Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Java Update Handler plays Ads in the background


  • This topic is locked This topic is locked
15 replies to this topic

#1 ydg

ydg

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:13 AM

Posted 03 March 2017 - 08:28 PM

So basically randomly today, without going to any new sites or downloading anything, which I don't do anyway (this computer is used for LOL and Wolfenstein: ET only) this Java update handler started playing ads in the background.

 

This is the first result of the FRST

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-03-2017
Ran by Adam (administrator) on ADAM-PC (03-03-2017 20:23:04)
Running from C:\Users\Adam\Desktop
Loaded Profiles: Adam (Available Profiles: Adam & DefaultAppPool)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\System32\SndVol.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Java Inc.) C:\Users\Adam\AppData\Local\Java Updater.exe
(www.gmailnotifier.com) C:\Program Files (x86)\Gmail Notifier\Gmail Notifier.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Google Inc.) C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-26] (Egis Technology Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1812032 2016-03-28] (NVIDIA Corporation)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-25] (Microsoft Corporation)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-05-26] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [611872 2010-08-04] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421736 2012-03-06] (Apple Inc.)
HKU\S-1-5-21-4068993720-391376673-3591436037-1001\...\Run: [Google Update] => C:\Users\Adam\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-17] (Google Inc.)
HKU\S-1-5-21-4068993720-391376673-3591436037-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-4068993720-391376673-3591436037-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Adam\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-4068993720-391376673-3591436037-1001\...\Run: [Java Updater] => C:\Users\Adam\AppData\Local\Java Updater.exe [ ] ()
HKU\S-1-5-21-4068993720-391376673-3591436037-1001\...\Run: [Gmail Notifier.exe] => C:\Program Files (x86)\Gmail Notifier\Gmail Notifier.exe [2155008 2011-04-07] (www.gmailnotifier.com)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll [2010-05-26] (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll [2010-05-26] (Egis Technology Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 64.71.255.204 64.71.255.198
Tcpip\..\Interfaces\{0b47d2c2-3636-4e51-b6da-6eef1042ffac}: [DhcpNameServer] 64.71.255.204 64.71.255.198
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-4068993720-391376673-3591436037-1001 -> DefaultScope {79030B36-6484-4998-9774-57E673CEA240} URL = 
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2012-03-06] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2013-11-30] (Nexon)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4068993720-391376673-3591436037-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Adam\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-4068993720-391376673-3591436037-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Adam\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=M030A4D03-0C43-4D36-9287-AB17B9F5DE33&SearchSource=55&CUI=&UM=5&UP=SP843B0D3A-9E47-4E8A-941E-62600127F565&SSPV=
CHR RestoreOnStartup: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggbdVpdU1wSGRhBJAAITA1BEVYOeVheAxRIQ1ERJAgNWAoTE1YFIk0FA1oDB0VXfV5bFElXTwhwJVhKAlE8TkdGC1dXFg=="
CHR Plugin: (Shockwave Flash) - C:\Users\Adam\AppData\Local\Google\Chrome\Application\56.0.2924.87\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Users\Adam\AppData\Local\Google\Chrome\Application\56.0.2924.87\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Adam\AppData\Local\Google\Chrome\Application\56.0.2924.87\pdf.dll => No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.60.126.1_0\McChPlg.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Java™ Platform SE 7 U15) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll => No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll => No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\Adam\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.150.3) - C:\Windows\SysWOW64\npDeployJava1.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR Profile: C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default [2017-03-03]
CHR Extension: (YouTube) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Battlefield Heroes) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh [2013-11-30]
CHR Extension: (Google Search) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Video Downloader professional) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2016-07-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-17]
CHR Extension: (Gmail) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-06]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2011-05-10] (Adobe Systems) [File not signed]
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [625184 2009-04-19] ()
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-26] (Egis Technology Inc.)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [207904 2009-04-19] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-11-30] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [283064 2013-11-01] (Disc Soft Ltd)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 sjcst; C:\Windows\system32\sjcsu64.sys [86352 2015-07-27] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U3 idsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-03 20:23 - 2017-03-03 20:24 - 00014919 _____ C:\Users\Adam\Desktop\FRST.txt
2017-03-03 20:22 - 2017-03-03 20:23 - 00000000 ____D C:\FRST
2017-03-03 20:22 - 2017-03-03 20:22 - 02423808 _____ (Farbar) C:\Users\Adam\Desktop\FRST64.exe
2017-03-03 20:13 - 2017-03-03 20:13 - 00001815 _____ C:\Users\Adam\Desktop\JRT scan 1.txt
2017-03-03 20:12 - 2017-03-03 20:12 - 00001815 _____ C:\Users\Adam\Desktop\JRT.txt
2017-03-03 20:08 - 2017-03-03 20:09 - 01663736 _____ (Malwarebytes) C:\Users\Adam\Desktop\JRT.exe
2017-03-03 20:06 - 2017-03-03 20:06 - 00003380 _____ C:\Users\Adam\Desktop\ADW cleaner scan 1.txt
2017-03-03 19:57 - 2017-03-03 19:58 - 04031440 _____ C:\Users\Adam\Desktop\AdwCleaner.exe
2017-03-03 19:54 - 2017-03-03 19:54 - 00003404 _____ C:\WINDOWS\System32\Tasks\{4FA310B5-F6AC-4FFC-8229-D8A11BBD6C48}
2017-03-03 18:15 - 2017-03-03 18:15 - 00000000 ____D C:\Users\Adam\Desktop\100-149
2017-02-25 19:32 - 2017-02-25 19:32 - 00000000 ____D C:\Users\Adam\Downloads\Spiritpact
2017-02-20 17:06 - 2017-03-03 18:15 - 00000000 ____D C:\Users\Adam\Desktop\One Piece
2017-02-11 07:50 - 2017-02-11 08:03 - 298322350 _____ C:\Users\Adam\Desktop\Aizome Kaori-hen 01.mp4
2017-02-11 07:50 - 2017-02-11 08:03 - 280196893 _____ C:\Users\Adam\Desktop\Aizome Kaori-hen 02.mp4
2017-02-10 20:59 - 2017-02-10 20:59 - 00076287 _____ C:\Users\Adam\AppData\Local\recently-used.xbel
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-03 20:16 - 2011-05-05 16:29 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Gmail Notifier
2017-03-03 20:14 - 2016-09-25 14:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-03 20:14 - 2016-09-25 13:51 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-03 20:14 - 2016-07-16 01:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-03-03 20:09 - 2014-02-13 17:29 - 00000000 ____D C:\AdwCleaner
2017-03-03 19:53 - 2014-01-25 07:10 - 00000000 ____D C:\Users\Adam\AppData\Roaming\.minecraft
2017-03-03 19:53 - 2013-11-01 15:13 - 00000000 ____D C:\Program Files (x86)\Torchlight II
2017-03-03 19:45 - 2016-09-25 13:56 - 00000000 ____D C:\Users\Adam
2017-03-02 18:12 - 2016-09-25 13:47 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-03-02 18:04 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-02 18:03 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-03-01 17:58 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-28 17:07 - 2014-03-06 18:10 - 00000000 ____D C:\Users\Adam\Desktop\Backs
2017-02-22 18:24 - 2015-12-09 16:52 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-22 18:21 - 2011-09-05 19:00 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-22 18:08 - 2014-08-20 20:23 - 00000000 ____D C:\Users\Adam\AppData\Roaming\vlc
2017-02-21 19:10 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-20 17:37 - 2014-12-21 15:55 - 00000000 ____D C:\Users\Adam\Desktop\On my HDD
2017-02-10 20:59 - 2015-02-13 17:18 - 00000000 ____D C:\Users\Adam\AppData\Roaming\HexChat
2017-02-10 20:33 - 2016-12-04 08:42 - 00000000 ____D C:\Users\Adam\Downloads\Youjo Senki
2017-02-10 20:32 - 2015-02-13 17:42 - 00000000 ____D C:\Users\Adam\AppData\Local\gtk-2.0
2017-02-10 20:31 - 2016-05-21 06:31 - 00000000 ____D C:\Users\Adam\Downloads\Anime not on HS
2017-02-10 20:30 - 2016-09-15 16:14 - 00000000 ____D C:\Users\Adam\Downloads\Trickster
2017-02-10 20:28 - 2016-12-04 08:45 - 00000000 ____D C:\Users\Adam\Downloads\Tales of Zestiria
2017-02-10 20:24 - 2016-03-24 15:43 - 00000000 ____D C:\Users\Adam\Downloads\Sousei no Onmyouji
2017-02-10 20:22 - 2017-01-21 15:35 - 00000000 ____D C:\Users\Adam\Downloads\Shouwa Genroku Rakugo
2017-02-10 20:14 - 2016-11-16 17:21 - 00000000 ____D C:\Users\Adam\Downloads\Seiren
2017-02-10 20:12 - 2016-12-04 08:41 - 00000000 ____D C:\Users\Adam\Downloads\Masamune-kun no revenge
2017-02-10 20:10 - 2017-01-21 15:35 - 00000000 ____D C:\Users\Adam\Downloads\Kuzu no honkai
2017-02-10 20:06 - 2016-11-16 17:19 - 00000000 ____D C:\Users\Adam\Downloads\Kono Suarashii sekai
2017-02-10 20:04 - 2016-11-16 17:22 - 00000000 ____D C:\Users\Adam\Downloads\Kobayashi-san Chi
2017-02-10 20:02 - 2016-11-16 17:24 - 00000000 ____D C:\Users\Adam\Downloads\Hand Shakers
2017-02-10 20:00 - 2016-11-16 17:21 - 00000000 ____D C:\Users\Adam\Downloads\Granblue Fantasy
2017-02-10 19:59 - 2016-12-04 08:44 - 00000000 ____D C:\Users\Adam\Downloads\Gintama
2017-02-10 19:57 - 2016-12-04 08:43 - 00000000 ____D C:\Users\Adam\Downloads\Fuuka
2017-02-10 19:55 - 2016-12-04 08:46 - 00000000 ____D C:\Users\Adam\Downloads\Eldlive
2017-02-10 19:54 - 2016-11-16 17:20 - 00000000 ____D C:\Users\Adam\Downloads\Demi-chan wa Kataritai
2017-02-10 19:23 - 2016-11-16 17:23 - 00000000 ____D C:\Users\Adam\Downloads\Chaos child
2017-02-10 19:19 - 2016-11-16 17:25 - 00000000 ____D C:\Users\Adam\Downloads\Chain Chronicle
2017-02-10 19:16 - 2016-11-16 17:20 - 00000000 ____D C:\Users\Adam\Downloads\Ao no Exorcist
2017-02-10 19:14 - 2016-09-15 16:16 - 00000000 ____D C:\Users\Adam\Downloads\All Out
2017-02-10 19:12 - 2016-11-16 17:21 - 00000000 ____D C:\Users\Adam\Downloads\Acca 13
2017-02-10 19:11 - 2016-10-01 14:15 - 00000000 ____D C:\Users\Adam\Downloads\3-gatsu no Lion
2017-02-10 19:10 - 2016-06-03 16:46 - 00000000 ____D C:\Users\Adam\Downloads\Next seasons Anime
2017-02-06 18:42 - 2011-04-30 15:45 - 00002489 _____ C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-06 18:42 - 2011-04-30 15:45 - 00002481 _____ C:\Users\Adam\Desktop\Google Chrome.lnk
2017-02-06 14:48 - 2016-07-16 06:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-02-06 14:48 - 2016-07-16 06:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-03 20:29 - 2016-12-07 18:26 - 00000000 ____D C:\Users\Adam\Desktop\For cell wall
 
