaming (Version: 1.6.34 - NVIDIA Corporation) Hidden
Sid Meiers Civilization - Beyond Earth (HKLM-x32\...\Sid Meiers Civilization - Beyond Earth_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)
Sid Meiers Civilization Beyond Earth (HKLM-x32\...\U2lkTWVpZXJzQ2l2aWxpemF0aW9uQmV5b25kRWFydGg=_is1) (Version: 1 - )
Sid Meiers Civilization VI Proper (HKLM\...\c2lkbWVpZXJzY2l2aWxpemF0aW9udmk_is1) (Version: 1 - )
Sid Meier's Civilization: Beyond Earth Rising Tide Addon (HKLM\...\U2lkTWVpZXJzQ2l2aWxpemF0aW9uQmV5b25kRWFydGg=_is1) (Version: 1 - )
Sins of a Dark Age (HKLM-x32\...\Steam App 251970) (Version:  - Ironclad Games)
Software Updater (HKLM-x32\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION)
Space Engineers (HKLM-x32\...\Steam App 244850) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TSEV Skyrim LE (HKLM-x32\...\TSEV Skyrim LE_is1) (Version: 2.0.0.0 - )
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Junior Plugin) (HKLM-x32\...\TagJuniorPlugin) (Version:  - LeapFrog)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.8.0 - Elaborate Bytes)
VirtualDJ 8 (HKLM-x32\...\{68A952A1-F666-4A5F-98C9-03EE9625B2E2}) (Version: 8.1.2857.0 - Atomix Productions)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VTech Download Agent Library (x32 Version: 1.00.0000 - VTech) Hidden
WBFS Manager 3.0 (HKLM-x32\...\WBFS Manager 3.0) (Version: 3.0 - AlexDP)
WeatherBug (HKLM-x32\...\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}) (Version: 7.0.0.11 - Earth Networks, Inc.)
Windows Driver Package - LeapFrog (FlyUsb) USB  (11/05/2008 1.1.1.0) (HKLM\...\781745E87AFF80C0C1388CFF79D19ECAB2E9BB47) (Version: 11/05/2008 1.1.1.0 - LeapFrog)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Wizard101 (HKU\S-1-5-21-424224209-3076295648-1451782106-1001\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
ZTE Handset USB Driver (HKLM\...\{01D42BF0-ED08-463f-8A28-99EB6FEE962B}) (Version:  - ZTE Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {04650DB7-2C05-4FD1-B8E7-4FBFBA7B334C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-10-11] (Microsoft Corporation)
Task: {0B6075A4-E517-413C-B6CC-4F05DB691E72} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-09-16] (Piriform Ltd)
Task: {0F932D8E-9118-4094-A341-40B96839E930} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {15C5F236-347F-4D24-AE69-3EAC01084B35} - \AVG-Secure-Search-Update_JUNE2013_TB_rmv -> No File <==== ATTENTION
Task: {2A74F559-5B2C-4128-9FDE-72E69399D9FB} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe [2016-09-29] (Reimage ltd.) <==== ATTENTION
Task: {33C9AFFC-2931-4381-B4DE-89AF92892B07} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_205_pepper.exe [2016-10-28] (Adobe Systems Incorporated)
Task: {41F86520-0FA5-4BB1-8BB1-06F13E4BFD72} - \Motorola Device Manager Engine -> No File <==== ATTENTION
Task: {43555845-5F1B-4138-A6DA-79BBA065EB6F} - \{BF3DCBD5-BB4A-487B-B3A8-A811F998E7C1} -> No File <==== ATTENTION
Task: {46A2C54F-B90D-4559-A306-2AAF3B194C79} - \Motorola Device Manager Update -> No File <==== ATTENTION
Task: {52D2B8AE-F78B-4AE4-81CA-16221BFC1EA9} - \{11671F52-2DD7-4F21-9EC9-631D6B73B172} -> No File <==== ATTENTION
Task: {5E1DA06F-1368-4FF8-A5FC-EED8043E2F09} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-28] (Google Inc.)
