Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Excrevie Trojan


  • This topic is locked This topic is locked
2 replies to this topic

#1 Angbblue

Angbblue

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Seattle, Washington
  • Local time:06:28 AM

Posted 12 December 2016 - 04:52 AM

Hi. I've done a lot already. I was trying to get a codec. First thing I noticed was Google Chrome was not my default browser anymore. I immediately opened Revo uninstaller and saw several programs I didn't download. I can't remember the exact names it was a whole bunch of random crap. HD Wallpaper, a system cleaner, A program which had about 10 processes running called ten. Anyway, I ran hijack this, copy and pasted my log file at hijackthis.de, saw all the red X's mostly on host files, shut browser and ran Spyhunter. Upon reading the info. on a virus called trojan.generic detected by Spyhunter I unplugged my internet. Spyhunter also detected a Trojan.agent along with 1000 PUP and Spyware files. There was a bunch of files Spyhunter did not have information on. After plugging internet back on Spyhunter was unable to connect to internet for more info. I had to skip them. After my reboot I ran scanner again, Spyhunter found the two trojans again. I quit the scan and ran Malwarebytes. Along with about 1000 malicious files Malware bytes found Trojan. excrevie and a trojan downloader called Dofman.exe in Program Files.  After quarantine of  all the scan results I rebooted and went into the registry editor. I scrolled through almost all of them deleting everything that I thought was related to the programs I did not authorize. there was one group of files that would not let me delete them. They were under: HKEY LOCAL MACHINE, Software, wow6432 node, classes, direct show, media objects. Since then my PC is running fine but I still see remnants of the bad programs throughout my PC. I just don't trust that these nasty files are gone. One more thing- I disabled all the services that the bad programs started. Thank you very, very much for your help. I'll try to make it as painless as possible :)                              Here is the FRST txt you requested:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2016
Ran by angbblue (administrator) on -MALFUNKSHUN- (12-12-2016 01:13:34)
Running from C:\Users\angbblue\Desktop
Loaded Profiles: angbblue (Available Profiles: angbblue & gtom1 & Administrator)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe" -- "%1")
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Comfort Software Group) C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(PixelMetrics) C:\Program Files (x86)\CaptureWiz\Pro\CaptureWiz.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [picon] => C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PIconStartup.exe [111640 1999-12-31] ()
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKU\S-1-5-21-1082919626-2427143817-331776683-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKU\S-1-5-21-1082919626-2427143817-331776683-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27021952 2016-10-17] (Skype Technologies S.A.)
HKU\S-1-5-21-1082919626-2427143817-331776683-1000\...\Run: [FreeAC] => C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe [3015072 2016-01-19] (Comfort Software Group)
HKU\S-1-5-21-1082919626-2427143817-331776683-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssText3d.scr [232960 2015-10-29] (Microsoft Corporation)
BootExecute: autocheck autochk * sh4native Sh4Removal
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.26
Tcpip\..\Interfaces\{4f5e0134-1436-4571-b563-54ad09164909}: [DhcpNameServer] 192.168.0.1 205.171.2.26
ManualProxies: 
 
Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-1082919626-2427143817-331776683-1000 -> {0AA24E16-07B3-4694-8357-3C21ACC5F516} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=comodo&hsimp=yhs-com_chrome&type=47_25050029005_52.15.25.665_u_ds_sp&p={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-10-23] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-23] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-29] (Oracle Corporation)
 
