Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"zodiac-game.info/newpager.html" site keeps launching in firefox on startup


  • This topic is locked This topic is locked
9 replies to this topic

#1 bigworm187

bigworm187

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 21 February 2017 - 01:04 AM

I've seen another bloke fix this problem with help from this forum a few days ago and i was wondering if i could get some help in fixing this.
I've preemptively followed the first steps from the thread from which sent me here

(https://www.bleepingcomputer.com/forums/t/640100/zodiac-gameinfonewpagerhtml-adware-keeps-opening-on-computer-startup/)


Attached File  Addition.txt   76.85KB   3 downloads
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-02-2017
Ran by BBT (administrator) on ASUSBOY (21-02-2017 16:42:47)
Running from C:\Users\BBT\Desktop\New folder (2)
Loaded Profiles: BBT (Available Profiles: BBT & Administrator)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
() C:\Windows\SysWOW64\ASGT.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
() C:\Program Files (x86)\Pioneer\DJM-900nexus\DJM-900nexus_AutoSetup.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Pioneer\DJM-900SRT\DJM-900SRT_AutoSetup.exe
(Pioneer DJ Corporation.) C:\Program Files (x86)\Pioneer\DJM-850\DJM-850_AutoSetup.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Pioneer DJ Corporation) C:\Program Files (x86)\Pioneer\DJM-900NXS2\DJM-900NXS2_AutoSetup.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDGesture.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft® Windows® Operating System) C:\Windows\System32\Taskmgr.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Native Instruments GmbH) C:\Program Files\Native Instruments\Traktor 2\Traktor.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242696 2015-10-15] (ELAN Microelectronics Corp.)
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-09-12] (ASUS)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2789248 2016-02-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-05-06] (Adobe Systems Incorporated)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [DigidesignMMERefresh] => C:\Program Files\Avid\Pro Tools\MMERefresh.exe [117760 2016-03-25] (Avid Technology, Inc.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-07] (Microsoft Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [570152 2014-08-14] (Acronis)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5264016 2012-08-16] (VIA)
HKLM-x32\...\Run: [ROGNB] => C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe [466944 2011-09-20] ()
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-28] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2380480 2016-05-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EaseUS Cleanup] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.0\bin\CleanUpUI.exe [1227456 2016-04-26] (CHENGDU Yiwo Tech Development Co., Ltd.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5234160 2014-10-22] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [603904 2014-10-17] (Acronis International GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-09-25] (Qualcomm®Atheros®)
HKU\S-1-5-21-2119004481-758454083-3390561951-1002\...\Run: [Unified Remote V3] => C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe [3155712 2017-01-30] (Unified Intents AB)
HKU\S-1-5-21-2119004481-758454083-3390561951-1002\...\Run: [Google Update] => C:\Users\BBT\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-17] (Google Inc.)
HKU\S-1-5-21-2119004481-758454083-3390561951-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-19] (Valve Corporation)
HKU\S-1-5-21-2119004481-758454083-3390561951-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9292504 2016-12-22] (Piriform Ltd)
HKU\S-1-5-21-2119004481-758454083-3390561951-1002\...\Run: [Lync] => C:\Program Files\Microsoft Office\Office16\lync.exe [26886352 2016-02-10] (Microsoft Corporation)
HKU\S-1-5-21-2119004481-758454083-3390561951-1002\...\Run: [Spotify Web Helper] => C:\Users\BBT\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1431664 2017-01-20] (Spotify Ltd)
HKU\S-1-5-21-2119004481-758454083-3390561951-1002\...\Run: [Spotify] => C:\Users\BBT\AppData\Roaming\Spotify\Spotify.exe [6987376 2017-01-20] (Spotify Ltd)
HKU\S-1-5-21-2119004481-758454083-3390561951-1002\...\Run: [BBT] => explorer.exe hxxp://sd-steam.info <===== ATTENTION
HKU\S-1-5-21-2119004481-758454083-3390561951-1002\...\MountPoints2: G - "G:\setup.exe"
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => No File
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\BBT\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-02] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\BBT\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-02] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\BBT\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-02] ()
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\BBT\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-02] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\BBT\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-02] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\BBT\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-02] ()
Startup: C:\Users\BBT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Traktor 2.lnk [2016-10-15]
ShortcutTarget: Traktor 2.lnk -> C:\Program Files\Native Instruments\Traktor 2\Traktor.exe (Native Instruments GmbH)
Startup: C:\Users\BBT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Unified Remote.lnk [2016-11-18]
ShortcutTarget: Unified Remote.lnk -> C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe (Unified Intents AB)
BootExecute: autocheck autochk /m /P \Device\TrueCryptVolumeVautocheck autochk *
GroupPolicy: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 61.9.134.49 61.9.133.193
Tcpip\..\Interfaces\{b1bc9296-4baa-4aec-a5e4-d781ce2480fd}: [DhcpNameServer] 61.9.134.49 61.9.133.193
Tcpip\..\Interfaces\{b88cf0bf-9393-42e9-b3be-220af3873251}: [DhcpNameServer] 209.222.18.222 209.222.18.218