==================== Files in the root of some directories =======
 
2016-05-28 06:39 - 2016-05-28 06:40 - 0868352 ____H (Java Inc.) C:\Users\Adam\AppData\Local\Java Updater.exe
2017-02-10 20:59 - 2017-02-10 20:59 - 0076287 _____ () C:\Users\Adam\AppData\Local\recently-used.xbel
2012-12-30 13:04 - 2012-12-30 13:04 - 0007597 _____ () C:\Users\Adam\AppData\Local\Resmon.ResmonCfg
2009-07-07 03:05 - 2009-07-07 03:08 - 0015545 _____ () C:\ProgramData\ArcadeDeluxe4.log
2014-06-30 13:49 - 2014-06-30 13:50 - 0000090 _____ () C:\ProgramData\PS.log
 
Files to move or delete:
====================
C:\Users\Adam\jagex_runescape_preferences.dat
C:\Users\Adam\jagex_runescape_preferences2.dat
 
 
Some files in TEMP:
====================
2017-03-03 19:54 - 2013-11-30 13:24 - 0172032 _____ (Nexon) C:\Users\Adam\AppData\Local\Temp\NGM.exe
2017-03-03 19:54 - 2013-11-30 13:24 - 0831488 _____ (Nexon) C:\Users\Adam\AppData\Local\Temp\NGMDll.dll
2017-03-03 19:54 - 2013-11-30 13:24 - 0405504 _____ (Nexon) C:\Users\Adam\AppData\Local\Temp\NGMResource.dll
2017-03-03 19:53 - 2014-01-25 07:10 - 0069253 _____ () C:\Users\Adam\AppData\Local\Temp\Uninstall.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-02-20 14:47
 