FireFox:
========
FF DefaultProfile: zug8narc.default
FF ProfilePath: C:\Users\angbblue\AppData\Roaming\Mozilla\Firefox\Profiles\zug8narc.default [2016-12-11]
FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\zug8narc.default -> Bing 
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\zug8narc.default -> Bing 
FF Homepage: Mozilla\Firefox\Profiles\zug8narc.default -> hxxps://www.malwarebytes.org/restorebrowser/
FF Keyword.URL: Mozilla\Firefox\Profiles\zug8narc.default -> hxxp://www.bing.com/search?FORM=SK216DF&PC=SK216&q=
FF NetworkProxy: Mozilla\Firefox\Profiles\zug8narc.default -> type", 4
FF Extension: (Roomy Bookmarks Toolbar) - C:\Users\angbblue\AppData\Roaming\Mozilla\Firefox\Profiles\zug8narc.default\Extensions\ALone-live@ya.ru.xpi [2016-10-27]
FF Extension: (Bing Search) - C:\Users\angbblue\AppData\Roaming\Mozilla\Firefox\Profiles\zug8narc.default\Extensions\bingsearch.full@microsoft.com.xpi [2016-09-29]
FF Extension: (Classic Theme Restorer) - C:\Users\angbblue\AppData\Roaming\Mozilla\Firefox\Profiles\zug8narc.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2016-10-27]
FF Extension: (Classic Toolbar Buttons) - C:\Users\angbblue\AppData\Roaming\Mozilla\Firefox\Profiles\zug8narc.default\Extensions\CSTBB@NArisT2_Noia4dev.xpi [2016-10-27]
FF Extension: (Custom Buttons) - C:\Users\angbblue\AppData\Roaming\Mozilla\Firefox\Profiles\zug8narc.default\Extensions\custombuttons@xsms.org [2016-08-18]
FF Extension: (JavaScript Toggle On and Off) - C:\Users\angbblue\AppData\Roaming\Mozilla\Firefox\Profiles\zug8narc.default\Extensions\jid1-EbhJmw1yu6Juy@jetpack.xpi [2016-10-29]
FF Extension: (Adblock Plus) - C:\Users\angbblue\AppData\Roaming\Mozilla\Firefox\Profiles\zug8narc.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-10-26]
FF Extension: (JavaScript Debugger) - C:\Users\angbblue\AppData\Roaming\Mozilla\Firefox\Profiles\zug8narc.default\Extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi [2016-10-29]
FF Extension: (Theme Font & Size Changer) - C:\Users\angbblue\AppData\Roaming\Mozilla\Firefox\Profiles\zug8narc.default\Extensions\{f69e22c7-bc50-414a-9269-0f5c344cd94c}.xpi [2016-10-27]
FF SearchPlugin: C:\Users\angbblue\AppData\Roaming\Mozilla\Firefox\Profiles\zug8narc.default\searchplugins\AdTrustMediaChromodo.xml [2016-11-17]
FF SearchPlugin: C:\Users\angbblue\AppData\Roaming\Mozilla\Firefox\Profiles\zug8narc.default\searchplugins\bing-.xml [2016-09-29]
FF Extension: (Adblocker for Youtube™) - C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B} [2016-12-11] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi
FF Extension: (Dragon NaturallySpeaking Rich Internet Application Support) - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2012-07-18] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_205.dll [2016-10-27] ()
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-23] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_205.dll [2016-10-27] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-29] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2016-02-29] (Nero AG)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
FF Plugin-x32: nuance.com/DragonRIAPlugin -> C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\npDgnRia.dll [2012-07-18] (Nuance Communications Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\angbblue\AppData\Local\Google\Chrome\User Data\Default [2016-12-12]
CHR Extension: (Translator for all languages) - C:\Users\angbblue\AppData\Local\Google\Chrome\User Data\Default\Extensions\amdeidgbmcliegnpcbbkhlflkbdpomhk [2016-07-16]
CHR Extension: (Google Drive) - C:\Users\angbblue\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-01]
CHR Extension: (YouTube) - C:\Users\angbblue\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-01]
CHR Extension: (Adblock Plus) - C:\Users\angbblue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-12-11]
CHR Extension: (Morpheon Dark) - C:\Users\angbblue\AppData\Local\Google\Chrome\User Data\Default\Extensions\mafbdhjdkjnoafhfelkjpchpaepjknad [2016-07-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\angbblue\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-01]
CHR Extension: (Gmail) - C:\Users\angbblue\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-01]
CHR Extension: (Chrome Media Router) - C:\Users\angbblue\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-26]
CHR HKU\S-1-5-21-1082919626-2427143817-331776683-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mikhcaiakabeeokmenglcdebplfdjicn] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\chromeShim.crx [2012-07-18]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [174616 1999-12-31] (Intel Corporation)
R2 UNS; C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2071064 1999-12-31] (Intel Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-06-30] (Microsoft Corporation)
S2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [X]
S4 evolve S; C:\Program Files\evolve\SERVICE\Sevolve.exe [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 RtlWlanu; C:\WINDOWS\System32\drivers\rtwlanu.sys [3764736 2015-10-29] (Realtek Semiconductor Corporation                           )
S3 tapwp01; C:\WINDOWS\System32\drivers\tapwp01.sys [40664 2014-12-11] (The OpenVPN Project)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44568 2015-10-29] (Microsoft Corporation)
R3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [293216 2015-10-29] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-29] (Microsoft Corporation)
S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
S3 AppObserver; \??\C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\appobserver64.sys [X]
S3 esgiguard; \??\C:\SpyHunter v4.22.8.4668\esgiguard.sys [X]
U3 idsvc; no ImagePath
S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X]
U3 wpcsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-12-12 01:13 - 2016-12-12 01:14 - 00012774 _____ C:\Users\angbblue\Desktop\FRST.txt
2016-12-12 01:11 - 2016-12-12 01:13 - 00000000 ____D C:\FRST