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2119004481-758454083-3390561951-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com/
HKU\S-1-5-21-2119004481-758454083-3390561951-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
SearchScopes: HKU\S-1-5-21-2119004481-758454083-3390561951-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2119004481-758454083-3390561951-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2016-02-09] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation)
BHO-x32: No Name -> {451C804F-C205-4F03-B48E-537EC94937BF} -> No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-21] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2016-10-31] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2016-01-13] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-21] (Oracle Corporation)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-02-09] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-02-09] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-02-09] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-02-09] (Microsoft Corporation)
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File

FireFox:
========
FF ProfilePath: C:\Users\BBT\AppData\Roaming\Mozilla\Firefox\Profiles\1xikiowx.default-1487655033138 [2017-02-21]
FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-15] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-05-31] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-15] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-02-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-12] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-12] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-05-31] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2119004481-758454083-3390561951-1002: @talk.google.com/GoogleTalkPlugin -> C:\Users\BBT\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2119004481-758454083-3390561951-1002: @talk.google.com/O1DPlugin -> C:\Users\BBT\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2119004481-758454083-3390561951-1002: @tools.google.com/Google Update;version=3 -> C:\Users\BBT\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-2119004481-758454083-3390561951-1002: @tools.google.com/Google Update;version=9 -> C:\Users\BBT\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-02-09] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\BBT\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\BBT\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