==================== End of FRST.txt ============================
 
 
And the additional
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-03-2017
Ran by Adam (03-03-2017 20:25:09)
Running from C:\Users\Adam\Desktop
Windows 10 Home Version 1607 (X64) (2016-09-25 19:25:10)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Adam (S-1-5-21-4068993720-391376673-3591436037-1001 - Administrator - Enabled) => C:\Users\Adam
Administrator (S-1-5-21-4068993720-391376673-3591436037-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4068993720-391376673-3591436037-503 - Limited - Disabled)
Guest (S-1-5-21-4068993720-391376673-3591436037-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4068993720-391376673-3591436037-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
18 Wheels of Steel - American Long Haul (x32 Version: 2.2.0.95 - WildTangent) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.1.3 - WildTangent)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0825.2010 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.19) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.19 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.95 - WildTangent) Hidden
Akamai NetSession Interface (HKU\S-1-5-21-4068993720-391376673-3591436037-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Apple Application Support (HKLM-x32\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}) (Version: 5.1.1.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Canon MF Toolbox 4.9.1.1.mf07 (HKLM-x32\...\{6767DFEE-8909-453A-B553-C7693912B2EB}) (Version: 3.0.0 - Canon)
Canon MF4360-4390 (HKLM\...\{B93A5C71-1F05-47c6-A9CD-DB6183CC8B30}) (Version:  - )
CDisplay 1.8 (HKLM-x32\...\CDisplay_is1) (Version:  - dvd8n)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Connect (HKLM-x32\...\Connect) (Version: 1.4.12253.0 - Cisco Consumer Products LLC)
CoView (HKLM-x32\...\CoView_is1) (Version: 1.0.0 - Infomap, consultas informáticas  Miguel A. Padrón)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
Dark Messiah Of Might And Magic (HKLM-x32\...\Dark Messiah Of Might And Magic_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
DomDomSoft Manga Downloader (remove only) (HKLM-x32\...\DomDomSoft Manga Downloader) (Version:  - )
Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Gmail Notifier (HKLM-x32\...\Gmail Notifier) (Version:  - )
Google Chrome (HKU\S-1-5-21-4068993720-391376673-3591436037-1001\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
HexChat (HKLM\...\HexChat_is1) (Version: 2.12.4 - HexChat)
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3009 - Acer Incorporated)
Howie's Quick Screen Capture 1.1.1 (HKLM-x32\...\{370674BC-FCD0-4C4D-9B55-49A6EFC3DAC6}_is1) (Version:  - Howies Funware)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
iTunes (HKLM\...\{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}) (Version: 10.6.0.40 - Apple Inc.)
Jewel Quest - Heritage (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version:  - )
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
MyWinLocker (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
Nero 9 Essentials (HKLM-x32\...\{01edc90d-6ac3-41a4-8d69-03d4064058ba}) (Version:  - Nero AG)
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )
NVIDIA 3D Vision Controller Driver 310.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 310.70 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 342.01 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (HKLM-x32\...\InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version:  - )
NVIDIA Graphics Driver 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 342.01 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5898 - Realtek Semiconductor Corp.)
Shredder (Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Star Wars JK II Jedi Outcast (HKLM-x32\...\{576E71DA-3000-48F6-9B21-B9A70D47DFCF}) (Version:  - )
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3005 - Acer Incorporated)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Phone app for desktop (HKLM-x32\...\{5F71448B-88EB-4357-9A98-8658D4C49C48}) (Version: 1.1.2726.0 - Microsoft Corporation)
WinRAR 4.00 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
Wolfenstein - Enemy Territory (HKLM-x32\...\Wolfenstein - Enemy Territory) (Version:  - )
Xfire (remove only) (HKLM-x32\...\Xfire) (Version:  - )
Zuma's Revenge (x32 Version: 2.2.0.95 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
HKU\S-1-5-21-4068993720-391376673-3591436037-1001\...\ChromeHTML: -> C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-4068993720-391376673-3591436037-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Adam\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4068993720-391376673-3591436037-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Adam\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4068993720-391376673-3591436037-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Adam\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4068993720-391376673-3591436037-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Adam\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4068993720-391376673-3591436037-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Adam\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4068993720-391376673-3591436037-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Adam\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4068993720-391376673-3591436037-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Adam\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4068993720-391376673-3591436037-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Adam\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4068993720-391376673-3591436037-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Adam\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4068993720-391376673-3591436037-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Adam\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4068993720-391376673-3591436037-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Adam\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4068993720-391376673-3591436037-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Adam\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4068993720-391376673-3591436037-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Adam\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4068993720-391376673-3591436037-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Adam\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4068993720-391376673-3591436037-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Adam\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4068993720-391376673-3591436037-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Adam\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0034A9F2-FF01-45FE-B16A-BD0A0B86E717} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {129B38DF-530C-4966-8579-42ABDCE026F3} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {14A49F43-5674-4627-AB96-2ED653F1C10E} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {1B4166C6-20FC-4890-8699-FA7038CCD7C6} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-02-22] (Microsoft Corporation)
