Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with a lot of malware, SSD acting weird and showing files transparent


  • This topic is locked This topic is locked
10 replies to this topic

#1 Sovereign

Sovereign

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 03 March 2017 - 01:44 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-03-2017
Ran by Kitten (administrator) on KITTEN-PC (03-03-2017 10:39:32)
Running from C:\Users\Kitten\Desktop
Loaded Profiles: Kitten (Available Profiles: Kitten)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
(Scarlet.Crush Productions) C:\Program Files\Scarlet.Crush Productions\bin\ScpService.exe
() C:\Program Files (x86)\GIGABYTE\AppCenter\AdjustService.exe
(Microsoft) C:\Program Files (x86)\GIGABYTE\CloudStation_Server\HomeCloud\GCloud.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Microsoft) C:\Program Files (x86)\GIGABYTE\CloudStation_Server\HomeCloud\HCLOUD.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(GIGA-BYTE TECHNOLOGY CO., LTD.) C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\OcButtonService.exe
() C:\Program Files (x86)\GIGABYTE\CloudStation_Server\RemoteControl\grckm.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
() C:\Program Files (x86)\GIGABYTE\CloudStation_Server\RemoteOC\ubssrv_oc_only.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
() C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(Hammer & Chisel, Inc.) C:\Users\Kitten\AppData\Local\Discord\app-0.0.297\Discord.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(MY.COM B.V.) C:\Users\Kitten\AppData\Local\MyComGames\MyComGames.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Program Files (x86)\UtechSmart 16400DPI VENUS Gaming Mouse\OGMMon.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
() C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\CTJckCfg.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
() C:\Program Files\NVIDIA Corporation\Display\nvsmartmaxapp64.exe
() C:\Program Files\NVIDIA Corporation\Display\nvsmartmaxapp.exe
(Hammer & Chisel, Inc.) C:\Users\Kitten\AppData\Local\Discord\app-0.0.297\Discord.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Hammer & Chisel, Inc.) C:\Users\Kitten\AppData\Local\Discord\app-0.0.297\Discord.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Gigabyte Technology CO.) C:\Program Files\Gigabyte\Smart Backup\RPMDaemon.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Razer Inc) C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.7\ToolbarUpdater.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_6\mcapexe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Intel® Corporation) C:\Program Files\Intel\NCS2\WMIProv\ncs2prov.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(GIGA-BYTE TECHNOLOGY CO., LTD.) C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\EasyTuneEngineService.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
() C:\Program Files (x86)\Origin\QtWebEngineProcess.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.3.290.0\McCSPServiceHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Security) C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\Smart TimeLock\AlarmClock.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(AVG Technologies) C:\Program Files (x86)\AVG Web TuneUp\Uninstall.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\40.3.7\ScriptHelper.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(McAfee, Inc.) C:\Program Files\McAfee\MPF\MpfAlert.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [323056 2015-11-04] (Intel Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2183752 2017-03-02] ()
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [296216 2015-09-04] (Intel Corporation)
HKLM-x32\...\Run: [OGMgmmouseRun] => C:\Program Files (x86)\UtechSmart 16400DPI VENUS Gaming Mouse\ogmmon.exe [3386880 2014-05-19] ()
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Sound Blaster Recon3Di SBX Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe [1129984 2014-03-19] (Creative Technology Ltd)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2017-01-16] (Razer Inc.)
HKLM\...\RunOnce: [RPMKickstart] => C:\Program Files\Gigabyte\Smart Backup\RPMKickstartEx.exe [2320384 2014-04-01] (TODO: <Company name>)
HKLM-x32\...\RunOnce: [PreRun] => C:\Program Files (x86)\GIGABYTE\AppCenter\PreRun.exe [14632 2016-02-26] ()
HKU\S-1-5-21-3778399154-3554267619-3536051004-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-18] (Valve Corporation)
HKU\S-1-5-21-3778399154-3554267619-3536051004-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27427808 2017-02-08] (Skype Technologies S.A.)
HKU\S-1-5-21-3778399154-3554267619-3536051004-1000\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [5077792 2017-02-02] (Nota Inc.)
HKU\S-1-5-21-3778399154-3554267619-3536051004-1000\...\Run: [Discord] => C:\Users\Kitten\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-3778399154-3554267619-3536051004-1000\...\Run: [Google Update] => C:\Users\Kitten\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-16] (Google Inc.)
HKU\S-1-5-21-3778399154-3554267619-3536051004-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3044848 2017-02-28] (Electronic Arts)
HKU\S-1-5-21-3778399154-3554267619-3536051004-1000\...\Run: [MyComGames] => C:\Users\Kitten\AppData\Local\MyComGames\MyComGames.exe [5335440 2017-03-02] (MY.COM B.V.)
HKU\S-1-5-21-3778399154-3554267619-3536051004-1000\...\Run: [evyzuf] => rundll32.exe "C:\Users\Kitten\AppData\Local\evyzuf.dll",evyzuf <===== ATTENTION
HKU\S-1-5-21-3778399154-3554267619-3536051004-1000\...\MountPoints2: {4f7c1c83-02a5-11e6-bf0a-806e6f6e6963} - F:\.\Bin\ASSETUP.exe
HKU\S-1-5-18\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 64.59.144.19 64.59.150.135
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{6FD35362-F7B4-4933-8F07-AF5112A7D191}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{6FD35362-F7B4-4933-8F07-AF5112A7D191}: [DhcpNameServer] 64.59.144.19 64.59.150.135
Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{B03ADB5E-0DC3-4114-A93E-425D956EF214}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{B03ADB5E-0DC3-4114-A93E-425D956EF214}: [DhcpNameServer] 8.8.8.8

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3778399154-3554267619-3536051004-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-3778399154-3554267619-3536051004-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={4C39F4BF-59C0-48E0-9A0A-DF562DBC0922}&mid=8da00acd34a847cc8312b1ed0a864542-9534c202819e8cc9e65f3fefbd52221ad3a8024c&lang=en&ds=AVG&coid=avgtbavg&cmpid=0816tb&pr=fr&d=2016-04-14 16:48:19&v=4.3.2.18&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3778399154-3554267619-3536051004-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={4C39F4BF-59C0-48E0-9A0A-DF562DBC0922}&mid=8da00acd34a847cc8312b1ed0a864542-9534c202819e8cc9e65f3fefbd52221ad3a8024c&lang=en&ds=AVG&coid=avgtbavg&cmpid=0816tb&pr=fr&d=2016-04-14 16:48:19&v=4.3.2.18&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-01-09] (McAfee, Inc.)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-01-09] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-01-09] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-01-09] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2017-02-10] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2017-02-10] (McAfee, Inc.)

FireFox:
========
FF DefaultProfile: jl2d71i4.default
FF ProfilePath: C:\Users\Kitten\AppData\Roaming\Mozilla\Firefox\Profiles\jl2d71i4.default [2017-03-03]
FF Extension: (BetterTTV) - C:\Users\Kitten\AppData\Roaming\Mozilla\Firefox\Profiles\jl2d71i4.default\Extensions\firefox@betterttv.net.xpi [2016-07-17]
FF Extension: (NoScript) - C:\Users\Kitten\AppData\Roaming\Mozilla\Firefox\Profiles\jl2d71i4.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-01-18]
FF Extension: (FT DeepDark) - C:\Users\Kitten\AppData\Roaming\Mozilla\Firefox\Profiles\jl2d71i4.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2017-03-02]
FF Extension: (Adblock Plus) - C:\Users\Kitten\AppData\Roaming\Mozilla\Firefox\Profiles\jl2d71i4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-24]
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\Kitten\AppData\Roaming\Mozilla\Firefox\Profiles\jl2d71i4.default\features\{6ee01152-393e-4130-b4a8-299c203d24ea}\disableSHA1rollout@mozilla.org.xpi [2017-03-03]
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-03-03]
FF SearchPlugin: C:\Users\Kitten\AppData\Roaming\Mozilla\Firefox\Profiles\jl2d71i4.default\searchplugins\avg-secure-search.xml [2016-09-29]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-16] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2017-02-10] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-16] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.7\\npsitesafety.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-20] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2017-02-10] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-02-09] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-02-09] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin HKU\S-1-5-21-3778399154-3554267619-3536051004-1000: @my.com/Games -> C:\Users\Kitten\AppData\Local\MyComGames\NPMyComDetector.dll [2017-03-02] (MY.COM B.V.)
FF Plugin HKU\S-1-5-21-3778399154-3554267619-3536051004-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Kitten\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3778399154-3554267619-3536051004-1000: @talk.google.com/O1DPlugin -> C:\Users\Kitten\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3778399154-3554267619-3536051004-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Kitten\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-3778399154-3554267619-3536051004-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Kitten\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Kitten\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Kitten\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> mysearch.avg.com/?rvt=1
CHR DefaultSearchURL: Default -> hxxps://mysearch.avg.com/search?rvt=1&sap=dsp&q={searchTerms}
CHR DefaultSearchKeyword: Default -> https://mysearch.avg.com
CHR DefaultSuggestURL: Default -> hxxps://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR Profile: C:\Users\Kitten\AppData\Local\Google\Chrome\User Data\Default [2017-03-03]
CHR Extension: (YouTube) - C:\Users\Kitten\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-14]
CHR Extension: (Adblock Plus) - C:\Users\Kitten\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-01-17]
CHR Extension: (AVG Secure Search) - C:\Users\Kitten\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2016-08-11]
CHR Extension: (TwitchAlerts Stream Labels) - C:\Users\Kitten\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmggmdngboajiakmbpdknfpdelbjbcg [2017-01-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Kitten\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-14]
CHR Extension: (Gmail) - C:\Users\Kitten\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-14]
CHR Extension: (Chrome Media Router) - C:\Users\Kitten\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-17]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3778399154-3554267619-3536051004-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [chfdnecihphmhljaaejmgoiahnihplgn] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1457160 2017-01-01] ()
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [445976 2016-08-02] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [425496 2016-08-02] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe [462360 2016-08-02] (BlueStack Systems, Inc.)
R3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1747800 2017-02-16] (Intel Security)
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [429056 2013-10-27] (Creative Technology Ltd) [File not signed]
R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [113160 2015-11-25] (Creative Technology Ltd)
R2 Ds3Service; C:\Program Files\Scarlet.Crush Productions\bin\ScpService.exe [388352 2013-05-05] (Scarlet.Crush Productions)
R2 EasyTuneEngineService; C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\EasyTuneEngineService.exe [142656 2016-06-01] (GIGA-BYTE TECHNOLOGY CO., LTD.)
R2 gadjservice; C:\Program Files (x86)\GIGABYTE\AppCenter\AdjustService.exe [17920 2015-06-25] () [File not signed]
R2 GCloud; C:\Program Files (x86)\GIGABYTE\CloudStation_Server\HomeCloud\GCloud.exe [19776 2015-03-23] (Microsoft)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-06] (HP Inc.)
S3 HwmRecordService; C:\Program Files (x86)\GIGABYTE\SIV\HwmRecordService.exe [118568 2016-05-24] (GIGA-BYTE TECHNOLOGY CO., LTD.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [19440 2015-11-04] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188352 2017-01-09] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe [989632 2017-01-23] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.3.290.0\\McCSPServiceHost.exe [2054080 2017-02-03] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [1342904 2017-02-01] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [241040 2016-11-14] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [383032 2016-11-14] (McAfee, Inc.)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [342768 2016-11-14] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1465840 2016-12-22] (McAfee, Inc.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-23] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-23] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-02-09] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-02-23] (NVIDIA Corporation)
R2 OcButtonService; C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\OcButtonService.exe [127272 2016-05-20] (GIGA-BYTE TECHNOLOGY CO., LTD.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2122248 2017-02-28] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2184208 2017-02-28] (Electronic Arts)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1104304 2016-11-15] (Intel Security, Inc.)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-24] ()
R2 RzSurroundVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe [4261344 2016-11-03] (Razer Inc)
R2 Smart TimeLock; C:\Program Files (x86)\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe [102400 2013-02-22] (Gigabyte Technology CO., LTD.) [File not signed]
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
S3 ThunderboltService; C:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [1830088 2016-01-18] (Intel Corporation)
R2 vToolbarUpdater40.3.7; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.7\ToolbarUpdater.exe [1354312 2017-03-02] (AVG Secure Search)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [981576 2017-03-02] ()

