Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Accounts to Several Websites Have Been Compromised


  • This topic is locked This topic is locked
3 replies to this topic

#1 ronan2146

ronan2146

  • Members
  • 2 posts
  • OFFLINE
  •  

Posted 24 February 2017 - 01:10 PM

I am not necessarily noticing anything different about the way my computer is running, but recently my Amazon, Eat24, Uber, and PayPal account have all been compromised in one way or another. Trying to see if I can get to the root of the problem. Any help would be appreciated.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-02-2017 01
Ran by Danny (administrator) on DANNY-PC (24-02-2017 12:56:28)
Running from C:\Users\Danny\Downloads
Loaded Profiles: Danny (Available Profiles: Danny & DefaultAppPool)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\vsserv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(MSI) C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\updatesrv.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
() C:\Program Files (x86)\ROCCAT\Power-Grid\ROCCATPowerGrid.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\lync.exe
(Spotify Ltd) C:\Users\Danny\AppData\Roaming\Spotify\~TMP_1348_229~
(Hammer & Chisel, Inc.) C:\Users\Danny\AppData\Local\Discord\app-0.0.297\Discord.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OFFICE15\CSISYNCCLIENT.EXE
(Hammer & Chisel, Inc.) C:\Users\Danny\AppData\Local\Discord\app-0.0.297\Discord.exe
(Spotify Ltd) C:\Users\Danny\AppData\Roaming\Spotify\Spotify.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(ROCCAT GmbH Co., Ltd.) C:\Program Files (x86)\ROCCAT\Ryos Keyboard\Ryos MK Monitor.exe
(Spotify Ltd) C:\Users\Danny\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Dropbox, Inc.) C:\Users\Danny\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Spotify Ltd) C:\Users\Danny\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Danny\AppData\Roaming\Spotify\Spotify.exe
(Hammer & Chisel, Inc.) C:\Users\Danny\AppData\Local\Discord\app-0.0.297\Discord.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\bdwtxag.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\antispam32\bdwtxapps.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\bdwtxcr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Flagship Industries, Inc.) C:\Users\Danny\Desktop\Ventrilo.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11610.1001.25.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\WINWORD.EXE
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\POWERPNT.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\bdagent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() E:\Panda Cloud Cleaner\PCloudCleaner.exe
() E:\Panda Cloud Cleaner\PCloudCleaner.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() E:\Panda Cloud Cleaner\PCloudCleaner.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\seccenter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8484056 2015-06-12] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-06] (Apple Inc.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15818872 2016-04-28] (Logitech Inc.)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-23] (CANON INC.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [522552 2015-12-10] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [231736 2015-12-10] (Citrix Systems, Inc.)
HKU\S-1-5-21-2214183864-1434558134-948620194-1000\...\Run: [RoccatPowerGrid] => C:\Program Files (x86)\ROCCAT\Power-Grid\ROCCATPowerGrid.exe [5149256 2015-04-20] ()
HKU\S-1-5-21-2214183864-1434558134-948620194-1000\...\Run: [Lync] => C:\Program Files\Microsoft Office\Office15\lync.exe [27953872 2017-01-27] (Microsoft Corporation)
HKU\S-1-5-21-2214183864-1434558134-948620194-1000\...\Run: [Spotify] => C:\Users\Danny\AppData\Roaming\Spotify\Spotify.exe [7067760 2017-02-20] (Spotify Ltd)
HKU\S-1-5-21-2214183864-1434558134-948620194-1000\...\Run: [Spotify Web Helper] => C:\Users\Danny\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-02-20] (Spotify Ltd)
HKU\S-1-5-21-2214183864-1434558134-948620194-1000\...\Run: [Dropbox Update] => C:\Users\Danny\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
HKU\S-1-5-21-2214183864-1434558134-948620194-1000\...\Run: [Discord] => C:\Users\Danny\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-2214183864-1434558134-948620194-1000\...\Policies\Explorer: [NoInternetOpenWith] 1
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Danny\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Danny\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Danny\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Danny\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Danny\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Danny\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Danny\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Danny\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Danny\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Danny\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Danny\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Danny\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Danny\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Danny\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Danny\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Danny\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Danny\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Danny\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Danny\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Danny\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Danny\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Danny\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Danny\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Danny\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Danny\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Danny\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Danny\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Danny\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\aa_patch.exe [2016-09-20] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ryos Driver.lnk [2014-01-06]
ShortcutTarget: Ryos Driver.lnk -> C:\Program Files (x86)\ROCCAT\Ryos Keyboard\Ryos MK Monitor.exe (ROCCAT GmbH Co., Ltd.)
Startup: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Citrix Receiver.lnk [2016-03-23]
ShortcutTarget: Citrix Receiver.lnk -> C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe (Citrix Systems, Inc.)
Startup: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2017-02-07]
ShortcutTarget: Dropbox.lnk -> C:\Users\Danny\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicy: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-2214183864-1434558134-948620194-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{1e086036-cfc1-4df8-b7a9-98e0e2075775}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{1e086036-cfc1-4df8-b7a9-98e0e2075775}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2214183864-1434558134-948620194-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES000&pc=UE00
SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2214183864-1434558134-948620194-1000 -> {1BE3FF74-CAE0-4CCA-8ABD-958F07A5E479} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2214183864-1434558134-948620194-1000 -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-01-12&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2214183864-1434558134-948620194-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2017\pmbxie.dll [2017-01-13] (Bitdefender)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2017\Antispam32\pmbxie.dll [2017-01-13] (Bitdefender)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-15] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-15] (Oracle Corporation)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2017\pmbxie.dll [2017-01-13] (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2017\Antispam32\pmbxie.dll [2017-01-13] (Bitdefender)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
 