Task: {1E4441A1-F9B5-4F10-95AE-09AD388791B5} - System32\Tasks\{97CB9026-D6AD-4F05-8234-A89C992907FC} => C:\Program Files (x86)\Mount&Blade Warband\mb_warband.exe 
Task: {1F0F9D6C-47EC-45FA-8BF2-DCA598461F68} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {26EED1A4-5503-4A80-B6E8-1F3E0E1F82FF} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {28E537C6-A48D-477B-9D6A-3052C2341DF4} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate.exe 
Task: {2D96A495-55CD-428E-B023-E7CCD51460B3} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {300F4B8A-CE1C-42D2-A04C-A687E77CA68F} - System32\Tasks\{D541701B-464A-47F9-9EE2-BDE162CA2E83} => C:\Program Files (x86)\Mount&Blade Warband\mb_warband.exe 
Task: {31C33E99-5C64-477D-B6F0-775F5A973330} - System32\Tasks\{C3CD5202-D74F-44CA-B294-FBD3D19E41B5} => C:\Program Files (x86)\Wolfenstein - Enemy Territory\ET.exe [2005-03-10] ()
Task: {32CE9007-6973-4274-8087-A04EC4052FC2} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {3D6D3E84-2675-4CA0-8680-F37B4EEDC38D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {400F0912-DB34-4554-96C6-13F10B3871FC} - System32\Tasks\{C7FE22C1-E385-42F6-9151-B69130CA923E} => C:\Program Files (x86)\Wolfenstein - Enemy Territory\ET.exe [2005-03-10] ()
Task: {4AF74034-E682-4AEE-89DA-E7859DDC2535} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {4BA7A4A6-6387-4B17-94D2-1245A8F714A3} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {4CC7D5C6-9CE5-4FB7-8AB6-67A1717D80D4} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {4E565241-9446-4028-9365-6E84277378F8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {50DF056F-8292-48B8-9777-1A0B37D0EFE6} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {52314877-5ABD-49AE-836F-5405675D7668} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe 
Task: {532443A7-FEF6-4E4D-8C39-C2C1178DCA0D} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {53B6F21A-1DAE-4CC8-AF60-36D7800F8D71} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {544538B8-FF6A-41BC-ADA3-900BADB90140} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {5B844748-36EC-4C3C-8C00-20EDB3A79C23} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {5CB6EFA2-70D3-4149-9334-5EBDECBC91A3} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {6302C6FB-C3A4-481E-8445-5033ABD3B15A} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe 
Task: {6A793F78-3785-4BBB-B391-6F6FF3CB3570} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4068993720-391376673-3591436037-1001UA1d258aad4132fc5 => C:\Users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {6E647535-2030-4B13-BD08-6332877ECBC4} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {7AD2F9F0-3898-4D84-9E3F-483F31A524AA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {A048BC45-84D2-4C18-ACAE-46C0AEF5927C} - System32\Tasks\{4FA310B5-F6AC-4FFC-8229-D8A11BBD6C48} => pcalua.exe -a C:\ProgramData\NexonUS\NGM\NGM.exe -c -mode:uninstall -dll:ngm.nexon.net/ngm/NGM/Bin/NGMDll.dll -game:0 -locale:US -load_from_local
Task: {A053DE93-64D0-4556-9638-BF7F55578CE0} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe 
Task: {A1C697C1-A753-43D5-822E-26F1BDD0E4DD} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {A52B3815-638C-4AF6-8478-1F015481A19D} - System32\Tasks\{88743B81-71A8-4EE9-967A-93E4DA764FB4} => C:\Program Files (x86)\Wolfenstein - Enemy Territory\ET.exe [2005-03-10] ()
Task: {B4D42FA0-1FCF-4A70-8691-1E174F0D1A53} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4068993720-391376673-3591436037-1001Core => C:\Users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {B66BD689-02DF-4B4D-AB24-0146662BF71C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4068993720-391376673-3591436037-1001UA => C:\Users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {BB990F9C-A509-4650-8EB0-5C9D2C062C9B} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {BBBC1165-BF73-4FEB-ABCF-14587BF7A835} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {C495F17C-33C4-4549-9619-50593384848B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {C4D0AB2A-A504-47F7-97BC-C2A5D6ABEC76} - System32\Tasks\{49FDE716-208E-4748-A1A8-5AF6938588EF} => C:\Program Files (x86)\Wolfenstein - Enemy Territory\ET.exe [2005-03-10] ()
Task: {CD043EB9-5EEC-420D-AEEE-6BB9FB19FA19} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {CF2F8CAF-4BA5-4A39-AB10-2C40E96D58F8} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {CF5FF31C-3E23-4104-9EEB-3B18F5408E3F} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {D24BAB65-71C5-4E1D-9D01-F5C62DD920E5} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {D5D2BCA0-0A40-44B9-85D1-69D094E65885} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {E136C385-D90A-41C0-A3A1-D08D8790071E} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec.exe 
Task: {E42554DF-D1E1-4024-A7DE-8F16A5537680} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {EEC985E1-1CA7-485C-ABB2-004BBB2EFA67} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe 
Task: {F29BB4E9-E5F5-4945-9704-0759D1B0B0FC} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {F4F9658C-23D2-4D2A-8B78-ACE454D3E831} - System32\Tasks\{85FCE8D0-4E89-4938-A8D8-BF2F5F42FF9F} => pcalua.exe -a D:\autorun.exe -d D:\
Task: {F74594C6-ED6A-4507-A1F2-EA9939C253F7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4068993720-391376673-3591436037-1001Core1d258aad3f8ced5 => C:\Users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {F9818D37-A2B9-4E73-AFF0-819D00B75690} - System32\Tasks\{EB42ECE1-FFD4-4EDD-8CDE-87C9DA91DD53} => pcalua.exe -a C:\Users\Adam\Desktop\pbsetup.exe -d C:\Users\Adam\Desktop
Task: {FBAE0101-1415-4F63-B2D8-073ACE05A6B2} - System32\Tasks\{E14C931C-4102-4431-9D64-6B187CB97E88} => C:\Program Files (x86)\Wolfenstein - Enemy Territory\ET.exe [2005-03-10] ()
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4068993720-391376673-3591436037-1001Core.job => C:\Users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4068993720-391376673-3591436037-1001UA.job => C:\Users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Adam\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-14 17:19 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-25 13:51 - 2016-11-14 06:15 - 00135224 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-09-30 15:42 - 2013-11-30 09:58 - 00076888 _____ () C:\WINDOWS\SysWoW64\PnkBstrA.exe
2009-04-19 10:34 - 2009-04-19 10:34 - 00207904 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
2009-04-19 10:34 - 2009-04-19 10:34 - 00070176 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll
2009-04-19 10:34 - 2009-04-19 10:34 - 00578080 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll
2009-04-19 10:34 - 2009-04-19 10:34 - 00625184 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
