Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

can't get rid of qtipr browser highjacker


  • This topic is locked This topic is locked
4 replies to this topic

#1 Dimaka

Dimaka

  • Members
  • 1 posts
  • OFFLINE
  •  

Posted 08 March 2017 - 05:55 PM

Hi,
 
My browser links are constantly getting modified and the look like this: 
 
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"  --load-extension="C:\Users\Dima\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" http://qtipr.com/
 
I've tried cleaning up manually and using various anti malware scanners (including adwcleaner_6.044.exe) but I can't get rid of this one.
Any help will be appreciated. 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-03-2017
Ran by Dima (administrator) on DIMA-PC (09-03-2017 00:51:36)
Running from C:\Users\Dima\Desktop
Loaded Profiles: Dima (Available Profiles: Dima)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Program Files (x86)\richcomm\PowerManagerLite\PMLService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) D:\Games\Steam\Steam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Acronis) C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) D:\Games\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
() C:\Program Files (x86)\richcomm\PowerManagerLite\PMLiteSevUI.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(LG Electronics Inc.) C:\Program Files (x86)\LG Software\LG Smart Share\Update\SmartShareTray.exe
(LG Electronics Inc.) C:\Program Files (x86)\LG Software\LG Smart Share\DMS\SmartShareDMS.exe
(LG Electronics Inc.) C:\Program Files (x86)\LG Software\LG Smart Share\DMC\Aggregation.exe
() C:\Program Files (x86)\LG Software\LG Smart Share\DMR\SmartShareDMR.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\MSOSYNC.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-15] (NVIDIA Corporation)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [462400 2011-02-12] (Acronis)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-05-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [27308304 2017-03-06] (Dropbox, Inc.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2720144 2015-08-09] (Dominik Reichl)
HKLM-x32\...\Run: [PMLiteServiceUI] => C:\Program Files (x86)\richcomm\PowerManagerLite\PMLiteSevUI.exe [90112 2007-09-06] ()
HKLM-x32\...\Run: [adm_tray.exe] => C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe [466768 2011-02-24] (Acronis)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2380480 2016-05-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ModemListener] => C:\Program Files (x86)\HSPA USB MODEM\ModemListener.exe start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-3232512167-548306506-1567833957-1001\...\Run: [GoogleChromeAutoLaunch_74AB638E1E27FA41128D672CA46F567E] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [945496 2017-02-01] (Google Inc.)
HKU\S-1-5-21-3232512167-548306506-1567833957-1001\...\Run: [uTorrent] => C:\Users\Dima\AppData\Roaming\uTorrent\uTorrent.exe [2143936 2017-02-24] (BitTorrent Inc.)
HKU\S-1-5-21-3232512167-548306506-1567833957-1001\...\Run: [Steam] => D:\Games\Steam\steam.exe [2881824 2017-01-19] (Valve Corporation)
HKU\S-1-5-21-3232512167-548306506-1567833957-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3232512167-548306506-1567833957-1001\...\MountPoints2: {24558294-fb8a-11e6-ada3-001e8cf228ff} - "E:\OnePlus_setup.exe" /s
HKU\S-1-5-21-3232512167-548306506-1567833957-1001\...\MountPoints2: {81332614-7dab-11e5-8d6c-806e6f6e6963} - "F:\wubi.exe" 
HKU\S-1-5-18\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => C:\Program Files\¿ìѹ\X64\KZipShell.dll -> No File
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SmartShare.lnk [2015-12-30]
ShortcutTarget: SmartShare.lnk -> C:\Program Files (x86)\LG Software\LG Smart Share\DMC\SmartShareIntro.exe ()
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.14.1
Tcpip\..\Interfaces\{7f0ae63e-c2dc-452e-a509-a2ea8101c4f6}: [DhcpNameServer] 192.168.14.1
Tcpip\..\Interfaces\{fe10540c-1612-4d46-bfed-3edd6969c74a}: [DhcpNameServer] 192.117.235.235 62.219.186.7
 
Internet Explorer:
==================
HKU\S-1-5-21-3232512167-548306506-1567833957-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/he-il/?ocid=iehp
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-23] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-23] (Oracle Corporation)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
 