Task: {630A74D2-5549-4D5E-94E0-DBEA68E78DB5} - \AVG-Secure-Search-Update_JUNE2013_HP_rmv -> No File <==== ATTENTION
Task: {691DA82F-D67C-470B-BA7C-A04622516075} - System32\Tasks\52129205 => C:\Program Files (x86)\implant\supercooled.exe <==== ATTENTION
Task: {7C41E749-5388-4903-9153-0465B903FCCA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-28] (Google Inc.)
Task: {9C5AEA38-0C5C-4E6D-B0BD-80E77D141CF4} - \{DF7B6279-7E20-47AC-BD9B-72F340BEEBB3} -> No File <==== ATTENTION
Task: {A959DE49-C4ED-46F3-B5EB-0E47DA252FAF} - System32\Tasks\Da5212920552129205 => C:\Program Files (x86)\implant\supercooled.exe
Task: {AE851089-6873-4298-B23C-87C8FC3C6EE8} - \Motorola Device Manager Initial Update -> No File <==== ATTENTION
Task: {C8308558-BCA4-4070-9500-EC3C81636D97} - \{D94DA22E-7024-403B-99BB-37C3A1E015AB} -> No File <==== ATTENTION
Task: {E3AB5680-123D-490C-A2F7-5554418AD930} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-28] (Adobe Systems Incorporated)
Task: {F71F43F3-E76F-4CC7-9E94-CB4B544DFFCF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {FB5F4398-A604-40F1-9BD9-767722944A7D} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2016-09-28] (Reimage®) <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_205_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{37200F4C-5DF2-4113-B91C-2B65D3DAC6B3}.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{596B489F-2ED2-440F-B137-D707ADC9BCF2}.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\Ag3nt Orla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\Online Help.lnk -> hxxp://www.virtualdj.com/wiki/
Shortcut: C:\Users\Ag3nt Orla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\www.virtualdj.com.lnk -> hxxp://www.virtualdj.com/
 
ShortcutWithArgument: C:\Users\Ag3nt Orla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\Users\Ag3nt Orla\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\Users\Ag3nt Orla\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-11-19 10:53 - 2015-08-06 19:44 - 00116528 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-22 01:07 - 2016-04-22 01:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-22 09:23 - 2016-09-22 09:23 - 00077824 _____ () C:\Program Files (x86)\dataup\dataup.exe
2016-09-26 02:00 - 2016-09-28 03:08 - 00057856 _____ () C:\ProgramData\NetworkPacketManitor\Nettrans.exe
2016-10-28 20:35 - 2016-10-20 03:56 - 02367080 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\libglesv2.dll
2016-10-28 20:35 - 2016-10-20 03:56 - 00107112 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\libegl.dll
2016-09-21 23:32 - 2016-09-21 23:32 - 00224768 _____ () C:\Program Files (x86)\dataup\help_dll.dll
2013-10-31 10:05 - 2013-10-31 10:05 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Ag3nt Orla\Cookies:gs5sys [1792]
AlternateDataStreams: C:\Users\Ag3nt Orla\Desktop\desktop.ini:gs5sys [3074]
AlternateDataStreams: C:\Users\Ag3nt Orla\AppData\Local\History:gs5sys [3074]
AlternateDataStreams: C:\Users\Ag3nt Orla\Documents\desktop.ini:gs5sys [3074]
AlternateDataStreams: C:\ProgramData\Templates:gs5sys [2048]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-424224209-3076295648-1451782106-1001\...\aeriagames.com -> hxxps://aeriagames.com
IE trusted site: HKU\S-1-5-21-424224209-3076295648-1451782106-1001\...\aeriagames.com -> hxxp://aeriagames.com
IE trusted site: HKU\S-1-5-21-424224209-3076295648-1451782106-1001\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-424224209-3076295648-1451782106-1001\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-424224209-3076295648-1451782106-1001\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-424224209-3076295648-1451782106-1001\...\sony.com -> sony.com
IE restricted site: HKU\S-1-5-21-424224209-3076295648-1451782106-1001\...\instagram.com -> hxxps://instagram.com
IE restricted site: HKU\S-1-5-21-424224209-3076295648-1451782106-1001\...\zoosk.com -> hxxps://www.zoosk.com