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] ()
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
R0 asstor64; C:\Windows\System32\DRIVERS\asstor64.sys [83792 2015-06-17] (Asmedia Technology)
S3 AsusVBus; C:\Windows\System32\DRIVERS\AsusVBus.sys [39704 2016-11-03] (Windows ® Win 7 DDK provider)
R3 ausb3hub; C:\Windows\System32\DRIVERS\ausb3hub.sys [404480 2017-03-01] (Intel Corporation)
R3 ausb3xhc; C:\Windows\System32\DRIVERS\ausb3xhc.sys [817664 2017-03-01] (Intel Corporation)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [152672 2016-08-02] (BlueStack Systems)
R2 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [307768 2016-07-28] (Bluestack System Inc. )
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [88456 2016-11-18] (McAfee, Inc.)
R3 cthda; C:\Windows\System32\drivers\cthda.sys [1067304 2015-11-25] (Creative Technology Ltd)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [510952 2015-11-23] (Intel Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77408 2017-02-24] ()
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [216704 2016-08-02] (McAfee, Inc.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [31728 2015-11-12] (Intel Corporation)
S3 KillerEth; C:\Windows\System32\DRIVERS\e2xw7x64.sys [134296 2016-02-12] (Qualcomm Atheros, Inc.)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [251840 2017-03-03] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [178976 2015-07-28] (Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [484576 2016-11-18] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [366320 2016-11-18] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [518184 2016-11-18] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [916432 2016-11-18] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [498152 2016-10-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109336 2016-10-24] (McAfee, Inc.)
R3 mfeplk; C:\Windows\System32\drivers\mfeplk.sys [110248 2016-11-18] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [254800 2016-11-18] (McAfee, Inc.)
S3 netr28ux; C:\Windows\System32\DRIVERS\Dnetr28ux.sys [1617472 2011-04-28] (Ralink Technology Corp.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-02-23] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46016 2017-02-23] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57792 2017-02-23] (NVIDIA Corporation)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [44144 2016-09-16] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [130880 2015-12-14] (Razer, Inc.)
S3 RZSURROUNDVADService; C:\Windows\System32\drivers\RzSurroundVAD.sys [49176 2016-10-16] (Windows ® Win 7 DDK provider)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] ()
S3 vjoy; C:\Windows\System32\DRIVERS\vjoy.sys [57976 2016-12-24] (Shaul Eizikovich)
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S2 mbamchameleon; \SystemRoot\system32\drivers\MBAMChameleon.sys [X]
S3 MBAMFarflt; \??\C:\Windows\system32\drivers\farflt.sys [X]
S3 MBAMProtection; \??\C:\Windows\system32\drivers\mbam.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-03 10:39 - 2017-03-03 10:39 - 00031057 _____ C:\Users\Kitten\Desktop\FRST.txt
2017-03-03 10:30 - 2017-03-03 10:39 - 00000000 ____D C:\FRST
2017-03-03 10:29 - 2017-03-03 10:29 - 02423808 _____ (Farbar) C:\Users\Kitten\Desktop\FRST64.exe
2017-03-03 10:22 - 2017-03-03 10:22 - 00003720 ____N C:\bootsqm.dat
2017-03-03 10:20 - 2017-03-03 10:20 - 00000000 __SHD C:\found.000
2017-03-03 10:13 - 2017-03-03 10:23 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-03-03 10:13 - 2017-03-03 10:13 - 00003890 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-03-03 00:52 - 2017-03-03 00:52 - 04031440 _____ C:\Users\Kitten\Downloads\AdwCleaner.exe
2017-03-03 00:52 - 2017-03-03 00:52 - 00000000 ____D C:\AdwCleaner
2017-03-03 00:47 - 2017-03-03 00:47 - 00002048 _____ C:\Users\Public\Desktop\McAfee LiveSafe.lnk
2017-03-03 00:47 - 2017-03-03 00:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2017-03-03 00:46 - 2016-08-02 01:03 - 00216704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2017-03-03 00:44 - 2017-03-03 00:44 - 00003084 _____ C:\Windows\System32\Tasks\McAfeeLogon
2017-03-03 00:44 - 2017-03-03 00:44 - 00000000 ____D C:\Windows\System32\Tasks\McAfee
2017-03-03 00:44 - 2017-03-03 00:44 - 00000000 ____D C:\ProgramData\Intel Security
2017-03-03 00:43 - 2017-03-03 00:50 - 00000000 ____D C:\Program Files\McAfee
2017-03-03 00:43 - 2017-03-03 00:43 - 00000000 ____D C:\Program Files\McAfee.com
2017-03-03 00:43 - 2017-03-03 00:43 - 00000000 ____D C:\Program Files\Common Files\Intel Security
2017-03-03 00:42 - 2017-03-03 01:43 - 00003348 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)
2017-03-03 00:42 - 2017-03-03 00:47 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-03-03 00:41 - 2017-03-03 00:44 - 00000000 ____D C:\Program Files\Common Files\McAfee
2017-03-03 00:41 - 2016-11-14 17:41 - 00342768 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2017-03-03 00:40 - 2017-03-03 10:24 - 00000000 ____D C:\ProgramData\McAfee
2017-03-03 00:40 - 2017-03-03 00:40 - 35961640 _____ (McAfee, Inc.) C:\Users\Kitten\Downloads\Setup_serial_1Y9UV5ZA48WkN8Bhv1q0zg2_key.exe
2017-03-03 00:24 - 2017-03-03 00:24 - 57131432 _____ (Malwarebytes ) C:\Users\Kitten\Downloads\mb3-setup-consumer-3.0.6.1469-1075(1).exe
2017-03-03 00:19 - 2017-03-03 10:26 - 00000000 ____D C:\Program Files\Z9DAU4BXFW
2017-03-03 00:19 - 2017-03-03 01:31 - 00000000 ____D C:\ProgramData\Microleaves
2017-03-03 00:19 - 2017-03-03 00:19 - 00297408 _____ (NVIDIA Corporation) C:\Windows\cudart32_80.dll
2017-03-03 00:19 - 2017-03-03 00:19 - 00002037 ___RS C:\Users\Public\Desktop\ТERА-Lаuncher.lnk
2017-03-03 00:19 - 2017-03-03 00:19 - 00001439 ___RS C:\Users\Kitten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnet Еxplоrеr.lnk
2017-03-03 00:19 - 2017-03-03 00:19 - 00001223 ___RS C:\Users\Public\Desktop\Моzillа Firеfox.lnk
2017-03-03 00:19 - 2017-03-03 00:19 - 00001184 ___RS C:\Users\Public\Desktop\Ваttlе.nеt.lnk
2017-03-03 00:19 - 2017-03-03 00:19 - 00001180 ___RS C:\Users\Public\Desktop\Diаblo III.lnk
2017-03-03 00:19 - 2017-03-03 00:19 - 00001175 ___RS C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gоogle Сhrоmе.lnk
2017-03-03 00:19 - 2017-03-03 00:19 - 00001145 ___RS C:\Users\Public\Desktop\Gооglе Сhrоme.lnk
2017-03-03 00:19 - 2017-03-03 00:19 - 00001139 ___RS C:\Users\Public\Desktop\Оvеrwаtсh.lnk
2017-03-03 00:19 - 2017-03-03 00:19 - 00001100 _____ C:\Users\Kitten\Desktop\Vikings War Of Clans.lnk
2017-03-03 00:19 - 2017-03-03 00:19 - 00001088 _____ C:\Users\Kitten\Desktop\Play Warframe.lnk
2017-03-03 00:19 - 2017-03-03 00:19 - 00000000 ___RS C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzilla Firefох.lnk
2017-03-03 00:19 - 2017-03-03 00:19 - 00000000 ____D C:\Windows\Azart
2017-03-03 00:19 - 2017-03-03 00:19 - 00000000 ____D C:\ProgramData\vCore
2017-03-03 00:19 - 2017-03-03 00:19 - 00000000 _____ C:\Windows\cudart64_80.dll
2017-03-03 00:19 - 2016-03-24 09:09 - 00000181 _____ C:\Users\Kitten\Desktop\Video Box - Download any video online.url
2017-03-03 00:16 - 2017-03-03 10:36 - 00000334 _____ C:\Windows\Tasks\Online Application v209.job
2017-03-03 00:16 - 2017-03-03 10:36 - 00000334 _____ C:\Windows\Tasks\Online Application v209 Guardian.job
2017-03-03 00:16 - 2017-03-03 10:36 - 00000334 _____ C:\Windows\Tasks\Online Application v209 Guard.job
2017-03-03 00:16 - 2017-03-03 10:36 - 00000324 _____ C:\Windows\Tasks\Online Application v2.job
2017-03-03 00:16 - 2017-03-03 10:36 - 00000324 _____ C:\Windows\Tasks\Online Application v2 Guardian.job
2017-03-03 00:16 - 2017-03-03 10:36 - 00000324 _____ C:\Windows\Tasks\Online Application v2 Guard.job
2017-03-03 00:16 - 2017-03-03 10:23 - 00000000 ____D C:\Program Files (x86)\Microleaves
2017-03-03 00:16 - 2017-03-03 08:19 - 00000380 _____ C:\Windows\Tasks\Online Application Updater.job
2017-03-03 00:16 - 2017-03-03 00:23 - 00000000 ____D C:\ProgramData\Logic Cramble
2017-03-03 00:16 - 2017-03-03 00:16 - 00000000 ____D C:\Users\Kitten\AppData\Roaming\Microleaves
2017-03-03 00:16 - 2017-03-03 00:16 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
2017-03-03 00:16 - 2017-03-03 00:16 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
2017-03-03 00:15 - 2017-03-03 10:23 - 00000000 ____D C:\ProgramData\PrefersSecure
2017-03-03 00:15 - 2017-03-03 00:15 - 00018432 _____ C:\Users\Kitten\AppData\Roaming\Main.dat
2017-03-03 00:15 - 2017-03-03 00:15 - 00003048 _____ C:\Windows\System32\Tasks\hostTask
2017-03-03 00:14 - 2017-03-03 00:26 - 00000000 ____D C:\Program Files (x86)\QForlLgs0EYm
2017-03-03 00:14 - 2017-03-03 00:14 - 00022528 _____ C:\Users\Kitten\AppData\Local\evyzuf.dll
2017-03-03 00:14 - 2017-03-03 00:14 - 00021532 _____ C:\Windows\System32\Tasks\QForlLgs0EYm
2017-03-03 00:13 - 2017-03-03 00:13 - 00000000 ____D C:\Users\Kitten\AppData\Roaming\tlerauic
2017-03-03 00:07 - 2017-03-03 10:36 - 00251840 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-03-03 00:07 - 2017-03-03 00:25 - 00001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-03-03 00:07 - 2017-03-03 00:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-03-03 00:07 - 2017-03-03 00:07 - 57131432 _____ (Malwarebytes ) C:\Users\Kitten\Downloads\mb3-setup-consumer-3.0.6.1469-1075.exe
2017-03-03 00:07 - 2017-03-03 00:07 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-03 00:07 - 2017-02-24 06:23 - 00077408 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-03-02 22:26 - 2017-03-02 22:26 - 00000000 ____D C:\Users\Kitten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Armored Warfare MyCom Beta
2017-03-02 21:22 - 2017-03-03 10:36 - 00000000 ____D C:\Users\Kitten\AppData\Local\MyComGames
2017-03-02 21:22 - 2017-03-02 22:26 - 00000123 _____ C:\Users\Kitten\Desktop\Armored Warfare.url
2017-03-02 21:22 - 2017-03-02 21:22 - 00002022 _____ C:\Users\Kitten\Desktop\My.com Game Center.lnk
2017-03-02 21:22 - 2017-03-02 21:22 - 00000000 ____D C:\Users\Kitten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My.com Games
2017-03-02 21:20 - 2017-03-02 21:20 - 06512064 _____ (MY.COM B.V.) C:\Users\Kitten\Downloads\ArmoredWarfareMycomLoader_43c3f5a7d5c42a769d92ec4973b8670e_A_en.exe
2017-03-02 19:46 - 2017-03-02 19:46 - 00000000 ____D C:\Users\Kitten\AppData\Roaming\Obsidium
2017-03-02 19:39 - 2017-03-02 19:39 - 00000000 ____D C:\ProgramData\DivX
2017-03-02 19:22 - 2017-03-02 19:22 - 01673061 _____ C:\Users\Kitten\Downloads\Windows Loader v2.1.7.zip
2017-03-02 17:59 - 2017-03-02 17:59 - 00000000 ____D C:\Users\Kitten\AppData\Local\Astro
2017-03-02 12:29 - 2017-03-02 12:29 - 00000000 ____D C:\Program Files\Plantronics
2017-03-02 12:28 - 2017-03-02 12:30 - 00000463 _____ C:\ISDebugLogFile.txt
2017-03-02 12:28 - 2017-03-02 12:29 - 00000000 ____D C:\Windows\Cnxt
2017-03-02 12:28 - 2017-03-02 12:28 - 63912856 _____ (Plantronics, Inc) C:\Users\Kitten\Downloads\PlantronicsRIGSurroundInstaller.exe
2017-03-02 12:28 - 2017-03-02 12:28 - 00000000 ____D C:\ProgramData\Conexant
2017-03-02 12:26 - 2017-03-02 12:26 - 86827000 _____ (Creative Technology Ltd) C:\Users\Kitten\Downloads\XFXA_PCDRV_LB_1_04_0000.exe
2017-03-02 12:13 - 2017-03-02 12:14 - 192749944 _____ (Creative Technology Ltd) C:\Users\Kitten\Downloads\XFXA_PCDRV_L11_1_02_0063.exe
2017-03-01 20:41 - 2017-03-01 20:41 - 00001461 _____ C:\Users\Kitten\Desktop\Firestorm-bin.exe - Shortcut.lnk
2017-03-01 19:53 - 2017-03-01 19:53 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-03-01 19:53 - 2017-02-09 14:39 - 00134592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-03-01 19:53 - 2017-01-25 16:13 - 00103936 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2017-03-01 19:53 - 2017-01-25 16:12 - 00326656 _____ C:\Windows\SysWOW64\vulkan-1.dll
2017-03-01 19:53 - 2017-01-25 16:09 - 00322560 _____ C:\Windows\system32\vulkan-1.dll
2017-03-01 19:53 - 2017-01-25 16:09 - 00118272 _____ C:\Windows\system32\vulkaninfo.exe
2017-03-01 19:51 - 2017-02-09 16:52 - 40192056 _____ C:\Windows\system32\nvcompiler.dll
2017-03-01 19:51 - 2017-02-09 16:52 - 35272760 _____ C:\Windows\SysWOW64\nvcompiler.dll
2017-03-01 19:51 - 2017-02-09 16:52 - 34937280 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2017-03-01 19:51 - 2017-02-09 16:52 - 28212280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-03-01 19:51 - 2017-02-09 16:52 - 19006832 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2017-03-01 19:51 - 2017-02-09 16:52 - 16398896 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2017-03-01 19:51 - 2017-02-09 16:52 - 14674896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-03-01 19:51 - 2017-02-09 16:52 - 14373824 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2017-03-01 19:51 - 2017-02-09 16:52 - 11122912 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2017-03-01 19:51 - 2017-02-09 16:52 - 11019704 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2017-03-01 19:51 - 2017-02-09 16:52 - 09305984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-03-01 19:51 - 2017-02-09 16:52 - 08990072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2017-03-01 19:51 - 2017-02-09 16:52 - 03627064 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2017-03-01 19:51 - 2017-02-09 16:52 - 03187256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-03-01 19:51 - 2017-02-09 16:52 - 01983424 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437866.dll
2017-03-01 19:51 - 2017-02-09 16:52 - 01589696 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437866.dll
2017-03-01 19:51 - 2017-02-09 16:52 - 01051584 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2017-03-01 19:51 - 2017-02-09 16:52 - 00989120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-03-01 19:51 - 2017-02-09 16:52 - 00961080 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2017-03-01 19:51 - 2017-02-09 16:52 - 00912440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-03-01 19:51 - 2017-02-09 16:52 - 00687224 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2017-03-01 19:51 - 2017-02-09 16:52 - 00611384 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2017-03-01 19:51 - 2017-02-09 16:52 - 00576192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2017-03-01 19:51 - 2017-02-09 16:52 - 00504104 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2017-03-01 19:51 - 2017-02-09 16:52 - 00500792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2017-03-01 19:51 - 2017-02-09 16:52 - 00492744 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2017-03-01 19:51 - 2017-02-09 16:52 - 00425288 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2017-03-01 19:51 - 2017-02-09 16:52 - 00408272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2017-03-01 19:51 - 2017-02-09 16:52 - 00217528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2017-03-01 19:51 - 2017-02-09 16:52 - 00170360 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2017-03-01 19:51 - 2017-02-09 16:52 - 00153184 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2017-03-01 19:51 - 2017-02-09 16:52 - 00148016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2017-03-01 19:51 - 2017-02-09 16:52 - 00131720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2017-03-01 19:51 - 2017-02-09 16:52 - 00047664 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2017-03-01 19:51 - 2017-02-09 16:52 - 00000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2017-03-01 19:51 - 2017-02-09 16:52 - 00000669 _____ C:\Windows\system32\nv-vk64.json
2017-03-01 19:43 - 2017-03-01 19:43 - 00004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-01 19:43 - 2017-03-01 19:43 - 00003852 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-01 19:43 - 2017-03-01 19:43 - 00003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-01 19:43 - 2017-03-01 19:43 - 00003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-01 19:43 - 2017-03-01 19:43 - 00003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-01 19:43 - 2017-03-01 19:43 - 00003554 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-01 19:43 - 2017-03-01 19:43 - 00003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-01 19:43 - 2017-03-01 19:43 - 00001416 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-03-01 19:43 - 2017-02-23 10:32 - 01880512 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2017-03-01 19:43 - 2017-02-23 10:32 - 01755072 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2017-03-01 19:43 - 2017-02-23 10:32 - 01468864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2017-03-01 19:43 - 2017-02-23 10:32 - 01317312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2017-03-01 19:43 - 2017-02-23 10:32 - 00156608 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2017-03-01 19:43 - 2017-02-23 10:32 - 00124352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2017-03-01 19:43 - 2017-02-23 10:32 - 00120256 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2017-03-01 19:43 - 2017-02-23 10:32 - 00057792 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys
2017-03-01 19:43 - 2017-02-23 10:32 - 00046016 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2017-03-01 19:43 - 2017-02-23 06:30 - 00001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2017-03-01 19:43 - 2017-02-09 15:13 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
2017-03-01 19:36 - 2017-03-01 19:36 - 00000000 ____D C:\ProgramData\RzSurroundVAD_1.1.62.0
2017-03-01 19:35 - 2017-03-03 10:39 - 00000000 _____ C:\Windows\system32\RzSurroundVADAudioDeviceManager_log.txt
2017-03-01 19:35 - 2017-03-01 19:35 - 02119872 _____ (Razer Inc.) C:\Users\Kitten\Downloads\RazerSurroundInstaller_v2.0.29.2.exe
2017-03-01 19:35 - 2017-03-01 19:35 - 00000000 _____ C:\Windows\SysWOW64\RzSurroundVADAudioDeviceManager_log.txt
2017-03-01 19:27 - 2017-03-01 19:27 - 00000000 ____D C:\Program Files (x86)\Realtek
2017-03-01 19:27 - 2016-09-22 14:55 - 02839520 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2017-03-01 19:00 - 2017-03-01 19:00 - 79525944 _____ (NVIDIA Corporation) C:\Users\Kitten\Downloads\GeForce_Experience_v3.4.0.70.exe
2017-03-01 18:58 - 2017-03-01 18:58 - 00032832 _____ C:\Windows\SysWOW64\rnd_chunk.bin
2017-03-01 18:56 - 2017-03-01 18:56 - 00656608 _____ (PC Drivers HeadQuarters LP) C:\Users\Kitten\Downloads\DriverSupport.exe
2017-03-01 18:51 - 2017-03-01 18:51 - 00000000 ____D C:\Users\Kitten\AppData\Local\Creative
2017-03-01 18:46 - 2017-03-03 10:36 - 00026192 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2017-03-01 18:45 - 2017-03-01 18:45 - 00466520 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2017-03-01 18:45 - 2017-03-01 18:45 - 00445016 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2017-03-01 18:45 - 2017-03-01 18:45 - 00123480 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2017-03-01 18:45 - 2017-03-01 18:45 - 00109144 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2017-03-01 18:45 - 2017-03-01 18:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
2017-03-01 18:45 - 2015-03-09 11:21 - 01898496 ____N (Creative) C:\Windows\system32\Sens_oal.dll
2017-03-01 18:45 - 2015-03-09 11:17 - 01609728 ____N (Creative) C:\Windows\SysWOW64\Sens_oal.dll
2017-03-01 18:45 - 2009-12-23 18:49 - 00809560 ____R (Creative Labs Inc.) C:\Windows\SysWOW64\tmp51D8.tmp
2017-03-01 18:45 - 2000-05-11 01:00 - 00090112 ____N (Creative Technology Ltd.) C:\Windows\Updreg.EXE
2017-03-01 18:44 - 2015-11-25 08:15 - 00004850 _____ C:\Windows\cthdaENG.reg
2017-03-01 17:38 - 2017-03-01 17:38 - 217553063 _____ (Realtek Semiconductor Corp.) C:\Users\Kitten\Downloads\0008-64bit_Win7_Win8_Win81_Win10_R281(1).exe
2017-03-01 12:01 - 2017-03-01 12:01 - 05903156 _____ C:\Users\Kitten\Downloads\mb_bios_ga-z170x-gaming7_f20(1).zip
2017-03-01 11:59 - 2016-11-14 23:31 - 00000020 _____ C:\Users\Kitten\Downloads\autoexec.bat
2017-03-01 11:59 - 2016-11-04 03:48 - 16777216 _____ C:\Users\Kitten\Downloads\Z170XG7.F20
2017-03-01 11:59 - 2015-10-07 00:42 - 00074718 _____ C:\Users\Kitten\Downloads\Efiflash.exe
2017-03-01 11:58 - 2017-03-01 11:58 - 05903156 _____ C:\Users\Kitten\Downloads\mb_bios_ga-z170x-gaming7_f20.zip
2017-03-01 11:44 - 2017-03-01 11:44 - 01598920 _____ (CPUID, Inc. ) C:\Users\Kitten\Downloads\cpu-z_1.78-gbt-en.exe
2017-03-01 09:00 - 2017-03-02 12:38 - 00000000 ____D C:\Program Files (x86)\GIGABYTE
2017-03-01 09:00 - 2015-06-02 06:20 - 00005120 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\acpimof_ocpanel.dll
2017-03-01 08:55 - 2017-03-01 08:55 - 00000000 ____D C:\Windows\System32\Tasks\Intel
2017-03-01 08:55 - 2017-03-01 08:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderbolt™ Software
2017-03-01 08:54 - 2017-03-01 08:54 - 00817664 _____ (Intel Corporation) C:\Windows\system32\Drivers\ausb3xhc.sys
2017-03-01 08:54 - 2017-03-01 08:54 - 00404480 _____ (Intel Corporation) C:\Windows\system32\Drivers\ausb3hub.sys
2017-03-01 08:54 - 2017-03-01 08:54 - 00000000 ____D C:\Program Files (x86)\ASM106xSATA
2017-03-01 08:54 - 2017-03-01 08:54 - 00000000 ____D C:\Intel
2017-03-01 08:54 - 2015-09-04 06:55 - 00805616 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3xhc.sys
2017-03-01 08:54 - 2015-09-04 06:55 - 00394992 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3hub.sys
2017-03-01 08:53 - 2017-03-01 08:53 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2017-03-01 08:53 - 2017-03-01 08:53 - 00000000 ____D C:\Users\Kitten\AppData\Roaming\Intel Corporation
2017-03-01 08:53 - 2017-03-01 08:53 - 00000000 ____D C:\ProgramData\Downloaded Installations
2017-03-01 08:52 - 2016-01-15 02:34 - 00001904 ____N C:\Windows\system32\SetupBD.din
2017-03-01 08:51 - 2016-02-08 06:48 - 00403576 ____R (Intel Corporation) C:\Windows\system32\PROUnstl.exe
2017-03-01 08:51 - 2015-11-23 19:25 - 00003130 _____ C:\Windows\system32\e1d62x64.din
2017-03-01 08:51 - 2015-11-23 19:08 - 00510952 _____ (Intel Corporation) C:\Windows\system32\Drivers\e1d62x64.sys
2017-03-01 08:51 - 2015-06-16 08:28 - 00090608 _____ (Intel Corporation) C:\Windows\system32\NicInstD.dll
2017-03-01 08:51 - 2014-04-18 10:18 - 00073512 _____ (Intel Corporation) C:\Windows\system32\e1dmsg.dll
2017-03-01 08:51 - 2014-04-17 20:17 - 00125728 _____ (Intel Corporation) C:\Windows\system32\NicCo4.dll
2017-03-01 08:51 - 2009-12-23 18:49 - 00809560 ____R (Creative Labs Inc.) C:\Windows\SysWOW64\tmpA2C4.tmp
2017-03-01 08:51 - 2003-06-12 23:25 - 00007062 _____ C:\Windows\SysWOW64\audiopid.vxd
2017-03-01 08:50 - 2017-03-01 18:45 - 00000000 ____D C:\Program Files (x86)\Creative
2017-03-01 08:50 - 2017-03-01 18:44 - 00000078 ___RH C:\Windows\ctfile.rfc
2017-03-01 08:50 - 2017-03-01 17:45 - 00000000 ____D C:\Users\Public\Creative
2017-03-01 08:49 - 2017-03-01 09:00 - 00000000 ____D C:\Program Files (x86)\Intel
2017-03-01 08:49 - 2017-03-01 08:49 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2017-03-01 08:49 - 2017-03-01 08:49 - 00000000 ____D C:\Users\Kitten\Intel
2017-03-01 08:49 - 2017-03-01 08:49 - 00000000 ____D C:\ProgramData\Intel
2017-03-01 08:48 - 2017-03-01 08:54 - 00000000 ____D C:\Program Files\Intel
2017-03-01 08:48 - 2017-03-01 08:48 - 00000000 ____D C:\ProgramData\NortonInstaller
2017-03-01 08:47 - 2017-03-01 18:41 - 00000010 _____ C:\Windows\GSetup.ini
2017-03-01 08:47 - 2017-02-28 21:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2017-03-01 01:10 - 2017-03-01 01:10 - 217553063 _____ (Realtek Semiconductor Corp.) C:\Users\Kitten\Downloads\0008-64bit_Win7_Win8_Win81_Win10_R281.exe
2017-03-01 00:43 - 2017-03-01 00:43 - 00000000 ____D C:\ProgramData\Creative
2017-03-01 00:08 - 2017-03-01 18:24 - 00000000 ____D C:\Windows10Upgrade
2017-03-01 00:08 - 2017-03-01 00:08 - 05741448 _____ (Microsoft Corporation) C:\Users\Kitten\Downloads\Windows10Upgrade24074.exe
2017-03-01 00:08 - 2017-03-01 00:08 - 00000694 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Upgrade Assistant.lnk
2017-03-01 00:08 - 2017-03-01 00:08 - 00000682 _____ C:\Users\Kitten\Desktop\Windows 10 Upgrade Assistant.lnk
2017-03-01 00:08 - 2017-03-01 00:08 - 00000000 ___HD C:\$GetCurrent
2017-02-28 23:42 - 2017-02-28 23:42 - 01691752 _____ C:\Windows\rstcli.exe
2017-02-28 23:42 - 2017-02-28 23:42 - 00001506 _____ C:\Windows\Gcli.txt
2017-02-28 23:42 - 2017-02-28 23:42 - 00000027 _____ C:\Windows\cli.bat
2017-02-28 22:40 - 2017-02-28 22:40 - 00000000 ____D C:\Users\Kitten\Documents\EasyTune
2017-02-28 22:20 - 2017-02-28 22:27 - 252634320 _____ (Intel Corporation) C:\Users\Kitten\Downloads\win64_154514.4590.exe
2017-02-28 21:51 - 2017-03-02 17:36 - 00000000 ____D C:\Users\Kitten\Documents\UtechSmart 16400DPI Gaming Mouse
2017-02-28 21:51 - 2017-02-28 21:51 - 08531912 _____ C:\Users\Kitten\Downloads\UtechSmart-Venus-Driver.rar
2017-02-28 21:51 - 2017-02-28 21:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UtechSmart 16400DPI VENUS Gaming Mouse
2017-02-28 21:51 - 2017-02-28 21:51 - 00000000 ____D C:\Program Files (x86)\UtechSmart 16400DPI VENUS Gaming Mouse
2017-02-28 21:51 - 2015-03-24 23:04 - 06945515 _____ (UtechSmart ) C:\Users\Kitten\Downloads\setup.exe
2017-02-28 21:51 - 2014-03-23 17:04 - 02770432 _____ C:\Users\Kitten\Downloads\AUTORUN.exe
2017-02-28 21:51 - 2013-08-27 18:09 - 01722880 _____ (Microsoft Corporation) C:\Users\Kitten\Downloads\GdiPlus.dll
2017-02-28 21:49 - 2017-02-28 21:49 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_VirtDiskBus64_01009.Wdf
2017-02-28 21:49 - 2011-02-08 11:32 - 00066160 _____ (Giga-Byte Technology CO., LTD.) C:\Windows\system32\Drivers\VirtDiskBus64.sys
2017-02-28 21:49 - 2009-07-14 09:51 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2017-02-28 21:44 - 2013-10-28 05:32 - 00022240 _____ C:\Windows\system32\Drivers\AppleCharger.sys
2017-02-28 21:44 - 2013-10-24 12:59 - 00022240 _____ C:\Windows\system32\Drivers\UsbCharger.sys
2017-02-28 21:44 - 2010-04-06 12:00 - 00031272 _____ C:\Windows\system32\AppleChargerSrv.exe
2017-02-28 21:43 - 2017-02-28 21:43 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2017-02-28 21:43 - 2017-02-28 21:43 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2017-02-28 21:42 - 2017-02-28 21:42 - 10047488 _____ () C:\Windows\system32\BT_Socket.dll
2017-02-28 21:42 - 2017-02-28 21:42 - 00389632 _____ C:\Windows\system32\AutoGreenCP.dll
2017-02-28 21:40 - 2017-02-28 21:44 - 00000000 ____D C:\Program Files\Gigabyte
2017-02-28 21:37 - 2017-03-01 20:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE
2017-02-23 02:58 - 2017-03-01 19:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-02-23 02:51 - 2017-02-23 02:51 - 00000020 ___SH C:\Users\UpdatusUser.Kitten-PC\ntuser.ini
2017-02-23 02:51 - 2017-02-23 02:51 - 00000000 _SHDL C:\Users\UpdatusUser.Kitten-PC\My Documents
2017-02-23 02:51 - 2017-02-23 02:51 - 00000000 _SHDL C:\Users\UpdatusUser.Kitten-PC\Documents\My Videos
2017-02-23 02:51 - 2017-02-23 02:51 - 00000000 _SHDL C:\Users\UpdatusUser.Kitten-PC\Documents\My Pictures
2017-02-23 02:51 - 2017-02-23 02:51 - 00000000 _SHDL C:\Users\UpdatusUser.Kitten-PC\Documents\My Music
2017-02-23 02:51 - 2017-02-23 02:51 - 00000000 ____D C:\Users\UpdatusUser.Kitten-PC
2017-02-23 02:51 - 2016-05-03 12:30 - 00000000 ____D C:\Users\UpdatusUser.Kitten-PC\AppData\Roaming\TuneUp Software
2017-02-23 02:51 - 2011-04-12 00:28 - 00000000 ____D C:\Users\UpdatusUser.Kitten-PC\AppData\Roaming\Media Center Programs