2016-12-12 01:10 - 2016-12-12 01:11 - 02420224 _____ (Farbar) C:\Users\angbblue\Desktop\FRST64.exe
2016-12-12 00:40 - 2016-12-12 00:40 - 03516080 _____ (Enigma Software Group USA, LLC.) C:\Users\angbblue\Desktop\SpyHunter-Installer.exe
2016-12-11 21:54 - 2016-12-11 22:40 - 00000258 __RSH C:\Users\angbblue\ntuser.pol
2016-12-11 21:52 - 2016-05-17 04:55 - 00025768 _____ C:\WINDOWS\SysWOW64\sh4native.exe
2016-12-11 21:49 - 2016-12-11 22:39 - 00000000 ___HD C:\q5kbxaoMg955M2mv
2016-12-11 21:49 - 2016-12-11 22:11 - 01022693 _____ C:\spyhunter.fix
2016-12-11 21:35 - 2016-12-11 21:35 - 00000000 ____D C:\Users\angbblue\Desktop\backups
2016-12-11 20:47 - 2016-12-11 20:47 - 00000000 ____D C:\Users\angbblue\AppData\Roaming\c
2016-12-11 20:44 - 2016-12-11 20:44 - 00000000 ____D C:\WINDOWS\SysWOW64\sstmp
2016-12-11 20:44 - 2016-12-11 20:44 - 00000000 ____D C:\WINDOWS\system32\sstmp
2016-12-11 20:43 - 2016-12-11 21:35 - 00000025 _____ C:\compare3.txt
2016-12-11 20:43 - 2016-12-11 21:35 - 00000009 _____ C:\pjson.txt
2016-12-11 20:43 - 2016-12-11 21:35 - 00000009 _____ C:\compare1.txt
2016-12-11 20:43 - 2016-12-11 20:55 - 00000302 _____ C:\version.txt
2016-12-11 20:43 - 2016-12-11 20:55 - 00000052 _____ C:\fjson.txt
2016-12-11 20:43 - 2016-12-11 20:47 - 00000038 _____ C:\flver3.txt
2016-12-11 20:43 - 2016-12-11 20:43 - 00000216 _____ C:\otpu2.txt
2016-12-11 20:43 - 2016-12-11 20:43 - 00000066 _____ C:\otpu.txt
2016-12-11 20:42 - 2016-12-11 22:36 - 00000000 ____D C:\Program Files\COMODO
2016-12-11 20:42 - 2016-12-11 20:44 - 00000000 ____D C:\ProgramData\COMODO
2016-12-11 20:42 - 2016-12-11 20:42 - 07310848 _____ C:\Users\angbblue\AppData\Roaming\agent.dat
2016-12-11 20:42 - 2016-12-11 20:42 - 00018432 _____ C:\Users\angbblue\AppData\Roaming\Main.dat
2016-12-11 20:42 - 2016-12-11 20:42 - 00000000 ____D C:\WINDOWS\system32\SSL
2016-12-11 20:42 - 2016-12-11 20:41 - 00684544 _____ C:\Users\angbblue\AppData\Roaming\Kontech.exe
2016-12-11 20:41 - 2016-12-11 20:41 - 00140288 _____ C:\Users\angbblue\AppData\Roaming\Installer.dat
2016-12-11 20:40 - 2016-12-11 22:36 - 00000000 ____D C:\Program Files\86N1MNGLHK
2016-12-11 20:39 - 2016-12-11 22:39 - 00000000 ___HD C:\Program Files (x86)\Steadfastness
2016-12-11 20:39 - 2016-12-11 22:39 - 00000000 ___HD C:\Program Files (x86)\Lactate
2016-12-11 20:39 - 2016-12-11 20:39 - 00000000 ___HD C:\Program Files (x86)\attesting
2016-12-11 20:39 - 2016-12-11 20:39 - 00000000 ____D C:\Users\Public\Documents\Tools
2016-12-11 20:39 - 2016-12-11 20:39 - 00000000 ____D C:\Users\Public\Documents\Guid
2016-12-11 20:38 - 2016-12-11 20:39 - 00000003 _____ C:\Users\angbblue\AppData\Local\run1.txt
2016-12-11 20:37 - 2016-12-11 20:37 - 00000000 ____D C:\Users\angbblue\AppData\Local\CrashRpt
2016-12-11 18:38 - 2016-12-11 20:23 - 1048754931 _____ C:\Users\angbblue\Downloads\The.Hateful.Eight.2015.720p.BluRay.x265.ShAaNiG.mkv
2016-12-11 18:06 - 2016-12-11 18:08 - 00000000 ____D C:\Users\angbblue\Downloads\The.Secret.Life.of.Pets.2016.HDRip.XViD.AC3-ETRG
2016-12-11 17:42 - 2016-12-11 17:42 - 00000000 ____D C:\Users\angbblue\Downloads\Spotlight.2015.1080p.BRRip.x264.AAC-ETRG
2016-12-11 13:30 - 2016-12-11 22:49 - 00002031 _____ C:\Users\angbblue\Desktop\Boost.lnk
2016-12-11 02:59 - 2016-12-11 02:59 - 00127736 _____ C:\Users\angbblue\AppData\Local\36323.exe
2016-12-11 02:59 - 2016-12-11 02:59 - 00073131 _____ C:\Users\angbblue\AppData\Local\72613.exe
2016-12-11 02:59 - 2016-12-11 02:59 - 00072752 _____ C:\Users\angbblue\AppData\Local\63372.exe
2016-12-11 02:59 - 2016-12-11 02:59 - 00065996 _____ C:\Users\angbblue\AppData\Local\12187.exe
2016-12-08 23:10 - 2016-12-11 08:42 - 00000000 ____D C:\Users\angbblue\Downloads\Supernatural - S4 DVDRIP
2016-12-06 15:52 - 2016-10-06 11:25 - 00000000 ____D C:\Users\angbblue\Downloads\Rescue.Team.6.Collectors.Edition
2016-12-06 15:06 - 2016-12-06 15:06 - 02188470 _____ C:\WINDOWS\d894aafd8aac16ee3d367a3b235e3163.exe
2016-12-04 07:42 - 2016-12-07 13:33 - 00000000 ____D C:\Users\angbblue\Desktop\lookup
2016-12-04 00:18 - 2016-12-11 22:49 - 00002184 _____ C:\Users\angbblue\Desktop\Aquascapes CE.lnk
2016-12-04 00:18 - 2016-12-04 00:18 - 00000000 ____D C:\Users\angbblue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aquascapes CE
2016-12-02 04:59 - 2016-12-02 04:59 - 01584716 _____ C:\WINDOWS\Minidump\120216-311359-01.dmp
2016-11-26 12:06 - 2016-11-26 12:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tower Bloxx Deluxe
2016-11-26 12:05 - 2016-11-26 12:06 - 00000000 ____D C:\Program Files (x86)\Tower Bloxx Deluxe
2016-11-26 12:01 - 2016-11-26 12:09 - 00000000 ____D C:\ProgramData\Big Fish
2016-11-26 11:57 - 2016-11-26 12:09 - 00000000 ____D C:\BigFishCache
2016-11-26 11:57 - 2016-11-26 12:01 - 00000000 ____D C:\Users\angbblue\AppData\Local\Big Fish
2016-11-19 13:00 - 2016-11-19 13:00 - 00000000 ____D C:\Users\angbblue\AppData\Roaming\Uninstaller Tool(Comodo Forums)
2016-11-17 13:44 - 2016-11-17 13:44 - 00000000 _____ C:\WINDOWS\System32\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}
2016-11-17 12:12 - 2016-11-17 12:12 - 00000000 ____D C:\Users\angbblue\AppData\Local\Chromium
2016-11-17 09:59 - 2016-11-17 09:59 - 00000000 ____D C:\WINDOWS\System32\Tasks\COMODO
2016-11-16 23:02 - 2016-12-11 20:36 - 00000000 ____D C:\Users\angbblue\Desktop\New folder
2016-11-15 05:56 - 2016-11-15 05:56 - 01588684 _____ C:\WINDOWS\Minidump\111516-31703-01.dmp
2016-11-14 05:10 - 2016-12-04 18:20 - 00000000 ____D C:\Users\angbblue\Downloads\Masters Of Horror Season 1-2
2016-11-13 20:08 - 2016-11-14 12:30 - 00000000 ____D C:\Users\angbblue\Documents\KCR documents
2016-11-13 19:29 - 2013-03-03 08:01 - 00227328 _____ (Brother Industries, Ltd.) C:\WINDOWS\system32\BRCOI13A.DLL
2016-11-13 19:28 - 2016-11-13 19:28 - 00000000 ____D C:\Users\angbblue\Documents\install
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-12-11 22:49 - 2016-10-27 04:34 - 00001148 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Alarm Clock.lnk
2016-12-11 22:49 - 2016-10-12 06:05 - 00002821 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Dragon NaturallySpeaking 12.0.lnk