IE trusted site: HKU\S-1-5-21-424224209-3076295648-1451782106-1007\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-424224209-3076295648-1451782106-1007\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-424224209-3076295648-1451782106-1007\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-424224209-3076295648-1451782106-1007\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-424224209-3076295648-1451782106-501\...\aeriagames.com -> hxxps://aeriagames.com
IE trusted site: HKU\S-1-5-21-424224209-3076295648-1451782106-501\...\aeriagames.com -> hxxp://aeriagames.com
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2016-10-29 10:05 - 00000951 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
162.222.194.13       cocomo.tremorhub.com
162.222.194.13       www.virustotal.com
162.222.194.13       virustotal.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-424224209-3076295648-1451782106-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ag3nt Orla\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
HKU\S-1-5-21-424224209-3076295648-1451782106-1007\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-21-424224209-3076295648-1451782106-501\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 209.18.47.62 - 209.18.47.61
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "Del38536677"
HKLM\...\StartupApproved\Run: => "MouseDriver"
HKLM\...\StartupApproved\Run32: => "vProt"
HKLM\...\StartupApproved\Run32: => "HTC Sync Loader"
HKLM\...\StartupApproved\Run32: => "Aeria Ignite"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Monitor"
HKLM\...\StartupApproved\Run32: => "AgentMonitor"
HKLM\...\StartupApproved\Run32: => "EEventManager"
HKLM\...\StartupApproved\Run32: => "NBAgent"
HKLM\...\StartupApproved\Run32: => "MouseDriver"
HKLM\...\StartupApproved\Run32: => "AppTrailers"
HKLM\...\StartupApproved\Run32: => "cpx"
HKU\S-1-5-21-424224209-3076295648-1451782106-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-424224209-3076295648-1451782106-1001\...\StartupApproved\Run: => "Akamai NetSession Interface"
HKU\S-1-5-21-424224209-3076295648-1451782106-1001\...\StartupApproved\Run: => "Del38536677"
HKU\S-1-5-21-424224209-3076295648-1451782106-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"
HKU\S-1-5-21-424224209-3076295648-1451782106-1001\...\StartupApproved\Run: => "Weather"
HKU\S-1-5-21-424224209-3076295648-1451782106-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000001"
HKU\S-1-5-21-424224209-3076295648-1451782106-1001\...\StartupApproved\Run: => "WebDiscoverBrowser"
HKU\S-1-5-21-424224209-3076295648-1451782106-1001\...\StartupApproved\Run: => "ProxyGate"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{9D6D466A-3AE2-4B84-A52F-1844DAF0F94B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D002A2C0-4C88-4F1F-A507-A0ADA79AB4F2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F123DACA-34F5-49BE-B81C-1C16999523DF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{E8A37F2F-1548-49EF-96D7-F9FF72C4EB90}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{0F9D20C8-12EE-493E-A20D-AACD1274BC4C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{D1584E54-E709-4AE4-8BF5-C2BFC6EE79F7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{1438CD14-CF6E-48A9-BCA5-371C8E2838A2}] => (Allow) C:\Users\Ag3nt Orla\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CA1D0ED9-FCA0-40EE-B0A3-EDB05FCF5CEA}] => (Allow) C:\Users\Ag3nt Orla\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F657B430-404D-4E92-80F9-3BAC00A65E40}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A066714A-5571-4D1A-B2CE-DCE7CDAD32C8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{0811F6F6-FFBE-487C-B2E4-2A2FC2DC0096}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{1601E0BA-AEF9-42BD-B767-C61C9DA7D361}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{2FC1B5D1-DC10-459D-9134-002B1B86902F}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{4FE9C5D1-36A5-4C3D-9CC3-8E2A271AE7EC}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{E3E9E068-0814-4210-83D8-F4962BA1DFF0}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{A202EDFE-9BBF-4857-AE9E-FD0F71563E0C}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{28721D57-B1F2-4052-BD17-F7D7A77768B6}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{E184C193-2C66-466D-8046-2804AC3E987B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{B903C76C-9599-4CAF-8597-81F951F53207}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