Chrome:
=======
CHR Profile: C:\Users\BBT\AppData\Local\Google\Chrome\User Data\Default [2017-02-21]
CHR Extension: (Google Slides) - C:\Users\BBT\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-29]
CHR Extension: (Google Docs) - C:\Users\BBT\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-29]
CHR Extension: (Google Drive) - C:\Users\BBT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-29]
CHR Extension: (YouTube) - C:\Users\BBT\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-29]
CHR Extension: (Google Search) - C:\Users\BBT\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-29]
CHR Extension: (Google Sheets) - C:\Users\BBT\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-29]
CHR Extension: (Marlies Dekkers) - C:\Users\BBT\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepnljgdbelppefncogilfbjikmnbhjm [2015-11-29]
CHR Extension: (Stylish - Custom themes for any website) - C:\Users\BBT\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2017-02-20]
CHR Extension: (Google Docs Offline) - C:\Users\BBT\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-09]
CHR Extension: (AdBlock) - C:\Users\BBT\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-20]
CHR Extension: (Flamite - Tinder on your browser) - C:\Users\BBT\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgobopgcnapcnblkpelgjjblnjjpgejk [2017-02-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\BBT\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-06]
CHR Extension: (Gmail) - C:\Users\BBT\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-29]
CHR Extension: (Chrome Media Router) - C:\Users\BBT\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-20]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [737984 2016-05-31] (Adobe Systems Incorporated)
S3 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2207960 2016-09-26] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-14] (ASUS)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-09-25] (Windows ® Win 7 DDK provider) [File not signed]
S3 AVerRECentral; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRECentral.exe [1933000 2016-02-16] (AVerMedia TECHNOLOGIES, Inc.)
S3 DDJ-SZ_AutoSetup; C:\Program Files (x86)\Pioneer\DDJ-SZ\DDJ-SZ_AutoSetup.exe [79856 2014-01-06] ()
S3 DigiRefresh; C:\Program Files\Avid\Pro Tools\MMERefresh.exe [117760 2016-03-25] (Avid Technology, Inc.) [File not signed]
S3 digiSPTIService64; C:\Program Files\Avid\Pro Tools\digisptiservice64.exe [197632 2016-03-25] (Avid Technology, Inc.) [File not signed]
R2 DJM-850_AutoSetup; C:\Program Files (x86)\Pioneer\DJM-850\DJM-850_AutoSetup.exe [81408 2016-02-10] (Pioneer DJ Corporation.)
R2 DJM-900nexus_AutoSetup; C:\Program Files (x86)\Pioneer\DJM-900nexus\DJM-900nexus_AutoSetup.exe [57344 2011-08-11] () [File not signed]
R2 DJM-900NXS2_AutoSetup; C:\Program Files (x86)\Pioneer\DJM-900NXS2\DJM-900NXS2_AutoSetup.exe [79872 2016-01-14] (Pioneer DJ Corporation)
R2 DJM-900SRT_AutoSetup; C:\Program Files (x86)\Pioneer\DJM-900SRT\DJM-900SRT_AutoSetup.exe [78416 2013-09-06] ()
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144072 2015-10-15] (ELAN Microelectronics Corp.)
S3 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1164672 2016-02-17] (NVIDIA Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-28] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-26] (Intel Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [459832 2016-12-12] (NVIDIA Corporation)
S3 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1880960 2016-02-17] (NVIDIA Corporation)
S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6474112 2016-02-17] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2609024 2016-02-17] (NVIDIA Corporation)