FireFox:
========
FF ProfilePath: C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\izz83wnh.default [2017-02-16]
FF Extension: (Yahoo! Toolbar) - C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\izz83wnh.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2015-05-19] [not signed]
FF HKLM\...\Firefox\Extensions: [bdwteffv20@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\antispam32\bdwteff
FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender 2017\antispam32\bdwteff [2017-01-19]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext [2017-01-19] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [bdwteffv20@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\antispam32\bdwteff
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_119.dll [2017-02-22] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_25_0_0_119.dll [2017-02-22] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2015-12-10] (Citrix Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-07-10] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-07-10] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-07-10] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-07-10] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-01-20] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-01-20] (NVIDIA Corporation)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Danny\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-05-27] (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2214183864-1434558134-948620194-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Danny\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-19] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://yahoo.com/
CHR StartupUrls: Default -> "hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl","hxxps://search.yahoo.com/?type=994519&fr=spigot-yhp-ch"
CHR Session Restore: Default -> is enabled.
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.5.669\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\pdf.dll => No File
CHR Plugin: (Microsoft Office 2013) - C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll => No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll => No File
CHR Plugin: (Microsoft Office 2013) - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Unity Player) - C:\Users\Danny\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_130.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.550.14) - E:\bin\dtplugin\npDeployJava1.dll => No File
CHR Plugin: (Java™ Platform SE 7 U55) - E:\bin\plugin2\npjp2.dll => No File
CHR Profile: C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default [2017-02-24]
CHR Extension: (Google Docs) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-09]
CHR Extension: (Google Drive) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Hide Most Visited Pages) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmmlpbpbmkmbdagkjagbdglndpijflfl [2014-01-20]
CHR Extension: (Google Search) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Bitdefender Wallet) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\gannpgaobkkhmpomoijebaigcapoeebl [2017-01-29]
CHR Extension: (Google Docs Offline) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18]
CHR Extension: (Gmail) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR Extension: (Chrome Media Router) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-10]
CHR HKLM\...\Chrome\Extension: [iagcajndpnfncplednpbnkahadegklfa] - C:\Users\Danny\AppData\Local\speedial.crx [2014-04-10]
CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx <not found>
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1447944 2016-12-12] ()
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [392976 2017-01-27] (EasyAntiCheat Ltd)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242880 2015-07-02] (Foxit Software Inc.)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-05-16] (Intel Corporation)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-04-28] (Logitech Inc.)
R2 MSI_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe [103992 2012-10-26] (MSI)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [161264 2013-02-20] (MSI)
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [3916368 2016-01-09] (INCA Internet Co., Ltd.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-11-17] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-11-17] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [464440 2017-01-20] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-11-17] (NVIDIA Corporation)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1100392 2016-10-28] (Bitdefender)
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [344576 2013-12-09] (Qualcomm Atheros) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-11-20] (Microsoft Corporation)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2017\updatesrv.exe [218416 2017-01-06] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2017\vsserv.exe [1526528 2017-01-29] (Bitdefender)
R2 vsservp; C:\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe [524872 2016-08-25] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 avc3; C:\WINDOWS\System32\DRIVERS\avc3.sys [1605376 2016-09-20] (BitDefender)
R3 avckf; C:\WINDOWS\System32\DRIVERS\avckf.sys [878072 2016-09-20] (BitDefender)
S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [23672 2016-03-14] (Bitdefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [128400 2016-06-24] (BitDefender LLC)
S4 BDVEDISK; C:\WINDOWS\system32\DRIVERS\bdvedisk.sys [87912 2015-12-04] (BitDefender)
R1 BfLwf; C:\WINDOWS\system32\DRIVERS\bflwfx64.sys [80080 2013-11-08] (Qualcomm Atheros, Inc.)
R0 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [182944 2016-10-29] (BitDefender LLC)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-12-29] (REALiX™)
S3 ikbevent; C:\WINDOWS\System32\DRIVERS\ikbevent.sys [21048 2013-02-13] ()
S3 imsevent; C:\WINDOWS\System32\DRIVERS\imsevent.sys [21048 2013-02-13] ()
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
S3 Ke2200; C:\WINDOWS\System32\drivers\e22w7x64.sys [154320 2013-03-20] (Qualcomm Atheros, Inc.)
R3 KillerEth; C:\WINDOWS\System32\drivers\e22w10x64.sys [156744 2015-12-29] (Qualcomm Atheros, Inc.)
S3 ladfGSS; C:\WINDOWS\system32\drivers\ladfGSS.sys [45208 2016-04-15] (Logitech Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [85160 2016-04-18] (Logitech Inc.)
S3 lgLowAudio; C:\WINDOWS\system32\drivers\lgLowAudio.sys [26264 2015-11-20] (Logitech Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
S3 NTIOLib_1_0_4; C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [14136 2010-10-22] (MSI)
R3 NTIOLib_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\NTIOLib_X64.sys [13368 2012-10-26] (MSI)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_02838dee03d82b94\nvlddmkm.sys [14427064 2017-01-21] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-11-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [46016 2016-11-17] (NVIDIA Corporation)
S3 PSKMAD; C:\WINDOWS\System32\DRIVERS\PSKMAD.sys [50320 2015-01-29] (Panda Security, S.L.)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-12-29] (Synaptics Incorporated)
R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [520032 2016-06-22] (BitDefender S.R.L.)
R3 VBAudioVMVAIOMME; C:\WINDOWS\system32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2017-01-15] (Windows ® Win 7 DDK provider)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 WinRing0_1_2_0; E:\ThrottleStop_840\WinRing0x64.sys [14544 2016-12-26] (OpenLibSys.org)
S3 WPRO_41_2001; C:\WINDOWS\System32\drivers\WPRO_41_2001.sys [34752 2016-01-09] ()
S3 xhunter1; C:\WINDOWS\xhunter1.sys [36808 2017-01-05] (Wellbia.com Co., Ltd.)
R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
U3 DasPtct; C:\WINDOWS\system32\DRIVERS\aefxcnjy.sys [39672 2015-09-14] ()
U3 idsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-24 12:56 - 2017-02-24 12:56 - 00043148 _____ C:\Users\Danny\Downloads\FRST.txt
2017-02-24 12:55 - 2017-02-24 12:56 - 00000000 ____D C:\FRST
2017-02-24 12:54 - 2017-02-24 12:54 - 02423296 _____ (Farbar) C:\Users\Danny\Downloads\FRST64.exe
2017-02-24 12:51 - 2017-02-24 12:51 - 05660168 _____ (Swearware) C:\Users\Danny\Downloads\ComboFix.exe
2017-02-24 12:42 - 2015-09-14 13:03 - 00039672 _____ C:\WINDOWS\system32\Drivers\aefxcnjy.sys