2016-12-11 22:49 - 2016-08-23 16:19 - 00001067 _____ C:\Users\Public\Desktop\Firestorm-Releasex64.lnk
2016-12-11 22:49 - 2016-07-29 23:40 - 00002692 _____ C:\Users\angbblue\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2016-12-11 22:49 - 2016-07-27 16:46 - 00002411 _____ C:\Users\angbblue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-12-11 22:49 - 2016-07-27 16:25 - 00001564 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-12-11 22:49 - 2016-07-26 17:36 - 00000682 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Upgrade Assistant.lnk
2016-12-11 22:49 - 2016-07-23 17:19 - 00001890 _____ C:\Users\angbblue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Smilebox.lnk
2016-12-11 22:49 - 2016-07-18 03:59 - 00001176 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2016-12-11 22:49 - 2016-07-16 11:03 - 00002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-12-11 22:49 - 2016-07-10 02:45 - 00001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CaptureWiz.lnk
2016-12-11 22:49 - 2016-07-05 00:02 - 00000355 _____ C:\Users\angbblue\Desktop\Computer - Shortcut.lnk
2016-12-11 22:49 - 2015-10-29 23:19 - 00002425 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk
2016-12-11 22:49 - 2015-10-29 23:19 - 00002289 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk
2016-12-11 22:49 - 2015-10-29 23:19 - 00002287 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Devices Flow.lnk
2016-12-11 22:49 - 2015-10-29 23:18 - 00001578 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk
2016-12-11 22:49 - 2015-10-29 23:18 - 00000853 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop.lnk
2016-12-11 22:49 - 2015-10-29 23:17 - 00002313 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk
2016-12-11 22:40 - 2016-10-05 23:01 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-12-11 22:40 - 2016-07-27 16:21 - 00000000 ____D C:\Users\angbblue
2016-12-11 22:39 - 2016-04-26 22:34 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-12-11 22:39 - 2015-10-29 22:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-12-11 22:11 - 2016-10-03 06:49 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-12-11 22:11 - 2016-08-12 23:35 - 00000000 ____D C:\SpyHunter v4.22.8.4668
2016-12-11 22:00 - 2016-07-27 16:20 - 01313582 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-12-11 22:00 - 2015-10-29 23:21 - 00000000 ____D C:\WINDOWS\INF
2016-12-11 21:54 - 2016-07-01 20:35 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-12-11 21:53 - 2016-04-26 22:29 - 00203232 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-12-11 21:01 - 2016-11-11 02:11 - 00000000 ____D C:\Users\angbblue\AppData\LocalLow\Mozilla
2016-12-11 20:54 - 2016-07-01 20:55 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-12-11 20:50 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-12-11 20:45 - 2016-07-29 23:40 - 00000000 ____D C:\Users\angbblue\AppData\Roaming\uTorrent
2016-12-11 20:40 - 2009-07-13 19:20 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-12-11 20:38 - 2016-07-01 20:35 - 00000000 ____D C:\Program Files (x86)\Google
2016-12-11 20:36 - 2016-07-03 07:54 - 00000000 ____D C:\Users\angbblue\AppData\Roaming\vlc
2016-12-11 20:35 - 2016-11-11 02:11 - 00002028 ____R C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk
2016-12-11 20:35 - 2016-11-11 02:11 - 00002016 ____R C:\Users\Public\Desktop\Моzillа Firеfох.lnk
2016-12-11 20:35 - 2016-11-11 02:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-11 20:35 - 2016-07-01 20:36 - 00002291 ____R C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk
2016-12-11 20:35 - 2016-07-01 20:36 - 00002279 ____R C:\Users\Public\Desktop\Gооglе Сhrоmе.lnk
2016-12-11 20:23 - 2016-07-04 23:55 - 00000000 ____D C:\Users\angbblue\Downloads\installed apps
2016-12-11 16:56 - 2016-07-01 22:39 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-12-11 14:43 - 2016-07-03 06:57 - 00000000 ____D C:\Users\angbblue\AppData\Local\FirestormOS_x64
2016-12-06 22:33 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-12-06 15:52 - 2016-07-04 22:36 - 00000000 ____D C:\Users\angbblue\AppData\Roaming\AlawarEntertainment
2016-12-04 01:35 - 2016-07-30 15:50 - 00000000 ____D C:\Users\angbblue\Desktop\Blue Paper
2016-12-04 00:55 - 2016-07-01 20:07 - 00000000 ____D C:\Users\angbblue\AppData\Local\VirtualStore
2016-12-04 00:15 - 2016-08-21 17:37 - 00000000 ____D C:\Program Files (x86)\Foxy Games
2016-12-02 04:59 - 2016-09-17 17:32 - 00000000 ____D C:\WINDOWS\Minidump
2016-12-01 11:58 - 2016-07-01 20:35 - 00004078 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-01 11:56 - 2016-07-04 12:44 - 00003738 _____ C:\WINDOWS\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2016-12-01 11:54 - 2016-07-01 22:39 - 00003908 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-12-01 11:52 - 2016-07-16 11:03 - 00005244 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-11-26 12:06 - 2009-07-13 21:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-11-24 20:22 - 2016-07-26 11:14 - 00000046 _____ C:\WINDOWS\SysWOW64\_WKERNEL.SYL
2016-11-21 06:43 - 2016-08-12 23:38 - 00000336 _____ C:\WINDOWS\Tasks\SpyHunter4.job
2016-11-19 21:24 - 2016-10-07 20:34 - 00007891 _____ C:\WINDOWS\BRRBCOM.INI
2016-11-19 12:26 - 2016-07-01 22:38 - 00000000 ____D C:\Users\angbblue\AppData\Local\Adobe
2016-11-19 12:26 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-11-19 12:26 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-11-17 20:21 - 2016-07-26 11:08 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2016-11-17 20:11 - 2016-04-26 22:29 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2016-11-17 12:15 - 2016-10-07 19:34 - 00000000 ____D C:\Program Files (x86)\Brother
2016-11-17 12:14 - 2016-10-07 19:34 - 00000000 ____D C:\Program Files (x86)\ControlCenter4
2016-11-15 00:05 - 2016-07-04 16:45 - 00000000 ____D C:\Users\angbblue\AppData\Local\ElevatedDiagnostics
2016-11-13 19:31 - 2016-10-07 20:35 - 00000092 _____ C:\WINDOWS\brpcfx.ini
2016-11-13 16:57 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\rescache
 