2016-12-14 17:19 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-25 14:33 - 2016-09-25 14:33 - 00959168 _____ () C:\Users\Adam\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-09-25 17:39 - 2016-09-25 17:39 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-10 18:49 - 2016-12-21 02:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-10 18:49 - 2016-12-21 01:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-10 18:49 - 2016-12-21 01:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-10 18:49 - 2016-12-21 01:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-10 18:49 - 2016-12-21 01:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-10 18:49 - 2016-12-21 01:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-10 18:49 - 2016-12-21 01:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2010-08-04 07:40 - 2010-08-04 07:40 - 00611872 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
2017-02-22 16:28 - 2017-02-22 16:28 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-02-22 16:28 - 2017-02-22 16:28 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-22 16:28 - 2017-02-22 16:28 - 42895360 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-02-06 15:00 - 2017-02-06 15:00 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\roottools.dll
2012-02-20 21:29 - 2012-02-20 21:29 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 21:28 - 2012-02-20 21:28 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-08-04 04:47 - 2010-08-04 04:47 - 00144896 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
2016-09-25 14:33 - 2016-09-25 14:33 - 00679624 _____ () C:\Users\Adam\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
2017-02-06 18:42 - 2017-02-01 04:01 - 01870168 _____ () C:\Users\Adam\AppData\Local\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-06 18:42 - 2017-02-01 04:01 - 00085848 _____ () C:\Users\Adam\AppData\Local\Google\Chrome\Application\56.0.2924.87\libegl.dll
2017-02-14 16:19 - 2017-02-02 12:30 - 17840216 _____ () C:\Users\Adam\AppData\Local\Google\Chrome\User Data\PepperFlash\24.0.0.221\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rsyxwyne.sys:changelist [346]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-4068993720-391376673-3591436037-1001\...\aeriagames.com -> hxxps://aeriagames.com
IE trusted site: HKU\S-1-5-21-4068993720-391376673-3591436037-1001\...\aeriagames.com -> hxxp://aeriagames.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2013-02-06 21:14 - 00000845 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4068993720-391376673-3591436037-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 64.71.255.204 - 64.71.255.198
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "mwlDaemon"
HKU\S-1-5-21-4068993720-391376673-3591436037-1001\...\StartupApproved\Run: => "Akamai NetSession Interface"
HKU\S-1-5-21-4068993720-391376673-3591436037-1001\...\StartupApproved\Run: => "OneDrive"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{6980B2FD-2A56-4D17-9A1B-5E67B7FB76A6}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{4FD3CF08-2552-49CF-A93D-C29DED23A5D1}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [TCP Query User{8E80D77D-ED28-4DD5-B23D-560E5DABE0B8}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [UDP Query User{091F1715-4BCF-4BB6-8A37-C9902318A778}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [TCP Query User{77047F2D-99CB-49EF-98C6-70F7948EFEA6}C:\program files (x86)\java\jre6\bin\java.exe] => (Allow) C:\program files (x86)\java\jre6\bin\java.exe
FirewallRules: [UDP Query User{DA68A11A-D667-435E-B620-ACA7842586E3}C:\program files (x86)\java\jre6\bin\java.exe] => (Allow) C:\program files (x86)\java\jre6\bin\java.exe
FirewallRules: [TCP Query User{37A10FD1-284C-4D69-92E1-3DBAF6647301}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Allow) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [UDP Query User{2ACD163F-79E1-45D9-83FF-50BA19080822}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Allow) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [{DF071B2F-2A13-4B22-9286-B4E461E6C31C}] => (Allow) C:\ProgramData\KingsIsle Entertainment\Wizard101\Wizard101.exe
FirewallRules: [{AA31FDBC-E7C8-43EC-AD24-003521A701D3}] => (Allow) C:\ProgramData\KingsIsle Entertainment\Wizard101\Wizard101.exe
FirewallRules: [{168E2848-EE99-46FA-8ACA-27672836F20C}] => (Allow) C:\ProgramData\KingsIsle Entertainment\Wizard101\Wizard101.exe
FirewallRules: [{A454FCD3-7C3B-4633-BA21-613FC7CD4674}] => (Allow) C:\ProgramData\KingsIsle Entertainment\Wizard101\Wizard101.exe
FirewallRules: [{19E85EE8-5A41-432E-8C56-A68DD2AFFFBF}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{D485411F-829E-494A-9C6B-7BEF6D8DE156}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{26B2CAD9-6E46-43AD-A854-30BECB2CD889}C:\program files (x86)\wolfenstein - enemy territory\et.exe] => (Allow) C:\program files (x86)\wolfenstein - enemy territory\et.exe
FirewallRules: [UDP Query User{911B992B-203D-42AB-97D8-E7B178056A2C}C:\program files (x86)\wolfenstein - enemy territory\et.exe] => (Allow) C:\program files (x86)\wolfenstein - enemy territory\et.exe
FirewallRules: [{C642D128-A7F5-49C3-875D-929D32668ACE}] => (Allow) %ProgramFiles% (x86)\Wolfenstein - Enemy Territory\ET.exe
FirewallRules: [TCP Query User{D5FFBE95-BB5E-48FA-AD98-565D42AEB1D9}C:\program files (x86)\lucasarts\star wars jk ii jedi outcast\gamedata\jk2mp.exe] => (Block) C:\program files (x86)\lucasarts\star wars jk ii jedi outcast\gamedata\jk2mp.exe
FirewallRules: [UDP Query User{BCE220D9-4035-4E83-9A14-EAAD7D9FA95A}C:\program files (x86)\lucasarts\star wars jk ii jedi outcast\gamedata\jk2mp.exe] => (Block) C:\program files (x86)\lucasarts\star wars jk ii jedi outcast\gamedata\jk2mp.exe
FirewallRules: [TCP Query User{A203EF71-CC8C-4B8E-9181-723FB962CAF5}C:\program files (x86)\microsoft games\age of empires ii\patch.exe] => (Block) C:\program files (x86)\microsoft games\age of empires ii\patch.exe
FirewallRules: [UDP Query User{F25081A1-F77E-46B4-99D5-1D530F69B873}C:\program files (x86)\microsoft games\age of empires ii\patch.exe] => (Block) C:\program files (x86)\microsoft games\age of empires ii\patch.exe
FirewallRules: [TCP Query User{362022A4-F480-4D1F-B56D-B5B280FEF144}C:\program files (x86)\microsoft games\age of empires ii\empires2.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires ii\empires2.exe
FirewallRules: [UDP Query User{DF3B227C-91D8-4937-A757-7EF709CFC83F}C:\program files (x86)\microsoft games\age of empires ii\empires2.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires ii\empires2.exe
FirewallRules: [TCP Query User{13E5B056-B8F2-4305-9331-C0940D54463A}C:\program files (x86)\microsoft games\age of empires ii\empires2.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires ii\empires2.exe
FirewallRules: [UDP Query User{FA6D9B98-0782-48B2-A7AC-5D1FD3AA0082}C:\program files (x86)\microsoft games\age of empires ii\empires2.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires ii\empires2.exe
FirewallRules: [TCP Query User{B686864A-3B14-486F-B473-4F53742345B8}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{C1E28912-AC36-439A-AF53-665EB2F1BD86}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [TCP Query User{D730ABF9-C8FC-4960-9DF7-C9B14587B813}C:\program files (x86)\stunlock studios\bloodline champions\binary\bloodlinechampions.exe] => (Allow) C:\program files (x86)\stunlock studios\bloodline champions\binary\bloodlinechampions.exe