FirewallRules: [{EA74D1C8-A485-4386-9E92-46A0979FF5CA}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
FirewallRules: [{BD708BED-910C-4915-A44B-566BF4BD37B7}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{4B5E423B-02D2-44FD-8DA0-DD99832FEBF6}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{EF78B3EF-7DEC-4F0B-8588-40C6B7FD1DD9}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe
FirewallRules: [{7832CAA7-B0FD-4A24-94F8-84D49A466BF3}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe
FirewallRules: [{63FD90BE-0435-480D-BE1E-CB80C5871C14}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
FirewallRules: [{21F2173E-C5C6-4ECB-98A8-38217FD48632}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
FirewallRules: [{249C4E3D-67E8-4858-BC41-5F78D1D383DB}] => (Allow) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\LeapfrogConnect.exe
FirewallRules: [{EF50E3B4-A8A9-4D39-AFE4-C1DFB0187764}] => (Allow) LPort=37675
FirewallRules: [{2EE8AC4B-EDC8-47C0-91DC-7CB47A835105}] => (Allow) LPort=37674
FirewallRules: [{24AE665D-0D47-48C5-BFFB-3A81E6A2E066}] => (Allow) LPort=37674
FirewallRules: [{4333FD17-0CDB-46ED-8DEA-B57A259658FA}] => (Allow) LPort=443
FirewallRules: [{6DB09ADD-0D82-4EA7-978E-E62E2EA1EFD0}] => (Allow) LPort=443
FirewallRules: [{F3D36A3F-3693-43C2-A453-5FCCF51D6B39}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CD87CA84-B03D-4089-8051-45AE0F463C10}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5B8A051C-8D8D-4798-AC21-EA717EE684C2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D331AA6E-B10E-453B-8B5A-0D16809BCA91}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [UDP Query User{08F60190-B6B6-4413-8C6D-A56A1D23EE84}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{7A2E5AA6-008A-40E3-9691-B9CDC20CDCED}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{7078D1A5-150A-4050-A1F8-91F9B42C52CB}C:\ubisoft\ghost recon online\ncsa-live\ghostrecononline.exe] => (Allow) C:\ubisoft\ghost recon online\ncsa-live\ghostrecononline.exe
FirewallRules: [TCP Query User{AD6A08B6-DDAF-407B-A51B-B1F9FC850719}C:\ubisoft\ghost recon online\ncsa-live\ghostrecononline.exe] => (Allow) C:\ubisoft\ghost recon online\ncsa-live\ghostrecononline.exe
FirewallRules: [UDP Query User{ECD979CF-0992-48F3-8557-6567214A8BD6}C:\ubisoft\ghost recon online\ncsa-live\ghostrecononline.exe] => (Allow) C:\ubisoft\ghost recon online\ncsa-live\ghostrecononline.exe
FirewallRules: [TCP Query User{7EE7DDBB-3A26-43B5-9710-167830342754}C:\ubisoft\ghost recon online\ncsa-live\ghostrecononline.exe] => (Allow) C:\ubisoft\ghost recon online\ncsa-live\ghostrecononline.exe
FirewallRules: [TCP Query User{CF21D2A1-6B11-4A78-BC93-D082A3A3B941}C:\users\public\sony online entertainment\installed games\planetside 2 test\planetside2.exe] => (Allow) C:\users\public\sony online entertainment\installed games\planetside 2 test\planetside2.exe
FirewallRules: [UDP Query User{8C33C25C-047B-443B-8DEC-C0C7421BD8D2}C:\users\public\sony online entertainment\installed games\planetside 2 test\planetside2.exe] => (Allow) C:\users\public\sony online entertainment\installed games\planetside 2 test\planetside2.exe
FirewallRules: [{F59A11B5-9A76-4604-A5C4-6E232BAD1ADB}] => (Allow) I:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{B1B9E9EC-5DE1-4E09-9457-446095C4A35B}] => (Allow) I:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [TCP Query User{006BD53C-8139-4E9C-848B-F1FE5807B4E9}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{50194DE4-170A-4A9A-A6E0-5D48E35DF556}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{19AA5A05-34EE-4968-B2E9-6B394B3C7B63}C:\games\planetside 2\planetside2_x64.exe] => (Allow) C:\games\planetside 2\planetside2_x64.exe
FirewallRules: [UDP Query User{1C8C2C99-7A93-4876-9E38-E212FA5DE1F3}C:\games\planetside 2\planetside2_x64.exe] => (Allow) C:\games\planetside 2\planetside2_x64.exe