==================== Files in the root of some directories =======
 
2016-12-11 20:42 - 2016-12-11 20:42 - 7310848 _____ () C:\Users\angbblue\AppData\Roaming\agent.dat
2016-12-11 20:41 - 2016-12-11 20:41 - 0140288 _____ () C:\Users\angbblue\AppData\Roaming\Installer.dat
2016-12-11 20:42 - 2016-12-11 20:41 - 0684544 _____ () C:\Users\angbblue\AppData\Roaming\Kontech.exe
2016-12-11 20:42 - 2016-12-11 20:42 - 0018432 _____ () C:\Users\angbblue\AppData\Roaming\Main.dat
2016-10-12 06:28 - 2016-10-12 06:28 - 0000915 _____ () C:\Users\angbblue\AppData\Roaming\SAS7_000.DAT
2016-12-11 02:59 - 2016-12-11 02:59 - 0065996 _____ () C:\Users\angbblue\AppData\Local\12187.exe
2016-12-11 02:59 - 2016-12-11 02:59 - 0127736 _____ () C:\Users\angbblue\AppData\Local\36323.exe
2016-12-11 02:59 - 2016-12-11 02:59 - 0072752 _____ () C:\Users\angbblue\AppData\Local\63372.exe
2016-12-11 02:59 - 2016-12-11 02:59 - 0073131 _____ () C:\Users\angbblue\AppData\Local\72613.exe
2016-11-10 23:23 - 2016-11-10 23:23 - 0005632 _____ () C:\Users\angbblue\AppData\Local\a3.exe
2016-07-04 08:20 - 2016-07-04 08:26 - 0007612 _____ () C:\Users\angbblue\AppData\Local\resmon.resmoncfg
2016-12-11 20:38 - 2016-12-11 20:39 - 0000003 _____ () C:\Users\angbblue\AppData\Local\run1.txt
 
Some files in TEMP:
====================
C:\Users\angbblue\AppData\Local\Temp\InstallHelper.exe
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2016-12-11 22:11
 