S3 Subsonic; C:\Program Files (x86)\Subsonic\subsonic-service.exe [259584 2016-03-21] () [File not signed]
S3 Synergy; C:\Program Files\Synergy\synergyd.exe [311488 2015-11-19] ()
R2 VIAKaraokeService; C:\WINDOWS\system32\viakaraokesrv.exe [41952 2016-10-27] (VIA Technologies, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-09-25] (Atheros) [File not signed]
S2 ZAMSvc; "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /service [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 a8djavs; C:\WINDOWS\System32\Drivers\a8djavs.sys [359784 2012-12-18] (Native Instruments GmbH)
S3 a8djusb_svc; C:\WINDOWS\System32\Drivers\a8djusb.sys [100712 2012-12-18] (Native Instruments GmbH)
R3 BTATH_LWFLT; C:\WINDOWS\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-25] (Qualcomm Atheros)
S3 DDJ-SZAudio; C:\WINDOWS\system32\drivers\DDJ-SZAudio64.sys [41968 2014-01-06] (Pioneer Corporation.)
S3 DJM-850Audio; C:\WINDOWS\system32\drivers\DJM-850Audio64.sys [44024 2016-07-01] (Pioneer DJ Corporation.)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [18016 2016-01-20] ()
S3 epmntdrv; C:\WINDOWS\SysWOW64\epmntdrv.sys [15968 2016-01-20] ()
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [10848 2016-01-20] ()
S3 EuGdiDrv; C:\WINDOWS\SysWOW64\EuGdiDrv.sys [10208 2016-01-20] ()
R0 file_tracker; C:\WINDOWS\System32\DRIVERS\file_tracker.sys [296736 2017-01-08] (Acronis International GmbH)
R3 kbfiltr; C:\WINDOWS\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
S3 kf1avs; C:\WINDOWS\System32\Drivers\kf1avs.sys [357968 2011-09-16] (Native Instruments GmbH)
S3 kf1usb_svc; C:\WINDOWS\System32\Drivers\kf1usb.sys [47696 2011-09-16] (Native Instruments GmbH)
R3 LoopBeMidi1; C:\WINDOWS\system32\drivers\loopbe1.sys [13824 2011-04-10] (nerds.de)
S3 mc2usb_svc; C:\WINDOWS\System32\Drivers\mc2usb.sys [81016 2012-06-06] (Native Instruments GmbH)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 nita10audio; C:\WINDOWS\System32\Drivers\nita10audio.sys [384440 2015-09-05] (Native Instruments GmbH)
S3 nita10usb; C:\WINDOWS\system32\DRIVERS\nita10usb.sys [100200 2015-09-05] (Native Instruments GmbH)
S3 nita2audio; C:\WINDOWS\System32\Drivers\nita2audio.sys [371096 2015-09-29] (Native Instruments GmbH)
S3 nita2usb; C:\WINDOWS\system32\DRIVERS\nita2usb.sys [99200 2015-09-29] (Native Instruments GmbH)
S3 NVFLASH; C:\WINDOWS\system32\drivers\nvflash.sys [15648 2013-04-19] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_11a67240324f74de\nvlddmkm.sys [14200880 2016-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
R0 tib; C:\WINDOWS\System32\DRIVERS\tib.sys [1328928 2017-01-08] (Acronis International GmbH)
R0 tib_mounter; C:\WINDOWS\System32\DRIVERS\tib_mounter.sys [234784 2017-01-08] (Acronis International GmbH)
R3 uvhid; C:\WINDOWS\System32\drivers\uvhid.sys [25592 2015-11-05] (Windows ® Win 7 DDK provider)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 WsAudio_Device; C:\WINDOWS\system32\drivers\VirtualAudio.sys [31080 2015-02-27] (Wondershare)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-02-21] (Zemana Ltd.)
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-21 16:23 - 2017-02-21 16:42 - 00000000 ____D C:\Users\BBT\Desktop\New folder (2)
2017-02-21 16:22 - 2017-02-21 16:42 - 00000000 ____D C:\FRST
2017-02-21 16:14 - 2017-02-21 16:16 - 00000000 ____D C:\AdwCleaner
2017-02-21 12:37 - 2017-02-21 12:41 - 00000000 ____D C:\ProgramData\HitmanPro
2017-02-21 12:28 - 2017-02-21 16:42 - 00024217 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-02-21 12:28 - 2017-02-21 12:45 - 00107804 _____ C:\WINDOWS\ZAM.krnl.trace
2017-02-21 12:28 - 2017-02-21 12:28 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-02-21 12:27 - 2017-02-21 16:01 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-02-21 12:26 - 2017-02-21 12:26 - 00000000 ____D C:\Users\BBT\AppData\Local\Zemana