2017-02-23 23:00 - 2017-02-23 23:00 - 00148632 _____ C:\Users\Danny\Downloads\BA notes class 16.pdf
2017-02-22 01:02 - 2017-02-22 01:14 - 08131584 _____ C:\Users\Danny\Documents\CBA-PowerPointFINAL.ppt
2017-02-22 00:59 - 2017-02-22 00:59 - 13346816 _____ C:\Users\Danny\Downloads\CBA-PowerPoint.ppt
2017-02-20 23:21 - 2017-02-20 23:21 - 01501542 _____ C:\Users\Danny\Downloads\435160682_87010-48760099543.3744949.mp4
2017-02-17 20:47 - 2017-02-17 20:48 - 83845508 _____ (XBMC-Foundation) C:\Users\Danny\Downloads\kodi-17.0-Krypton.exe
2017-02-16 22:18 - 2017-02-16 22:18 - 00000000 ____D C:\adb
2017-02-16 22:16 - 2017-02-16 22:18 - 09614711 _____ (Snoop05) C:\Users\Danny\Downloads\adb-setup-1.4.3.exe
2017-02-16 22:14 - 2017-02-16 22:15 - 306745639 _____ C:\Users\Danny\Downloads\tools_r25.2.3-windows.zip
2017-02-16 21:54 - 2017-02-16 21:55 - 87380610 _____ C:\Users\Danny\Downloads\kodi-17.0-Krypton-armeabi-v7a.apk
2017-02-16 15:22 - 2017-02-24 12:45 - 00000658 _____ C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
2017-02-16 15:22 - 2017-02-16 15:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2017-02-16 15:22 - 2015-09-14 13:03 - 00039672 _____ C:\WINDOWS\system32\Drivers\DasPtct.SYS
2017-02-16 15:22 - 2015-01-29 18:21 - 00050320 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\PSKMAD.sys
2017-02-16 15:21 - 2017-02-16 15:21 - 38191600 _____ (Panda Security ) C:\Users\Danny\Downloads\PandaCloudCleaner.exe
2017-02-13 22:40 - 2017-02-13 22:44 - 41632004 _____ C:\Users\Danny\Downloads\292025895_18932-33607505011.2509397.mp4
2017-02-13 18:00 - 2017-02-13 18:01 - 00261918 _____ C:\Users\Danny\Downloads\Heat - February 13 2017.pdf
2017-02-11 22:24 - 2017-02-11 22:24 - 00000000 ____D C:\Users\Danny\Documents\League of Legends
2017-02-11 22:14 - 2017-02-11 22:14 - 00000000 ____D C:\ProgramData\Riot Games
2017-02-11 22:13 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll
2017-02-11 22:13 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll
2017-02-11 22:13 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll
2017-02-11 22:12 - 2017-02-11 22:13 - 00000000 ____D C:\Users\Danny\AppData\Roaming\Riot Games
2017-02-11 22:12 - 2017-02-11 22:12 - 28411368 _____ (Riot Games) C:\Users\Danny\Downloads\LeagueofLegends_NA_Installer_2016_05_13.exe
2017-02-10 14:58 - 2017-02-10 14:58 - 00000000 ___HD C:\OneDriveTemp
2017-02-07 19:46 - 2017-02-07 19:46 - 00000000 ____D C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-02-07 14:33 - 2017-02-07 14:33 - 03204299 _____ C:\Users\Danny\Downloads\Prosecutor Charging 10.20.zip
2017-02-07 13:20 - 2017-02-07 13:20 - 00063788 _____ C:\Users\Danny\Downloads\1490963347071991346.webp
2017-02-07 02:11 - 2017-02-07 02:11 - 04051791 _____ C:\Users\Danny\Documents\PDF-ONE-Business-Associations-McChesney-Fall-2012-copy.pdf
2017-02-07 02:10 - 2017-02-07 02:10 - 04051791 _____ C:\Users\Danny\Downloads\PDF-ONE-Business-Associations-McChesney-Fall-2012-copy.pdf
2017-02-07 02:05 - 2017-02-07 02:05 - 01511992 _____ C:\Users\Danny\Downloads\BA 1 of 2.pdf
2017-02-07 01:04 - 2017-02-07 01:04 - 00309280 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\ignis.sys
2017-01-29 17:40 - 2017-01-29 17:40 - 00000000 ____D C:\Users\Danny\AppData\Temp
2017-01-29 17:37 - 2017-01-29 17:37 - 00035905 _____ C:\ProgramData\dm.1485729447.bdinstall.bin
2017-01-29 17:35 - 2017-01-29 17:35 - 00378278 _____ C:\ProgramData\cl.1485726939.bdinstall.bin
2017-01-29 17:35 - 2017-01-29 17:35 - 00056819 _____ C:\ProgramData\dm.1485729318.bdinstall.bin
2017-01-29 17:35 - 2017-01-29 17:35 - 00040701 _____ C:\ProgramData\dm.1485729344.bdinstall.bin
2017-01-29 17:35 - 2017-01-29 17:35 - 00003404 _____ C:\WINDOWS\System32\Tasks\Bitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C
2017-01-29 17:35 - 2017-01-29 17:35 - 00000000 ____D C:\ProgramData\Bitdefender Device Management
2017-01-29 16:56 - 2017-01-29 17:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2017
2017-01-29 16:56 - 2017-01-29 16:56 - 00253404 ____H C:\bdr-ld01
2017-01-29 16:56 - 2017-01-29 16:56 - 00009216 ____H C:\bdr-ld01.mbr
2017-01-29 16:56 - 2017-01-29 16:56 - 00002299 _____ C:\Users\Public\Desktop\Bitdefender 2017.lnk
2017-01-29 16:56 - 2017-01-29 16:56 - 00000684 ____H C:\bdr-cf01
2017-01-29 16:56 - 2016-10-18 11:51 - 49758588 ____H C:\bdr-im01.gz
2017-01-29 16:56 - 2016-09-20 04:17 - 01605376 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avc3.sys
2017-01-29 16:56 - 2016-09-20 04:16 - 00878072 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avckf.sys
2017-01-29 16:56 - 2016-03-14 22:04 - 00023672 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bdelam.sys
2017-01-29 16:56 - 2015-12-04 19:27 - 00087912 _____ (BitDefender) C:\WINDOWS\system32\Drivers\bdvedisk.sys
2017-01-29 16:56 - 2013-08-13 13:38 - 03271472 ____H C:\bdr-bz01
2017-01-29 16:55 - 2017-02-07 00:49 - 00000000 ____D C:\Program Files\Bitdefender
2017-01-29 16:55 - 2017-01-29 16:55 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2017-01-29 16:55 - 2016-10-29 08:54 - 00182944 _____ (BitDefender LLC) C:\WINDOWS\system32\Drivers\gzflt.sys
2017-01-29 16:55 - 2016-06-22 14:40 - 00520032 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\Drivers\trufos.sys
2017-01-29 16:54 - 2017-01-29 16:54 - 00000000 ____D C:\Users\Danny\AppData\Roaming\LavasoftStatistics
2017-01-29 16:52 - 2017-01-29 17:06 - 00000000 ____D C:\Users\Danny\AppData\Roaming\Bitdefender
2017-01-29 16:52 - 2017-01-29 16:52 - 00218842 _____ C:\ProgramData\1485726721.bdinstall.bin
2017-01-29 16:48 - 2017-01-29 16:49 - 11842648 _____ C:\Users\Danny\Downloads\bitdefender_windows_e4223b81-f789-4a99-9a31-451de340cbae.exe
2017-01-28 21:22 - 2017-01-28 21:22 - 01673544 _____ ( ) C:\Users\Danny\Downloads\cpu-z_1.78-en.exe
2017-01-28 15:44 - 2017-01-28 15:44 - 00668672 _____ (HeiDoc.net) C:\Users\Danny\Downloads\Windows ISO Downloader (3).exe
2017-01-27 22:24 - 2017-01-27 22:24 - 00949880 _____ (Akeo Consulting (hxxp://akeo.ie)) C:\Users\Danny\Downloads\rufus-2.12.exe
2017-01-27 22:18 - 2017-01-27 22:18 - 00668672 _____ (HeiDoc.net) C:\Users\Danny\Downloads\Windows ISO Downloader (2).exe
2017-01-27 22:10 - 2017-01-27 22:10 - 00668672 _____ (HeiDoc.net) C:\Users\Danny\Downloads\Windows ISO Downloader (1).exe
2017-01-27 18:49 - 2017-01-27 18:49 - 00003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-27 18:49 - 2017-01-27 18:49 - 00003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-27 18:49 - 2017-01-27 18:49 - 00003830 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-27 18:49 - 2017-01-27 18:49 - 00003804 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-27 18:49 - 2017-01-27 18:49 - 00003642 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-27 18:49 - 2017-01-27 18:49 - 00003600 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-27 18:49 - 2017-01-27 18:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-01-27 18:49 - 2017-01-27 18:49 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-01-27 18:49 - 2017-01-20 11:38 - 00514616 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2017-01-27 18:49 - 2017-01-20 09:07 - 00134080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-01-27 18:49 - 2016-12-15 19:33 - 00273696 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-01-27 18:49 - 2016-12-15 19:33 - 00266528 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-01-27 18:49 - 2016-12-15 19:33 - 00111392 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-01-27 18:49 - 2016-12-15 19:32 - 00125728 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-01-27 18:49 - 2016-11-17 08:44 - 01854400 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2017-01-27 18:49 - 2016-11-17 08:44 - 01755072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2017-01-27 18:49 - 2016-11-17 08:44 - 01452480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2017-01-27 18:49 - 2016-11-17 08:44 - 01317312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2017-01-27 18:49 - 2016-11-17 08:44 - 00120256 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2017-01-27 18:49 - 2016-11-16 11:42 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-01-27 18:47 - 2017-01-23 19:00 - 00047664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2017-01-27 18:47 - 2017-01-20 11:38 - 40192056 _____ C:\WINDOWS\system32\nvcompiler.dll