FireFox:
========
FF ProfilePath: C:\Users\Dima\AppData\Roaming\Mozilla\Firefox\Profiles\5ccsx7kc.default-1488307808236 [2017-02-28]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-05-31] (Adobe Systems)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-05-31] (Adobe Systems)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> jenkins-il:8080/
CHR StartupUrls: Default -> "chrome-extension://oghkljobbhapacbahlneolfclkniiami/index.html"
CHR Profile: C:\Users\Dima\AppData\Local\Google\Chrome\User Data\Default [2017-03-09]
CHR Extension: (Restlet Client - DHC) - C:\Users\Dima\AppData\Local\Google\Chrome\User Data\Default\Extensions\aejoelaoggembcahagimdiliamlcdmfm [2017-03-08]
CHR Extension: (Redirect Path) - C:\Users\Dima\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomidfkchockcldhbkggjokdkkebmdll [2017-01-07]
CHR Extension: (Google Drive) - C:\Users\Dima\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-28]
CHR Extension: (Note Board Web) - C:\Users\Dima\AppData\Local\Google\Chrome\User Data\Default\Extensions\apgackkfllmckgkbdfmbfodpinmnnpab [2015-10-28]
CHR Extension: (Keep Awake) - C:\Users\Dima\AppData\Local\Google\Chrome\User Data\Default\Extensions\bijihlabcfdnabacffofojgmehjdielb [2016-01-14]
CHR Extension: (YouTube) - C:\Users\Dima\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-28]
CHR Extension: (JSONView) - C:\Users\Dima\AppData\Local\Google\Chrome\User Data\Default\Extensions\chklaanhfefbnpoihckbnefhakgolnmc [2017-03-09]
CHR Extension: (Adblock for Youtube™) - C:\Users\Dima\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2016-03-10]
CHR Extension: (Google Search) - C:\Users\Dima\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Gmelius for Inbox by Gmail) - C:\Users\Dima\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlbjhjnahgmigifoggidegpakbcjomgg [2016-01-30]
CHR Extension: (Trello) - C:\Users\Dima\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmdidbedhnbabookbkpkgomahnocimke [2016-04-03]
CHR Extension: (Dropbox for Gmail) - C:\Users\Dima\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2017-03-01]
CHR Extension: (Google Calendar) - C:\Users\Dima\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2017-01-07]
CHR Extension: (Google Docs Offline) - C:\Users\Dima\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Checker Plus for Google Calendar™) - C:\Users\Dima\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkhggnncdpfibdhinjiegagmopldibha [2017-02-24]
CHR Extension: (Favicon Changer) - C:\Users\Dima\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijaabbaphikljkkcbgpbaljfjpflpeoo [2015-10-28]
CHR Extension: (Icinga Status) - C:\Users\Dima\AppData\Local\Google\Chrome\User Data\Default\Extensions\imaieifkljkcdepgaeommbdgihollphm [2016-06-24]
CHR Extension: (FB2 Reader) - C:\Users\Dima\AppData\Local\Google\Chrome\User Data\Default\Extensions\imcncdfdhemlpcblfkilloceahbhddnj [2015-10-28]
CHR Extension: (Cisco WebEx Extension) - C:\Users\Dima\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2017-02-11]
CHR Extension: (Context Menu for Google Translate™) - C:\Users\Dima\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigmfpmcomhecmajcfiianbhjgcenado [2015-10-28]
CHR Extension: (Google Hangouts) - C:\Users\Dima\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2017-02-15]
CHR Extension: (Momentum) - C:\Users\Dima\AppData\Local\Google\Chrome\User Data\Default\Extensions\laookkfknpbbblfpciffpaejjkokdgca [2017-01-07]
CHR Extension: (Evernote Web) - C:\Users\Dima\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2015-10-28]
CHR Extension: (Google Maps) - C:\Users\Dima\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-11-09]
CHR Extension: (AVG Secure Search) - C:\Users\Dima\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2017-03-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dima\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Mixmax: Email Tracking, Templates, Mail Merge) - C:\Users\Dima\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocpljaamllnldhepankaeljmeeeghnid [2016-11-25]
CHR Extension: ( Apocalypto (tochpc.ru)) - C:\Users\Dima\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgnabfcncnocmnipcfnfgnlnadfflkhi [2015-10-28]
CHR Extension: (Evernote Web Clipper) - C:\Users\Dima\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2017-02-11]
CHR Extension: (Gmail) - C:\Users\Dima\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-28]
CHR Extension: (Chrome Media Router) - C:\Users\Dima\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-15]
CHR Extension: (Inbox Background) - C:\Users\Dima\AppData\Local\Google\Chrome\User Data\Default\Extensions\pknamlmdmcniiknkfjigbmmpnkagkjfc [2017-02-10]
CHR Profile: C:\Users\Dima\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-03-09]