2017-02-21 11:52 - 2017-02-21 16:30 - 00000000 ____D C:\Users\BBT\Desktop\Old Firefox Data
2017-02-20 14:15 - 2017-02-20 14:15 - 00012740 _____ C:\Users\BBT\AppData\Local\recently-used.xbel
2017-02-20 02:09 - 2017-02-21 11:27 - 00000000 ____D C:\Fraps
2017-02-18 14:00 - 2017-02-18 15:25 - 00217080 _____ C:\Users\BBT\Desktop\sounds of the BB 3.wav
2017-02-18 13:59 - 2017-02-18 13:59 - 00582724 _____ C:\Users\BBT\Desktop\sounds of the BB 2.wav
2017-02-18 13:56 - 2017-02-19 03:07 - 00005778 _____ C:\Users\BBT\Desktop\sounds of the baby.wav.reapeaks
2017-02-18 13:56 - 2017-02-18 13:56 - 00005778 _____ C:\Users\BBT\Desktop\baby.wav.reapeaks
2017-02-18 13:55 - 2017-02-18 13:55 - 00393608 _____ C:\Users\BBT\Desktop\baby.wav
2017-02-18 13:53 - 2017-02-18 14:00 - 00395012 _____ C:\Users\BBT\Desktop\sounds of the baby.wav
2017-02-17 23:50 - 2017-02-17 23:50 - 00000000 ____D C:\Users\BBT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kodi
2017-02-16 13:18 - 2017-02-21 10:38 - 00000000 ____D C:\Program Files (x86)\JPEG-EXIF_autorotate
2017-02-16 06:30 - 2017-02-16 06:30 - 00000000 ____D C:\Users\BBT\AppData\Local\Tempzxpsign13f2e93dcaff3b41
2017-02-16 04:45 - 2017-02-16 04:45 - 00000000 ____D C:\Users\BBT\AppData\Local\Tempzxpsignfac82a6c9b2adfd8
2017-02-15 20:09 - 2017-02-15 20:09 - 00000000 ____D C:\Program Files (x86)\Spek
2017-02-14 21:10 - 2017-02-14 21:10 - 00000046 _____ C:\WINDOWS\SysWOW64\DonationCoder_urlsnooper_InstallInfo.dat
2017-02-14 21:10 - 2017-02-14 21:10 - 00000000 ____D C:\Users\BBT\Documents\DonationCoder
2017-02-14 21:10 - 2017-02-14 21:10 - 00000000 ____D C:\Users\BBT\AppData\Roaming\DonationCoder
2017-02-14 21:08 - 2017-02-21 16:08 - 00000000 ____D C:\Program Files (x86)\URLSnooper2
2017-02-13 17:33 - 2017-02-13 17:33 - 00000000 ____D C:\Users\BBT\AppData\Local\Apps\2.0
2017-02-12 20:40 - 2017-02-20 01:10 - 00000000 ____D C:\Users\BBT\AppData\Roaming\Kodi
2017-02-12 20:38 - 2017-02-17 23:50 - 00000000 ____D C:\Program Files (x86)\Kodi
2017-02-10 16:21 - 2017-02-10 16:21 - 00000000 ____D C:\Users\BBT\Documents\Dolphin Emulator
2017-02-10 15:46 - 2017-02-10 17:04 - 00000000 ____D C:\Users\BBT\AppData\Roaming\mGBA
2017-02-10 15:40 - 2017-02-10 15:44 - 00000000 ____D C:\Users\BBT\Documents\Untitled2
2017-02-10 15:31 - 2017-02-10 15:31 - 00000839 _____ C:\Users\Public\Desktop\Dolphin.lnk
2017-02-10 15:31 - 2017-02-10 15:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolphin
2017-02-10 15:30 - 2017-02-10 15:31 - 00000000 ____D C:\Program Files\Dolphin
2017-02-09 20:46 - 2017-02-09 20:46 - 02179116 _____ C:\Users\BBT\Desktop\2017-02-09_20h46m24.wav
2017-02-09 00:18 - 2017-02-09 00:18 - 00001276 _____ C:\Users\BBT\Desktop\Melodyne Studio 4 (x86).lnk
2017-02-09 00:18 - 2017-02-09 00:18 - 00001053 _____ C:\Users\BBT\Desktop\Melodyne Studio 4 (x64).lnk
2017-02-09 00:18 - 2017-02-09 00:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Celemony
2017-02-09 00:18 - 2017-02-09 00:18 - 00000000 ____D C:\Program Files\Common Files\Celemony
2017-02-09 00:18 - 2017-02-09 00:18 - 00000000 ____D C:\Program Files\Celemony
2017-02-09 00:18 - 2017-02-09 00:18 - 00000000 ____D C:\Program Files (x86)\Celemony
2017-02-07 13:32 - 2017-02-07 13:32 - 00000000 ____D C:\Users\BBT\AppData\LocalLow\SUPERHOT_Team
2017-02-07 13:32 - 2017-02-07 13:32 - 00000000 ____D C:\Users\BBT\AppData\Local\SUPERHOT_Sp_z_o.o
2017-02-07 11:48 - 2017-02-07 11:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERHOT [GOG.com]
2017-02-07 11:45 - 2017-02-07 11:45 - 00000000 ____D C:\Users\BBT\AppData\LocalLow\SUPERHOT Team
2017-02-07 11:34 - 2017-02-07 11:34 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA
2017-02-07 11:30 - 2017-02-07 11:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Owlboy [GOG.com]