==================== End of FRST.txt ============================
 
And ADDITION txt:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2016
Ran by angbblue (12-12-2016 01:14:28)
Running from C:\Users\angbblue\Desktop
Windows 10 Pro Version 1511 (X64) (2016-07-28 00:40:51)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1082919626-2427143817-331776683-500 - Administrator - Disabled) => C:\Users\Administrator
angbblue (S-1-5-21-1082919626-2427143817-331776683-1000 - Administrator - Enabled) => C:\Users\angbblue
DefaultAccount (S-1-5-21-1082919626-2427143817-331776683-503 - Limited - Disabled)
gtom1 (S-1-5-21-1082919626-2427143817-331776683-1004 - Limited - Enabled) => C:\Users\gtom1
Guest (S-1-5-21-1082919626-2427143817-331776683-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1082919626-2427143817-331776683-1000\...\uTorrent) (Version: 3.4.9.42973 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Adobe Flash Player 23 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Ansel (Version: 373.06 - NVIDIA Corporation) Hidden
Aquascapes CE (HKLM-x32\...\Aquascapes CE1.0) (Version: 1.0 - Foxy Games)
Barn Yarn Collectors Edition (HKLM-x32\...\Barn Yarn Collectors Edition1.0) (Version: 1.0 - Foxy Games)
Boggle Supreme (HKLM-x32\...\Boggle Supreme) (Version:  - GameHouse, Inc.)
Boost (HKU\S-1-5-21-1082919626-2427143817-331776683-1000\...\Boost 1.0.2) (Version: 1.0.2 - Reason Software Company Inc.) <==== ATTENTION
Boost (Version: 1.0.2 - Reason Software Company Inc.) Hidden <==== ATTENTION
CaptureWizPro 5.40 (HKLM-x32\...\CaptureWiz) (Version:  - )
Dell System Detect (HKU\S-1-5-21-1082919626-2427143817-331776683-1000\...\58d94f3ce2c27db0) (Version: 7.6.0.17 - Dell)
Dragon NaturallySpeaking 12 (HKLM-x32\...\{D5D422B9-6976-4E98-8DDF-9632CB515D7E}) (Version: 12.00.100 - Nuance Communications Inc.)
FastStone Image Viewer 5.7 (HKLM-x32\...\FastStone Image Viewer) (Version: 5.7 - FastStone Soft)
Firestorm SecondLife and OpenSim viewer (Version: 4.7.50527 - The Phoenix Firestorm Project, Inc.) Hidden
Firestorm-Releasex64 x64 (HKLM-x32\...\{ab0d6df9-c3fc-44cc-8b26-8f3694c5c162}) (Version: 4.7.50527 - The Phoenix Firestorm Project, Inc.)
Free Alarm Clock (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 4.0.1.0 - Comfort Software Group)
Game Booster 3 (HKLM-x32\...\Game Booster_is1) (Version: 3.4 - IObit)
Gardenscapes 2 CE (HKLM-x32\...\Gardenscapes 2 CE1.0) (Version: 1.0 - Foxy Games)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Hidden Object Home Makeover 2 (HKLM-x32\...\Hidden Object Home Makeover 21.1) (Version: 1.1 - Foxy Games)
inSSIDer 4 (HKLM-x32\...\{23A7D3D7-D312-4549-B349-2226AF6C6A83}) (Version: 4.1.0.60 - MetaGeek, LLC)
Intel® Chipset Device Software (x32 Version: 10.0.27 - Intel® Corporation) Hidden
Intel® Management Engine Interface (HKLM\...\HECI) (Version:  - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 15.2 - Intel)
Intel® Active Management Technology (HKLM\...\MESOL) (Version:  - Intel Corporation)
Java 8 Update 111 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Jewel Quest Solitaire III 1.00 (HKLM-x32\...\Jewel Quest Solitaire III 1.00) (Version:  - )
Little Inferno (HKLM-x32\...\Little Inferno1.0) (Version: 1.0 - Foxy Games)
LogonStudio Vista (HKLM-x32\...\LogonStudio Vista) (Version:  - )
Lost in Reefs 2 (HKLM-x32\...\Lost in Reefs 21.1) (Version: 1.1 - Foxy Games)
Luxor 4 Quest For The Afterlife 1.00 (HKLM-x32\...\Luxor 4 Quest For The Afterlife 1.00) (Version:  - )
Luxor 5th Passage 1.00 (HKLM-x32\...\Luxor 5th Passage 1.00) (Version:  - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Monopoly City (HKLM-x32\...\Monopoly City1.0) (Version: 1.0 - Foxy Games)
Mozilla Firefox 50.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.0 (x86 en-US)) (Version: 50.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
My Web Shield (HKLM\...\mweshield) (Version: 3.0 - My Web Shield) <==== ATTENTION
Nero 2016 (HKLM-x32\...\{9C637A56-4287-487F-95BF-1422FC1AA879}) (Version: 17.0.04500 - Nero AG)
Nero Info (HKLM-x32\...\{F030BFE8-8476-4C08-A553-233DE80A2BE1}) (Version: 16.0.2003 - Nero AG)
NVIDIA Graphics Driver 373.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 373.06 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
paint.net (HKLM\...\{DD393E4D-76FA-4CCD-84F3-CD9D75C14862}) (Version: 4.0.10 - dotPDN LLC)
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.5 - Power Software Ltd)
Prerequisite installer (x32 Version: 17.0.0002 - Nero AG) Hidden
REOptimizer (HKU\.DEFAULT\...\REOptimizer) (Version:  - AltoCloud) <==== ATTENTION
Revo Uninstaller Pro 3.1.5 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.5 - VS Revo Group, Ltd.)
Skype™ 7.29 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.102 - Skype Technologies S.A.)
SlimDrivers (HKLM-x32\...\{746AB259-6474-4111-8966-1C62F9A6E063}) (Version: 2.3.1 - SlimWare Utilities, Inc.)
Smilebox (HKU\S-1-5-21-1082919626-2427143817-331776683-1000\...\Smilebox) (Version: 1.0.0.30855 - Smilebox, Inc.)
SoundMAX (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.2.7250 - Analog Devices)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
SpyHunter v4.22.8.4668 (HKLM-x32\...\SpyHunter v4.22.8.46684.22.8.4668) (Version: 4.22.8.4668 - Friends in War)
Stashimi Stub Installer (x32 Version: 18.001.1 - Nero AG) Hidden
Tower Bloxx Deluxe (HKLM-x32\...\BFG-Tower Bloxx Deluxe) (Version:  - )
Tower Bloxx Deluxe (HKLM-x32\...\Tower Bloxx Deluxe1.1) (Version: 1.1 - Foxy Games)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.3 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Wanderland (HKLM-x32\...\Wanderland1.1) (Version: 1.1 - Foxy Games)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17332 - Microsoft Corporation)
WinRAR 5.40 beta 2 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.2 - win.rar GmbH)
WinUtilities Free Edition 13.0 (HKLM-x32\...\{FC274982-5AAD-4C20-848D-4424A5043010}_is1) (Version: 13.0 - YL Computing, Inc)
Zuma's Revenge (HKLM-x32\...\Zuma's Revenge) (Version:  - islandGirl)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0215CFF1-F2A1-4582-B42F-7B7956F7505C} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {02F0E082-3B78-4A75-B8FA-BF10845D3898} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {0EAD064F-14F7-440C-9747-188A6C8D1294} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {125F05FF-55B9-469A-ACFC-B0C9C85C5831} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {14F9B160-4503-414A-B627-96F952AD8ACE} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {185E79B2-109B-439D-8967-AF60E5A060FF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program [Argument = Files (x86)\Google\Update\GoogleUpdate.exe /c]
Task: {24B77383-3B4D-455F-BBC9-949E93FA4FBE} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {2C8A8A64-BD53-44FA-9172-165F9AE1B27E} - System32\Tasks\SpyHunter4 => C:\SpyHunter v4.22.8.4668\SpyHunter4.exe [2016-05-17] (Enigma Software Group USA, LLC.)
Task: {32D1147D-912A-4436-B016-FC5E2FAC95FC} - System32\Tasks\Cinnamon\Talking Alarm Clock\New Alarm => C:\Program Files\Alarm Clock\Alarm.exe
Task: {372024B3-8BCB-4A71-9A54-79FB7424620C} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {380984C9-8248-4191-ACD9-A15B0527AABC} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {3936A723-D791-4A7C-A64B-2E162F0DDBE2} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {46CB0AF7-AC76-426D-A437-A2CE8236ED52} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {574F1D16-B7C2-4835-9E28-5481B11237FE} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {5AB1E3CB-82ED-4F45-B9A6-09E0B5C19E13} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {60D37B9D-F062-480A-A012-A26B1E63A09D} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {676CA919-7678-4486-9FE5-1B2DC2DF91E2} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {68A45581-A851-446B-A55D-0EBE32B91E93} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {825DA470-E12B-471A-A5BB-E880A5488188} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {8782502A-BB3B-4B97-99B0-0D536C6B8A36} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8A127354-F4C5-4AC6-9F13-C24D467BA8F9} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8D23FCAF-F5F3-41FE-A688-DD18B50E494B} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {90E51A7F-1D1D-425A-A623-2AFB034C27BB} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {924E0545-F843-4316-B7E6-2AC81E17ABBF} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2016-03-01] (Nero AG)
Task: {9420404B-70A5-45BB-B7B6-D9A8F5A3CBB0} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
Task: {A2901749-FC92-41D9-814F-920CB15937F0} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A8BBA1E2-1079-4514-92FE-7AEA4C3D4084} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe [2016-07-12] ()
Task: {AB921D2B-A8F8-4401-88DB-8C20DE0927DC} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_207_pepper.exe [2016-11-19] (Adobe Systems Incorporated)