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-03 10:39 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2017-03-03 10:38 - 2016-04-14 15:33 - 00000000 ____D C:\ProgramData\Avg
2017-03-03 10:38 - 2016-04-14 15:33 - 00000000 ____D C:\Program Files (x86)\AVG
2017-03-03 10:38 - 2016-04-14 15:31 - 00000000 ____D C:\Users\Kitten\AppData\Local\AvgSetupLog
2017-03-03 10:38 - 2016-04-14 13:39 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-03 10:37 - 2016-11-16 00:50 - 00000000 ____D C:\Users\Kitten\AppData\LocalLow\Mozilla
2017-03-03 10:37 - 2016-04-14 18:08 - 00000000 ____D C:\Users\Kitten\AppData\Roaming\Skype
2017-03-03 10:36 - 2016-12-21 00:16 - 00000000 ____D C:\ProgramData\Origin
2017-03-03 10:36 - 2016-04-14 16:09 - 00000000 ____D C:\Program Files (x86)\Steam
2017-03-03 10:36 - 2016-04-14 15:35 - 00000000 ____D C:\Program Files\Common Files\AV
2017-03-03 10:36 - 2016-04-14 15:34 - 00000000 ____D C:\ProgramData\MFAData
2017-03-03 10:36 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-03 10:34 - 2016-04-14 15:35 - 00000000 ___HD C:\$AVG
2017-03-03 10:31 - 2009-07-13 20:45 - 00030416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-03 10:31 - 2009-07-13 20:45 - 00030416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-03 10:29 - 2016-04-14 15:16 - 00000000 ____D C:\Users\Kitten\AppData\Roaming\uTorrent
2017-03-03 10:29 - 2009-07-13 21:13 - 00783114 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-03 10:13 - 2016-04-14 20:22 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-03-03 10:13 - 2016-04-14 20:22 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-03 10:13 - 2016-04-14 20:22 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-03-03 10:13 - 2016-04-14 20:22 - 00000000 ____D C:\Windows\system32\Macromed
2017-03-03 10:13 - 2016-04-14 17:02 - 00000000 ____D C:\Users\Kitten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-03-03 10:13 - 2016-04-14 17:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-03-03 10:13 - 2016-04-14 14:30 - 00000000 ____D C:\Program Files\WinRAR
2017-03-03 02:21 - 2016-05-27 15:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EpicBot
2017-03-03 02:21 - 2016-05-05 12:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overwatch
2017-03-03 02:21 - 2016-05-05 12:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2017-03-03 02:21 - 2016-04-14 13:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2017-03-03 01:57 - 2016-11-15 03:39 - 00000000 ____D C:\Users\Kitten\AppData\Local\FirestormOS_x64
2017-03-03 01:37 - 2016-04-14 13:34 - 00000000 ____D C:\Users\Kitten\AppData\Local\Google
2017-03-03 01:31 - 2016-04-14 17:05 - 00000000 ____D C:\Users\Kitten
2017-03-03 00:31 - 2016-04-15 05:59 - 00000000 ____D C:\Users\Kitten\AppData\Local\CrashDumps
2017-03-03 00:22 - 2017-01-08 12:29 - 00000000 ____D C:\Users\Kitten\AppData\LocalLow\uTorrent
2017-03-03 00:22 - 2016-06-21 09:49 - 00000000 ____D C:\Users\Kitten\AppData\Roaming\discord
2017-03-03 00:19 - 2016-10-03 16:00 - 00000000 ____D C:\Users\Kitten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nexon
2017-03-03 00:19 - 2016-09-05 15:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TERA
2017-03-03 00:19 - 2016-07-17 04:47 - 00000000 ____D C:\Users\Kitten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2017-03-03 00:19 - 2016-05-07 08:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
2017-03-03 00:07 - 2016-04-14 15:18 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-02 21:24 - 2016-07-13 14:57 - 00000000 ____D C:\Users\Kitten\AppData\Roaming\Telegram Desktop
2017-03-02 19:51 - 2016-04-14 13:39 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-03-02 18:46 - 2016-12-26 19:41 - 00000000 ____D C:\Users\Kitten\AppData\Local\Ubisoft Game Launcher
2017-03-02 16:42 - 2016-04-14 15:48 - 00000000 ____D C:\ProgramData\AVG Web TuneUp
2017-03-02 16:42 - 2016-04-14 15:48 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp
2017-03-02 14:46 - 2016-04-14 17:34 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-02 12:41 - 2016-04-14 14:30 - 00000000 ____D C:\Program Files\Google
2017-03-02 12:41 - 2016-04-14 13:34 - 00000000 ____D C:\Program Files (x86)\Google
2017-03-02 12:39 - 2016-04-14 17:53 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-03-01 20:41 - 2016-04-14 16:35 - 00000000 ____D C:\Program Files\Firestorm-Releasex64
2017-03-01 20:16 - 2016-06-03 23:23 - 00961536 ___SH C:\Users\Kitten\Documents\Thumbs.db
2017-03-01 20:13 - 2016-04-15 05:57 - 00000000 ____D C:\Users\Kitten\AppData\Local\NVIDIA Corporation
2017-03-01 19:52 - 2016-04-14 13:39 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-03-01 19:52 - 2016-04-14 13:38 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-03-01 19:44 - 2016-04-15 05:57 - 00000000 ____D C:\Users\Kitten\AppData\Local\NVIDIA
2017-03-01 19:35 - 2016-04-14 14:21 - 00000000 ____D C:\ProgramData\Razer
2017-03-01 19:29 - 2016-04-14 13:27 - 00000000 ___HD C:\Program Files (x86)\Temp
2017-03-01 19:02 - 2016-04-16 04:32 - 00000000 ____D C:\Windows\system32\MRT
2017-03-01 19:00 - 2016-04-16 04:32 - 138020592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-03-01 18:26 - 2016-05-20 02:08 - 00000000 ____D C:\Users\Kitten\AppData\Local\Jagex
2017-03-01 18:26 - 2016-05-20 02:08 - 00000000 ____D C:\ProgramData\Jagex
2017-03-01 18:26 - 2016-04-14 14:54 - 00000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server
2017-03-01 18:25 - 2016-04-14 14:18 - 00000000 ____D C:\Windows\system32\DAX2
2017-03-01 11:45 - 2016-04-14 14:58 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2017-03-01 11:41 - 2016-04-14 13:38 - 00000000 ____D C:\Windows\pss
2017-03-01 08:53 - 2016-04-14 14:24 - 00798048 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-02-28 23:11 - 2016-04-14 18:15 - 00003414 _____ C:\Windows\System32\Tasks\GyazoUpdateTaskMachineDaily
2017-02-28 23:11 - 2016-04-14 18:15 - 00003288 _____ C:\Windows\System32\Tasks\GyazoUpdateTaskMachine
2017-02-28 23:11 - 2016-04-14 16:51 - 00000000 ____D C:\Program Files (x86)\Gyazo
2017-02-28 22:55 - 2016-12-21 00:17 - 00000000 ____D C:\Program Files (x86)\Origin
2017-02-28 22:55 - 2016-04-14 18:08 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-02-28 22:55 - 2016-04-14 18:08 - 00000000 ____D C:\ProgramData\Skype
2017-02-28 22:39 - 2009-07-13 20:45 - 00307256 _____ C:\Windows\system32\FNTCACHE.DAT
2017-02-28 21:51 - 2016-04-14 13:45 - 00060336 _____ C:\Users\Kitten\AppData\Local\GDIPFONTCACHEV1.DAT
2017-02-28 21:45 - 2016-04-14 13:34 - 00002195 ____H C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-28 21:45 - 2016-04-14 13:34 - 00002183 ____H C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-28 21:38 - 2016-11-11 20:24 - 00000000 ____D C:\Users\Kitten\AppData\Local\Downloaded Installations
2017-02-23 02:48 - 2016-04-14 15:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-09 16:52 - 2016-04-14 13:39 - 19110088 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2017-02-09 16:52 - 2016-04-14 13:39 - 16510160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2017-02-09 16:52 - 2016-04-14 13:39 - 13377072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2017-02-09 16:52 - 2016-04-14 13:39 - 04064088 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2017-02-09 16:52 - 2016-04-14 13:39 - 03583560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2017-02-09 16:52 - 2016-04-14 13:39 - 01600056 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2017-02-09 16:52 - 2016-04-14 13:39 - 00042606 _____ C:\Windows\system32\nvinfo.pb
2017-02-09 16:52 - 2012-11-06 15:54 - 00514616 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2017-02-09 16:52 - 2012-11-06 15:54 - 00418752 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2017-02-09 14:57 - 2016-04-15 05:56 - 00548288 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2017-02-09 14:57 - 2016-04-15 05:56 - 00083512 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2017-02-09 14:57 - 2016-04-14 13:39 - 07791217 _____ C:\Windows\system32\nvcoproc.bin
2017-02-09 14:57 - 2016-04-14 13:39 - 06403640 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2017-02-09 14:57 - 2016-04-14 13:39 - 02477504 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2017-02-09 14:57 - 2016-04-14 13:39 - 01764408 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2017-02-09 14:57 - 2016-04-14 13:39 - 00393784 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2017-02-09 14:57 - 2016-04-14 13:39 - 00071224 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll

==================== Files in the root of some directories =======

2017-03-03 00:15 - 2017-03-03 00:15 - 0018432 _____ () C:\Users\Kitten\AppData\Roaming\Main.dat
2016-10-25 11:28 - 2016-10-25 11:28 - 0001181 _____ () C:\Users\Kitten\AppData\Roaming\trace_FilterInstaller.1.txt
2016-10-25 11:28 - 2016-10-25 11:33 - 0000919 _____ () C:\Users\Kitten\AppData\Roaming\trace_FilterInstaller.txt
2016-10-25 11:28 - 2016-10-25 11:33 - 0000000 _____ () C:\Users\Kitten\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2017-03-03 00:14 - 2017-03-03 00:14 - 0022528 _____ () C:\Users\Kitten\AppData\Local\evyzuf.dll
2017-01-24 11:30 - 2017-01-24 11:30 - 0023700 _____ () C:\Users\Kitten\AppData\Local\recently-used.xbel
2016-05-27 10:01 - 2016-09-11 08:32 - 0007599 _____ () C:\Users\Kitten\AppData\Local\Resmon.ResmonCfg
2016-04-14 14:18 - 2016-04-14 14:18 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-10-03 15:45 - 2016-10-03 15:45 - 0000016 _____ () C:\ProgramData\mntemp

Some files in TEMP:
====================
2017-03-03 00:19 - 2017-03-03 00:19 - 0000000 _____ () C:\Users\Kitten\AppData\Local\Temp\global_installer.exe
2017-02-03 20:06 - 2017-02-03 20:06 - 0244264 _____ (McAfee, Inc.) C:\Users\Kitten\AppData\Local\Temp\McCSPInstall.dll
2017-03-03 00:19 - 2017-03-03 00:19 - 1199825 _____ () C:\Users\Kitten\AppData\Local\Temp\unins000.exe

Some zero byte size files/folders:
==========================
C:\Windows\cudart64_80.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-01 22:21

==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:19 PM

Posted 04 March 2017 - 11:28 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:


(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.7\ToolbarUpdater.exe
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3778399154-3554267619-3536051004-1000\...\Run: [evyzuf] => rundll32.exe "C:\Users\Kitten\AppData\Local\evyzuf.dll",evyzuf <===== ATTENTION
HKU\S-1-5-18\...\Run: [] => [X]
SearchScopes: HKU\S-1-5-21-3778399154-3554267619-3536051004-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={4C39F4BF-59C0-48E0-9A0A-DF562DBC0922}&mid=8da00acd34a847cc8312b1ed0a864542-9534c202819e8cc9e65f3fefbd52221ad3a8024c&lang=en&ds=AVG&coid=avgtbavg&cmpid=0816tb&pr=fr&d=2016-04-14 16:48:19&v=4.3.2.18&pid=wtu&sg=&sap=dsp&q={searchTerms}
FF SearchPlugin: C:\Users\Kitten\AppData\Roaming\Mozilla\Firefox\Profiles\jl2d71i4.default\searchplugins\avg-secure-search.xml [2016-09-29]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.7\\npsitesafety.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR HomePage: Default -> mysearch.avg.com/?rvt=1
CHR DefaultSearchURL: Default -> hxxps://mysearch.avg.com/search?rvt=1&sap=dsp&q={searchTerms}
CHR DefaultSearchKeyword: Default -> https://mysearch.avg.com
CHR DefaultSuggestURL: Default -> hxxps://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR Extension: (AVG Secure Search) - C:\Users\Kitten\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2016-08-11]
CHR Extension: (TwitchAlerts Stream Labels) - C:\Users\Kitten\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmggmdngboajiakmbpdknfpdelbjbcg [2017-01-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Kitten\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-14]
CHR Extension: (Chrome Media Router) - C:\Users\Kitten\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-17]
CHR HKU\S-1-5-21-3778399154-3554267619-3536051004-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [chfdnecihphmhljaaejmgoiahnihplgn] - hxxps://clients2.google.com/service/update2/crx
R2 vToolbarUpdater40.3.7; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.7\ToolbarUpdater.exe [1354312 2017-03-02] (AVG Secure Search)
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S2 mbamchameleon; \SystemRoot\system32\drivers\MBAMChameleon.sys [X]
S3 MBAMFarflt; \??\C:\Windows\system32\drivers\farflt.sys [X]
S3 MBAMProtection; \??\C:\Windows\system32\drivers\mbam.sys [X]

Task: {0C5EA96A-9DFD-411C-B005-27BCCB04BD20} - System32\Tasks\Microsoft\Windows\Media Center\VCore => C:\\ProgramData\\vCore\\VCore.exe [2017-03-02] () <==== ATTENTION
Task: {2EEDDB95-DC48-41CC-A204-F604DCB2928E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {54269A5B-0951-4CA8-AC51-CE3D4CC10A3B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {813F6459-1FE3-45AF-A086-8B01E6652F01} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {86855DF5-880E-4F28-AFD7-6AB26FD13FDB} - System32\Tasks\QForlLgs0EYm => qforllgs0eym.exe
Task: {8F930FC1-7CC7-4E6C-8479-CA067DD3F2CB} - System32\Tasks\hostTask => C:\ProgramData\CloudPrinter\tree.exe
Task: {9208A12C-9573-41D8-8774-4805AC09DCCD} - \{787F0D47-7D0B-0A09-0E11-0E0D0A05110C} -> No File <==== ATTENTION
Task: {A0523EBA-694B-4052-9686-7E78D2132A9B} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {B88AEBDD-FAE9-41E0-8158-10751BA1C6F0} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {C67BF703-3631-43D6-84D1-94DE7EC267C0} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Task: C:\Windows\Tasks\Online Application Updater.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online Application Updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\Online Application v2 Guard.job => C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\Windows\Tasks\Online Application v2 Guardian.job => C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\Windows\Tasks\Online Application v2.job => C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\Windows\Tasks\Online Application v209 Guard.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: C:\Windows\Tasks\Online Application v209 Guardian.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: C:\Windows\Tasks\Online Application v209.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== ATTENTION
Shortcut: C:\Users\Kitten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Int?rnet ?xpl?r?r.lnk -> C:\Users\Kitten\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Kitten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nexon\N???n L?unch?r.lnk -> C:\Users\Kitten\AppData\Roaming\Browsers\exe.rehcnual_noxen.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Kitten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\?witchAl?rts Str?am Labels.lnk -> C:\Users\Kitten\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Kitten\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\G?ogl? Chrome.lnk -> C:\Users\Kitten\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Kitten\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\L?unch Int?rnet Ex?l?rer ?rows?r.lnk -> C:\Users\Kitten\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Kitten\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\??zill? Firef?x.lnk -> C:\Users\Kitten\AppData\Roaming\Browsers\exe.xoferif.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Kitten\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\??zill? Firef?x.lnk -> C:\Users\Kitten\AppData\Roaming\Browsers\exe.xoferif.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Kitten\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\b15f30ab853b7d31\Di?blo III.lnk -> C:\Users\Kitten\AppData\Roaming\Browsers\exe.rehcnual iii olbaid.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Public\Desktop\Di?blo III.lnk -> C:\Users\Kitten\AppData\Roaming\Browsers\exe.rehcnual iii olbaid.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Public\Desktop\G??gl? ?hr?me.lnk -> C:\Users\Kitten\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Public\Desktop\??ttl?.n?t.lnk -> C:\Users\Kitten\AppData\Roaming\Browsers\exe.rehcnual ten.elttab.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Public\Desktop\??zill? Fir?fox.lnk -> C:\Users\Kitten\AppData\Roaming\Browsers\exe.xoferif.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Public\Desktop\?v?rw?t?h.lnk -> C:\Users\Kitten\AppData\Roaming\Browsers\exe.rehcnual hctawrevo.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Public\Desktop\?ER?-L?uncher.lnk -> C:\Users\Kitten\AppData\Roaming\Browsers\exe.rehcnual-aret.bat (No File) <===== Cyrillic
C:\\ProgramData\\vCore
C:\ProgramData\CloudPrinter\tree.exe

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.

#3 Sovereign

Sovereign
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 07 March 2017 - 03:10 AM

Sorry for the delay, ended up solving some of the hundreds of malware but now I still have registry adware and PUPs and some other malware lingering around.