2017-02-06 16:10 - 2017-02-06 16:10 - 00000000 ____D C:\ProgramData\Atheros
2017-02-06 16:09 - 2017-02-20 12:38 - 00000000 ____D C:\Users\BBT\AppData\Roaming\Atheros
2017-02-06 15:57 - 2017-02-06 15:59 - 00000000 ____D C:\Program Files\Common Files\QCA_Bluetooth
2017-02-06 13:09 - 2017-02-06 13:09 - 00000000 ____D C:\Users\BBT\Documents\PCSX2
2017-02-06 04:08 - 2017-02-06 04:08 - 00000000 ____D C:\WINDOWS\SysWOW64\directx
2017-02-06 04:08 - 2017-02-06 04:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2
2017-02-06 04:08 - 2017-02-06 04:08 - 00000000 ____D C:\Program Files (x86)\PCSX2 1.4.0
2017-02-05 19:47 - 2017-02-05 19:47 - 00000000 ____D C:\Users\BBT\AppData\Local\Tempzxpsign2f57081de0d31f80
2017-02-05 19:30 - 2017-02-05 19:30 - 00004286 _____ C:\Users\BBT\Documents\cc_20170205_193027.reg
2017-02-05 17:38 - 2017-02-05 17:42 - 00000000 ____D C:\Program Files (x86)\Ultimate Windows Customizer
2017-02-05 17:27 - 2017-02-05 17:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spectro
2017-02-05 17:27 - 2017-02-05 17:27 - 00000000 ____D C:\Program Files (x86)\Spectro
2017-02-05 17:27 - 2008-09-15 00:55 - 01008432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSCHRT20.OCX
2017-02-05 17:27 - 2000-05-22 16:58 - 01066176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSCOMCTL.OCX
2017-02-05 17:27 - 2000-05-22 16:58 - 00140488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.ocx
2017-02-05 17:27 - 1998-06-18 00:00 - 00089360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VB5DB.DLL
2017-02-05 13:00 - 2017-02-05 18:05 - 00000000 ____D C:\Users\BBT\AppData\Roaming\discord
2017-02-05 13:00 - 2017-02-05 13:00 - 00000000 ____D C:\Users\BBT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2017-02-05 12:59 - 2017-02-05 13:00 - 00000000 ____D C:\Users\BBT\AppData\Local\SquirrelTemp
2017-02-05 12:59 - 2017-02-05 13:00 - 00000000 ____D C:\Users\BBT\AppData\Local\Discord
2017-02-04 17:12 - 2017-02-04 17:12 - 00000000 ____D C:\Users\BBT\AppData\Local\TeamSpeak 3
2017-02-04 17:12 - 2017-02-04 17:12 - 00000000 ____D C:\Users\BBT\.TeamSpeak 3
2017-02-04 17:12 - 2017-02-04 17:12 - 00000000 ____D C:\Users\BBT\.QtWebEngineProcess
2017-02-04 17:11 - 2017-02-05 13:03 - 00000000 ____D C:\Users\BBT\AppData\Roaming\TS3Client
2017-02-04 17:10 - 2017-02-04 17:10 - 00001010 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2017-02-04 17:10 - 2017-02-04 17:10 - 00000972 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk
2017-02-04 17:10 - 2017-02-04 17:10 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2017-01-27 18:27 - 2017-01-27 18:27 - 00000000 ____D C:\Users\BBT\AppData\Local\Tempzxpsignccae8893f4530b6d
2017-01-26 00:55 - 2017-01-26 00:55 - 00000000 ____D C:\Users\BBT\AppData\Local\Tempzxpsignaeb3be6ccb1b845f
2017-01-25 15:14 - 2016-12-21 18:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-25 15:14 - 2016-12-21 15:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-24 20:25 - 2017-01-24 20:25 - 00000000 ____D C:\Users\BBT\AppData\Local\Tempzxpsign343da3bb381d5257
2017-01-24 13:20 - 2017-01-24 13:20 - 00000000 ____D C:\Users\BBT\AppData\Local\Tempzxpsigne7de61150c0476d0
2017-01-24 11:54 - 2017-01-24 11:55 - 00018998 _____ C:\Users\BBT\Documents\reg backup 2017-01-24.reg
2017-01-24 11:46 - 2017-01-24 11:46 - 00000865 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-01-22 16:27 - 2017-01-22 16:27 - 00000000 ____D C:\Users\BBT\AppData\Local\Tempzxpsign34aab90b8d5fdd38
2017-01-22 16:26 - 2017-01-22 16:26 - 00000000 ____D C:\Users\BBT\AppData\Local\Tempzxpsign8557208402257002
2017-01-22 16:20 - 2017-01-22 16:20 - 00000000 ____D C:\Users\BBT\AppData\Local\Tempzxpsign83b9d37f77417e6c
2017-01-22 12:00 - 2017-01-22 12:00 - 00000000 ____D C:\Users\BBT\AppData\Roaming\Flexera Software LLC