2017-01-27 18:47 - 2017-01-20 11:38 - 35272760 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-01-27 18:47 - 2017-01-20 11:38 - 34974656 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-01-27 18:47 - 2017-01-20 11:38 - 28239928 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-01-27 18:47 - 2017-01-20 11:38 - 19008576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-01-27 18:47 - 2017-01-20 11:38 - 14677272 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-01-27 18:47 - 2017-01-20 11:38 - 11123936 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-01-27 18:47 - 2017-01-20 11:38 - 11019192 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-01-27 18:47 - 2017-01-20 11:38 - 09308896 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-01-27 18:47 - 2017-01-20 11:38 - 08990584 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-01-27 18:47 - 2017-01-20 11:38 - 03167288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-01-27 18:47 - 2017-01-20 11:38 - 02715072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-01-27 18:47 - 2017-01-20 11:38 - 01985080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437849.dll
2017-01-27 18:47 - 2017-01-20 11:38 - 01591352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437849.dll
2017-01-27 18:47 - 2017-01-20 11:38 - 01051584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-01-27 18:47 - 2017-01-20 11:38 - 00988608 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-01-27 18:47 - 2017-01-20 11:38 - 00960568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-01-27 18:47 - 2017-01-20 11:38 - 00946456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-01-27 18:47 - 2017-01-20 11:38 - 00909760 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-01-27 18:47 - 2017-01-20 11:38 - 00721952 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-01-27 18:47 - 2017-01-20 11:38 - 00687224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-01-27 18:47 - 2017-01-20 11:38 - 00609216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-01-27 18:47 - 2017-01-20 11:38 - 00606776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2017-01-27 18:47 - 2017-01-20 11:38 - 00576192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-01-27 18:47 - 2017-01-20 11:38 - 00573120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-01-27 18:47 - 2017-01-20 11:38 - 00499136 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-01-27 18:47 - 2017-01-20 11:38 - 00483384 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2017-01-27 18:47 - 2017-01-20 11:38 - 00447800 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-01-27 18:47 - 2017-01-20 11:38 - 00000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2017-01-27 18:47 - 2017-01-20 11:38 - 00000669 _____ C:\WINDOWS\system32\nv-vk64.json
2017-01-27 18:47 - 2016-11-17 08:44 - 00101824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2017-01-27 18:47 - 2016-11-17 08:44 - 00091584 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2017-01-27 18:47 - 2016-11-17 08:44 - 00046016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2017-01-27 18:43 - 2017-01-27 18:46 - 398382600 _____ (NVIDIA Corporation) C:\Users\Danny\Downloads\378.49-desktop-win10-64bit-international-whql.exe
2017-01-27 18:37 - 2017-01-27 18:52 - 00518392 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
2017-01-27 18:37 - 2017-01-27 18:37 - 00000000 ____D C:\ProgramData\For Honor
2017-01-27 18:36 - 2017-01-27 02:45 - 00392976 _____ (EasyAntiCheat Ltd) C:\WINDOWS\SysWOW64\EasyAntiCheat.exe
2017-01-27 01:58 - 2017-01-27 19:46 - 00000000 ____D C:\Users\Danny\AppData\Local\Ubisoft Game Launcher
2017-01-27 01:58 - 2017-01-27 01:58 - 00000922 _____ C:\Users\Danny\Desktop\Uplay.lnk
2017-01-27 01:58 - 2017-01-27 01:58 - 00000000 ____D C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2017-01-27 01:57 - 2017-01-27 01:58 - 63282664 _____ (Ubisoft) C:\Users\Danny\Downloads\UplayInstaller.exe
2017-01-25 22:42 - 2017-01-25 22:42 - 00144436 _____ C:\Users\Danny\Downloads\FINAL EXAM_exam_schedule (8).pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-24 12:35 - 2015-11-27 22:21 - 00000000 ____D C:\Users\Danny\AppData\Local\Packages
2017-02-24 12:32 - 2016-11-20 13:41 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-24 12:05 - 2015-12-28 20:03 - 00000000 ____D C:\Program Files\Bitdefender Agent
2017-02-24 11:56 - 2015-03-24 15:01 - 00000000 ____D C:\Users\Danny\AppData\Roaming\Spotify
2017-02-23 21:56 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-23 18:17 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-23 11:39 - 2014-01-03 04:05 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-23 01:14 - 2014-01-03 04:29 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-23 01:13 - 2017-01-20 12:03 - 00000000 ____D C:\Users\DefaultAppPool
2017-02-23 01:12 - 2014-01-03 04:29 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-22 19:04 - 2017-01-20 12:11 - 00004374 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-02-22 19:04 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-02-22 19:04 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-02-22 12:02 - 2015-03-24 15:01 - 00000000 ____D C:\Users\Danny\AppData\Local\Spotify
2017-02-22 03:07 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-20 22:03 - 2017-01-20 12:11 - 00003012 _____ C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (Danny)
2017-02-20 22:02 - 2016-11-20 13:51 - 01197678 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-20 22:01 - 2015-10-19 16:49 - 00000000 ___RD C:\Users\Danny\OneDrive
2017-02-20 22:01 - 2014-07-01 22:35 - 00000000 ___RD C:\Users\Danny\Dropbox
2017-02-20 22:00 - 2017-01-20 12:02 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-20 21:56 - 2016-11-20 13:41 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-18 19:19 - 2015-05-04 10:36 - 00000000 ____D C:\Users\Danny\AppData\Local\Battle.net
2017-02-18 12:58 - 2014-01-29 13:40 - 00000000 ____D C:\Users\Danny\AppData\Local\CrashDumps
2017-02-17 20:49 - 2015-12-29 01:05 - 00000000 ____D C:\Users\Danny\AppData\Roaming\Kodi
2017-02-17 15:15 - 2015-05-04 10:36 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-02-16 22:05 - 2015-07-29 15:44 - 00000000 ____D C:\Users\Danny\AppData\Local\Amazon_FireTV_Utility_App
2017-02-16 14:57 - 2016-07-16 01:04 - 00131072 _____ C:\WINDOWS\system32\config\ELAM
2017-02-15 02:14 - 2014-06-13 15:58 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-02-10 14:58 - 2017-01-20 12:03 - 00000000 ____D C:\Users\Danny
2017-02-10 14:48 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-02-10 05:11 - 2016-12-30 20:02 - 00000000 ____D C:\Users\Danny\Desktop\Word Doc
2017-02-07 19:46 - 2014-07-01 22:13 - 00000000 ____D C:\Users\Danny\AppData\Roaming\Dropbox
2017-02-07 00:52 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-07 00:48 - 2016-07-16 01:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-02-07 00:48 - 2015-12-28 20:09 - 00095301 _____ C:\bdlog.txt
2017-02-06 17:45 - 2014-01-03 04:14 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-06 17:45 - 2014-01-03 04:14 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-06 14:48 - 2016-07-16 06:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-02-06 14:48 - 2016-07-16 06:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-29 17:11 - 2015-12-28 20:06 - 00000000 ____D C:\ProgramData\Bitdefender
2017-01-29 16:58 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF
2017-01-29 16:54 - 2015-02-14 15:10 - 00000000 ____D C:\Users\Danny\AppData\Roaming\Lavasoft
2017-01-29 16:24 - 2010-11-20 22:27 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-01-28 21:57 - 2015-10-29 15:56 - 00000000 ____D C:\Users\Danny\AppData\Local\NVIDIA Corporation
2017-01-28 21:51 - 2016-12-03 01:12 - 00000440 __RSH C:\ProgramData\ntuser.pol
2017-01-27 18:49 - 2017-01-20 12:02 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-01-27 18:49 - 2017-01-20 12:02 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-01-27 18:49 - 2017-01-20 12:02 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-01-27 18:49 - 2015-10-29 15:56 - 00000000 ____D C:\Users\Danny\AppData\Local\NVIDIA
2017-01-27 18:37 - 2014-01-04 18:51 - 00000000 ____D C:\Users\Danny\Documents\My Games
2017-01-25 21:35 - 2017-01-13 01:44 - 00000000 ____D C:\Users\Danny\AppData\Roaming\discord
2017-01-25 21:34 - 2016-03-01 15:53 - 00000000 ____D C:\Program Files\Common Files\logishrd
 