FirewallRules: [UDP Query User{5992A7F7-9271-4875-85FF-EB4B7CAF9CFE}C:\program files (x86)\stunlock studios\bloodline champions\binary\bloodlinechampions.exe] => (Allow) C:\program files (x86)\stunlock studios\bloodline champions\binary\bloodlinechampions.exe
FirewallRules: [TCP Query User{CC4A0B4D-A6C1-4884-B7C3-71E58190AD66}C:\program files (x86)\entropia universe\bin32\eigc\eigcc_main.exe] => (Block) C:\program files (x86)\entropia universe\bin32\eigc\eigcc_main.exe
FirewallRules: [UDP Query User{8111D7DE-0BD3-443C-9E8A-2C8F48B2E9F0}C:\program files (x86)\entropia universe\bin32\eigc\eigcc_main.exe] => (Block) C:\program files (x86)\entropia universe\bin32\eigc\eigcc_main.exe
FirewallRules: [{E71EF343-7C7B-4458-BC9D-212EC0A08AA9}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{6ADD329D-6861-4FF9-8C53-5F81B56BC7B0}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{620F6BCC-ED76-451D-892F-F6AEA57536CB}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [TCP Query User{73DD1E81-CB2D-415D-A2A3-2A3E4294294B}C:\program files (x86)\lucasarts\star wars jk ii jedi outcast\gamedata\jk2mp.exe] => (Allow) C:\program files (x86)\lucasarts\star wars jk ii jedi outcast\gamedata\jk2mp.exe
FirewallRules: [UDP Query User{B0F21AEB-62A4-4517-8F99-177DF296D461}C:\program files (x86)\lucasarts\star wars jk ii jedi outcast\gamedata\jk2mp.exe] => (Allow) C:\program files (x86)\lucasarts\star wars jk ii jedi outcast\gamedata\jk2mp.exe
FirewallRules: [{8B973A75-3063-4668-AECD-760D57A4715C}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{B21C0063-0A54-4AF9-B2A9-C6FFD83A38C6}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{D3F858E2-E2ED-4FFE-B207-1074C3485B55}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{42547E4D-93DB-4ADA-909B-638DCD33104C}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{CB1AA148-4801-4827-830B-A587F6BCDC46}C:\program files (x86)\ea games\battlefield heroes\bfheroes.exe] => (Allow) C:\program files (x86)\ea games\battlefield heroes\bfheroes.exe
FirewallRules: [UDP Query User{9046C7BD-A2D1-4DB6-8B4F-F5AACB729223}C:\program files (x86)\ea games\battlefield heroes\bfheroes.exe] => (Allow) C:\program files (x86)\ea games\battlefield heroes\bfheroes.exe
FirewallRules: [{41780313-9C08-4370-9DAD-084A5EC314C1}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{ACB8D942-D6E5-45E1-831E-4474B95C7F62}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{24933115-3B1C-4BD5-AC40-FBB04D4C77EE}] => (Allow) C:\Nexon\Combat Arms\NMService.exe
FirewallRules: [{C7A927D3-0562-4510-A855-E76BE3FD30C5}] => (Allow) C:\Nexon\Combat Arms\NMService.exe
FirewallRules: [TCP Query User{86AAA745-1EAB-4E93-AEC0-0783C5417BEE}C:\nexon\combat arms\engine.exe] => (Allow) C:\nexon\combat arms\engine.exe
FirewallRules: [UDP Query User{41815BE7-4157-44F3-B023-4AD2A0CA8CC2}C:\nexon\combat arms\engine.exe] => (Allow) C:\nexon\combat arms\engine.exe
FirewallRules: [{4303F638-7844-49A2-8A8E-5B4D69851A1D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{0DB9125D-9D57-46AC-9039-4A41A36F1194}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{0CB74151-2DDB-459E-A425-1B4E5B8C9E1B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{DF9D4912-FDEA-4316-8CF3-FC3427E9379A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{FDDF097B-D0B0-4498-9593-02023E74EAFA}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{C4B77051-4C45-4ED6-99B0-AE82887E5D7E}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{7E23E2E8-E115-4A0A-97AF-8BD53877E6CE}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{1BFC7DDD-BD47-4C3C-A645-A080BFF1A4E2}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [{05BD17DC-81C5-47B8-B4E4-2674E5D69987}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{9D0B598F-0DE2-4D2E-9B66-B37C2EF3C3EB}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{E8CE1AC6-E9A7-4C99-B146-9C0302887F62}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [UDP Query User{43D4AFA3-6B3D-4CE2-9B2F-18A1D4A62614}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [TCP Query User{5286DFAA-326C-43A0-A462-37C38C1519E7}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe
FirewallRules: [UDP Query User{447C23EF-27D1-424D-B7AC-A8A24928F5D0}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe
FirewallRules: [TCP Query User{F28EA432-FDF1-400F-8F97-57408F9768B5}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe
FirewallRules: [UDP Query User{03BB25CA-222D-41E6-A8EE-3C06AF8BE526}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe
FirewallRules: [TCP Query User{008F0699-1A34-47C6-9483-C0B05536D1B6}C:\users\adam\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\adam\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{40175E4D-33A4-48F1-B2E8-0B46C2C6BFA7}C:\users\adam\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\adam\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{52A85310-314F-4C96-B6C8-B440FF9E3B15}C:\program files\hexchat\hexchat.exe] => (Allow) C:\program files\hexchat\hexchat.exe
FirewallRules: [UDP Query User{4B3C101D-5CA3-4F70-984B-B5BC0CB8176B}C:\program files\hexchat\hexchat.exe] => (Allow) C:\program files\hexchat\hexchat.exe
FirewallRules: [TCP Query User{321C62A9-4E0F-45A1-9561-ECA91C7710FE}C:\users\adam\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\adam\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [UDP Query User{75233F9E-3A86-4AB0-930C-15236BC768BC}C:\users\adam\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\adam\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [TCP Query User{C0C79355-B6DC-4E12-A014-2B7B291C3D5E}C:\users\adam\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\adam\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [UDP Query User{0F4286AA-8911-487E-9268-430549A6CDB1}C:\users\adam\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\adam\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [TCP Query User{0A99A5BA-829F-4614-A9FF-76FA16A800E2}C:\users\adam\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\adam\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{86BED8C0-CDBD-49E7-A12B-642F5642ABDC}C:\users\adam\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\adam\appdata\local\akamai\netsession_win.exe
FirewallRules: [{F5200084-FEC1-47A0-A153-8D7E6EAB545E}] => (Allow) C:\AeriaGames\EdenEternal\_Launcher.exe
FirewallRules: [{8C705D47-4AA9-4075-AF74-1DFB27A1270F}] => (Allow) C:\AeriaGames\EdenEternal\_Launcher.exe
FirewallRules: [TCP Query User{15561FF1-B967-4DFB-A54F-8CC1807D31A0}C:\users\adam\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\adam\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{68010BCA-32E3-4279-AA1F-A69F8C2F461E}C:\users\adam\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\adam\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{A37A857D-066A-48DF-9006-F63201380018}C:\users\adam\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\adam\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{D9E3E67E-9DE6-4F8F-A53C-0B05EC630206}C:\users\adam\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\adam\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [{4BE423F5-8723-449F-A071-FFBDC31CA1CE}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{24363491-B71E-4676-86DE-740329246F70}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
 