 

 

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 05-03-2017
Ran by Kitten (07-03-2017 00:04:58) Run:1
Running from C:\Users\Kitten\Desktop\New folder (2)
Loaded Profiles: Kitten (Available Profiles: Kitten)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:


(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.7\ToolbarUpdater.exe
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3778399154-3554267619-3536051004-1000\...\Run: [evyzuf] => rundll32.exe "C:\Users\Kitten\AppData\Local\evyzuf.dll",evyzuf <===== ATTENTION
HKU\S-1-5-18\...\Run: [] => [X]
SearchScopes: HKU\S-1-5-21-3778399154-3554267619-3536051004-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={4C39F4BF-59C0-48E0-9A0A-DF562DBC0922}&mid=8da00acd34a847cc8312b1ed0a864542-9534c202819e8cc9e65f3fefbd52221ad3a8024c&lang=en&ds=AVG&coid=avgtbavg&cmpid=0816tb&pr=fr&d=2016-04-14 16:48:19&v=4.3.2.18&pid=wtu&sg=&sap=dsp&q={searchTerms}
FF SearchPlugin: C:\Users\Kitten\AppData\Roaming\Mozilla\Firefox\Profiles\jl2d71i4.default\searchplugins\avg-secure-search.xml [2016-09-29]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.7\\npsitesafety.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR HomePage: Default -> mysearch.avg.com/?rvt=1
CHR DefaultSearchURL: Default -> hxxps://mysearch.avg.com/search?rvt=1&sap=dsp&q={searchTerms}
CHR DefaultSearchKeyword: Default -> https://mysearch.avg.com
CHR DefaultSuggestURL: Default -> hxxps://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR Extension: (AVG Secure Search) - C:\Users\Kitten\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2016-08-11]
CHR Extension: (TwitchAlerts Stream Labels) - C:\Users\Kitten\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmggmdngboajiakmbpdknfpdelbjbcg [2017-01-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Kitten\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-14]
CHR Extension: (Chrome Media Router) - C:\Users\Kitten\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-17]
CHR HKU\S-1-5-21-3778399154-3554267619-3536051004-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [chfdnecihphmhljaaejmgoiahnihplgn] - hxxps://clients2.google.com/service/update2/crx
R2 vToolbarUpdater40.3.7; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.7\ToolbarUpdater.exe [1354312 2017-03-02] (AVG Secure Search)
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S2 mbamchameleon; \SystemRoot\system32\drivers\MBAMChameleon.sys [X]
S3 MBAMFarflt; \??\C:\Windows\system32\drivers\farflt.sys [X]
S3 MBAMProtection; \??\C:\Windows\system32\drivers\mbam.sys [X]

Task: {0C5EA96A-9DFD-411C-B005-27BCCB04BD20} - System32\Tasks\Microsoft\Windows\Media Center\VCore => C:\\ProgramData\\vCore\\VCore.exe [2017-03-02] () <==== ATTENTION
Task: {2EEDDB95-DC48-41CC-A204-F604DCB2928E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {54269A5B-0951-4CA8-AC51-CE3D4CC10A3B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {813F6459-1FE3-45AF-A086-8B01E6652F01} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {86855DF5-880E-4F28-AFD7-6AB26FD13FDB} - System32\Tasks\QForlLgs0EYm => qforllgs0eym.exe
Task: {8F930FC1-7CC7-4E6C-8479-CA067DD3F2CB} - System32\Tasks\hostTask => C:\ProgramData\CloudPrinter\tree.exe
Task: {9208A12C-9573-41D8-8774-4805AC09DCCD} - \{787F0D47-7D0B-0A09-0E11-0E0D0A05110C} -> No File <==== ATTENTION
Task: {A0523EBA-694B-4052-9686-7E78D2132A9B} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {B88AEBDD-FAE9-41E0-8158-10751BA1C6F0} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {C67BF703-3631-43D6-84D1-94DE7EC267C0} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Task: C:\Windows\Tasks\Online Application Updater.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online Application Updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\Online Application v2 Guard.job => C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\Windows\Tasks\Online Application v2 Guardian.job => C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\Windows\Tasks\Online Application v2.job => C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\Windows\Tasks\Online Application v209 Guard.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: C:\Windows\Tasks\Online Application v209 Guardian.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: C:\Windows\Tasks\Online Application v209.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== ATTENTION
Shortcut: C:\Users\Kitten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Int?rnet ?xpl?r?r.lnk -> C:\Users\Kitten\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Kitten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nexon\N???n L?unch?r.lnk -> C:\Users\Kitten\AppData\Roaming\Browsers\exe.rehcnual_noxen.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Kitten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\?witchAl?rts Str?am Labels.lnk -> C:\Users\Kitten\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Kitten\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\G?ogl? Chrome.lnk -> C:\Users\Kitten\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Kitten\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\L?unch Int?rnet Ex?l?rer ?rows?r.lnk -> C:\Users\Kitten\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Kitten\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\??zill? Firef?x.lnk -> C:\Users\Kitten\AppData\Roaming\Browsers\exe.xoferif.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Kitten\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\??zill? Firef?x.lnk -> C:\Users\Kitten\AppData\Roaming\Browsers\exe.xoferif.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Kitten\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\b15f30ab853b7d31\Di?blo III.lnk -> C:\Users\Kitten\AppData\Roaming\Browsers\exe.rehcnual iii olbaid.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Public\Desktop\Di?blo III.lnk -> C:\Users\Kitten\AppData\Roaming\Browsers\exe.rehcnual iii olbaid.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Public\Desktop\G??gl? ?hr?me.lnk -> C:\Users\Kitten\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Public\Desktop\??ttl?.n?t.lnk -> C:\Users\Kitten\AppData\Roaming\Browsers\exe.rehcnual ten.elttab.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Public\Desktop\??zill? Fir?fox.lnk -> C:\Users\Kitten\AppData\Roaming\Browsers\exe.xoferif.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Public\Desktop\?v?rw?t?h.lnk -> C:\Users\Kitten\AppData\Roaming\Browsers\exe.rehcnual hctawrevo.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Public\Desktop\?ER?-L?uncher.lnk -> C:\Users\Kitten\AppData\Roaming\Browsers\exe.rehcnual-aret.bat (No File) <===== Cyrillic
C:\\ProgramData\\vCore
C:\ProgramData\CloudPrinter\tree.exe

End
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.7\ToolbarUpdater.exe => No running process found
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-3778399154-3554267619-3536051004-1000\Software\Microsoft\Windows\CurrentVersion\Run\\evyzuf => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-3778399154-3554267619-3536051004-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
C:\Users\Kitten\AppData\Roaming\Mozilla\Firefox\Profiles\jl2d71i4.default\searchplugins\avg-secure-search.xml => moved successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
Chrome HomePage => removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
Chrome DefaultSuggestURL => removed successfully
C:\Users\Kitten\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn => moved successfully
C:\Users\Kitten\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmggmdngboajiakmbpdknfpdelbjbcg => moved successfully
C:\Users\Kitten\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\Kitten\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
HKU\S-1-5-21-3778399154-3554267619-3536051004-1000\SOFTWARE\Google\Chrome\Extensions\chfdnecihphmhljaaejmgoiahnihplgn => key removed successfully
HKLM\System\CurrentControlSet\Services\vToolbarUpdater40.3.7 => key removed successfully
vToolbarUpdater40.3.7 => service removed successfully
HKLM\System\CurrentControlSet\Services\IntcAzAudAddService => key removed successfully
IntcAzAudAddService => service removed successfully
HKLM\System\CurrentControlSet\Services\mbamchameleon => key removed successfully
mbamchameleon => service removed successfully
HKLM\System\CurrentControlSet\Services\MBAMFarflt => key removed successfully
MBAMFarflt => service removed successfully
HKLM\System\CurrentControlSet\Services\MBAMProtection => key removed successfully
MBAMProtection => service removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0C5EA96A-9DFD-411C-B005-27BCCB04BD20} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C5EA96A-9DFD-411C-B005-27BCCB04BD20} => key removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\Media Center\VCore => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\VCore => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2EEDDB95-DC48-41CC-A204-F604DCB2928E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2EEDDB95-DC48-41CC-A204-F604DCB2928E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsBackup\ConfigNotification => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{54269A5B-0951-4CA8-AC51-CE3D4CC10A3B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{54269A5B-0951-4CA8-AC51-CE3D4CC10A3B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{813F6459-1FE3-45AF-A086-8B01E6652F01} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{813F6459-1FE3-45AF-A086-8B01E6652F01} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{86855DF5-880E-4F28-AFD7-6AB26FD13FDB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{86855DF5-880E-4F28-AFD7-6AB26FD13FDB} => key removed successfully
C:\Windows\System32\Tasks\QForlLgs0EYm => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\QForlLgs0EYm => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8F930FC1-7CC7-4E6C-8479-CA067DD3F2CB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F930FC1-7CC7-4E6C-8479-CA067DD3F2CB} => key not found.
C:\Windows\System32\Tasks\hostTask => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\hostTask => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9208A12C-9573-41D8-8774-4805AC09DCCD} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9208A12C-9573-41D8-8774-4805AC09DCCD} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{787F0D47-7D0B-0A09-0E11-0E0D0A05110C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A0523EBA-694B-4052-9686-7E78D2132A9B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A0523EBA-694B-4052-9686-7E78D2132A9B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC4E5ACF-89F7-4220-BA21-81EE183975E2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC4E5ACF-89F7-4220-BA21-81EE183975E2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B88AEBDD-FAE9-41E0-8158-10751BA1C6F0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B88AEBDD-FAE9-41E0-8158-10751BA1C6F0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C67BF703-3631-43D6-84D1-94DE7EC267C0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C67BF703-3631-43D6-84D1-94DE7EC267C0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector => key removed successfully
C:\Windows\Tasks\Online Application Updater.job => moved successfully
C:\Windows\Tasks\Online Application v2 Guard.job => moved successfully
C:\Windows\Tasks\Online Application v2 Guardian.job => moved successfully
C:\Windows\Tasks\Online Application v2.job => moved successfully
C:\Windows\Tasks\Online Application v209 Guard.job => moved successfully
C:\Windows\Tasks\Online Application v209 Guardian.job => moved successfully
C:\Windows\Tasks\Online Application v209.job => moved successfully
"C:\Users\Kitten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Int?rnet ?xpl?r?r.lnk" => Could not move.
"C:\Users\Kitten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nexon\N???n L?unch?r.lnk" => Could not move.
"C:\Users\Kitten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\?witchAl?rts Str?am Labels.lnk" => Could not move.
"C:\Users\Kitten\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\G?ogl? Chrome.lnk" => Could not move.
"C:\Users\Kitten\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\L?unch Int?rnet Ex?l?rer ?rows?r.lnk" => Could not move.
"C:\Users\Kitten\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\??zill? Firef?x.lnk" => Could not move.
"C:\Users\Kitten\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\??zill? Firef?x.lnk" => Could not move.
"C:\Users\Kitten\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\b15f30ab853b7d31\Di?blo III.lnk" => Could not move.
"C:\Users\Public\Desktop\Di?blo III.lnk" => Could not move.
"C:\Users\Public\Desktop\G??gl? ?hr?me.lnk" => Could not move.
"C:\Users\Public\Desktop\??ttl?.n?t.lnk" => Could not move.
"C:\Users\Public\Desktop\??zill? Fir?fox.lnk" => Could not move.
"C:\Users\Public\Desktop\?v?rw?t?h.lnk" => Could not move.
"C:\Users\Public\Desktop\?ER?-L?uncher.lnk" => Could not move.
C:\\ProgramData\\vCore => moved successfully
"C:\ProgramData\CloudPrinter\tree.exe" => not found.

=========== EmptyTemp: ==========

BITS transfer queue => 12582912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9167949 B
Java, Flash, Steam htmlcache => 183355790 B
Windows/system/drivers => 9420 B
Edge => 0 B
Chrome => 61543438 B
Firefox => 389317938 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 33253 B
systemprofile32 => 41051 B
LocalService => 33125 B
NetworkService => 41127 B
Kitten => 279262215 B
UpdatusUser => 0 B
UpdatusUser.Kitten-PC => 0 B

RecycleBin => 11738 B
EmptyTemp: => 892.1 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 00:05:13 ====



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:19 PM

Posted 07 March 2017 - 08:13 AM



--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
=======

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zoek tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyclsid;
emptyffcache;
FFdefaults;
emptyiecache;
iedefaults;
emptychrcache;
CHRdefaults;
emptyalltemp;
emptyfolderscheck;delete
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.
===

Also, please provide an update on how the computer is behaving after running the above script.

#5 Sovereign

Sovereign
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 07 March 2017 - 04:29 PM

RogueKiller V12.9.9.0 (x64) [Feb 27 2017] (Free) by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Kitten [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 03/07/2017 11:54:15 (Duration : 00:35:15)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 42 ¤¤¤
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\AVG Tuneup -> Found
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Jawego -> Found
[PUP.Gen1] (X64) HKEY_USERS\RK_josh_ON_E_8DDC\Software\BI -> Found
[PUP.Conduit|PUP.Gen1] (X64) HKEY_USERS\RK_josh_ON_E_8DDC\Software\Conduit -> Found
[PUP.Gen1] (X64) HKEY_USERS\RK_josh_ON_E_8DDC\Software\IM -> Found
[PUP.Gen1] (X64) HKEY_USERS\RK_josh_ON_E_8DDC\Software\ImInstaller -> Found
[PUP.Gen1] (X86) HKEY_USERS\RK_josh_ON_E_8DDC\Software\BI -> Found
[PUP.Conduit|PUP.Gen1] (X86) HKEY_USERS\RK_josh_ON_E_8DDC\Software\Conduit -> Found
[PUP.Gen1] (X86) HKEY_USERS\RK_josh_ON_E_8DDC\Software\IM -> Found
[PUP.Gen1] (X86) HKEY_USERS\RK_josh_ON_E_8DDC\Software\ImInstaller -> Found
[PUP.Conduit|PUP.Gen1] (X64) HKEY_USERS\RK_UpdatusUser_ON_E_004D\Software\Conduit -> Found
[PUP.Conduit|PUP.Gen1] (X86) HKEY_USERS\RK_UpdatusUser_ON_E_004D\Software\Conduit -> Found
[PUP.VideoBox] (X64) HKEY_USERS\S-1-5-21-3778399154-3554267619-3536051004-1000\Software\VideoBox -> Found
[PUP.VideoBox] (X86) HKEY_USERS\S-1-5-21-3778399154-3554267619-3536051004-1000\Software\VideoBox -> Found
[PUP.Gen1] (X64) HKEY_USERS\RK_josh_ON_E_8DDC\Software\AppDataLow\Software\ConduitSearchScopes -> Found
[PUP.Gen1] (X86) HKEY_USERS\RK_josh_ON_E_8DDC\Software\AppDataLow\Software\ConduitSearchScopes -> Found
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564 -> Found
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | vProt : "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe" [7] -> Found
[Suspicious.Path] (X64) HKEY_USERS\RK_UpdatusUser.Kitten-PC_ON_E_0658\Software\Microsoft\Windows\CurrentVersion\Run | uTorrent : "C:\Users\Kitten\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED [7] -> Found
[Suspicious.Path] (X86) HKEY_USERS\RK_UpdatusUser.Kitten-PC_ON_E_0658\Software\Microsoft\Windows\CurrentVersion\Run | uTorrent : "C:\Users\Kitten\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED [7] -> Found
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3778399154-3554267619-3536051004-1000\Software\Microsoft\Windows\CurrentVersion\Run | MyComGames : "C:\Users\Kitten\AppData\Local\MyComGames\MyComGames.exe" -autostart [7] -> Found
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3778399154-3554267619-3536051004-1000\Software\Microsoft\Windows\CurrentVersion\Run | MyComGames : "C:\Users\Kitten\AppData\Local\MyComGames\MyComGames.exe" -autostart [7] -> Found
[PUP.Gen1] (X64) HKEY_USERS\RK_UpdatusUser.Kitten-PC_ON_E_0658\Software\Microsoft\Internet Explorer\Main | Start Page : https://mysearch.avg.com/?cid={4C39F4BF-59C0-48E0-9A0A-DF562DBC0922}&mid=8da00acd34a847cc8312b1ed0a864542-9534c202819e8cc9e65f3fefbd52221ad3a8024c&lang=en&ds=AVG&coid=avgtbavg&cmpid=0816tb&pr=fr&d=2016-04-14 16:48:19&v=4.3.2.18&pid=wtu&sg=&sap=hp  -> Found
[PUP.Gen1] (X86) HKEY_USERS\RK_UpdatusUser.Kitten-PC_ON_E_0658\Software\Microsoft\Internet Explorer\Main | Start Page : https://mysearch.avg.com/?cid={4C39F4BF-59C0-48E0-9A0A-DF562DBC0922}&mid=8da00acd34a847cc8312b1ed0a864542-9534c202819e8cc9e65f3fefbd52221ad3a8024c&lang=en&ds=AVG&coid=avgtbavg&cmpid=0816tb&pr=fr&d=2016-04-14 16:48:19&v=4.3.2.18&pid=wtu&sg=&sap=hp  -> Found
[PUM.SearchPage] (X64) HKEY_USERS\RK_josh_ON_E_8DDC\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\RK_josh_ON_E_8DDC\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 64.59.144.19 64.59.150.135 ([Canada][Canada])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 64.59.144.19 64.59.150.135 ([Canada][Canada])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters | DhcpNameServer : 64.59.144.19 64.59.150.135 ([Canada][Canada])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6FD35362-F7B4-4933-8F07-AF5112A7D191} | DhcpNameServer : 64.59.144.19 64.59.150.135 ([Canada][Canada])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{6FD35362-F7B4-4933-8F07-AF5112A7D191} | DhcpNameServer : 64.59.144.19 64.59.150.135 ([Canada][Canada])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{6FD35362-F7B4-4933-8F07-AF5112A7D191} | DhcpNameServer : 64.59.144.19 64.59.150.135 ([Canada][Canada])  -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_73DB\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {2FD480CC-8F2F-4685-B92F-50053F88FED3} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Users\josh\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (TCP-In)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_73DB\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {22B64FD6-87CF-453C-82C4-22A5BC84EF38} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Users\josh\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (UDP-In)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_73DB\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {2FD480CC-8F2F-4685-B92F-50053F88FED3} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Users\josh\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (TCP-In)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_73DB\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {22B64FD6-87CF-453C-82C4-22A5BC84EF38} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Users\josh\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (UDP-In)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {30D2A47A-510A-4392-87D1-B18908E5399F} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Kitten\AppData\Local\MyComGames\MyComGames.exe|Name=My.com Game Center| [7] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {193E3B51-21A7-4F04-82DE-AA6F3D2AA6D9} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Kitten\AppData\Local\MyComGames\MyComGames.exe|Name=My.com Game Center| [7] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {30D2A47A-510A-4392-87D1-B18908E5399F} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Kitten\AppData\Local\MyComGames\MyComGames.exe|Name=My.com Game Center| [7] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {193E3B51-21A7-4F04-82DE-AA6F3D2AA6D9} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Kitten\AppData\Local\MyComGames\MyComGames.exe|Name=My.com Game Center| [7] -> Found
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 28 ¤¤¤
[PUP.Gen1][Folder] C:\ProgramData\AVG Secure Search -> Found
[PUP.Gen1][Folder] C:\ProgramData\AVG Security Toolbar -> Found
[PUP.Gen1][Folder] C:\ProgramData\AVG Web TuneUp -> Found
[PUP.OnlineIO|PUP.Gen0][Folder] C:\ProgramData\Microleaves -> Found
[PUP.Gen0][File] C:\Users\Public\Desktop\?v?rw?t?h.lnk [LNK@] C:\Users\Kitten\AppData\Roaming\Browsers\exe.rehcnual hctawrevo.bat -> Found
[PUP.Gen0][File] C:\Users\Public\Desktop\?ER?-L?uncher.lnk [LNK@] C:\Users\Kitten\AppData\Roaming\Browsers\exe.rehcnual-aret.bat -> Found
[PUP.Gen0][File] C:\Users\Kitten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\?witchAl?rts Str?am Labels.lnk [LNK@] C:\Users\Kitten\AppData\Roaming\Browsers\exe.emorhc.bat -> Found
[PUP.Gen0][File] C:\Users\Kitten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nexon\N???n L?unch?r.lnk [LNK@] C:\Users\Kitten\AppData\Roaming\Browsers\exe.rehcnual_noxen.bat -> Found
[PUP.Gen0][File] C:\Users\Kitten\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\G?ogl? Chrome.lnk [LNK@] C:\Users\Kitten\AppData\Roaming\Browsers\exe.emorhc.bat -> Found
[PUP.Gen0][File] C:\Users\Kitten\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\L?unch Int?rnet Ex?l?rer ?rows?r.lnk [LNK@] C:\Users\Kitten\AppData\Roaming\Browsers\exe.erolpxei.bat -> Found
[PUP.Gen0][File] C:\Users\Kitten\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\b15f30ab853b7d31\Di?blo III.lnk [LNK@] C:\Users\Kitten\AppData\Roaming\Browsers\exe.rehcnual iii olbaid.bat -> Found
[PUP.Gen0][File] C:\Users\Kitten\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\??zill? Firef?x.lnk [LNK@] C:\Users\Kitten\AppData\Roaming\Browsers\exe.xoferif.bat -> Found
[PUP.Gen0][File] C:\Users\Kitten\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\??zill? Firef?x.lnk [LNK@] C:\Users\Kitten\AppData\Roaming\Browsers\exe.xoferif.bat -> Found
[PUP.OnlineIO|PUP.Gen0][Folder] C:\Users\Kitten\AppData\Roaming\Microleaves -> Found
[PUP.Hicosmea][Folder] C:\Users\Kitten\AppData\Roaming\tlerauic -> Found
[Tr.Gen0][File] C:\Users\Kitten\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe -> Found
[PUP.Gen1][Folder] C:\Users\Kitten\AppData\Local\AVG Web TuneUp -> Found
[PUP.Gen1][Folder] C:\ProgramData\AVG Secure Search -> Found
[PUP.Gen1][Folder] C:\ProgramData\AVG Security Toolbar -> Found
[PUP.Gen1][Folder] C:\ProgramData\AVG Web TuneUp -> Found
[PUP.OnlineIO|PUP.Gen0][Folder] C:\ProgramData\Microleaves -> Found
[PUP.Gen1][Folder] C:\Program Files (x86)\AVG Web TuneUp -> Found
[PUP.OnlineIO|PUP.Gen0][Folder] C:\Program Files (x86)\Microleaves -> Found
[PUP.Gen0][File] C:\Users\Public\Desktop\?v?rw?t?h.lnk [LNK@] C:\Users\Kitten\AppData\Roaming\Browsers\exe.rehcnual hctawrevo.bat -> Found
[PUP.Gen0][File] C:\Users\Public\Desktop\?ER?-L?uncher.lnk [LNK@] C:\Users\Kitten\AppData\Roaming\Browsers\exe.rehcnual-aret.bat -> Found
[PUP.Firefox][File] C:\Users\Kitten\AppData\Roaming\Mozilla\Firefox\Profiles\jl2d71i4.default\Invalidprefs.js -> Found
[PUP.Gen0][File] C:\Users\Kitten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\?witchAl?rts Str?am Labels.lnk [LNK@] C:\Users\Kitten\AppData\Roaming\Browsers\exe.emorhc.bat -> Found
[PUP.Gen0][File] C:\Users\Kitten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nexon\N???n L?unch?r.lnk [LNK@] C:\Users\Kitten\AppData\Roaming\Browsers\exe.rehcnual_noxen.bat -> Found
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Samsung SSD 840 Series SCSI Disk Device +++++
--- User ---
[MBR] 235e58b5ff53b94aa00bb0fb548fb31f
[BSP] 72ed995435f48a1041f57479b553c7d7 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 238473 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: ST3000DM 001-1CH166 SCSI Disk Device +++++
--- User ---
[MBR] 5656c8537b8dba386131673f1616ecbf
[BSP] d4bfcda8ac22f9ad13687fcd4514b2ed : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 2097151 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive2: WDC WD5000AAKX-00ERM SCSI Disk Device +++++
--- User ---
[MBR] 970cf13869269477eb4b9559d5c6079c
[BSP] 4de15c1bd4621173ab5cc4222fcd7dde : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 476838 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
============================================================================================================