==================== Files in the root of some directories =======
 
2017-01-15 17:01 - 2017-01-15 17:02 - 0004031 _____ () C:\Users\Danny\AppData\Roaming\VoiceMeeterDefault.xml
2014-01-14 20:50 - 2014-01-14 20:58 - 0000000 _____ () C:\Users\Danny\AppData\Local\Driver_LOM_8161Present.flag
2014-01-03 16:37 - 2014-01-14 20:24 - 0000656 _____ () C:\Users\Danny\AppData\Local\killertool.log
2014-01-03 04:28 - 2014-01-03 04:28 - 0007612 _____ () C:\Users\Danny\AppData\Local\Resmon.ResmonCfg
2014-04-10 22:26 - 2014-04-10 22:26 - 0358193 _____ () C:\Users\Danny\AppData\Local\speedial.crx
2017-01-29 16:52 - 2017-01-29 16:52 - 0218842 _____ () C:\ProgramData\1485726721.bdinstall.bin
2017-01-29 17:35 - 2017-01-29 17:35 - 0378278 _____ () C:\ProgramData\cl.1485726939.bdinstall.bin
2017-01-29 17:35 - 2017-01-29 17:35 - 0056819 _____ () C:\ProgramData\dm.1485729318.bdinstall.bin
2017-01-29 17:35 - 2017-01-29 17:35 - 0040701 _____ () C:\ProgramData\dm.1485729344.bdinstall.bin
2017-01-29 17:37 - 2017-01-29 17:37 - 0035905 _____ () C:\ProgramData\dm.1485729447.bdinstall.bin
 
Files to move or delete:
====================
C:\Users\Danny\Display Driver Uninstaller.exe
 
 
Some files in TEMP:
====================
2015-12-29 13:59 - 2015-12-16 09:19 - 0720208 _____ (NVIDIA Corporation) C:\Users\Danny\AppData\Local\Temp\nvSCPAPI.dll
2015-12-29 13:59 - 2015-12-16 09:20 - 0840920 _____ (NVIDIA Corporation) C:\Users\Danny\AppData\Local\Temp\nvSCPAPI64.dll
2017-01-27 18:47 - 2015-12-16 09:19 - 0316720 _____ (NVIDIA Corporation) C:\Users\Danny\AppData\Local\Temp\nvStInst.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-02-16 15:55
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:34 PM

Posted 25 February 2017 - 09:55 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove this rogue program in bold via the Control Panel > Programs > Programs and Features.
Reimage Repair (HKLM\...\Reimage Repair) (Version: 1.9.0.1 - Reimage) <==== ATTENTION
---