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-21 16:42 - 2016-11-30 02:39 - 00796160 ___SH C:\Users\BBT\Desktop\Thumbs.db
2017-02-21 16:39 - 2015-10-07 14:00 - 01598438 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-21 16:34 - 2016-11-18 16:24 - 00000000 ____D C:\Users\BBT\AppData\LocalLow\Mozilla
2017-02-21 16:34 - 2016-08-03 18:31 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-21 16:34 - 2016-08-03 18:17 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-21 16:34 - 2016-07-16 17:04 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2017-02-21 16:33 - 2015-10-17 17:34 - 00000000 ____D C:\Users\BBT\AppData\Local\ClassicShell
2017-02-21 15:32 - 2016-08-03 18:13 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-21 12:18 - 2016-01-18 00:05 - 00000000 ____D C:\ProgramData\Oracle
2017-02-21 12:13 - 2016-04-09 04:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-02-21 12:13 - 2016-04-09 04:30 - 00000000 ____D C:\Program Files (x86)\Java
2017-02-21 12:12 - 2016-04-09 04:30 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-02-21 11:35 - 2015-09-30 12:29 - 00000416 _____ C:\Users\BBT\AppData\Roaming\sp_data.sys
2017-02-21 10:31 - 2016-10-08 16:24 - 00000000 ____D C:\Users\Public\Documents\AdobeGC
2017-02-21 10:31 - 2015-11-03 18:50 - 00000000 ____D C:\Users\BBT\AppData\Local\Adobe
2017-02-20 17:33 - 2016-05-22 01:18 - 00000000 ____D C:\ProgramData\Ashampoo
2017-02-20 16:47 - 2015-10-01 17:17 - 00000000 ____D C:\Users\BBT\AppData\Roaming\foobar2000
2017-02-20 14:31 - 2015-11-02 17:35 - 00000000 ____D C:\Users\BBT\.infinit
2017-02-20 12:36 - 2016-10-15 03:40 - 00000000 ____D C:\Users\BBT\AppData\Roaming\uTorrent
2017-02-20 12:36 - 2015-11-17 19:07 - 00000000 ____D C:\Users\BBT\AppData\Roaming\.purple
2017-02-20 12:36 - 2015-09-30 20:57 - 00000000 ____D C:\Users\BBT\AppData\Local\CrashDumps
2017-02-20 12:07 - 2015-10-01 18:51 - 00000000 ____D C:\Users\BBT\AppData\Roaming\vlc
2017-02-20 02:29 - 2016-07-16 22:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-20 02:27 - 2016-02-23 20:06 - 00000000 ____D C:\Users\BBT\AppData\Roaming\obs-studio
2017-02-19 22:55 - 2015-09-15 18:15 - 00000000 ____D C:\Users\BBT\Documents\Bluetooth Folder
2017-02-19 15:06 - 2017-01-04 19:29 - 00000000 ____D C:\ProgramData\Mirroring360 TX
2017-02-19 14:40 - 2015-09-30 23:46 - 00000000 ____D C:\ProgramData\Unified Remote
2017-02-19 13:51 - 2016-07-16 22:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-18 11:44 - 2016-07-16 22:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-18 10:21 - 2015-09-15 18:12 - 00000000 ____D C:\Users\BBT\AppData\Local\Packages
2017-02-17 15:05 - 2016-08-05 00:25 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-02-15 20:10 - 2015-10-02 16:01 - 00000000 ____D C:\Users\BBT\AppData\Roaming\spek
2017-02-15 17:04 - 2016-07-16 22:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-02-15 17:04 - 2016-07-16 22:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-02-14 23:25 - 2015-11-08 03:46 - 00000000 ____D C:\Program Files (x86)\Unified Remote 3
2017-02-12 15:47 - 2015-10-05 22:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-02-12 15:47 - 2015-09-30 12:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-11 18:27 - 2017-01-04 19:29 - 00000000 ____D C:\Users\BBT\AppData\Roaming\Mirroring360 TX
2017-02-11 13:46 - 2016-07-11 23:25 - 00000000 ____D C:\Users\BBT\AppData\Roaming\Celemony Software GmbH
2017-02-11 13:45 - 2015-10-12 20:51 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-02-11 10:44 - 2015-12-22 19:22 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-10 15:44 - 2016-07-14 00:37 - 00000000 ____D C:\Users\Public\Pro Tools
2017-02-10 02:18 - 2015-10-30 16:48 - 00000000 ____D C:\Users\BBT\Documents\REAPER Media
2017-02-09 00:58 - 2015-10-01 16:27 - 00000000 ____D C:\Users\BBT\AppData\Roaming\REAPER
2017-02-09 00:18 - 2016-07-11 06:03 - 00000000 ____D C:\Program Files\Common Files\VST3
2017-02-08 17:05 - 2015-10-01 14:27 - 00000000 ____D C:\Users\BBT\AppData\Local\ElevatedDiagnostics
2017-02-07 12:21 - 2016-07-14 00:37 - 00000000 ____D C:\Users\BBT\Documents\Pro Tools
2017-02-07 12:15 - 2015-12-15 17:35 - 00000000 ____D C:\Users\BBT\AppData\Roaming\PioneerLog
2017-02-07 12:03 - 2015-11-29 20:30 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-06 16:08 - 2016-08-03 18:20 - 00000000 ____D C:\Users\BBT
2017-02-06 15:58 - 2013-03-06 01:47 - 00000000 ____D C:\Program Files (x86)\Bluetooth Suite
2017-02-06 15:46 - 2016-08-10 21:46 - 00000500 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2017-02-06 00:41 - 2015-12-14 23:04 - 00000000 ____D C:\Users\BBT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pioneer
2017-02-06 00:17 - 2015-10-02 17:28 - 00000000 ____D C:\Program Files (x86)\Pioneer
2017-02-06 00:16 - 2015-09-30 16:06 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-05 19:21 - 2015-10-01 19:28 - 00000000 ____D C:\Users\BBT\AppData\Roaming\deluge
2017-02-05 17:27 - 2013-03-06 01:45 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-02-01 18:01 - 2015-10-19 12:32 - 00000000 ____D C:\Users\BBT\Documents\»
2017-01-28 21:59 - 2016-12-04 01:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-27 12:28 - 2016-07-16 22:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-24 13:22 - 2015-10-19 13:52 - 00000000 ____D C:\Users\BBT\Documents\Photoshop Projects
2017-01-24 12:10 - 2016-10-05 20:26 - 00000270 _____ C:\Users\BBT\Documents\home.bat
2017-01-24 11:48 - 2016-07-11 18:02 - 00000000 ____D C:\Program Files\CCleaner