 

 

 

 

 

Alright so, I ran RogueKiller, and deleted the one RED field that appeared that being another trojan and removed it as instructed, a few of the orange text were highlighted by default so I assume that is okay that I removed them aswell. 

The rest are PUM and PUPs that were not checkmarked (grey and orange fields)

 

Running Zoek for about 30-40 minutes it did not stop and give me a notepad file or anything it states it's still running so I will wait and see if it appears if not just give me further instruction. 

 

 

I did notice someone from China trying to access my facebook this morning, that is currently the only thing I have noticed that was suspicious on part of my computers behalf. instructions as to what to do. 

Since you stated it was to last a few minutes, the fact its going on for and hour may be concerning. 


Edited by Sovereign, 07 March 2017 - 04:56 PM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:19 PM

Posted 08 March 2017 - 08:58 AM


Stop the Zoek process.
If not log is created please run the program again after cleaning the PUP as suggested below.


Alright so, I ran RogueKiller, and deleted the one RED field that appeared that being another trojan and removed it as instructed, a few of the orange text were highlighted by default so I assume that is okay that I removed them aswell.
The rest are PUM and PUPs that were not checkmarked (grey and orange fields)


Run the RogueKiller tool and remove all of the PUP items.

Post the log for my review.

p.s.
Stop Zoek if it takes more than one hour to complete.
Make sure that your Antivirus software is disable and that your that run the program as an administrator.

#7 Sovereign

Sovereign
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 08 March 2017 - 11:06 PM

I ran Rogue Killer once more, and received another trojan warning, so I removed that along with all the PUP

 

 

 

RogueKiller V12.9.9.0 (x64) [Feb 27 2017] (Free) by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Kitten [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 03/08/2017 16:29:06 (Duration : 00:40:57)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 41 ¤¤¤
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\AVG Tuneup -> Found
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Jawego -> Found
[PUP.Gen1] (X64) HKEY_USERS\RK_josh_ON_E_28F3\Software\BI -> Found
[PUP.Conduit|PUP.Gen1] (X64) HKEY_USERS\RK_josh_ON_E_28F3\Software\Conduit -> Found
[PUP.Gen1] (X64) HKEY_USERS\RK_josh_ON_E_28F3\Software\IM -> Found
[PUP.Gen1] (X64) HKEY_USERS\RK_josh_ON_E_28F3\Software\ImInstaller -> Found
[PUP.Gen1] (X86) HKEY_USERS\RK_josh_ON_E_28F3\Software\BI -> Found
[PUP.Conduit|PUP.Gen1] (X86) HKEY_USERS\RK_josh_ON_E_28F3\Software\Conduit -> Found
[PUP.Gen1] (X86) HKEY_USERS\RK_josh_ON_E_28F3\Software\IM -> Found
[PUP.Gen1] (X86) HKEY_USERS\RK_josh_ON_E_28F3\Software\ImInstaller -> Found
[PUP.Conduit|PUP.Gen1] (X64) HKEY_USERS\RK_UpdatusUser_ON_E_6C1E\Software\Conduit -> Found
[PUP.Conduit|PUP.Gen1] (X86) HKEY_USERS\RK_UpdatusUser_ON_E_6C1E\Software\Conduit -> Found
[PUP.VideoBox] (X64) HKEY_USERS\S-1-5-21-3778399154-3554267619-3536051004-1000\Software\VideoBox -> Found
[PUP.VideoBox] (X86) HKEY_USERS\S-1-5-21-3778399154-3554267619-3536051004-1000\Software\VideoBox -> Found
[PUP.Gen1] (X64) HKEY_USERS\RK_josh_ON_E_28F3\Software\AppDataLow\Software\ConduitSearchScopes -> Found
[PUP.Gen1] (X86) HKEY_USERS\RK_josh_ON_E_28F3\Software\AppDataLow\Software\ConduitSearchScopes -> Found
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564 -> Found
[Suspicious.Path] (X64) HKEY_USERS\RK_UpdatusUser.Kitten-PC_ON_E_DC3A\Software\Microsoft\Windows\CurrentVersion\Run | uTorrent : "C:\Users\Kitten\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED [7] -> Found
[Suspicious.Path] (X86) HKEY_USERS\RK_UpdatusUser.Kitten-PC_ON_E_DC3A\Software\Microsoft\Windows\CurrentVersion\Run | uTorrent : "C:\Users\Kitten\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED [7] -> Found
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3778399154-3554267619-3536051004-1000\Software\Microsoft\Windows\CurrentVersion\Run | MyComGames : "C:\Users\Kitten\AppData\Local\MyComGames\MyComGames.exe" -autostart [7] -> Found
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3778399154-3554267619-3536051004-1000\Software\Microsoft\Windows\CurrentVersion\Run | MyComGames : "C:\Users\Kitten\AppData\Local\MyComGames\MyComGames.exe" -autostart [7] -> Found
[PUP.Gen1] (X64) HKEY_USERS\RK_UpdatusUser.Kitten-PC_ON_E_DC3A\Software\Microsoft\Internet Explorer\Main | Start Page : https://mysearch.avg.com/?cid={4C39F4BF-59C0-48E0-9A0A-DF562DBC0922}&mid=8da00acd34a847cc8312b1ed0a864542-9534c202819e8cc9e65f3fefbd52221ad3a8024c&lang=en&ds=AVG&coid=avgtbavg&cmpid=0816tb&pr=fr&d=2016-04-14 16:48:19&v=4.3.2.18&pid=wtu&sg=&sap=hp  -> Found
[PUP.Gen1] (X86) HKEY_USERS\RK_UpdatusUser.Kitten-PC_ON_E_DC3A\Software\Microsoft\Internet Explorer\Main | Start Page : https://mysearch.avg.com/?cid={4C39F4BF-59C0-48E0-9A0A-DF562DBC0922}&mid=8da00acd34a847cc8312b1ed0a864542-9534c202819e8cc9e65f3fefbd52221ad3a8024c&lang=en&ds=AVG&coid=avgtbavg&cmpid=0816tb&pr=fr&d=2016-04-14 16:48:19&v=4.3.2.18&pid=wtu&sg=&sap=hp  -> Found
[PUM.SearchPage] (X64) HKEY_USERS\RK_josh_ON_E_28F3\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\RK_josh_ON_E_28F3\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 64.59.144.19 64.59.150.135 ([Canada][Canada])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 64.59.144.19 64.59.150.135 ([Canada][Canada])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters | DhcpNameServer : 64.59.144.19 64.59.150.135 ([Canada][Canada])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6FD35362-F7B4-4933-8F07-AF5112A7D191} | DhcpNameServer : 64.59.144.19 64.59.150.135 ([Canada][Canada])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{6FD35362-F7B4-4933-8F07-AF5112A7D191} | DhcpNameServer : 64.59.144.19 64.59.150.135 ([Canada][Canada])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{6FD35362-F7B4-4933-8F07-AF5112A7D191} | DhcpNameServer : 64.59.144.19 64.59.150.135 ([Canada][Canada])  -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_71D1\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {2FD480CC-8F2F-4685-B92F-50053F88FED3} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Users\josh\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (TCP-In)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_71D1\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {22B64FD6-87CF-453C-82C4-22A5BC84EF38} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Users\josh\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (UDP-In)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_71D1\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {2FD480CC-8F2F-4685-B92F-50053F88FED3} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Users\josh\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (TCP-In)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_71D1\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {22B64FD6-87CF-453C-82C4-22A5BC84EF38} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Users\josh\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (UDP-In)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {30D2A47A-510A-4392-87D1-B18908E5399F} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Kitten\AppData\Local\MyComGames\MyComGames.exe|Name=My.com Game Center| [7] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {193E3B51-21A7-4F04-82DE-AA6F3D2AA6D9} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Kitten\AppData\Local\MyComGames\MyComGames.exe|Name=My.com Game Center| [7] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {30D2A47A-510A-4392-87D1-B18908E5399F} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Kitten\AppData\Local\MyComGames\MyComGames.exe|Name=My.com Game Center| [7] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {193E3B51-21A7-4F04-82DE-AA6F3D2AA6D9} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Kitten\AppData\Local\MyComGames\MyComGames.exe|Name=My.com Game Center| [7] -> Found
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 1 ¤¤¤
[Tr.Gen0][File] C:\Users\Kitten\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe -> Found
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Samsung SSD 840 Series SCSI Disk Device +++++
--- User ---
[MBR] 235e58b5ff53b94aa00bb0fb548fb31f
[BSP] 72ed995435f48a1041f57479b553c7d7 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 238473 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: ST3000DM 001-1CH166 SCSI Disk Device +++++
--- User ---
[MBR] 5656c8537b8dba386131673f1616ecbf
[BSP] d4bfcda8ac22f9ad13687fcd4514b2ed : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 2097151 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive2: WDC WD5000AAKX-00ERM SCSI Disk Device +++++
--- User ---
[MBR] 970cf13869269477eb4b9559d5c6079c
[BSP] 4de15c1bd4621173ab5cc4222fcd7dde : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 476838 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
 
======================================================================================================================
 
 
RogueKiller V12.9.9.0 (x64) [Feb 27 2017] (Free) by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Kitten [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 03/08/2017 16:29:06 (Duration : 00:40:57)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 41 ¤¤¤
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\AVG Tuneup -> Deleted
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Jawego -> Deleted
[PUP.Gen1] (X64) HKEY_USERS\RK_josh_ON_E_28F3\Software\BI -> Deleted
[PUP.Conduit|PUP.Gen1] (X64) HKEY_USERS\RK_josh_ON_E_28F3\Software\Conduit -> Deleted
[PUP.Gen1] (X64) HKEY_USERS\RK_josh_ON_E_28F3\Software\IM -> Deleted
[PUP.Gen1] (X64) HKEY_USERS\RK_josh_ON_E_28F3\Software\ImInstaller -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\RK_josh_ON_E_28F3\Software\BI -> Deleted
[PUP.Conduit|PUP.Gen1] (X86) HKEY_USERS\RK_josh_ON_E_28F3\Software\Conduit -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\RK_josh_ON_E_28F3\Software\IM -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\RK_josh_ON_E_28F3\Software\ImInstaller -> Deleted
[PUP.Conduit|PUP.Gen1] (X64) HKEY_USERS\RK_UpdatusUser_ON_E_6C1E\Software\Conduit -> Deleted
[PUP.Conduit|PUP.Gen1] (X86) HKEY_USERS\RK_UpdatusUser_ON_E_6C1E\Software\Conduit -> Deleted
[PUP.VideoBox] (X64) HKEY_USERS\S-1-5-21-3778399154-3554267619-3536051004-1000\Software\VideoBox -> Deleted
[PUP.VideoBox] (X86) HKEY_USERS\S-1-5-21-3778399154-3554267619-3536051004-1000\Software\VideoBox -> Deleted
[PUP.Gen1] (X64) HKEY_USERS\RK_josh_ON_E_28F3\Software\AppDataLow\Software\ConduitSearchScopes -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\RK_josh_ON_E_28F3\Software\AppDataLow\Software\ConduitSearchScopes -> Not selected
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564 -> Deleted
[Suspicious.Path] (X64) HKEY_USERS\RK_UpdatusUser.Kitten-PC_ON_E_DC3A\Software\Microsoft\Windows\CurrentVersion\Run | uTorrent : "C:\Users\Kitten\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED [7] -> Deleted
[Suspicious.Path] (X86) HKEY_USERS\RK_UpdatusUser.Kitten-PC_ON_E_DC3A\Software\Microsoft\Windows\CurrentVersion\Run | uTorrent : "C:\Users\Kitten\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED [7] -> ERROR [2]
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3778399154-3554267619-3536051004-1000\Software\Microsoft\Windows\CurrentVersion\Run | MyComGames : "C:\Users\Kitten\AppData\Local\MyComGames\MyComGames.exe" -autostart [7] -> Deleted
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3778399154-3554267619-3536051004-1000\Software\Microsoft\Windows\CurrentVersion\Run | MyComGames : "C:\Users\Kitten\AppData\Local\MyComGames\MyComGames.exe" -autostart [7] -> ERROR [2]
[PUP.Gen1] (X64) HKEY_USERS\RK_UpdatusUser.Kitten-PC_ON_E_DC3A\Software\Microsoft\Internet Explorer\Main | Start Page : https://mysearch.avg.com/?cid={4C39F4BF-59C0-48E0-9A0A-DF562DBC0922}&mid=8da00acd34a847cc8312b1ed0a864542-9534c202819e8cc9e65f3fefbd52221ad3a8024c&lang=en&ds=AVG&coid=avgtbavg&cmpid=0816tb&pr=fr&d=2016-04-14 16:48:19&v=4.3.2.18&pid=wtu&sg=&sap=hp  -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUP.Gen1] (X86) HKEY_USERS\RK_UpdatusUser.Kitten-PC_ON_E_DC3A\Software\Microsoft\Internet Explorer\Main | Start Page : https://mysearch.avg.com/?cid={4C39F4BF-59C0-48E0-9A0A-DF562DBC0922}&mid=8da00acd34a847cc8312b1ed0a864542-9534c202819e8cc9e65f3fefbd52221ad3a8024c&lang=en&ds=AVG&coid=avgtbavg&cmpid=0816tb&pr=fr&d=2016-04-14 16:48:19&v=4.3.2.18&pid=wtu&sg=&sap=hp  -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.SearchPage] (X64) HKEY_USERS\RK_josh_ON_E_28F3\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Not selected
[PUM.SearchPage] (X86) HKEY_USERS\RK_josh_ON_E_28F3\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 64.59.144.19 64.59.150.135 ([Canada][Canada])  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 64.59.144.19 64.59.150.135 ([Canada][Canada])  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters | DhcpNameServer : 64.59.144.19 64.59.150.135 ([Canada][Canada])  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6FD35362-F7B4-4933-8F07-AF5112A7D191} | DhcpNameServer : 64.59.144.19 64.59.150.135 ([Canada][Canada])  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{6FD35362-F7B4-4933-8F07-AF5112A7D191} | DhcpNameServer : 64.59.144.19 64.59.150.135 ([Canada][Canada])  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{6FD35362-F7B4-4933-8F07-AF5112A7D191} | DhcpNameServer : 64.59.144.19 64.59.150.135 ([Canada][Canada])  -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_71D1\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {2FD480CC-8F2F-4685-B92F-50053F88FED3} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Users\josh\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (TCP-In)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_71D1\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {22B64FD6-87CF-453C-82C4-22A5BC84EF38} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Users\josh\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (UDP-In)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_71D1\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {2FD480CC-8F2F-4685-B92F-50053F88FED3} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Users\josh\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (TCP-In)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_71D1\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {22B64FD6-87CF-453C-82C4-22A5BC84EF38} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Users\josh\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (UDP-In)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {30D2A47A-510A-4392-87D1-B18908E5399F} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Kitten\AppData\Local\MyComGames\MyComGames.exe|Name=My.com Game Center| [7] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {193E3B51-21A7-4F04-82DE-AA6F3D2AA6D9} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Kitten\AppData\Local\MyComGames\MyComGames.exe|Name=My.com Game Center| [7] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {30D2A47A-510A-4392-87D1-B18908E5399F} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Kitten\AppData\Local\MyComGames\MyComGames.exe|Name=My.com Game Center| [7] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {193E3B51-21A7-4F04-82DE-AA6F3D2AA6D9} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Kitten\AppData\Local\MyComGames\MyComGames.exe|Name=My.com Game Center| [7] -> Deleted
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Not selected
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Not selected
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 1 ¤¤¤
[Tr.Gen0][File] C:\Users\Kitten\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe -> Removed at reboot [5]
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Samsung SSD 840 Series SCSI Disk Device +++++
--- User ---
[MBR] 235e58b5ff53b94aa00bb0fb548fb31f
[BSP] 72ed995435f48a1041f57479b553c7d7 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 238473 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: ST3000DM 001-1CH166 SCSI Disk Device +++++
--- User ---
[MBR] 5656c8537b8dba386131673f1616ecbf
[BSP] d4bfcda8ac22f9ad13687fcd4514b2ed : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 2097151 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive2: WDC WD5000AAKX-00ERM SCSI Disk Device +++++
--- User ---
[MBR] 970cf13869269477eb4b9559d5c6079c
[BSP] 4de15c1bd4621173ab5cc4222fcd7dde : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 476838 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
 
 

================================================================================================================

 

 

 

As for the ZOEK system, It still hangs on "Create Backups" and does nothing past that.