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(Spotify Ltd) C:\Users\Danny\AppData\Roaming\Spotify\~TMP_1348_229~
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
GroupPolicy: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-2214183864-1434558134-948620194-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2214183864-1434558134-948620194-1000 -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-01-12&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2214183864-1434558134-948620194-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
CHR StartupUrls: Default -> "hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl","hxxps://search.yahoo.com/?type=994519&fr=spigot-yhp-ch"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.5.669\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_130.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.550.14) - E:\bin\dtplugin\npDeployJava1.dll => No File
CHR Plugin: (Java™ Platform SE 7 U55) - E:\bin\plugin2\npjp2.dll => No File
CHR Extension: (Chrome Web Store Payments) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18]
CHR Extension: (Chrome Media Router) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-10]
CHR HKLM\...\Chrome\Extension: [iagcajndpnfncplednpbnkahadegklfa] - C:\Users\Danny\AppData\Local\speedial.crx [2014-04-10]
CHR HKLM-x32\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx <not found>
U3 idsvc; no ImagePath
Task: {11FAF625-C824-4C8F-B3EF-C956F0040070} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {360B1BD2-2657-4672-B313-867DF01DF7C7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {4ECABD9F-91F8-4196-90CA-BA180CB6230B} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {53E8DAAB-E351-446B-9692-7F0D79D1E4EA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {69ACB9A5-407F-4A4E-B555-04BD87C7F036} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {73AA28A5-059A-4E5E-9DED-165F22F70652} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {7E0EB0DC-310E-49F4-AACD-A67D4AC51E12} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {98CD9835-3564-413E-9064-AE45E52B99BE} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {CF63C691-B65F-4031-9FAB-A10A151E6576} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {E780702A-C16D-44A4-B239-998C88033DF7} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {EA2E8407-F9E5-42A6-AEF7-EF60E7D457E6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {ED922A6C-BB21-438C-9DD8-D38D3CFCFDBA} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {FBBF6400-7D6E-4588-9A5F-48FA129059D4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\Danny\Downloads\0006-64bit_Win7_Win8_Win81_Win10_R279.exe:BDU [0]
AlternateDataStreams: C:\Users\Danny\Downloads\361.43-desktop-win10-64bit-international-whql.exe:BDU [0]
AlternateDataStreams: C:\Users\Danny\Downloads\adb-setup-1.4.3.exe:BDU [0]
AlternateDataStreams: C:\Users\Danny\Downloads\BnS_Lite_Installer.exe:BDU [0]
AlternateDataStreams: C:\Users\Danny\Downloads\CitrixReceiverWeb.exe:BDU [0]
AlternateDataStreams: C:\Users\Danny\Downloads\ComboFix.exe:BDU [0]
AlternateDataStreams: C:\Users\Danny\Downloads\cpu-z_1.76-en.exe:BDU [0]
AlternateDataStreams: C:\Users\Danny\Downloads\driver_booster_setup.exe:BDU [0]
AlternateDataStreams: C:\Users\Danny\Downloads\Feedless-Setup-Beta.exe:BDU [0]
AlternateDataStreams: C:\Users\Danny\Downloads\FRST64.exe:BDU [0]
AlternateDataStreams: C:\Users\Danny\Downloads\FurMark_1.17.0.0_Setup.exe:BDU [0]
AlternateDataStreams: C:\Users\Danny\Downloads\FurMark_1.18.2.0_Setup.exe:BDU [0]
AlternateDataStreams: C:\Users\Danny\Downloads\HOTS Logs Uploader.exe:BDU [0]
AlternateDataStreams: C:\Users\Danny\Downloads\kodi-15.2-Isengard (3).exe:BDU [0]
AlternateDataStreams: C:\Users\Danny\Downloads\kodi-16.0-Jarvis (1).exe:BDU [0]
AlternateDataStreams: C:\Users\Danny\Downloads\kodi-16.0-Jarvis.exe:BDU [0]
AlternateDataStreams: C:\Users\Danny\Downloads\kodi-17.0-Krypton.exe:BDU [0]
AlternateDataStreams: C:\Users\Danny\Downloads\KodiSetup-20151112-1c80995-dx11_Isengard.exe:BDU [0]
AlternateDataStreams: C:\Users\Danny\Downloads\LeagueofLegends_NA_Installer_2016_05_13.exe:BDU [0]
AlternateDataStreams: C:\Users\Danny\Downloads\LGS_8.83.85_x64_Logitech.exe:BDU [0]
AlternateDataStreams: C:\Users\Danny\Downloads\LGS_8.83.85_x86_Logitech.exe:BDU [0]
AlternateDataStreams: C:\Users\Danny\Downloads\ltmcp_setup.exe:BDU [0]
AlternateDataStreams: C:\Users\Danny\Downloads\PandaCloudCleaner.exe:BDU [0]
AlternateDataStreams: C:\Users\Danny\Downloads\pdf-merger_full553.exe:BDU [0]
AlternateDataStreams: C:\Users\Danny\Downloads\PowerISO6-x64 (1).exe:BDU [0]
AlternateDataStreams: C:\Users\Danny\Downloads\PowerISO6-x64.exe:BDU [0]
AlternateDataStreams: C:\Users\Danny\Downloads\ReimageRepair.exe:BDU [0]
AlternateDataStreams: C:\Users\Danny\Downloads\rufus-2.11.exe:BDU [0]
AlternateDataStreams: C:\Users\Danny\Downloads\siinst.exe:BDU [0]
AlternateDataStreams: C:\Users\Danny\Downloads\Silverlight_x64 (1).exe:BDU [0]
AlternateDataStreams: C:\Users\Danny\Downloads\Silverlight_x64 (2).exe:BDU [0]
AlternateDataStreams: C:\Users\Danny\Downloads\Silverlight_x64.exe:BDU [0]
AlternateDataStreams: C:\Users\Danny\Downloads\Windows ISO Downloader.exe:BDU [0]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove the old version of Java via the Control Panel > Programs > Programs and Features.
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
===

Please let me know what problem persists with this computer.

#3 ronan2146

ronan2146
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  

Posted 26 February 2017 - 06:27 PM

Attached is also the fixlog.txt. I took all of the steps you recommended, but I will have to wait and see if it helps since my computer was not showing physical symptoms. Is there anything else you recommend?
 