FirewallRules: [{FC157C21-2C6B-47A9-A79C-7E62B5B40C8A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{159F7F78-ADF9-4E64-B432-C2317224C30A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4AD783D0-62C2-4992-A2BA-C8986E50DDA9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SpaceEngineers\Bin64\SpaceEngineers.exe
FirewallRules: [{A2F222BB-75CF-4AB8-A6C7-835F0AEE8A80}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SpaceEngineers\Bin64\SpaceEngineers.exe
FirewallRules: [{5A1F5D56-58E1-44D9-B423-7FE765D37961}] => (Allow) C:\Users\Ag3nt Orla\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3FB8691F-0087-4B83-AD06-A325A5B0255A}] => (Allow) C:\Users\Ag3nt Orla\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{32FE669D-BCDD-4660-ADD7-8B58004CE255}] => (Allow) J:\Windows\Installer\Setup.exe
FirewallRules: [{AB618702-6569-47CB-990D-B91C711C7909}] => (Allow) J:\Windows\Installer\Setup.exe
FirewallRules: [{8C98FDBD-C494-46E9-8DE9-B4F2B3B363ED}] => (Allow) J:\Windows\AutoRun.exe
FirewallRules: [{383D3183-8875-456D-9817-AB55B90B6FEE}] => (Allow) J:\Windows\AutoRun.exe
FirewallRules: [{3CF5C465-C956-4DA5-B7E9-ADD7E49722E5}] => (Allow) J:\Windows\AutoRun.exe
FirewallRules: [{11C0FEA0-7821-43B8-949B-275A67B7D854}] => (Allow) J:\Windows\AutoRun.exe
FirewallRules: [{A587451D-FF4F-40D3-96E7-C2F1EE99D8A3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PinballArcade\PinballArcade.exe
FirewallRules: [{0C02FE2B-7B91-4D82-868D-2E9E72CA20C3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PinballArcade\PinballArcade.exe
FirewallRules: [{A85B716B-79A8-41B3-BA72-F9E6FE5D83A6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PinballArcade\PBAConfig.exe
FirewallRules: [{0ECB1843-1D23-4E29-928C-D86426B1E287}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PinballArcade\PBAConfig.exe
FirewallRules: [{4E727BA1-0DE5-4500-94E9-66E3E844B1C9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Only If\Only If.exe
FirewallRules: [{CB6C312C-2D75-4580-B4BE-C08C8F2481F4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Only If\Only If.exe
FirewallRules: [TCP Query User{8548864E-46F9-4C07-9820-CC701F8D9AAF}C:\games\planetside 2\planetside2_x64.exe] => (Allow) C:\games\planetside 2\planetside2_x64.exe
FirewallRules: [UDP Query User{C383AAF0-8BBB-4818-97A3-C379B567CF98}C:\games\planetside 2\planetside2_x64.exe] => (Allow) C:\games\planetside 2\planetside2_x64.exe
FirewallRules: [TCP Query User{68480079-1749-4479-ACDD-6FB50CEA7234}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{CF02C2AE-67FA-4A2E-B8B6-5F35EF0787D9}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{177A027D-AEE7-4AD8-8B05-95EDF4482745}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PinballArcade\PinballArcade11.exe
FirewallRules: [{5C323DFF-0ED8-482A-ADA2-D96A3D9A5F2F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PinballArcade\PinballArcade11.exe
FirewallRules: [{E35DB0EB-858D-4930-A761-A04693E58164}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sins of a Dark Age\x86\GameExe.exe
FirewallRules: [{F1795912-B898-47A4-A65C-809E0C04BFD6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sins of a Dark Age\x86\GameExe.exe
FirewallRules: [TCP Query User{073C9EAD-8CB6-4BEC-874D-F3CBFE6A26D6}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [UDP Query User{89C4D935-0B6E-4511-8120-C08361A30053}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [TCP Query User{403694EF-C6F8-46ED-B594-FC8D639816D4}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{2BC8543B-2B50-456B-804F-74162EEBE436}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [{255FDB77-31A7-4D0E-8BC5-6897D7CE202A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{648056F0-E033-4C5E-B670-EF5A481A53A8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{957338F1-94F8-48B3-9F89-923EEEFE1A21}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EF8583F1-F6A6-4000-B88A-49DA358AB4EF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4B34C3EC-98D8-4C32-894D-3A53D52B5E2D}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{DB9C3E4A-40CC-42D7-BF55-9304DBE2D101}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{A7FEBB33-0B07-4315-9934-9DD59826E541}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{C5A93545-59C7-48C5-B693-98AECE03D9C4}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [{D7B74FFE-DCE1-4152-9702-A2F6B3F3A7CE}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [{4ABA0467-C39B-44A8-952C-E750F8CA2F4C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Destiny of Ancient Kingdoms\GameClient.exe