Task: {BC7291F7-10B7-432D-A023-09BFD1A77B3E} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BCE1EA31-EB14-499C-80E5-A7647A5C9209} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {C531AE6F-59C4-46CE-B64E-075CE8A5AB0D} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe
Task: {D5F548D0-246F-46E5-8DB1-D1B072F31C05} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {E51FB6E2-1277-4D31-9470-75B8EAD62A98} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {EF432FC5-32BE-468C-A7D8-B9796E84E466} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {F4D711E6-721E-4ED1-8803-D9123727C8D1} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FED9353F-7D4C-4721-82A4-FD9612B24DFB} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_207_pepper.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program.Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\SpyHunter4.job => C:\SpyHunter v4.22.8.4668\SpyHunter4.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\angbblue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wanderland\Wanderland.lnk -> C:\Games\Wanderland\Start_Game.bat ()
Shortcut: C:\Users\angbblue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hidden Object Home Makeover 2\Hidden Object Home Makeover 2.lnk -> C:\Games\Home Makeover\Start_Game.bat ()
Shortcut: C:\Users\angbblue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Ехplоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat ()
Shortcut: C:\Users\angbblue\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat ()
Shortcut: C:\Users\angbblue\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat ()
Shortcut: C:\Users\angbblue\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnеt Ехplоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat ()
Shortcut: C:\Users\Public\Desktop\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat ()
Shortcut: C:\Users\Public\Desktop\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat ()
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-29 23:18 - 2015-10-29 23:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-07-17 21:41 - 2016-10-01 11:53 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-07-28 17:38 - 2016-06-30 20:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-28 17:38 - 2016-06-30 20:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-07-27 16:51 - 2016-07-27 16:51 - 00959168 _____ () C:\Users\angbblue\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-04-26 22:10 - 2016-04-26 22:10 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-28 17:41 - 2016-06-30 19:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-07-28 17:37 - 2016-06-30 19:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-28 17:37 - 2016-06-30 19:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-28 17:37 - 2016-06-30 19:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-28 17:37 - 2016-06-30 19:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-07-04 16:46 - 1999-12-31 16:00 - 00077824 _____ () C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\DTMessageLib.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:1DA424AA [123]
AlternateDataStreams: C:\ProgramData\TEMP:ADF211B1 [202]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1082919626-2427143817-331776683-1000\...\dell.com -> dell.com
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 18:34 - 2016-12-11 21:35 - 00001008 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       union.baidu2019.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1082919626-2427143817-331776683-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\angbblue\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.0.1 - 205.171.2.26
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "picon"
HKLM\...\StartupApproved\Run32: => "myWIFIzone"
HKLM\...\StartupApproved\Run32: => "ISUSPM"
HKU\S-1-5-21-1082919626-2427143817-331776683-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1082919626-2427143817-331776683-1000\...\StartupApproved\Run: => "BingSvc"
HKU\S-1-5-21-1082919626-2427143817-331776683-1000\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1082919626-2427143817-331776683-1000\...\StartupApproved\Run: => "ISUSPM"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [MSMQ-In-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [{E459F71C-5F69-4270-8010-8910444A2EB3}] => C:\Program Files (x86)\Nero\Nero 2016\Nero Burning ROM\nero.exe
FirewallRules: [{ADECBE0A-129D-431C-8C4C-7B9D02C0A0C5}] => C:\Program Files (x86)\Nero\KM\MediaHome.exe
FirewallRules: [{5D3F27F9-EE3C-43A8-A2D8-941E15A8E520}] => C:\Program Files (x86)\Nero\KM\NMDllHost.exe
FirewallRules: [{7B5C460F-C134-4633-83AF-35DD30645039}] => C:\Program Files (x86)\Nero\Nero 2016\Nero Burning ROM\StartNBR.exe
FirewallRules: [{2791F5B8-902D-4302-B785-5235AA297C68}] => C:\Program Files (x86)\Nero\Nero TuneItUp\TuneItUp.exe
FirewallRules: [{1E6C3B71-44EA-471B-9C06-03EAB85F03C6}] => C:\Program Files (x86)\Nero\Nero TuneItUp\TuneItUp.exe
FirewallRules: [UDP Query User{0915E693-26B9-4212-81FD-55E1627561D4}C:\users\angbblue\appdata\local\temp\bduninstall\x64\pcsftool.exe] => C:\users\angbblue\appdata\local\temp\bduninstall\x64\pcsftool.exe
FirewallRules: [TCP Query User{CE0E6E07-A14C-4407-A55A-B185B269B266}C:\users\angbblue\appdata\local\temp\bduninstall\x64\pcsftool.exe] => C:\users\angbblue\appdata\local\temp\bduninstall\x64\pcsftool.exe
FirewallRules: [UDP Query User{4ADAB0CF-AE22-47E5-A422-EDD6F880A4D0}C:\users\angbblue\appdata\local\temp\bduninstall\x32\pcsftool.exe] => C:\users\angbblue\appdata\local\temp\bduninstall\x32\pcsftool.exe
FirewallRules: [TCP Query User{34DFE0FC-6BB4-44B5-BF19-D1F59F091FC4}C:\users\angbblue\appdata\local\temp\bduninstall\x32\pcsftool.exe] => C:\users\angbblue\appdata\local\temp\bduninstall\x32\pcsftool.exe
FirewallRules: [UDP Query User{8BEA1204-7CBC-43D9-B327-5EB08E16FEF9}C:\program files\firestorm-releasex64\slvoice.exe] => C:\program files\firestorm-releasex64\slvoice.exe
FirewallRules: [TCP Query User{6652D4BC-483F-4F25-A870-A53965664ED3}C:\program files\firestorm-releasex64\slvoice.exe] => C:\program files\firestorm-releasex64\slvoice.exe
FirewallRules: [{B5004872-8C3E-41C2-835E-8B0063B1A776}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{0455C3EB-9091-46DF-9E23-5F435F61A3B6}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{C1D32A56-C7F7-43FA-93F7-ADBCA7A8F894}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{10F21366-E3A5-47B7-9583-97A08D787E6F}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{379D45BD-1F54-4CA2-AB2A-FBCD6C348E5C}] => C:\Users\angbblue\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4121376C-AD0B-4997-827B-4A201B30F1A3}] => C:\Users\angbblue\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4ADEA099-EA11-4156-ABBA-A8BE81A548AD}] => C:\Users\angbblue\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{36C81B08-0494-4803-BB7A-D98F9F999916}] => C:\Users\angbblue\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F532A70E-2D9F-40AA-BFB5-61524332D37C}] => C:\Users\angbblue\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CE25A3AB-1356-411F-980B-E9DC26BCA4E2}] => C:\Users\angbblue\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{88E1C79B-580E-40B9-93F0-E1C0C17A031C}] => C:\Program Files (x86)\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{D1747B6E-5B3A-4C42-98C6-16DF99F30842}] => C:\Program Files (x86)\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{8CE62038-C59D-4FBC-8094-04563DE66180}] => C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe
FirewallRules: [{B9550157-26D9-4E32-BE80-5D2B7B278C46}] => C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe
FirewallRules: [{4F89BD4D-18B1-48BB-A05A-7921A355997B}] => LPort=51001
FirewallRules: [{DB124839-2A7C-4B31-9734-15A4FCC77CCC}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{DF973825-F632-476C-80D9-72BD9F85C049}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6E18E886-465B-4CBB-A22F-7A44464E8C03}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [ScanManagement-RCWS-Out-TCP] => %SystemRoot%\System32\mmc.exe
FirewallRules: [ScanManagement-WSD-Out-TCP] => %SystemRoot%\System32\mmc.exe
FirewallRules: [{10109605-AED9-4C85-8592-BB8EFBC3FDA3}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{29B48632-4441-4C79-96FA-40A4E6121E69}] => C:\Users\angbblue\AppData\Local\ddnow.exe
FirewallRules: [{D6A1F3F5-60BE-43D5-B942-C1065A1425DE}] => C:\Users\angbblue\AppData\Local\Temp\D4913037-A7CA-4758-BA0D-215B515237F7\installer.exe
FirewallRules: [{DD0DA05C-2A28-40DB-A0B6-7B0BAA87BD9F}] => C:\Users\angbblue\AppData\Local\65450963.exe
FirewallRules: [{F1F383F7-DA3D-4ED5-8504-A5CEBC554A07}] => C:\Program Files (x86)\Lactate\arcadia.exe
FirewallRules: [{0FB5FEBD-98BC-4B00-BEF3-C9739A585ED0}] => C:\Program Files (x86)\Steadfastness\arcadia.exe
FirewallRules: [{44DA21C6-0399-4255-8B58-AF11452C730F}] => C:\WINDOWS\system32\rundll32.exe
 