 
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 26-02-2017
Ran by Danny (26-02-2017 18:19:24) Run:2
Running from C:\Users\Danny\Downloads
Loaded Profiles: Danny (Available Profiles: Danny & DefaultAppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
(Spotify Ltd) C:\Users\Danny\AppData\Roaming\Spotify\~TMP_1348_229~
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
GroupPolicy: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-2214183864-1434558134-948620194-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2214183864-1434558134-948620194-1000 -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-01-12&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2214183864-1434558134-948620194-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
CHR StartupUrls: Default -> "hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl","hxxps://search.yahoo.com/?type=994519&fr=spigot-yhp-ch"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.5.669\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_130.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.550.14) - E:\bin\dtplugin\npDeployJava1.dll => No File
CHR Plugin: (Java™ Platform SE 7 U55) - E:\bin\plugin2\npjp2.dll => No File
CHR Extension: (Chrome Web Store Payments) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18]
CHR Extension: (Chrome Media Router) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-10]
CHR HKLM\...\Chrome\Extension: [iagcajndpnfncplednpbnkahadegklfa] - C:\Users\Danny\AppData\Local\speedial.crx [2014-04-10]
CHR HKLM-x32\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx <not found>
U3 idsvc; no ImagePath
Task: {11FAF625-C824-4C8F-B3EF-C956F0040070} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {360B1BD2-2657-4672-B313-867DF01DF7C7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {4ECABD9F-91F8-4196-90CA-BA180CB6230B} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {53E8DAAB-E351-446B-9692-7F0D79D1E4EA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {69ACB9A5-407F-4A4E-B555-04BD87C7F036} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {73AA28A5-059A-4E5E-9DED-165F22F70652} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {7E0EB0DC-310E-49F4-AACD-A67D4AC51E12} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {98CD9835-3564-413E-9064-AE45E52B99BE} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {CF63C691-B65F-4031-9FAB-A10A151E6576} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {E780702A-C16D-44A4-B239-998C88033DF7} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {EA2E8407-F9E5-42A6-AEF7-EF60E7D457E6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {ED922A6C-BB21-438C-9DD8-D38D3CFCFDBA} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {FBBF6400-7D6E-4588-9A5F-48FA129059D4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\Danny\Downloads\0006-64bit_Win7_Win8_Win81_Win10_R279.exe:BDU [0]
AlternateDataStreams: C:\Users\Danny\Downloads\361.43-desktop-win10-64bit-international-whql.exe:BDU [0]
AlternateDataStreams: C:\Users\Danny\Downloads\adb-setup-1.4.3.exe:BDU [0]
AlternateDataStreams: C:\Users\Danny\Downloads\BnS_Lite_Installer.exe:BDU [0]
AlternateDataStreams: C:\Users\Danny\Downloads\CitrixReceiverWeb.exe:BDU [0]
AlternateDataStreams: C:\Users\Danny\Downloads\ComboFix.exe:BDU [0]
AlternateDataStreams: C:\Users\Danny\Downloads\cpu-z_1.76-en.exe:BDU [0]
AlternateDataStreams: C:\Users\Danny\Downloads\driver_booster_setup.exe:BDU [0]
AlternateDataStreams: C:\Users\Danny\Downloads\Feedless-Setup-Beta.exe:BDU [0]
AlternateDataStreams: C:\Users\Danny\Downloads\FRST64.exe:BDU [0]
AlternateDataStreams: C:\Users\Danny\Downloads\FurMark_1.17.0.0_Setup.exe:BDU [0]
AlternateDataStreams: C:\Users\Danny\Downloads\FurMark_1.18.2.0_Setup.exe:BDU [0]
AlternateDataStreams: C:\Users\Danny\Downloads\HOTS Logs Uploader.exe:BDU [0]
AlternateDataStreams: C:\Users\Danny\Downloads\kodi-15.2-Isengard (3).exe:BDU [0]
AlternateDataStreams: C:\Users\Danny\Downloads\kodi-16.0-Jarvis (1).exe:BDU [0]
AlternateDataStreams: C:\Users\Danny\Downloads\kodi-16.0-Jarvis.exe:BDU [0]
AlternateDataStreams: C:\Users\Danny\Downloads\kodi-17.0-Krypton.exe:BDU [0]
AlternateDataStreams: C:\Users\Danny\Downloads\KodiSetup-20151112-1c80995-dx11_Isengard.exe:BDU [0]
AlternateDataStreams: C:\Users\Danny\Downloads\LeagueofLegends_NA_Installer_2016_05_13.exe:BDU [0]
AlternateDataStreams: C:\Users\Danny\Downloads\LGS_8.83.85_x64_Logitech.exe:BDU [0]
AlternateDataStreams: C:\Users\Danny\Downloads\LGS_8.83.85_x86_Logitech.exe:BDU [0]
AlternateDataStreams: C:\Users\Danny\Downloads\ltmcp_setup.exe:BDU [0]
AlternateDataStreams: C:\Users\Danny\Downloads\PandaCloudCleaner.exe:BDU [0]
AlternateDataStreams: C:\Users\Danny\Downloads\pdf-merger_full553.exe:BDU [0]
AlternateDataStreams: C:\Users\Danny\Downloads\PowerISO6-x64 (1).exe:BDU [0]
AlternateDataStreams: C:\Users\Danny\Downloads\PowerISO6-x64.exe:BDU [0]
AlternateDataStreams: C:\Users\Danny\Downloads\ReimageRepair.exe:BDU [0]
AlternateDataStreams: C:\Users\Danny\Downloads\rufus-2.11.exe:BDU [0]
AlternateDataStreams: C:\Users\Danny\Downloads\siinst.exe:BDU [0]
AlternateDataStreams: C:\Users\Danny\Downloads\Silverlight_x64 (1).exe:BDU [0]
AlternateDataStreams: C:\Users\Danny\Downloads\Silverlight_x64 (2).exe:BDU [0]
AlternateDataStreams: C:\Users\Danny\Downloads\Silverlight_x64.exe:BDU [0]
AlternateDataStreams: C:\Users\Danny\Downloads\Windows ISO Downloader.exe:BDU [0]
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Users\Danny\AppData\Roaming\Spotify\~TMP_1348_229~ => No running process found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key not found. 
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
"C:\WINDOWS\system32\GroupPolicy\Machine" => not found.
HKU\S-1-5-21-2214183864-1434558134-948620194-1000\SOFTWARE\Policies\Google => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => key not found. 
HKCR\Wow6432Node\CLSID\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => key not found. 
HKU\S-1-5-21-2214183864-1434558134-948620194-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} => key not found. 
HKCR\CLSID\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} => key not found. 
HKU\S-1-5-21-2214183864-1434558134-948620194-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => key not found. 
HKCR\CLSID\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value not found.
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => key not found. 
Chrome StartupUrls => removed successfully
C:\Users\Danny\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.5.669\_platform_specific\win_x86\widevinecdmadapter.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\PepperFlash\pepflashplayer.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\pdf.dll => not found.
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll => not found.
C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll => not found.
C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll => not found.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_130.dll => not found.
E:\bin\dtplugin\npDeployJava1.dll => not found.
E:\bin\plugin2\npjp2.dll => not found.
C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => not found
C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => not found
HKLM\SOFTWARE\Google\Chrome\Extensions\iagcajndpnfncplednpbnkahadegklfa => key not found. 
"C:\Users\Danny\AppData\Local\speedial.crx" => not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole => key not found. 
idsvc => service not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11FAF625-C824-4C8F-B3EF-C956F0040070} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{360B1BD2-2657-4672-B313-867DF01DF7C7} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4ECABD9F-91F8-4196-90CA-BA180CB6230B} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{53E8DAAB-E351-446B-9692-7F0D79D1E4EA} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{69ACB9A5-407F-4A4E-B555-04BD87C7F036} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73AA28A5-059A-4E5E-9DED-165F22F70652} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E0EB0DC-310E-49F4-AACD-A67D4AC51E12} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98CD9835-3564-413E-9064-AE45E52B99BE} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CF63C691-B65F-4031-9FAB-A10A151E6576} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E780702A-C16D-44A4-B239-998C88033DF7} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA2E8407-F9E5-42A6-AEF7-EF60E7D457E6} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ED922A6C-BB21-438C-9DD8-D38D3CFCFDBA} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FBBF6400-7D6E-4588-9A5F-48FA129059D4} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key not found. 
C:\Users\Danny\Downloads\0006-64bit_Win7_Win8_Win81_Win10_R279.exe => ":BDU" ADS could not remove.
C:\Users\Danny\Downloads\361.43-desktop-win10-64bit-international-whql.exe => ":BDU" ADS could not remove.
C:\Users\Danny\Downloads\adb-setup-1.4.3.exe => ":BDU" ADS could not remove.
C:\Users\Danny\Downloads\BnS_Lite_Installer.exe => ":BDU" ADS could not remove.
C:\Users\Danny\Downloads\CitrixReceiverWeb.exe => ":BDU" ADS could not remove.
C:\Users\Danny\Downloads\ComboFix.exe => ":BDU" ADS could not remove.
C:\Users\Danny\Downloads\cpu-z_1.76-en.exe => ":BDU" ADS could not remove.
C:\Users\Danny\Downloads\driver_booster_setup.exe => ":BDU" ADS could not remove.
C:\Users\Danny\Downloads\Feedless-Setup-Beta.exe => ":BDU" ADS could not remove.
"C:\Users\Danny\Downloads\FRST64.exe" => ":BDU" ADS not found.
C:\Users\Danny\Downloads\FurMark_1.17.0.0_Setup.exe => ":BDU" ADS could not remove.
C:\Users\Danny\Downloads\FurMark_1.18.2.0_Setup.exe => ":BDU" ADS could not remove.
C:\Users\Danny\Downloads\HOTS Logs Uploader.exe => ":BDU" ADS could not remove.
C:\Users\Danny\Downloads\kodi-15.2-Isengard (3).exe => ":BDU" ADS could not remove.
C:\Users\Danny\Downloads\kodi-16.0-Jarvis (1).exe => ":BDU" ADS could not remove.
C:\Users\Danny\Downloads\kodi-16.0-Jarvis.exe => ":BDU" ADS could not remove.
C:\Users\Danny\Downloads\kodi-17.0-Krypton.exe => ":BDU" ADS could not remove.
C:\Users\Danny\Downloads\KodiSetup-20151112-1c80995-dx11_Isengard.exe => ":BDU" ADS could not remove.
C:\Users\Danny\Downloads\LeagueofLegends_NA_Installer_2016_05_13.exe => ":BDU" ADS could not remove.
C:\Users\Danny\Downloads\LGS_8.83.85_x64_Logitech.exe => ":BDU" ADS could not remove.
C:\Users\Danny\Downloads\LGS_8.83.85_x86_Logitech.exe => ":BDU" ADS could not remove.
C:\Users\Danny\Downloads\ltmcp_setup.exe => ":BDU" ADS could not remove.
C:\Users\Danny\Downloads\PandaCloudCleaner.exe => ":BDU" ADS could not remove.
C:\Users\Danny\Downloads\pdf-merger_full553.exe => ":BDU" ADS could not remove.
C:\Users\Danny\Downloads\PowerISO6-x64 (1).exe => ":BDU" ADS could not remove.
C:\Users\Danny\Downloads\PowerISO6-x64.exe => ":BDU" ADS could not remove.
C:\Users\Danny\Downloads\ReimageRepair.exe => ":BDU" ADS could not remove.
C:\Users\Danny\Downloads\rufus-2.11.exe => ":BDU" ADS could not remove.
C:\Users\Danny\Downloads\siinst.exe => ":BDU" ADS could not remove.
C:\Users\Danny\Downloads\Silverlight_x64 (1).exe => ":BDU" ADS could not remove.
C:\Users\Danny\Downloads\Silverlight_x64 (2).exe => ":BDU" ADS could not remove.
C:\Users\Danny\Downloads\Silverlight_x64.exe => ":BDU" ADS could not remove.
C:\Users\Danny\Downloads\Windows ISO Downloader.exe => ":BDU" ADS could not remove.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 3571991 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5228192 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 20480 B
Edge => 0 B
Chrome => 31418253 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
Danny => 28147263 B
DefaultAppPool => 6144 B
 