==================== Restore Points =========================
 
08-02-2017 15:46:10 Scheduled Checkpoint
17-02-2017 16:35:54 Scheduled Checkpoint
21-02-2017 19:08:13 Windows Update
03-03-2017 19:40:20 Removed Java 7 Update 67
03-03-2017 20:09:23 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/03/2017 08:09:52 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (03/03/2017 07:45:12 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Adam-PC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (03/03/2017 07:41:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (02/26/2017 04:07:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program rads_user_kernel.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 22f0
 
Start Time: 01d290744a6dc661
 
Termination Time: 3
 
Application Path: C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
 
Report Id: 8c6d7c40-fc67-11e6-8631-f80f410bb6a3
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (02/22/2017 05:06:48 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (02/21/2017 07:09:25 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (02/20/2017 01:14:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Adam-PC)
Description: Package Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.
 
Error: (02/17/2017 04:36:12 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (02/13/2017 04:29:48 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (02/12/2017 03:38:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Adam-PC)
Description: Package Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.
 
 
System errors:
=============
Error: (03/03/2017 08:15:22 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/03/2017 08:15:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Error: (03/03/2017 08:10:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/03/2017 08:05:09 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/03/2017 08:02:47 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Error: (03/03/2017 08:01:43 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
An instance of the service is already running.
 
Error: (03/03/2017 08:01:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Application Virtualization Client service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/03/2017 08:01:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/03/2017 08:01:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (03/03/2017 08:01:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Client Virtualization Handler service terminated unexpectedly.  It has done this 1 time(s).
 
 
CodeIntegrity:
===================================
  Date: 2017-01-13 20:23:00.451
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-01-03 12:07:38.209
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-01-03 12:07:38.177
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-01-03 12:07:30.138
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-01-03 12:07:30.080
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-12-26 13:45:23.542
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-12-26 13:45:23.513
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-12-26 13:45:15.234
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-12-26 13:45:15.208
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-12-17 16:40:22.367
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: AMD Athlon™ II X4 645 Processor
Percentage of memory in use: 54%
Total physical RAM: 3839.23 MB
Available physical RAM: 1727.99 MB
Total Virtual: 7679.23 MB
Available Virtual: 5480.89 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:913.84 GB) (Free:477.97 GB) NTFS
Drive d: (JEDIOUTCAST) (CDROM) (Total:0.63 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: C4632D33)
Partition 1: (Not Active) - (Size=17.6 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=913.8 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:13 PM

Posted 04 March 2017 - 01:39 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

Please download the following file => Attached File  fixlist.txt   1.01KB   8 downloads and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

This script was written specifically for you, for use on that particular machine.

 

 

Regards,

Georgi


cXfZ4wS.png


#3 ydg

ydg
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:13 AM

Posted 04 March 2017 - 01:41 PM

Thanks for the help and I look forward to working with you :)

 

Fixlog

Attached Files


Edited by ydg, 04 March 2017 - 01:44 PM.


#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:13 PM

Posted 04 March 2017 - 02:16 PM

Hi,
 
Thank you for the log. :)
 
The following file seems to be from a game (EdenEternal)
 
C:\Windows\system32\sjcsu64.sys
 
This one is related to MS malicious removal tool (boot driver)
 
C:\WINDOWS\system32\Drivers\rsyxwyne.sys
 
So the only file that concerns me is this Java Update Handler
 
C:\Users\Adam\AppData\Local\Java Updater.exe
 
Regarding the MD5 it should be clean as well but however just in case can you please upload the file on VirusTotal and post the link the the results in your next reply?

 

Thanks!

 

 

Regards,

Georgi


cXfZ4wS.png


#5 ydg

ydg
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:13 AM

Posted 04 March 2017 - 02:29 PM

Thanks for the response :)

 

I can't seem to find those files to use on virustotal.com



#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:13 PM

Posted 04 March 2017 - 03:06 PM

Hi

 

The file is hidden => Attributes: ----H

 

In order to see it, you need to Reconfigure Windows to show hidden files, folders

 

Regards,

Georgi


Edited by B-boy/StyLe/, 04 March 2017 - 03:07 PM.

cXfZ4wS.png


#7 ydg

ydg
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:13 AM

Posted 04 March 2017 - 03:17 PM

Well I found the java updater, looks like a couple hits.

 

https://www.virustotal.com/en/file/9aaa534bd90415682f266a4f1cf8209536fffa438809702be55b693717eaf0f4/analysis/1488658582/



#8 ydg

ydg
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:13 AM

Posted 04 March 2017 - 03:19 PM

Unfortunately I could not find the top two 



#9 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:13 PM

Posted 04 March 2017 - 05:21 PM

Hi,

 

Thank you for the link. Don't worry about the other ones. They should be harmless. :)

 

Please download the following file => Attached File  fixlist.txt   236bytes   2 downloads and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

This script was written specifically for you, for use on that particular machine.

 

Let me know how are things after the fix above.

 

 

Regards,

Georgi


cXfZ4wS.png


#10 ydg

ydg
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:13 AM

Posted 04 March 2017 - 05:29 PM

Its looking good! Thanks so much for the work so far, usually by this point i have one or two Java update handlers spamming me but now not a peep!

 

:bananas:

 

One more post for 8k, Nice work sir

Attached Files


Edited by ydg, 04 March 2017 - 05:30 PM.


#11 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:13 PM

Posted 04 March 2017 - 06:00 PM

Hi,

 

I am glad we nailed it down. :)

 
Here are the last set of steps just to make sure nothing is lurking in the dark corners.


STEP 1
 
 
Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click mb3-setup-consumer-3.0.6.1469.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs: (Export log to save as txt)

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.

(Copy to clipboard for pasting into forum replies or tickets)

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'

 

 

STEP 2

 
1.Please download HitmanPro.

2.Launch the program by double clicking on the HitmanPro icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).

Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

3.Click on the next button. You must agree with the terms of EULA. (if asked)

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 5 minutes.

7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!
 
96QH4u9.jpg
 
8.Click on the next button.

9.Click on the "Save Log" button.

10.Save that file to your desktop and post the content of that file in your next reply.
 
Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro

Navigate to C:\ProgramData\HitmanPro\Logs open the report and copy and paste it to your next reply.
 

 

STEP 3
 

 

  • Download EmsisoftEmergencyKit, run the exe and extract the content in a folder of your choice like (C:\EEK) by clicking the Extract button.
  • Double-click the desktop-shortcut called Start Emsisoft Emergency Kit to start the tool.
  • Click on the "Yes" button when asked to obtain the latest malware definitions.
  • Once the update is complete click "Scan".
  • Click on the "Yes" button when asked to enable the scan for Potentially Unwanted Applications.
  • Next click on the Custom Scan and select only drive C:\ to be scanned and remove the rest of the drives from the list. When the scan complete, click on the View Report button (don't delete or quarantine anything).
  • Please attach the content of the report in your next reply.

 

 

STEP 4
 

Also let's check for outdated and vulnerable software on your pc
 
 
Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

 

and then if there aren't any issues left I'll give you my final recommendations. ;)
 
 
Regards,
Georgi


Edited by B-boy/StyLe/, 04 March 2017 - 06:02 PM.
fixed broken link for securitycheck.exe

cXfZ4wS.png


#12 ydg

ydg
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:13 AM

Posted 04 March 2017 - 09:12 PM

Everything looks pretty good according to the scans the emisoft one took alot longer than i thought.