 

 

 

 

 
Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Kitten on Wed 03/08/2017 at 19:37:37.42.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Kitten\Downloads\zoek.exe [Scan all users] [Script inserted] 
 
===== Runcheck 19:38:19.31 =====
 
--- Create Environment Variables 19:38:20.49 
--- Create System Restore Point 19:38:51.81 
--- Checking Input 19:38:59.65 
--- AU AppData Check 19:39:08.68 
--- Remove From Windows Installer 19:39:11.73 
--- Empty Folders Check 19:40:33.31 
--- Registry HKLM Software Check 19:40:33.31 
--- Quick Launch Shortcut Check 19:40:45.60 
--- IE Startpage Check 19:40:54.45 
--- Program Files DB Check 19:41:08.43 
--- C:\Users\Default\AppData\Roaming DB Check 19:41:46.37 
--- C:\Users\Default User\AppData\Roaming DB Check 19:41:46.37 
--- C:\Users\Kitten\AppData\Roaming DB Check 19:41:46.37 
--- C:\Users\UpdatusUser\AppData\Roaming DB Check 19:41:46.37 
--- C:\Users\UpdatusUser.Kitten-PC\AppData\Roaming DB Check 19:41:46.37 
--- C:\Windows\SysNative\config\systemprofile\AppData\Roaming DB Check 19:41:46.37 
--- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming DB Check 19:41:46.37 
--- C:\Windows\serviceprofiles\networkservice\AppData\Roaming DB Check 19:41:46.37 
--- C:\Windows\serviceprofiles\Localservice\AppData\Roaming DB Check 19:41:46.37 
--- C:\Users\Kitten DB Check 19:44:08.34 
--- C:\PROGRA~3 DB Check 19:44:51.78 
--- C:\Users\Default\AppData\Local DB Check 19:45:12.27 
--- C:\Users\Default User\AppData\Local DB Check 19:45:12.27 
--- C:\Users\Kitten\AppData\Local DB Check 19:45:12.27 
--- C:\Users\UpdatusUser\AppData\Local DB Check 19:45:12.27 
--- C:\Users\UpdatusUser.Kitten-PC\AppData\Local DB Check 19:45:12.27 
--- C:\Windows\SysNative\config\systemprofile\AppData\Local DB Check 19:45:12.27 
--- C:\Windows\sysWoW64\config\systemprofile\AppData\Local DB Check 19:45:12.27 
--- C:\Windows\serviceprofiles\networkservice\AppData\Local DB Check 19:45:12.27 
--- C:\Windows\serviceprofiles\Localservice\AppData\Local DB Check 19:45:12.27 
--- C:\ProgramData\Microsoft\Windows\Start Menu\Programs DB Check 19:46:48.32 
--- C:\Users\Kitten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs DB Check 19:46:56.24 
--- Tasks DB Check 19:47:01.31 
--- Downloads DB Check 19:47:04.37 
--- C:\Users\Kitten\AppData\LocalLow DB Check 19:47:07.82 
--- C:\Users\UpdatusUser\AppData\LocalLow DB Check 19:47:07.82 
--- C:\Users\UpdatusUser.Kitten-PC\AppData\LocalLow DB Check 19:47:07.82 
--- C:\Windows\SysNative\config\systemprofile\AppData\LocalLow DB Check 19:47:07.82 
--- C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow DB Check 19:47:07.82 
--- C:\Windows\serviceprofiles\networkservice\AppData\LocalLow DB Check 19:47:07.82 
--- C:\Windows\serviceprofiles\Localservice\AppData\LocalLow DB Check 19:47:07.82 
--- Tasks2 DB Check 19:48:03.15 
--- Documents DB Check 19:48:26.82 
--- C:\Users\Kitten\AppData\Roaming\Mozilla\Firefox\Profiles\jl2d71i4.default DB Check 19:48:34.19 
--- C:\Users\Public\Desktop DB Check 19:48:38.06 
--- C:\Users\Kitten\Desktop DB Check 19:48:42.65 
--- Services DB Check 19:48:50.46 
--- FF prefs.js DB Check 19:49:18.24 
--- Emptyclsid 19:49:51.26 
--- Del by CLSID 19:49:52.85 
--- Delete Services 19:50:16.17 
--- Firefox Fix 19:50:18.12 
--- Batch Commands 19:50:19.15 
--- Delete files\folders 19:50:19.28 
--- Create Backups 19:50:19.39 
--- Firefox Extensions 19:50:23.96 
--- Firefox Plugins 19:50:24.24 
--- Chrome Look 19:51:23.26 
--- Create Backups 19:52:45.71 


#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:19 PM

Posted 09 March 2017 - 08:40 AM

Lets try this way.
  • Download Zoek and save it to your Desktop
  • Right click the icon, select Run as Admistrator, and wait for the Program to appear on your Desktop (may take 15 seconds or so)
  • Verify Scan All Users is selected then click Run Script
  • Type 3 in the lower box to Perform only a Deep Scan then click OK
  • Wait patiently for the program to run
  • Do not use your computer while the scan is running
  • When completed a zoek-results.txt report will appear on your desktop. Copy and paste the contents in your reply
Options:
1 - Do a Quick Scan and Automatic Cleanup.
2 - Perform only a Quick Scan.
3 - Perform only a Deep Scan.
4 - Do a Deep Scan and Automatic Cleanup.

If a log is created restart the computer normally.

Run the Zoek tool one more time and select 4 - Do a Deep Scan and Automatic Cleanup.
Post this log only.

Let me know of any remaining issues.

#9 Sovereign

Sovereign
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 09 March 2017 - 03:21 PM

 
Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Kitten on Thu 03/09/2017 at 12:06:13.65.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Kitten\Downloads\zoek.exe [Scan all users]   [Deep Scan] 
 
==== Older Logs ======================
 
C:\zoek-results2017-03-07-205412.log 9868 bytes
C:\zoek-results2017-03-09-035233.log 9202 bytes
 
==== Running Processes ======================
 
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
C:\Windows\sysWow64\CtHdaSvc.exe
C:\Program Files (x86)\GIGABYTE\AppCenter\AdjustService.exe
C:\Program Files (x86)\GIGABYTE\CloudStation_Server\HomeCloud\GCloud.exe
C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\OcButtonService.exe
C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
C:\Program Files (x86)\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe
C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\EasyTuneEngineService.exe
C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe
C:\Program Files (x86)\Gyazo\GyStation.exe
C:\Users\Kitten\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe
C:\Program Files\NVIDIA Corporation\Display\nvSmartMaxApp.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\CTJckCfg.exe
C:\Users\Kitten\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe
C:\Users\Kitten\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe
C:\Users\Kitten\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
C:\Program Files (x86)\GIGABYTE\Smart TimeLock\AlarmClock.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Gigabyte\CloudStation_Server\HomeCloud\HCLOUD.exe
C:\Program Files (x86)\Gigabyte\CloudStation_Server\RemoteControl\grckm.exe
C:\Program Files (x86)\Gigabyte\CloudStation_Server\RemoteOC\ubssrv_oc_only.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
C:\Users\Kitten\Downloads\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
 
==== System Specs ======================
 
Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 16333 MB
CPU Info: Intel® Core™ i7-6700K CPU @ 4.00GHz
CPU Speed: 4013.2 MHz
Sound Card: Speakers (Sound Blaster Recon3D | 
SPDIF-Out (Sound Blaster Recon3 | 
Display Adapters: NVIDIA GeForce GTX 670 | NVIDIA GeForce GTX 670 | NVIDIA GeForce GTX 670 | NVIDIA GeForce GTX 670 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; BenQ GW2255 | 
Screen Resolution: 5760 X 1080 - 32 bit
Network: Network Present
Network Adapters: Intel® Ethernet Connection (2) I219-V
CD / DVD Drives: 1x (F: | ) F: TSSTcorpCDDVDW SH-224BB
Ports: COM1 LPT Port NOT Present. 
Mouse: 16 Button Wheel Mouse Present
Hard Disks: C:  232.9GB | D:  2048.0GB | E:  465.7GB
Hard Disks - Free: C:  29.3GB | D:  1531.2GB | E:  224.5GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 08/26/16 | _ASUS_ - 1072009
Time Zone: Pacific Standard Time
Motherboard *: Gigabyte Technology Co., Ltd. Z170X-Gaming 7
Country: United States 
Language: ENU 
 
==== System Specs (Software) ======================
 
Anti-Virus: Malwarebytes On-access scanning disabled (Outdated)
Anti-Virus: ESET NOD32 Antivirus 10.0.390.0 On-access scanning disabled (Outdated)
Anti-Spyware: ESET NOD32 Antivirus 10.0.390.0 disabled (Outdated)
Anti-Spyware: Malwarebytes disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Default Browser: Google Chrome 56.0.2924.87
Internet Explorer Version: 11.0.9600.18537 
Google Chrome version: 56.0.2924.87
Adobe Reader version: 7.0.7.2006011300
Sun Java version: 1.8.0_111 (32-bit) 
Sun Java version: 1.8.0_111 (64-bit) 
Flash Player version: 24.0.0.221
 