FirewallRules: [{D2BF5A77-7638-4E90-AC11-BE378A19A5D5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Destiny of Ancient Kingdoms\GameClient.exe
FirewallRules: [{5717CA5F-7A89-4229-8903-B8F9C3512FB2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Destiny of Ancient Kingdoms\GameUpdate.exe
FirewallRules: [{E2D0C7C2-303B-4AB1-ABA7-859A84DFF08D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Destiny of Ancient Kingdoms\GameUpdate.exe
FirewallRules: [{6DD7B6BE-DC9A-4942-BD96-9626FF399E24}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
28-10-2016 18:57:49 Windows Update
29-10-2016 10:01:41 Revo Uninstaller's restore point - McAfee Security Scan Plus
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/29/2016 10:02:13 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (10/29/2016 10:01:40 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {7ff6c1b9-8a5e-4f40-a66b-2715f387b5ff}
 
Error: (10/28/2016 06:58:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (10/28/2016 11:10:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: cpx.exe, version: 2.1.0.0, time stamp: 0x56f35fb0
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x00000000
Faulting process id: 0x140c
Faulting application start time: 0x01d22e5b646d2f1c
Faulting application path: C:\Program Files (x86)\cpx\cpx.exe
Faulting module path: unknown
Report Id: 15a5b4c8-9d29-11e6-b413-001fe25657c1
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (10/27/2016 09:08:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: interstatnogui.exe, version: 1.0.3.18, time stamp: 0x580906d4
Faulting module name: ntdll.dll, version: 6.3.9600.18233, time stamp: 0x56bb4e1d
Exception code: 0xc0000374
Fault offset: 0x000e6054
Faulting process id: 0xe068
Faulting application start time: 0x01d2305a2b759e94
Faulting application path: C:\Users\Ag3nt Orla\AppData\Roaming\Interstatnogui\interstatnogui.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: e44dc8f4-9c4e-11e6-b413-001fe25657c1
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (10/27/2016 07:12:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 54.0.2840.71, time stamp: 0x58085902
Faulting module name: ntdll.dll, version: 6.3.9600.18438, time stamp: 0x57ae642e
Exception code: 0xc0000142
Fault offset: 0x00000000000ecdd0
Faulting process id: 0xcd24
Faulting application start time: 0x01d2304b58ef7449
Faulting application path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 96b25651-9c3e-11e6-b413-001fe25657c1
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (10/27/2016 06:51:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 54.0.2840.71, time stamp: 0x58085902
Faulting module name: ntdll.dll, version: 6.3.9600.18438, time stamp: 0x57ae642e
Exception code: 0xc0000142
Fault offset: 0x00000000000ecdd0
Faulting process id: 0xd08c
Faulting application start time: 0x01d230487b88d0db
Faulting application path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: b94d87aa-9c3b-11e6-b413-001fe25657c1
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (10/27/2016 06:40:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 54.0.2840.71, time stamp: 0x58085902
Faulting module name: ntdll.dll, version: 6.3.9600.18438, time stamp: 0x57ae642e
Exception code: 0xc0000142
Fault offset: 0x00000000000ecdd0
Faulting process id: 0xd34c
Faulting application start time: 0x01d23046eb4c2ffe
Faulting application path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 29059c06-9c3a-11e6-b413-001fe25657c1
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (10/27/2016 06:32:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 54.0.2840.71, time stamp: 0x58085902