==================== Restore Points =========================
 
19-11-2016 00:06:46 Removed COMODO Internet Security Premium
26-11-2016 12:13:04 Removing COMODO Internet Security
03-12-2016 21:40:38 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/11/2016 10:01:03 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "c:\program files (x86)\screenshotpro\1.0.0.6000090\ScreenshotPro.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_a2d8b04ea53e3145.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_ea85e725b9ba5a4b.manifest.
 
Error: (12/11/2016 10:00:51 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\dragon_support_packager.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_a2d8b04ea53e3145.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_ea85e725b9ba5a4b.manifest.
 
Error: (12/11/2016 09:59:40 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "c:\program files (x86)\screenshotpro\1.0.0.6000090\ScreenshotPro.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_a2d8b04ea53e3145.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_ea85e725b9ba5a4b.manifest.
 
Error: (12/11/2016 09:59:31 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "c:\program files (x86)\screenshotpro\1.0.0.6000090\ScreenshotPro.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_a2d8b04ea53e3145.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_ea85e725b9ba5a4b.manifest.
 
Error: (12/11/2016 08:48:47 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "c:\program files (x86)\screenshotpro\1.0.0.6000090\ScreenshotPro.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_a2d8b04ea53e3145.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_ea85e725b9ba5a4b.manifest.
 
Error: (12/11/2016 08:48:43 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\dragon_support_packager.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_a2d8b04ea53e3145.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_ea85e725b9ba5a4b.manifest.
 
Error: (12/11/2016 08:47:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SystemHealer.exe version 4.5.0.3 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 43f0
 
Start Time: 01d25432a2968831
 
Termination Time: 4294967295
 
Application Path: C:\Program Files (x86)\SystemHealer\SystemHealer.exe
 
Report Id: 09a39892-c026-11e6-a957-0023ae95ac31
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (12/11/2016 08:46:31 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "c:\program files (x86)\screenshotpro\1.0.0.6000090\ScreenshotPro.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_a2d8b04ea53e3145.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_ea85e725b9ba5a4b.manifest.
 
Error: (12/11/2016 08:46:27 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\dragon_support_packager.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_a2d8b04ea53e3145.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_ea85e725b9ba5a4b.manifest.
 
Error: (12/11/2016 08:44:51 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "c:\program files (x86)\screenshotpro\1.0.0.6000090\ScreenshotPro.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_a2d8b04ea53e3145.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_ea85e725b9ba5a4b.manifest.
 
 
System errors:
=============
Error: (12/12/2016 12:32:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Service service failed to start due to the following error: 
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Error: (12/12/2016 12:32:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Service service failed to start due to the following error: 
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Error: (12/12/2016 12:32:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Network Inspection Service service failed to start due to the following error: 
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Error: (12/12/2016 12:32:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Service service failed to start due to the following error: 
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Error: (12/11/2016 10:45:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The WindowService service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (12/11/2016 10:44:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (12/11/2016 10:39:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CLPSLauncher service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (12/11/2016 10:39:49 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147942402.
 
Error: (12/11/2016 10:39:49 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147942402.
 
Error: (12/11/2016 10:38:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_2f622 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
 
CodeIntegrity:
===================================
  Date: 2016-12-12 00:32:56.288
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-12-12 00:32:45.287
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-12-12 00:32:36.111
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume2\Program Files\Windows Defender\NisSrv.exe that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-12-12 00:32:20.032
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-12-11 22:05:40.410
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-11-26 12:15:03.857
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-11-19 13:00:55.839
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-11-19 12:36:01.816
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-11-19 12:23:10.055
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-11-19 06:29:16.621
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz
Percentage of memory in use: 17%
Total physical RAM: 8061.61 MB
Available physical RAM: 6637.37 MB
Total Virtual: 16253.61 MB
Available Virtual: 14992.88 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:592.93 GB) (Free:411.13 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 7676BF5F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=592.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=449 MB) - (Type=27)
Partition 4: (Not Active) - (Size=338 GB) - (Type=05)
 
==================== End of Addition.txt ============================

 


sig_zpssbt5rtdf.png


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,627 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:28 AM

Posted 17 December 2016 - 04:55 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> https://www.bleepingcomputer.com/logreply/634612 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,627 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:28 AM

Posted 22 December 2016 - 05:00 AM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users