==== Files Recently Created / Modified ======================
 
====== C:\Windows ====
2017-03-08 04:25:12 525F8B3B0F749E55A197ADF5D1FAB429 7756 ------w- C:\Windows\cmudaxp_STXII.ini
2017-03-08 01:54:02 A8F0B315F67842060906A301108CDAB0 2080472 ----a-w- C:\Windows\RtlExUpd.dll
2017-03-07 22:32:05 9CADC91DF349C198FFB5477A5B23B6C2 524768 ----a-r- C:\Windows\difxapi.dll
2017-03-04 04:41:41 09394999ADB19901C665454EE964B13C 36 ----a-w- C:\Windows\progress.ini
2017-03-03 08:19:21 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Windows\cudart64_80.dll
2017-03-03 08:19:21 18E1F174924AC76B5649C293F21BF0A9 297408 ----a-w- C:\Windows\cudart32_80.dll
2017-03-02 03:43:27 74F28574BB8F61FFC7DD419FE6B6E0D5 1951 ----a-w- C:\Windows\NvContainerRecovery.bat
2017-03-02 03:43:26 74F28574BB8F61FFC7DD419FE6B6E0D5 1951 ----a-w- C:\Windows\NvTelemetryContainerRecovery.bat
2017-03-02 02:46:33 9AB9F3B75A2EB87FAFB1B7361BE9DFB3 26192 ----a-w- C:\Windows\gdrv.sys
2017-03-02 02:45:11 C419DF63E0121D72411285780C2FC6CC 90112 ------w- C:\Windows\Updreg.EXE
2017-03-02 02:44:33 4DC1429928D794110E543C66593FB355 4850 ----a-w- C:\Windows\cthdaENG.reg
2017-03-01 16:50:14 D3D0A9EE449410D1DB09121B282E7597 78 ---ha-r- C:\Windows\ctfile.rfc
2017-03-01 16:47:14 D90BD390F621B6D5BC7F2B2C5CDAF99A 10 ----a-w- C:\Windows\GSetup.ini
2017-03-01 07:42:23 2EBDF03A37A506FB2ABF0A01C819E1EF 1691752 ----a-w- C:\Windows\rstcli.exe
2017-03-01 07:42:23 2C3FB5FA2B5B3C55A754E2BC957F010A 1506 ----a-w- C:\Windows\Gcli.txt
2017-03-01 07:42:23 29F72A301532E1E248FA6B78C30CE6D9 27 ----a-w- C:\Windows\cli.bat
====== C:\Users\Kitten\AppData\Local\Temp ====
2017-03-09 08:21:22 7E7EB7AFF595774E5E500B34058CC1A7 192512 ----a-w- C:\Users\Kitten\AppData\Local\Temp\sfamcc00001.dll
2017-03-09 00:34:02 88DEF99F95C12AC042191C6ED0DA2059 33824 ----a-w- C:\Users\Kitten\AppData\Local\Temp\HPSSFUpdater\HP.SSF.Config1.dll
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2017-03-08 04:25:26 1CB2F37F3A13FA1389ED068007D65693 212992 ------w- C:\Windows\SysWOW64\HsSrv2.dll
2017-03-08 04:25:26 0740D338A42F7778760F2B0CB6DA5830 200704 ------w- C:\Windows\SysWOW64\HsMgr.exe
2017-03-07 22:33:05 1CB2F37F3A13FA1389ED068007D65693 212992 ------w- C:\Windows\SysWOW64\HsSrv.dll
2017-03-07 04:09:32 0D3493FE65E8BA068E1A893BEAAD67CF 399120 ----a-w- C:\Windows\SysWOW64\EasyAntiCheat.exe
2017-03-02 03:53:12 A6ACA4FD287347712EF1260E7F16A590 134592 ----a-w- C:\Windows\SysWOW64\nvStreaming.exe
2017-03-02 03:53:03 BB0B3644D206847B9E39745E7A25BC64 103936 ----a-w- C:\Windows\SysWOW64\vulkaninfo.exe
2017-03-02 03:53:03 4287C9D06A1086CDF75C697A494BE4B7 326656 ----a-w- C:\Windows\SysWOW64\vulkan-1.dll
2017-03-02 03:51:09 FDA3CF59791725EC04C37CA7519B8C07 14674896 ----a-w- C:\Windows\SysWOW64\nvopencl.dll
2017-03-02 03:51:09 F07EB417330ECCF8AE33CD9D054C95AD 425288 ----a-w- C:\Windows\SysWOW64\nvEncodeAPI.dll
2017-03-02 03:51:09 E5111ECCCEA4404BCF0D8D65F109A688 500792 ----a-w- C:\Windows\SysWOW64\NvIFROpenGL.dll
2017-03-02 03:51:09 D53FAED62E6BD3E168601714430F98D0 3187256 ----a-w- C:\Windows\SysWOW64\nvcuvid.dll
2017-03-02 03:51:09 B7C475FC6A7FF4AF0E5A31CBF8E38D3C 912440 ----a-w- C:\Windows\SysWOW64\NvIFR.dll
2017-03-02 03:51:09 91A57EF57A3C9862232FAA5CC9007800 28212280 ----a-w- C:\Windows\SysWOW64\nvoglv32.dll
2017-03-02 03:51:09 79ADF61C2F68E950C5FD0660B021B402 989120 ----a-w- C:\Windows\SysWOW64\NvFBC.dll
2017-03-02 03:51:09 4D24DE065D95651E161305D6BF6DF6DB 131720 ----a-w- C:\Windows\SysWOW64\nvoglshim32.dll
2017-03-02 03:51:09 274291B3E78E9034777A79630258B8BB 9305984 ----a-w- C:\Windows\SysWOW64\nvcuda.dll
2017-03-02 03:51:09 18E5AD5D3851463CF55A59A6819931A2 408272 ----a-w- C:\Windows\SysWOW64\nvumdshim.dll
2017-03-02 03:51:09 11DBD9104F78535C6329696F09B3758C 8990072 ----a-w- C:\Windows\SysWOW64\nvptxJitCompiler.dll
2017-03-02 03:51:09 039180D9115E21232DAE7FA9976283B0 148016 ----a-w- C:\Windows\SysWOW64\nvinit.dll
2017-03-02 03:51:09 01C3F56EF0BCEBD5FD0317FF46FC1113 576192 ----a-w- C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2017-03-02 03:51:08 EC94635B3A66E98803966D25AA14D44E 35272760 ----a-w- C:\Windows\SysWOW64\nvcompiler.dll
2017-03-02 03:51:08 E256CF02FDF09732C42AF1C7AB9521DD 669 ----a-w- C:\Windows\SysWOW64\nv-vk32.json
2017-03-02 03:43:40 C22D2ADD1995419BCEF8C9F7F58D1A33 1317312 ----a-w- C:\Windows\SysWOW64\nvspbridge.dll
2017-03-02 03:43:40 016AAC1A53A2E2A4327D1F0997A70F82 1468864 ----a-w- C:\Windows\SysWOW64\nvspcap.dll
2017-03-02 03:43:18 1AF45F71B9C7E5243A110B616009C480 124352 ----a-w- C:\Windows\SysWOW64\nvaudcap32v.dll
2017-03-02 02:58:27 F83F54D677093B8873EF3E03EFACF7A5 32832 ----a-w- C:\Windows\SysWOW64\rnd_chunk.bin
2017-03-02 02:45:10 DB08CF76449D2EB521DFB71A58DAF62D 445016 ----a-w- C:\Windows\SysWOW64\wrap_oal.dll
2017-03-02 02:45:10 663A319D105E14548DBA4C72201876B1 109144 ----a-w- C:\Windows\SysWOW64\OpenAL32.dll
2017-03-02 02:45:09 5676BD4CAAFB286F0E275E97D29F8717 1609728 ------w- C:\Windows\SysWOW64\Sens_oal.dll
2017-03-01 16:51:02 66DA00F60B7D8A9B2490024B79F33077 7062 ----a-w- C:\Windows\SysWOW64\audiopid.vxd
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2017-03-07 22:32:11 11BB3D5DC9336037C14A46873FA1FFDF 359424 ------w- C:\Windows\Sysnative\CmiInstallResAll64.dll
2017-03-04 04:55:44 5A4B4ED84D40CA12C890AB7129B02242 293376 ----a-w- C:\Windows\Sysnative\centel.dll
2017-03-04 04:55:44 5558137B7226D16622E7D4635A966D67 650752 ----a-w- C:\Windows\Sysnative\generaltel.dll
2017-03-04 04:55:44 34D2404F185765F093723D0A70814153 233984 ----a-w- C:\Windows\Sysnative\aepic.dll
2017-03-04 04:55:44 348840BC883419382459AF259961AA22 1285632 ----a-w- C:\Windows\Sysnative\aeinv.dll
2017-03-04 04:55:44 1E45C1683B9292EDD8747F2308D4A240 1609216 ----a-w- C:\Windows\Sysnative\appraiser.dll
2017-03-04 04:55:44 0A5CF29FA8BA5FD420D4C0D4AA7BADD7 556544 ----a-w- C:\Windows\Sysnative\devinv.dll
2017-03-04 04:55:43 E0395410E2D3980E2167B2A9220044E0 84712 ----a-w- C:\Windows\Sysnative\CompatTelRunner.exe
2017-03-04 04:55:43 9677BC0B0CA72012B5A54A40618D313D 335360 ----a-w- C:\Windows\Sysnative\invagent.dll
2017-03-04 04:55:43 3742E9906CB51C6CF85695F6AD2BBA18 133632 ----a-w- C:\Windows\Sysnative\acmigration.dll
2017-03-02 03:53:03 F5AA1CD090726ED32C0026FBD023FCF7 322560 ----a-w- C:\Windows\Sysnative\vulkan-1.dll
2017-03-02 03:53:03 6D2AD21CD6674F1B66CCB8C4C433A4E1 118272 ----a-w- C:\Windows\Sysnative\vulkaninfo.exe
2017-03-02 03:51:09 CFDDA9A04B1A18E54BD09ADDD4BC6E06 687224 ----a-w- C:\Windows\Sysnative\nvfatbinaryLoader.dll
2017-03-02 03:51:09 CE91671D3AE11B5397414B82C007CB4F 11019704 ----a-w- C:\Windows\Sysnative\nvptxJitCompiler.dll
2017-03-02 03:51:09 C20CAC6A221D9DE3890421B289CA74C7 3627064 ----a-w- C:\Windows\Sysnative\nvcuvid.dll
2017-03-02 03:51:09 BAA4B69706CF328034318F55977A340F 1589696 ----a-w- C:\Windows\Sysnative\nvdispgenco6437866.dll
2017-03-02 03:51:09 AC5B65DD1E27B5A8430AD8EF57332E09 1983424 ----a-w- C:\Windows\Sysnative\nvdispco6437866.dll
2017-03-02 03:51:09 93BB63AF6D960B5038FCB136B72DD26A 961080 ----a-w- C:\Windows\Sysnative\NvIFR64.dll
2017-03-02 03:51:09 8F2E7F6B9C966628FEB05D8D35CEC8B5 492744 ----a-w- C:\Windows\Sysnative\nvumdshimx.dll
2017-03-02 03:51:09 8C735F5D2DE370EEC38B304BC86BBFE2 47664 ----a-w- C:\Windows\Sysnative\nvhdap64.dll
2017-03-02 03:51:09 7BE2BED287C0766494B9324B577CF79C 19006832 ----a-w- C:\Windows\Sysnative\nvopencl.dll
2017-03-02 03:51:09 726A09EF3432F94653FB1A9E8ADE6235 1051584 ----a-w- C:\Windows\Sysnative\NvFBC64.dll
2017-03-02 03:51:09 71FB97F8AD5B92D7A62339A295D79EDB 170360 ----a-w- C:\Windows\Sysnative\nvinitx.dll
2017-03-02 03:51:09 4E98A68BBC27D478BB28C1588151E53C 16398896 ----a-w- C:\Windows\Sysnative\nvd3dumx.dll
2017-03-02 03:51:09 1EA213CBC2CB0CDCD4551487DA10CD45 11122912 ----a-w- C:\Windows\Sysnative\nvcuda.dll
2017-03-02 03:51:09 1698DF56BD29C0B16E9DE45B114009FA 153184 ----a-w- C:\Windows\Sysnative\nvoglshim64.dll
2017-03-02 03:51:09 0C5B642A5E23AAD72FF6CAA11A85BEC6 611384 ----a-w- C:\Windows\Sysnative\NvIFROpenGL.dll
2017-03-02 03:51:09 06CCED3522AE5E455D972E5D932C105F 34937280 ----a-w- C:\Windows\Sysnative\nvoglv64.dll
2017-03-02 03:51:09 00C23EE3BC0B1ADB4611656DB2CCC0E3 504104 ----a-w- C:\Windows\Sysnative\nvEncodeAPI64.dll
2017-03-02 03:51:08 BF1601FE6201D972558A609266B065DC 40192056 ----a-w- C:\Windows\Sysnative\nvcompiler.dll
2017-03-02 03:51:08 2BF0CEEDCF4C5581E199FC4A265B3F71 669 ----a-w- C:\Windows\Sysnative\nv-vk64.json
2017-03-02 03:43:40 C880F807B8D8AD35690F697EB8E9BE60 1880512 ----a-w- C:\Windows\Sysnative\nvspcap64.dll
2017-03-02 03:43:40 A7CD14B16B020FCBD755C10FDA644958 1755072 ----a-w- C:\Windows\Sysnative\nvspbridge64.dll
2017-03-02 03:43:40 43F224389243514A88C0FBCA351204CC 120256 ----a-w- C:\Windows\Sysnative\NvRtmpStreamer64.dll
2017-03-02 03:43:18 F6F802BF6605C9540ADF683965747830 156608 ----a-w- C:\Windows\Sysnative\nvaudcap64v.dll
2017-03-02 02:45:10 CBA0E6C59D7DEFE8B6D423B778B5AF6A 123480 ----a-w- C:\Windows\Sysnative\OpenAL32.dll
2017-03-02 02:45:10 53C8A36CA0BAE29BB67B1AC97D748744 466520 ----a-w- C:\Windows\Sysnative\wrap_oal.dll
2017-03-02 02:45:09 CEDCA057C86014F1F9555B2908F603B0 1898496 ------w- C:\Windows\Sysnative\Sens_oal.dll
2017-03-01 17:00:24 249DCE3FB23548C23154B4F6604C3E60 5120 ----a-w- C:\Windows\Sysnative\acpimof_ocpanel.dll
2017-03-01 16:52:37 8C3D0C73A0850A0EE62DF9EC36DBDE80 1904 ------w- C:\Windows\Sysnative\SetupBD.din
2017-03-01 16:51:57 C4F62CD86BC5DA12233B6032BE824E22 73512 ----a-w- C:\Windows\Sysnative\e1dmsg.dll
2017-03-01 16:51:57 0BD0040999429E77C02912F052B4A8DC 125728 ----a-w- C:\Windows\Sysnative\NicCo4.dll
2017-03-01 16:51:57 0BAE91BDCCF7CF47F8AC02D96A135D4C 3130 ----a-w- C:\Windows\Sysnative\e1d62x64.din
2017-03-01 16:51:55 CC49C01E096B5601F17169111A221CE3 90608 ----a-w- C:\Windows\Sysnative\NicInstD.dll
2017-03-01 16:51:50 1EDB74640FA94BEC25D413DD48F04DD8 403576 ----a-r- C:\Windows\Sysnative\PROUnstl.exe
2017-03-01 05:49:31 4DA5DA193E0E4F86F6F8FD43EF25329A 1721576 ----a-w- C:\Windows\Sysnative\WdfCoInstaller01009.dll
2017-03-01 05:44:36 95EF7247C50C7241FDAE39A9B3AFF4AE 31272 ----a-w- C:\Windows\Sysnative\AppleChargerSrv.exe
2017-03-01 05:42:45 C849D497A805DADEB50B1BDF82496B50 10047488 ----a-w- C:\Windows\Sysnative\BT_Socket.dll
2017-03-01 05:42:45 5F250F25D0E326CDCEB6779307DE753D 389632 ----a-w- C:\Windows\Sysnative\AutoGreenCP.dll
====== C:\Windows\Sysnative\drivers =====
2017-03-07 19:54:15 0D5A09B08568760AE85A801FCBC0F83D 28272 ----a-w- C:\Windows\Sysnative\drivers\TrueSight.sys
2017-03-07 10:17:17 835E1D6B5835EF70FC3BDF93ED42243A 186304 ----a-w- C:\Windows\Sysnative\drivers\MBAMChameleon.sys
2017-03-07 10:17:16 E8E0D53AA910D8BC60A403E77DBA9B8C 111544 ----a-w- C:\Windows\Sysnative\drivers\farflt.sys
2017-03-07 10:17:16 E6D1E2E9C1D3F4D3DF3180385D047DB4 82208 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys
2017-03-07 10:17:10 88BD122C3A35DE63D75D382DF75554CE 43968 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys
2017-03-07 10:17:08 F8E8B0977741F114407494174522B71A 251840 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2017-03-07 10:17:03 ACB81E9F20882D2D2BEC7FF626E090AE 77408 ----a-w- C:\Windows\Sysnative\drivers\mbae64.sys
2017-03-04 04:55:53 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\Sysnative\drivers\Msft_Kernel_XtuAcpiDriver_01011.Wdf
2017-03-02 03:51:09 5953E6353A3D22275F7CE92A7F00A8BB 14373824 ----a-w- C:\Windows\Sysnative\drivers\nvlddmkm.sys
2017-03-02 03:51:09 207A78939B7BBA0EFE8BFA947A35E71C 217528 ----a-w- C:\Windows\Sysnative\drivers\nvhda64v.sys
2017-03-02 03:43:18 D261B4DB79B1CD5F09645327CCE0D853 57792 ----a-w- C:\Windows\Sysnative\drivers\nvvhci.sys
2017-03-02 03:43:18 879F4FA7BB5C640EFF46B35233E0FFDE 46016 ----a-w- C:\Windows\Sysnative\drivers\nvvad64v.sys
2017-03-01 16:54:44 A554C77C38A97D230830AAAD0A202BB7 404480 ----a-w- C:\Windows\Sysnative\drivers\ausb3hub.sys
2017-03-01 16:54:44 4AD52D3D2FB2BC73E2611ACECAAEC07B 817664 ----a-w- C:\Windows\Sysnative\drivers\ausb3xhc.sys
2017-03-01 16:54:36 A747E5F7B68E92D1C356903C9A2C34CE 805616 ----a-w- C:\Windows\Sysnative\drivers\iusb3xhc.sys
2017-03-01 16:54:34 08D6B150D817A16D78A7F24CBE96639B 394992 ----a-w- C:\Windows\Sysnative\drivers\iusb3hub.sys
2017-03-01 16:51:57 F53C67226234AEC40AB2FB6F58964623 510952 ----a-w- C:\Windows\Sysnative\drivers\e1d62x64.sys
2017-03-01 16:49:41 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\Sysnative\drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2017-03-01 05:49:33 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\Sysnative\drivers\Msft_Kernel_VirtDiskBus64_01009.Wdf
2017-03-01 05:49:31 FF7C6E015AA32FC6BE0AEF582B802332 66160 ----a-w- C:\Windows\Sysnative\drivers\VirtDiskBus64.sys
2017-03-01 05:44:36 E4D0F0D5EB374D8BACF40E30E9771D60 22240 ----a-w- C:\Windows\Sysnative\drivers\AppleCharger.sys
2017-03-01 05:44:36 84A8E67E6CB15B070A2A7A0B3A9F1609 22240 ----a-w- C:\Windows\Sysnative\drivers\UsbCharger.sys
====== C:\Windows\Tasks ======
2017-03-04 19:23:40 D18164029D1274298138144436039B25 3026 ----a-w- C:\Windows\Sysnative\Tasks\MSIAfterburner
2017-03-03 18:13:16 FFC48E15725130A2E794D65AD31F0776 3890 ----a-w- C:\Windows\Sysnative\Tasks\Adobe Flash Player PPAPI Notifier
2017-03-03 18:13:16 7D6726F83CB8D7147D4E1308B9918C04 892 ----a-w- C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-03-02 03:43:39 366C88057950048B3838817BCD9FDC18 3852 ----a-w- C:\Windows\Sysnative\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-02 03:43:32 7FFF436E850EB29F383320CA36DD1738 4146 ----a-w- C:\Windows\Sysnative\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-02 03:43:26 94B283B7B2AF25D3803D3151C2E712E3 3554 ----a-w- C:\Windows\Sysnative\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-02 03:43:26 4D656907EC768BDF92B5706DEE3CB6C4 3730 ----a-w- C:\Windows\Sysnative\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-02 03:43:26 41E1F3475210A2850D0B23800CD67B53 3738 ----a-w- C:\Windows\Sysnative\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-02 03:43:25 8C70F48179F211F0163FB1D1491FD41B 3494 ----a-w- C:\Windows\Sysnative\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-02 03:43:25 68267550A1338946CEC0B92795058764 3738 ----a-w- C:\Windows\Sysnative\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-01 16:55:17 -------- d-----w- C:\Windows\Sysnative\Tasks\Intel
====== C:\Windows\Temp ======
======= C:\Program Files =====
2017-03-08 02:51:35 -------- d-----w- C:\Program Files\UNi Xonar Audio
2017-03-07 19:52:30 -------- d-----w- C:\Program Files\RogueKiller
2017-03-04 21:45:18 -------- d-----w- C:\Program Files\FirestormOS-Releasex64
2017-03-03 23:44:05 -------- d-----w- C:\Program Files\ESET
2017-03-03 08:19:23 -------- d-----w- C:\Program Files\Z9DAU4BXFW
2017-03-02 20:29:56 -------- d-----w- C:\Program Files\Plantronics
2017-03-01 16:48:44 -------- d-----w- C:\Program Files\Intel
2017-03-01 05:40:02 -------- d-----w- C:\Program Files\Gigabyte
======= C:\PROGRA~2 =====
2017-03-08 01:54:04 -------- d-----w- C:\PROGRA~2\Realtek
2017-03-07 22:33:14 -------- d-----w- C:\PROGRA~2\OpenAL
2017-03-03 08:14:19 -------- d-----w- C:\PROGRA~2\QForlLgs0EYm
2017-03-02 20:28:47 -------- d-----w- C:\PROGRA~2\COMMON~1\{1B6D9EA4-D1D6-4225-ADBB-441707C49D02}
2017-03-02 03:53:03 -------- d-----w- C:\PROGRA~2\VulkanRT
2017-03-01 17:00:16 -------- d-----w- C:\PROGRA~2\GIGABYTE
2017-03-01 16:54:43 -------- d-----w- C:\PROGRA~2\COMMON~1\Intel Corporation
2017-03-01 16:54:10 -------- d-----w- C:\PROGRA~2\ASM106xSATA
2017-03-01 16:50:13 -------- d-----w- C:\PROGRA~2\Creative
2017-03-01 16:49:39 -------- d-----w- C:\PROGRA~2\Intel
======= C: =====
2017-03-02 20:28:28 53170F236A4FE64C00E6D63A16BB6F53 463 ----a-w- C:\ISDebugLogFile.txt
====== C:\Users\Kitten\AppData\Roaming ======
2017-03-09 04:33:11 -------- d-----w- C:\Users\Kitten\AppData\Roaming\discord
2017-03-09 00:24:20 -------- d-----w- C:\Users\Kitten\AppData\Locallow\uTorrent
2017-03-08 02:53:32 -------- d-----w- C:\Users\Kitten\AppData\Roaming\ASUS
2017-03-07 23:00:41 -------- d-----w- C:\Users\Kitten\AppData\Local\Adobe
2017-03-07 22:35:17 -------- d-----w- C:\Users\Kitten\AppData\Local\CrashDumps
2017-03-07 07:45:24 DB1E9415AF74910DF1F391A11269AB4A 7758 ----a-w- C:\Users\Kitten\AppData\Local\recently-used.xbel
2017-03-07 04:14:39 -------- d-----w- C:\Users\Kitten\AppData\Roaming\EasyAntiCheat
2017-03-07 00:55:40 -------- d-----w- C:\Users\Kitten\AppData\Roaming\.mono
2017-03-03 23:53:51 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Local\ESET
2017-03-03 23:15:01 -------- d-----w- C:\Users\Kitten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2017-03-03 20:09:31 -------- d-----w- C:\Users\Kitten\AppData\Local\ESET
2017-03-03 08:19:24 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Roaming\NVIDIA
2017-03-03 08:16:22 -------- d-----w- C:\Users\Default\AppData\Local\AdvinstAnalytics
2017-03-03 08:16:22 -------- d-----w- C:\Users\Default User\AppData\Local\AdvinstAnalytics
2017-03-03 08:15:59 2150D9B8E13EA76F9307F10EB694D2DC 18432 ----a-w- C:\Users\Kitten\AppData\Roaming\Main.dat
2017-03-03 06:26:27 -------- d-----w- C:\Users\Kitten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Armored Warfare MyCom Beta
2017-03-03 05:22:17 -------- d-----w- C:\Users\Kitten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My.com Games
2017-03-03 05:22:12 -------- d-----w- C:\Users\Kitten\AppData\Local\MyComGames
2017-03-03 03:46:08 -------- d-----w- C:\Users\Kitten\AppData\Roaming\Obsidium
2017-03-03 01:59:58 -------- d-----w- C:\Users\Kitten\AppData\Local\Astro
2017-03-02 20:28:28 -------- d-----w- C:\Users\Kitten\AppData\Roaming\InstallShield
2017-03-02 02:51:35 -------- d-----w- C:\Users\Kitten\AppData\Local\Creative
2017-03-01 16:53:57 -------- d-----w- C:\Users\Kitten\AppData\Roaming\Intel Corporation
2017-03-01 05:43:00 -------- d-----w- C:\Users\Default\AppData\Local\Google
2017-03-01 05:43:00 -------- d-----w- C:\Users\Default User\AppData\Local\Google
2017-02-23 10:51:23 -------- d-s---w- C:\Users\UpdatusUser.Kitten-PC\AppData\Roaming\Microsoft
2017-02-23 10:51:23 -------- d-----w- C:\Users\UpdatusUser.Kitten-PC\AppData\Roaming\TuneUp Software
2017-02-23 10:51:23 -------- d-----w- C:\Users\UpdatusUser.Kitten-PC\AppData\Roaming\Media Center Programs
2017-02-23 10:51:23 -------- d-----w- C:\Users\UpdatusUser.Kitten-PC\AppData\Local\Temp
2017-02-23 10:51:23 -------- d-----w- C:\Users\UpdatusUser.Kitten-PC\AppData\Local\Microsoft
2017-02-23 10:51:23 -------- d-----r- C:\Users\UpdatusUser.Kitten-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2017-02-23 10:51:23 -------- d-----r- C:\Users\UpdatusUser.Kitten-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
====== C:\Users\Kitten ======
2017-03-09 04:38:33 A35C7559DB6C0EBF70B06E45D2CF4710 113001480 ----a-w- C:\Users\Kitten\Downloads\OBS-Studio-18.0.1-Full-Installer.exe
2017-03-08 04:22:23 C30DA5B85B64434FC23AE3293567866F 8012449 ----a-w- C:\Users\Kitten\Downloads\UNi-Xonar-1823-v1.80a-r3 (1).exe
2017-03-08 02:57:18 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-03-08 02:48:45 B58C2BA61C1BF787234A7EBDF8EA48EB 7624271 ----a-w- C:\Users\Kitten\Downloads\UNi Xonar 1822 v1.75a r3.exe
2017-03-08 00:01:46 571E83EDA0C694F1C6634073D88ED8B6 217553063 ----a-w- C:\Users\Kitten\Downloads\0008-64bit_Win7_Win8_Win81_Win10_R281.exe
2017-03-07 23:23:34 C30DA5B85B64434FC23AE3293567866F 8012449 ----a-w- C:\Users\Kitten\Downloads\UNi-Xonar-1823-v1.80a-r3.exe
2017-03-07 23:00:15 -------- d-----w- C:\ProgramData\Adobe
2017-03-07 19:52:33 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-03-07 19:52:11 -------- d-----w- C:\ProgramData\RogueKiller
2017-03-07 19:51:12 49EA425DA76D330E99C17F1B61FA05A0 34885984 ----a-w- C:\Users\Kitten\Downloads\setup.exe
2017-03-07 10:11:53 DE04CB4B5BB20F0233199FB05E2EE590 57131432 ----a-w- C:\Users\Kitten\Downloads\mb3-setup-consumer-3.0.6.1469-1075.exe
2017-03-07 04:14:44 -------- d-----w- C:\Users\Kitten\ansel
2017-03-07 04:14:38 -------- d-----w- C:\ProgramData\For Honor Data
2017-03-06 20:58:59 4CD8DEC01BE8185F316ED2B8596B5A5F 2400960 ----a-w- C:\Users\Kitten\Downloads\uTorrent.exe
2017-03-04 21:45:36 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FirestormOS-Releasex64
2017-03-04 21:40:58 234AE809E1A39CD96F2B65AB13F8CEFA 102989792 ----a-w- C:\Users\Kitten\Downloads\Phoenix-FirestormOS-Releasex64-5-0-1-52150_Setup.exe
2017-03-03 23:44:05 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2017-03-03 23:44:05 -------- d-----w- C:\ProgramData\ESET
2017-03-03 08:16:07 -------- d-----w- C:\ProgramData\Logic Cramble
2017-03-02 20:28:31 -------- d-----w- C:\ProgramData\Conexant
2017-03-02 03:36:01 -------- d-----w- C:\ProgramData\RzSurroundVAD_1.1.62.0
2017-03-01 16:55:03 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderbolt™ Software
2017-03-01 16:53:53 -------- d-----r- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2017-03-01 16:53:10 -------- d-----w- C:\ProgramData\Downloaded Installations
2017-03-01 16:50:35 -------- d-----w- C:\Users\Public\Creative
2017-03-01 16:49:41 -------- d-----w- C:\ProgramData\Intel
2017-03-01 16:49:37 -------- d-----w- C:\Users\Kitten\Intel
2017-03-01 16:47:56 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2017-03-01 08:43:35 -------- d-----w- C:\ProgramData\Creative
2017-03-01 05:51:57 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UtechSmart 16400DPI VENUS Gaming Mouse
2017-03-01 05:37:08 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE
2017-02-23 10:58:03 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-02-23 10:51:25 -------- d-----w- C:\Users\UpdatusUser.Kitten-PC\Searches
2017-02-23 10:51:24 -------- d-----w- C:\Users\UpdatusUser.Kitten-PC\Contacts
2017-02-23 10:51:23 6FC234AD3752E1267B34FB12BCD6718B 20 --sh--w- C:\Users\UpdatusUser.Kitten-PC\ntuser.ini
2017-02-23 10:51:23 -------- d--h--w- C:\Users\UpdatusUser.Kitten-PC\AppData
2017-02-23 10:51:23 -------- d-----w- C:\Users\UpdatusUser.Kitten-PC\Saved Games
2017-02-23 10:51:23 -------- d-----r- C:\Users\UpdatusUser.Kitten-PC\Videos
2017-02-23 10:51:23 -------- d-----r- C:\Users\UpdatusUser.Kitten-PC\Pictures
2017-02-23 10:51:23 -------- d-----r- C:\Users\UpdatusUser.Kitten-PC\Music
2017-02-23 10:51:23 -------- d-----r- C:\Users\UpdatusUser.Kitten-PC\Links
2017-02-23 10:51:23 -------- d-----r- C:\Users\UpdatusUser.Kitten-PC\Favorites
2017-02-23 10:51:23 -------- d-----r- C:\Users\UpdatusUser.Kitten-PC\Downloads
2017-02-23 10:51:23 -------- d-----r- C:\Users\UpdatusUser.Kitten-PC\Documents
2017-02-23 10:51:23 -------- d-----r- C:\Users\UpdatusUser.Kitten-PC\Desktop
 