RecycleBin => 9972157 B
EmptyTemp: => 74.7 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 18:19:38 ====

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:34 PM

Posted 27 February 2017 - 07:49 AM

Run this cleaning tool.

Sophos Virus Removal Tool

Please download Sophos Virus Removal Tool and save it to your computer's Desktop.
  • Right-click the icon and select Run as administrator.
  • Click Yes to accept any security warnings that may appear.
  • Click the Next button.
  • Select 'I accept the terms in the license agreement', then click Next twice.
  • Click the Install button and wait until the installation is complete.
  • Click the Finish button. The tool created a shortcut icon on the Desktop of your computer.
  • Now, double-click the Sophos Virus Removal Tool shortcut icon to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • After it updates and a "Start Scanning" button appears in the lower right:
    • Disconnect from the Internet or physically unplug your Internet cable connection.
    • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
    • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • Click the "Start Scanning" button in the lower right to start the scan.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, if it detected anything there will be a "Start Clean-up" button, click it and allow it to finish.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.
  • If any threats are found click Details, then View Log file (bottom left-hand corner).
  • Copy and paste its contents in your next reply and note any errors encountered.
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup.
  • Click Exit to close the program.
  • If no threats were found, please confirm that result.
Note: Whenever necessary, the log will be in the following location:

Windows Vista and above:
C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log
 
Windows XP:
C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log
 
Please post the contents of the log in your next reply and note any errors encountered.
===

p.s.
This may take awhile, do it when you know you will not need to computer.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users