 

Thanks for the hard work thus far :)

 

Attached Files



#13 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:13 PM

Posted 05 March 2017 - 03:02 AM

Hi,

 

 

Your system is malware free and no more scans are required.

Thank you for following my instructions perfectly!

 

 

Now that we are at the end of our journey I have some final words for you.
All Clean !
Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it Clean.

 

 

STEP 1 - UPDATING TASKS

 

 

You can consider replace Adobe Reader XI with Adobe Reader DC since Adobe Reader XI is no longer supported from what I am aware of.

 

 

  • It is possible for programs on your computer to have security vulnerability that can allow malware to infect you.
  • Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities.
  • You can check these by visiting Secunia Software Inspector or you can use the following application for this purpose PatchMyPC

 

 
Visit Microsoft's Windows Update Site Frequently

 

  • It is important that you visit Windows Update regularly.
  • This will ensure your computer has always the latest security updates available installed on your computer.
  • If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

 

 

STEP 2 - CLEANUP


Here are a few additional steps on how to remove all of the tools we used:

 

  • Please download Delfix.exe by Xplode and save it to your desktop.
  • Please start it and check the box next to "Remove disinfection tools" and uncheck the rest and click on the run button.
  • The tool will delete itself once it finishes.

Note: If any tool, file, log file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

 

You can delete the following folders:

 

C:\ProgramData\HitmanPro => to delete the leftovers from HitmanPro
C:\EEK => to delete the leftovers from EmsisoftEmergencyKit

I suggest you leave Malwarebytes installed for on-demand scans but if you want to uninstall it then you can use this tool

 

 

STEP 3 - SECURITY ADVISES
 

 

Keep your antivirus software turned on and up-to-date

 

  • New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
  • Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
  • Note2: You should scan your computer with an antimalware program like Malwarebytes' Anti-Malware on a regular basis just as you would an antivirus software. Be sure to check for and download any definition updates prior to performing a scan. Also keep in mind that MBAM is not a replacement for antivirus software, it is meant to complement the protection provided by a full antivirus product and is designed to detect the threats that are missed by most antivirus software.

 

 

Be prepared for CryptoLocker and similar threats:

 

 

Since the prevention is better than cure you can use Malwarebytes Anti-Ransomware or Kaspersky Antiransomware for business and CryptoPrevent to supplement them to secure the PC against these lockers.

You may want to check Malwarebytes Anti-Exploit and add install it to be safe when surfing the net. It work with the most popular browsers and it is very effective. See the article here. Keep in mind that Malwarebytes Anti-Ransomware and Malwarebytes Anti-Exploit are also included in the Premium version of Malwarebytes Anti-Malware 3.

 

Also you can use a standard user account with UAC enabled. If you need administrative privileges to perform some tasks, then you can use Run As or log on as the administrator account for that specific task.

 

 

Practice Safe Internet


One of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will.  Below are a list of simple precautions to take to keep your computer clean and running securely:

  • If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that. Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
  • .zip, .exe, .com, .bat, .pif, .scr, .cmd, .cab .vbs or .js do not open the attachment unless you know for a fact that it is clean. For the casual computer user, you will almost never receive a valid attachment of this type.
  • If you receive an attachment from someone you know, and it looks suspicious, then it probably is. The email could be from someone you know infected with a malware that is trying to infect everyone in their address book.
  • If you are browsing the Internet and a popup appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software. For an example of these types of popups, or Foistware, you should read this article:
    Foistware, And how to avoid it. There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams.  For a list of these types of programs we recommend you visit this link: About Malwares, Rogues, Scarewares, SmitfraudFix
  • Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you. I suggest that you close these windows by clicking on the X instead of the OK button. Alternatively, you can check to see if it's a real alert by right-clicking on the window. If there is a menu that comes up saying Add to Favorites... you know it's a fake.
  • Do not go to adult sites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do.
  • When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link, message back to the person asking if it is legit before you click on it.
  • Stay away from Warez and Crack sites! In addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections. Avoid using cracks and unknown programs from sources you don't trust. There are MANY alternative open-source applications. Malware writers just love cracks and keygens, and will often attach malicious code into them. By using cracks and/or keygens, you are asking for problems. So my advice is - stay away from them!
  • Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download a piece of software a from a site, and are not sure if they are legitimate, you can use Bitdefender TrafficLight or Avira Browser Safety to look up info on the site. Note: skip this advice if your antivirus have a Web Guard.
  • DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software.
  • You may want to install Unchecky to prevent adware bundled into many free programs to install.
  • Make the extensions for known file types visible: Be worried of files with a double extension such as image.jpg.exe. As a default setting, Windows often hides common file extensions, meaning that a program like image.jpg.exe will appear to you as simply image.jpg. Double extensions exploit this by hiding the second, dangerous extension and reassuring you with the first one.Check this out - Show or hide file name extensions.
  • Disable Autorun: It's a good idea to disable the Autorun functionality to prevent spreading of the infections from USB flash drives. Check the article here for more information. Also you can install McShield - to prevent infections spread by removable media.
  • Disable and Windows Scripting Host: If you don't use any script files then you can go ahead and disable Windows Scripting Host using the tool provided by Symantec - NoScript.exe. Simple download and run it and click on the Disable button and reboot the computer. If you need to run any js. or vbs scripts at a later stage you should run NoScript.exe again and select Enable, then reboot the computer.
  • Install Adblock Plus to surf the web without annoying ads!

 

 
Create an image of your system (you can use the built-in Windows software as well if you prefer)

 

  • Now when your pc is malware free it is a good idea to do a backup of all important files just in case something happens it.
  • Macrium Reflect is very good choice that enables you to create an image of your system drive which can be restored in case of problems.
  • The download link is here.
  • The tutorial on how to create an system image can be found here.
  • It's a good idea to add Macrium to the boot menu to access it if Windows won't start and you don't have a Rescue CD.
  • The tutorial on how to restore an system image can be found here.
  • Be sure to read the tutorials first.

 

 

Follow this list and your potential for being infected again will reduce dramatically.

 

Safe Surfing !

 

Regards,
Georgi


Edited by B-boy/StyLe/, 05 March 2017 - 11:32 AM.
Updated Delfix.exe broken link

cXfZ4wS.png


#14 ydg

ydg
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:13 AM

Posted 05 March 2017 - 01:15 PM

Thank you for all the help sir :)

 

Hopefully i wont have any more problems, but if I do I will come here again  :bananas:



#15 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:13 PM

Posted 05 March 2017 - 02:03 PM

My pleasure. :thumbup2:

 

I am glad I could help. :bounce:

 

Take care.  :hello: 

 

 

Regards,

Georgi


cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users