==================== Files in the root of some directories =======

2016-04-26 18:50 - 2016-04-26 19:51 - 0000034 _____ () C:\Users\BBT\AppData\Roaming\AdobeWLCMCache.dat
2015-09-30 12:29 - 2017-02-21 11:35 - 0000416 _____ () C:\Users\BBT\AppData\Roaming\sp_data.sys
2015-12-08 22:25 - 2015-12-08 22:25 - 0003584 _____ () C:\Users\BBT\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-02-20 14:15 - 2017-02-20 14:15 - 0012740 _____ () C:\Users\BBT\AppData\Local\recently-used.xbel
2015-12-18 17:58 - 2015-12-18 17:58 - 0007601 _____ () C:\Users\BBT\AppData\Local\Resmon.ResmonCfg
2016-08-03 02:18 - 2016-08-03 02:18 - 0000121 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2012-08-05 12:42 - 2012-07-30 17:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd
2012-08-05 12:42 - 2009-07-22 21:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe

Some files in TEMP:
====================
2017-02-21 12:46 - 2017-02-21 12:31 - 11581544 _____ (SurfRight B.V.) C:\Users\BBT\AppData\Local\Temp\HitmanPro.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-20 18:41

==================== End of FRST.txt ============================



BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:24 PM

Posted 21 February 2017 - 08:21 AM

:welcome: to BleepingComputer.

Hi there,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / music / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


:step1: Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


:step2: Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step3: Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 Jo*

Jo*

  • Malware Response Team
  • 3,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:24 PM

Posted 25 February 2017 - 02:02 AM


Hi,

it has been several days since I sent my last set of instructions to help with your computer problem.

Please let me know if you are having problems and still need help.

Note: Thread will be closed if no response after 3 days.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#4 bigworm187

bigworm187
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 26 February 2017 - 10:50 PM

Sorry i have been busy, i am still having this problem, will continue with the instructions now, thanks



#5 bigworm187

bigworm187
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 27 February 2017 - 02:42 AM

 Results of screen317's Security Check version 1.014 --- 12/23/15  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java 8 Update 121  
 Java version 32-bit out of Date!
 Adobe Flash Player     24.0.0.221  
 Mozilla Thunderbird (45.7.1)
 Google Chrome (56.0.2924.87)
 Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 

 

 

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2017.02.27.02
  rootkit: v2017.02.15.01

Windows 10 x64 NTFS
Internet Explorer 11.576.14393.0
BBT :: ASUSBOY [administrator]

27/02/2017 6:04:00 PM
mbar-log-2017-02-27 (18-04-00).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 433541
Time elapsed: 20 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKU\S-1-5-21-2119004481-758454083-3390561951-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|BBT (Trojan.StartPage.USACVAR) -> Data: explorer.exe http://sd-steam.info -> No action taken. [04ea13941197c472a7ec8e6fe020817f]

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

 

 

# AdwCleaner v6.043 - Logfile created 27/02/2017 at 18:41:16
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-27.1 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : BBT - ASUSBOY
# Running from : C:\Users\BBT\Desktop\AdwCleaner.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

No malicious folders found.


***** [ Files ] *****

No malicious files found.


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

No malicious registry entries found.


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [1128 Bytes] - [21/02/2017 16:16:02]
C:\AdwCleaner\AdwCleaner[S1].txt - [1052 Bytes] - [27/02/2017 18:41:16]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1125 Bytes] ##########


 



#6 Jo*

Jo*

  • Malware Response Team
  • 3,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:24 PM

Posted 27 February 2017 - 03:22 AM

Hello,

:step1: Run Malwarebytes Anti-Rootkit again: Double click mbar.exe to run the tool.
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • Scan your system for malware
  • If malware is found, click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • then please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step2: Double click on AdwCleaner.exe to run the tool again.
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***


:step3: Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.


***


:step4: How the computer is running now?


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#7 bigworm187

bigworm187
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 27 February 2017 - 05:31 AM

Problem appears to be fixed, restarted a couple times and then left PC running for a couple hours, reset again, the registry has not been re-hijacked since so it appears its all solved.

Thanks.



#8 Jo*

Jo*

  • Malware Response Team
  • 3,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:24 PM

Posted 27 February 2017 - 06:32 AM


Hello again,

:step1: Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 5 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7/8/10 users need to right click and choose Run as Administrator
You only need to get one of them to run, not all of them.Do not reboot your computer after running rkill as the malware programs will start again.

---


:step2: Malwarebytes' Anti-Malware
If this program is already installed: Skip the installation and run only the scan!
Download and install: Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
How to get logs: (Export log to save as txt)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.
(Copy to clipboard for pasting into forum replies or tickets)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

---


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#9 Jo*

Jo*

  • Malware Response Team
  • 3,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:24 PM

Posted 01 March 2017 - 04:52 AM

Hi,

it has been several days since I sent my last set of instructions to help with your computer problem.

Please let me know if you are having problems and still need help.

Note: Thread will be closed if no response after 3 days.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#10 Jo*

Jo*

  • Malware Response Team
  • 3,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:24 PM

Posted 07 March 2017 - 03:52 AM

Due to the lack of feedback, this topic is now closed.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users