====== C: exe-files ==
2017-03-08 04:00:39 C4AA5853833181ABF3C0332AF5885076 10351680 ----a-w- C:\Users\Kitten\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\NVIDIA\NvBackend\Packages\00009d9e\DAO.21789749.exe
2017-03-08 04:00:39 C4AA5853833181ABF3C0332AF5885076 10351680 ----a-w- C:\Users\Kitten\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\NVIDIA\NvBackend\Packages\00009d9e\DAO.21789749.exe
2017-03-08 01:54:28 FAF8CE5C039B27FEDBAEEB72BC2AFFF2 196608 ------w- C:\Program Files (x86)\Realtek\Audio\ASIO\RTASIOCP.exe
2017-03-08 01:54:28 72C58C9DE23EE6B9B15E9D3A33E5B59E 1719512 ----a-w- C:\Program Files (x86)\Realtek\Audio\InstallShield\Rtkupd64.exe
2017-03-08 01:54:28 04892381D6393CE4A073B4EB80C31BBD 299008 ------w- C:\Program Files (x86)\Realtek\Audio\ASIO\Install.exe
2017-03-08 01:54:08 72C58C9DE23EE6B9B15E9D3A33E5B59E 1719512 ------w- C:\Program Files (x86)\Realtek\Audio\Drivers\RtlUpd64.exe
2017-03-08 01:54:04 49B3D2077199C44C1F3BBB16B4094AE6 121064 ----a-w- C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe
2017-03-07 22:59:57 C9AD9AF8FB7DE6FF36F57C3727201653 225280 ----a-w- C:\Program Files (x86)\Adobe\Acrobat 7.0\Setup Files\RdrBig707\ENU\setup.exe
2017-03-07 22:59:55 61A5FB191AE2AE876DB31DCCE75E4183 1822520 ----a-w- C:\Program Files (x86)\Adobe\Acrobat 7.0\Setup Files\RdrBig707\ENU\instmsiw.exe
2017-03-07 22:33:14 4AB9C9898DF4529EB05759C24F0A97FD 809560 ----a-w- C:\Program Files (x86)\OpenAL\openalweax.exe
2017-03-07 19:52:33 AC3DCE3C35763FCAE8CAD87880D8B805 13447752 ----a-w- C:\Program Files\RogueKiller\Updater.exe
2017-03-07 19:52:32 8574B289EC6FC21A6C6D91045D377F9D 10730568 ----a-w- C:\Program Files\RogueKiller\RogueKillerCMD64.exe
2017-03-07 19:52:30 A80DA0BA129C5F5DFC3B89A05D6B5954 799304 ----a-w- C:\Program Files\RogueKiller\unins000.exe
2017-03-07 19:52:30 9A7E4D22D6A5B22B201EC244EB716690 26044488 ----a-w- C:\Program Files\RogueKiller\RogueKiller64.exe
2017-03-07 12:19:24 FDDF72D79CA1F71A990E7C3D3730F631 346512 ----a-w- C:\Users\Kitten\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
2017-03-07 12:19:24 FDDF72D79CA1F71A990E7C3D3730F631 346512 ----a-w- C:\Users\Kitten\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
2017-03-07 12:19:20 7CCF12F6910F6DBC5AEC9E994A0246BF 436624 ----a-w- C:\Users\Kitten\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\NVIDIA\NvBackend\ApplicationOntology\OAWrapper.exe
2017-03-07 12:19:20 7CCF12F6910F6DBC5AEC9E994A0246BF 436624 ----a-w- C:\Users\Kitten\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\NVIDIA\NvBackend\ApplicationOntology\OAWrapper.exe
2017-03-07 08:21:37 B84E589F25BDE8362B8CFD2A81C2D4A2 2623480 ----a-w- C:\Users\Kitten\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\SwReporter\17.94.0\software_reporter_tool.exe
2017-03-07 03:41:48 8038BAD8885F72837B6A29D696154679 2362544 ----a-w- C:\Program Files (x86)\obs-studio\bin\64bit\obs64.exe
2017-03-07 03:41:44 9FAE37FD3B777673B9979E9079A76CA4 2016432 ----a-w- C:\Program Files (x86)\obs-studio\bin\32bit\obs32.exe
2017-03-04 21:45:40 DFC4FBF670C49D533A9821426FED555F 563002 ----a-w- C:\Program Files\FirestormOS-Releasex64\uninst.exe
2017-03-03 23:47:48 DAABF82E6D9B1B951F83D3DE1FC7E5BE 173696 ----a-w- C:\Program Files\ESET\ESET NOD32 Antivirus\CertImporter-1414.exe
2017-03-03 23:47:48 66D0CC62BE3A574701A6DD73181714D3 151168 ----a-w- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\CertImporter-1414.exe
2017-03-03 23:44:32 46C8939BE74B2814A2A992B2B586B97A 678560 ----a-w- C:\Program Files\ESET\ESET NOD32 Antivirus\speclean.exe
2017-03-03 18:44:02 A8E03B2899FE668B26553B430E1A308B 4745704 ----a-w- C:\ProgramData\Battle.net\Agent\Agent.5450\Agent.exe
2017-03-03 08:19:25 E8FC1B958D2F79495F089BB922F2BE58 35328 ----a-w- C:\Program Files\Z9DAU4BXFW\uninstaller.exe
2017-03-03 08:19:14 679F36CD8E09FFC5A5594813DF7166F7 1867776 ----a-w- C:\FRST\Quarantine\C\ProgramData\vCore\VCore.exe
2017-03-03 08:14:19 B6374813161FA642B92D10AFCF2BB29E 78336 ----a-w- C:\Program Files (x86)\QForlLgs0EYm\UnInstall.exe
2017-03-03 08:14:19 467F32800DF98108D600AB9EFD829C53 719690 ----a-w- C:\Program Files (x86)\QForlLgs0EYm\unins000.exe
2017-03-03 05:22:13 FB85994624330D46CCD1B473BF8B9EE4 384400 ----a-w- C:\Users\Kitten\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MyComGames\HG64.exe
2017-03-03 05:22:13 FB85994624330D46CCD1B473BF8B9EE4 384400 ----a-w- C:\Users\Kitten\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MyComGames\HG64.exe
2017-03-03 05:22:13 FB85994624330D46CCD1B473BF8B9EE4 384400 ----a-w- C:\Users\Kitten\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MyComGames\HG64.exe
2017-03-03 05:22:13 FB85994624330D46CCD1B473BF8B9EE4 384400 ----a-w- C:\Users\Kitten\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MyComGames\HG64.exe
2017-03-03 05:22:12 C91D33C2C538494EF593DFE559437D83 5335440 ----a-w- C:\Users\Kitten\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MyComGames\MyComGames.exe
2017-03-03 05:22:12 C91D33C2C538494EF593DFE559437D83 5335440 ----a-w- C:\Users\Kitten\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MyComGames\MyComGames.exe
2017-03-03 05:22:12 C91D33C2C538494EF593DFE559437D83 5335440 ----a-w- C:\Users\Kitten\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MyComGames\MyComGames.exe
2017-03-03 05:22:12 C91D33C2C538494EF593DFE559437D83 5335440 ----a-w- C:\Users\Kitten\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MyComGames\MyComGames.exe
2017-03-03 01:59:59 596DC69BB40A96FCA4B19D9D1E221E34 1464096 ----a-w- C:\Program Files (x86)\Common Files\Steam\SteamServiceTmp.exe
2017-03-02 20:46:03 23A46750EEBE304DF421ADC240AA1756 12294248 ----a-w- C:\ProgramData\Razer\Synapse\ProductUpdates\Downloads\Razer_Anansi_Config_v1.06.02.exe
2017-03-02 20:29:56 A7A44BC9480F4953716560AF2272E3EA 5208280 ----a-w- C:\Program Files\Plantronics\RIG Surround\RIG_AUDIO_USB\UIU64s.exe
2017-03-02 20:28:47 DBE33AF9B716CDC6F2CDDB88FAECB70D 459432 ----a-w- C:\Program Files (x86)\InstallShield Installation Information\{1B6D9EA4-D1D6-4225-ADBB-441707C49D02}\setup.exe
2017-03-02 20:28:47 99054EB7A3D765AC36A988256BF56BC2 28864094 ----a-w- C:\Program Files (x86)\Common Files\{1B6D9EA4-D1D6-4225-ADBB-441707C49D02}\SETUP.EXE
=== C: other files ==
2017-03-05 05:00:32 71B9091EB4791C80659C7A2D258C5D54 348508 ----a-w- C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\cache\achievements\1835_71b9091eb4791c80659c7a2d258c5d54.zip
2017-03-04 21:45:40 6EBCA0BF1391FA4817B7BF4DD5F9E03E 170 ----a-w- C:\Program Files\FirestormOS-Releasex64\autorun.bat
 
==== Startup Registry Enabled ======================
 
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
 
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
 
[HKEY_USERS\S-1-5-21-3778399154-3554267619-3536051004-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"="C:\Program Files (x86)\Steam\steam.exe -silent"
"Gyazo"="C:\Program Files (x86)\Gyazo\GyStation.exe"
"Discord"="C:\Users\Kitten\AppData\Local\Discord\app-0.0.297\Discord.exe"
"Google Update"="C:\Users\Kitten\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe"
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"uTorrent"="C:\Users\Kitten\AppData\Roaming\uTorrent\uTorrent.exe  /MINIMIZED"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
 
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
 
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LWS"="C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide"
"USB3MON"="C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"UpdReg"="C:\Windows\UpdReg.EXE"
"Sound Blaster Recon3Di SBX Control Panel"="C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe /r"
"Razer Synapse"="C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"PreRun"="C:\Program Files (x86)\GIGABYTE\AppCenter\PreRun.exe"
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"="C:\Program Files (x86)\Steam\steam.exe -silent"
"Gyazo"="C:\Program Files (x86)\Gyazo\GyStation.exe"
"Discord"="C:\Users\Kitten\AppData\Local\Discord\app-0.0.297\Discord.exe"
"Google Update"="C:\Users\Kitten\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe"
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"uTorrent"="C:\Users\Kitten\AppData\Roaming\uTorrent\uTorrent.exe  /MINIMIZED"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
 
==== Startup Registry Enabled x64 ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XboxStat"="C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe silentrun"
"IAStorIcon"="C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe 60"
"Malwarebytes TrayApp"="C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe"
 
==== Startup Registry Disabled x64 ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BlueStacks Agent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BlueStacks Agent"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\BlueStacks\\HD-Agent.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DualBiosRescue]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\RunOnce"
"item"="DualBiosRescue"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\GIGABYTE\\GigabyteFirmwareUpdateUtility\\dbrro.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EasyTune]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\RunOnce"
"item"="EasyTune"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\GIGABYTE\\EasyTune\\etro.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EasyTuneEngineService]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\RunOnce"
"item"="EasyTuneEngineService"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\GIGABYTE\\EasyTuneEngineService\\EngineRunOnce.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PreRun]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\RunOnce"
"item"="PreRun"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\GIGABYTE\\AppCenter\\PreRun.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Razer Synapse]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Razer Synapse"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Razer\\Synapse\\RzSynapse.exe\""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RPMKickstart]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce"
"item"="RPMKickstart"
"hkey"="HKLM"
"command"="C:\\Program Files\\Gigabyte\\Smart Backup\\RPMKickstartEx.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ShadowPlay]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ShadowPlay"
"hkey"="HKLM"
"command"="\"C:\\Windows\\system32\\rundll32.exe\" C:\\Windows\\system32\\nvspcap64.dll,ShadowPlayOnSystemStart"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SIV]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\RunOnce"
"item"="SIV"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\GIGABYTE\\SIV\\sivro.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SunJavaUpdateSched"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="uTorrent"
"hkey"="HKCU"
"command"="\"C:\\Users\\Kitten\\AppData\\Roaming\\uTorrent\\uTorrent.exe\"  /MINIMIZED"
 
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Killer Network Manager.lnk]
"item"="Killer Network Manager"
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Killer Network Manager.lnk"
"backup"="C:\\Windows\\pss\\Killer Network Manager.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~1\\KILLER~1\\NETWOR~1\\NETWOR~1.EXE"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Kitten^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Nexon Launcher.lnk]
"item"="Nexon Launcher"
"path"="C:\\Users\\Kitten\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Nexon Launcher.lnk"
"backup"="C:\\Windows\\pss\\Nexon Launcher.lnk.Startup"
"backupExtension"=".Startup"
"command"="D:\\STEAML~1\\STEAMA~1\\common\\NEXONL~1\\NEXON_~1.EXE"
 
 
==== Startup Folders ======================
 
2017-03-07 23:00:16 2048 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
 
==== Task Scheduler Jobs ======================
 
C:\Windows\tasks\Adobe Flash Player PPAPI Notifier.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe [03/03/2017 10:13 AM]
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [03/03/2017 10:48 AM]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [04/14/2016 01:39 PM]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [04/14/2016 01:39 PM]
 
==== Other Scheduled Tasks ======================
 
"C:\Windows\SysNative\tasks\Adobe Flash Player PPAPI Notifier" [C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe]
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore1d1e92d11229fc6" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA1d1e92d113b31a3" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-3778399154-3554267619-3536051004-1000Core" [C:\Users\Kitten\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-3778399154-3554267619-3536051004-1000UA" [C:\Users\Kitten\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GyazoUpdateTaskMachine" ["C:\Program Files (x86)\Gyazo\GyazoUpdate.exe"]
"C:\Windows\SysNative\tasks\GyazoUpdateTaskMachineDaily" ["C:\Program Files (x86)\Gyazo\GyazoUpdate.exe"]
"C:\Windows\SysNative\tasks\MSIAfterburner" [C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe]
"C:\Windows\SysNative\tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" [C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe]
"C:\Windows\SysNative\tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" [C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe]
"C:\Windows\SysNative\tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" [C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe]
"C:\Windows\SysNative\tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" [C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe]
"C:\Windows\SysNative\tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" [C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe]
"C:\Windows\SysNative\tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" [C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe]
"C:\Windows\SysNative\tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" [C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report" [C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater" [C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe]
"C:\Windows\SysNative\tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up" [Thunderbolt.exe]
"C:\Windows\SysNative\tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected" [Thunderbolt.exe]
"C:\Windows\SysNative\tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up" [tbtsvc.exe]
"C:\Windows\SysNative\tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected" [sc.exe start ThunderboltService]
 
==== Firefox Start and Search pages ======================
 
ProfilePath: C:\Users\Kitten\AppData\Roaming\Mozilla\Firefox\Profiles\jl2d71i4.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
 
==== Firefox Extensions ======================
 
ProfilePath: C:\Users\Kitten\AppData\Roaming\Mozilla\Firefox\Profiles\jl2d71i4.default
- FT DeepDark - %ProfilePath%\extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66}
- NoScript - %ProfilePath%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
 
==== Firefox Plugins ======================
 
Profilepath: C:\Users\Kitten\AppData\Roaming\Mozilla\Firefox\Profiles\jl2d71i4.default
86BD236BE6DA240730EFD2C8026E5B16 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll - Shockwave Flash
F9D90EEC96E97411869E120E52B1AE0A - C:\Users\Kitten\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll - Google Update
5B6E82D37D684488C226303BAD70D58C - C:\Users\Kitten\AppData\Local\MyComGames\npmycomdetector.dll - My.Com Game Center component npmycomdetector.dll
20FF20FBC1F20ADEC0AD6AF98ABE9545 - C:\Users\Kitten\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk Plugin
57D28190C994AD5E9B1007FB2259393A - C:\Users\Kitten\AppData\Roaming\Mozilla\plugins\npo1d.dll - Google Talk Plugin Video Renderer
 
 
==== Chromium Look ======================
 
Google Chrome Version: 43.0.2357.134
 
 
YouTube - Kitten\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\adnlfjpnmidfimlkaohpidplnoimahfh
Dark Pro - Kitten\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\fmbgoibinalibemffdkehofmbnklhbjd
Chrome Media Router - Kitten\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
YouTube - Kitten\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\adnlfjpnmidfimlkaohpidplnoimahfh
Dark Pro - Kitten\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\fmbgoibinalibemffdkehofmbnklhbjd
Whitelisted domains - Kitten\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Chrome Web Store Payments - Kitten\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Chrome Media Router - Kitten\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
YouTube - Kitten\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\adnlfjpnmidfimlkaohpidplnoimahfh
Dark Pro - Kitten\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\fmbgoibinalibemffdkehofmbnklhbjd
Whitelisted domains - Kitten\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Chrome Web Store Payments - Kitten\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Chrome Media Router - Kitten\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
YouTube - Kitten\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\adnlfjpnmidfimlkaohpidplnoimahfh
Dark Pro - Kitten\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\fmbgoibinalibemffdkehofmbnklhbjd
Whitelisted domains - Kitten\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Chrome Web Store Payments - Kitten\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Chrome Media Router - Kitten\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
YouTube - Kitten\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\adnlfjpnmidfimlkaohpidplnoimahfh
Dark Pro - Kitten\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\fmbgoibinalibemffdkehofmbnklhbjd
Whitelisted domains - Kitten\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Chrome Web Store Payments - Kitten\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Chrome Media Router - Kitten\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
YouTube - Kitten\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\adnlfjpnmidfimlkaohpidplnoimahfh
Dark Pro - Kitten\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\fmbgoibinalibemffdkehofmbnklhbjd
Whitelisted domains - Kitten\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Chrome Web Store Payments - Kitten\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Chrome Media Router - Kitten\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
YouTube - Kitten\AppData\Local\Application Data\Google\Chrome\User Data\Default\Extensions\adnlfjpnmidfimlkaohpidplnoimahfh
Dark Pro - Kitten\AppData\Local\Application Data\Google\Chrome\User Data\Default\Extensions\fmbgoibinalibemffdkehofmbnklhbjd
Whitelisted domains - Kitten\AppData\Local\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Chrome Web Store Payments - Kitten\AppData\Local\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Chrome Media Router - Kitten\AppData\Local\Application Data\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
YouTube - Kitten\AppData\Local\Google\Chrome\User Data\Default\Extensions\adnlfjpnmidfimlkaohpidplnoimahfh
Dark Pro - Kitten\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmbgoibinalibemffdkehofmbnklhbjd
Whitelisted domains - Kitten\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Chrome Web Store Payments - Kitten\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Chrome Media Router - Kitten\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
 
==== IE Start and Search Settings ======================
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
 
==== HijackThis Entries ======================
 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [Sound Blaster Recon3Di SBX Control Panel] "C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe" /r
O4 - HKLM\..\Run: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
O4 - HKLM\..\RunOnce: [PreRun] C:\Program Files (x86)\GIGABYTE\AppCenter\PreRun.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Gyazo] C:\Program Files (x86)\Gyazo\GyStation.exe
O4 - HKCU\..\Run: [Discord] C:\Users\Kitten\AppData\Local\Discord\app-0.0.297\Discord.exe
O4 - HKCU\..\Run: [Google Update] C:\Users\Kitten\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Kitten\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://help.eset.com (HKLM)
O15 - ESC Trusted Zone: http://help.eset.com (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\..\{6FD35362-F7B4-4933-8F07-AF5112A7D191}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{B03ADB5E-0DC3-4114-A93E-425D956EF214}: NameServer = 8.8.8.8
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 8.8.8.8
O17 - HKLM\System\CS2\Services\Tcpip\..\{6FD35362-F7B4-4933-8F07-AF5112A7D191}: NameServer = 8.8.8.8
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 8.8.8.8
O17 - HKLM\System\CS3\Services\Tcpip\..\{6FD35362-F7B4-4933-8F07-AF5112A7D191}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 8.8.8.8
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-Service.exe
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
O23 - Service: BlueStacks Plus Android Service (BstHdPlusAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: SB Recon3D Service (CtHdaSvc) - Creative Technology Ltd - C:\Windows\sysWow64\CtHdaSvc.exe
O23 - Service: SCP DS3 Service (Ds3Service) - Scarlet.Crush Productions - C:\Program Files\Scarlet.Crush Productions\bin\ScpService.exe
O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\Windows\system32\EasyAntiCheat.exe
O23 - Service: EasyTune Engine (EasyTuneEngineService) - GIGA-BYTE TECHNOLOGY CO., LTD. - C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\EasyTuneEngineService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GIGABYTE Adjust (gadjservice) - Unknown owner - C:\Program Files (x86)\GIGABYTE\AppCenter\AdjustService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - HP Inc. - C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
O23 - Service: HwmRecordService - GIGA-BYTE TECHNOLOGY CO., LTD. - C:\Program Files (x86)\GIGABYTE\SIV\HwmRecordService.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel® Integrated Clock Controller Service - Intel® ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel® PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: NVIDIA Telemetry Container (NvTelemetryContainer) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
O23 - Service: OcButtonService - GIGA-BYTE TECHNOLOGY CO., LTD. - C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\OcButtonService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Razer Game Scanner (Razer Game Scanner Service) - Unknown owner - C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: RzSurroundVADStreamingService - Unknown owner - C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: Smart TimeLock Service (Smart TimeLock) - Gigabyte Technology CO., LTD. - C:\Program Files (x86)\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Thunderbolt™ Service (ThunderboltService) - Intel Corporation - C:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=1609 folders=244 382977006 bytes)
 
==== After Reboot ======================
 
==== Deleting Files / Folders ======================
 
"C:\Users\Kitten\AppData\Roaming\discord\Cookies"  deleted
"C:\Users\Kitten\AppData\Roaming\discord\Cookies-journal"  deleted
"C:\Users\Kitten\AppData\Roaming\discord\modules.log"  deleted
"C:\Users\Kitten\AppData\Roaming\discord\Local Storage\https_discordapp.com_0.localstorage"  deleted
"C:\Users\Kitten\AppData\Roaming\discord"  deleted
 
==== EOF on Thu 03/09/2017 at 12:19:54.50 ======================


#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:19 PM

Posted 10 March 2017 - 09:49 AM


Please run the Zoek tool one more time and only select 4 - Do a Deep Scan and Automatic Cleanup. if not already done.

Do it in normal mode if at all possible.

Post the log for my review.

Let me know what problem persists with this computer.

#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:19 PM

Posted 16 March 2017 - 07:31 AM

Are you still with me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users