Faulting module name: ntdll.dll, version: 6.3.9600.18438, time stamp: 0x57ae642e
Exception code: 0xc0000142
Fault offset: 0x00000000000ecdd0
Faulting process id: 0xd1fc
Faulting application start time: 0x01d23045bda53146
Faulting application path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: fb5a095c-9c38-11e6-b413-001fe25657c1
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (10/27/2016 06:24:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 54.0.2840.71, time stamp: 0x58085902
Faulting module name: ntdll.dll, version: 6.3.9600.18438, time stamp: 0x57ae642e
Exception code: 0xc0000142
Fault offset: 0x00000000000ecdd0
Faulting process id: 0xcfa4
Faulting application start time: 0x01d23044bb3487ac
Faulting application path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: f8fc4bb6-9c37-11e6-b413-001fe25657c1
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (10/29/2016 11:08:52 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Background Logic Handler service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (10/28/2016 08:25:37 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Modules Installer service terminated with the following error: 
%%16389
 
Error: (10/23/2016 10:46:57 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DHCP Client service, but this action failed with the following error: 
An instance of the service is already running.
 
Error: (10/23/2016 10:44:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Security Center service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (10/23/2016 10:44:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Connection Manager service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (10/23/2016 10:44:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The TCP/IP NetBIOS Helper service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
 
Error: (10/23/2016 10:44:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HomeGroup Provider service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (10/23/2016 10:44:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Event Log service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (10/23/2016 10:44:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The DHCP Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (10/23/2016 10:44:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Audio service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
 
CodeIntegrity:
===================================
  Date: 2016-10-21 17:03:02.997
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-10-21 17:03:02.575
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-10-15 10:20:06.049
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-10-15 10:20:05.580
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-10-15 10:20:01.693
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-10-15 10:20:01.196
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-10-15 10:19:57.369
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-10-15 10:19:56.900
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-10-15 10:19:52.635
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-10-15 10:19:52.140
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz
Percentage of memory in use: 35%
Total physical RAM: 6142.18 MB
Available physical RAM: 3977.66 MB
Total Virtual: 7422.18 MB
Available Virtual: 4701.38 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:510.17 GB) (Free:120.5 GB) NTFS
Drive d: (The Vault) (Fixed) (Total:85.66 GB) (Free:2.02 GB) NTFS
Drive i: (HP_AND_THE_CHAMBER_OF_SECRETS) (CDROM) (Total:7.87 GB) (Free:0 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 05B393B4)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=510.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=85.7 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:31 AM

Posted 31 October 2016 - 09:24 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please post the FRST log created by the farbar tool in your next reply.

I need to review it before suggesting a fix.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users