CHR Extension: (Google Slides) - C:\Users\Dima\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-29]
CHR Extension: (Google Docs) - C:\Users\Dima\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-29]
CHR Extension: (Google Drive) - C:\Users\Dima\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-29]
CHR Extension: (WhatsChrome) - C:\Users\Dima\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bgkodfmeijboinjdegggmkbkjfiagaan [2016-10-29]
CHR Extension: (Poper Blocker) - C:\Users\Dima\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2017-02-15]
CHR Extension: (YouTube) - C:\Users\Dima\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-29]
CHR Extension: (Google Sheets) - C:\Users\Dima\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-29]
CHR Extension: (Google Docs Offline) - C:\Users\Dima\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-02]
CHR Extension: (AdBlock) - C:\Users\Dima\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dima\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\Dima\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-29]
CHR Extension: (Chrome Media Router) - C:\Users\Dima\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-11]
CHR Profile: C:\Users\Dima\AppData\Local\Google\Chrome\User Data\System Profile [2017-03-04]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [737984 2016-05-31] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [971160 2017-01-09] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5337600 2017-01-09] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1146128 2016-12-06] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [725976 2017-01-09] (AVG Technologies CZ, s.r.o.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46408 2017-01-21] (Dropbox, Inc.)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-06-15] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-15] (NVIDIA Corporation)
R2 PMLService; C:\Program Files (x86)\richcomm\PowerManagerLite\PMLService.exe [430080 2007-09-07] () [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7757040 2017-02-02] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 athur; C:\WINDOWS\System32\drivers\athuw8x.sys [3744256 2012-11-22] (Qualcomm Atheros Communications, Inc.)
S0 Avgboota; C:\WINDOWS\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\WINDOWS\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdrivera.sys [312576 2016-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\WINDOWS\System32\DRIVERS\avgidsha.sys [267008 2016-10-05] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\WINDOWS\System32\DRIVERS\avgldx64.sys [298240 2016-11-30] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\WINDOWS\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\WINDOWS\System32\DRIVERS\avgmfx64.sys [254208 2016-09-26] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\WINDOWS\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.)
R0 Avguniva; C:\WINDOWS\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\WINDOWS\system32\DRIVERS\avgwfpa.sys [313096 2016-08-04] (AVG Technologies CZ, s.r.o.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [129152 2016-04-24] (Samsung Electronics Co., Ltd.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 netr28ux; C:\WINDOWS\System32\drivers\netr28ux.sys [2224128 2016-07-16] (MediaTek Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispiwu.inf_amd64_b67dc924fff8de6d\nvlddmkm.sys [14199224 2017-01-04] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [221824 2016-04-24] (Samsung Electronics Co., Ltd.)
S3 ssudserd; C:\WINDOWS\system32\DRIVERS\ssudserd.sys [221824 2016-04-24] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-09 00:51 - 2017-03-09 00:52 - 00029262 _____ C:\Users\Dima\Desktop\FRST.txt
2017-03-09 00:32 - 2017-03-09 00:51 - 00000000 ____D C:\FRST
2017-03-09 00:32 - 2017-03-09 00:32 - 02423808 _____ (Farbar) C:\Users\Dima\Desktop\FRST64.exe
2017-03-09 00:30 - 2017-03-09 00:30 - 00000155 _____ C:\Users\Dima\Desktop\Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help - Virus, Trojan, Spyware, and Malware Removal Logs.url
2017-03-09 00:21 - 2017-03-09 00:21 - 00000126 _____ C:\Users\Dima\Desktop\infected with ludashi, and google keeps redirecting - Virus, Trojan, Spyware, and Malware Removal Logs.url
2017-03-09 00:08 - 2017-03-09 00:40 - 00001533 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-09 00:03 - 2017-03-09 00:40 - 00001561 _____ C:\Users\Dima\Desktop\toltol - Chrome.lnk
2017-03-09 00:02 - 2017-03-09 00:40 - 00001561 _____ C:\Users\Dima\Desktop\Dima - Chrome.lnk
2017-03-09 00:00 - 2017-03-09 00:00 - 00000085 _____ C:\WINDOWS\wininit.ini
2017-03-08 23:52 - 2017-03-09 00:42 - 00000000 ____D C:\AdwCleaner
2017-03-08 23:52 - 2017-03-08 23:52 - 04031440 _____ C:\Users\Dima\Desktop\adwcleaner_6.044.exe
2017-03-08 23:45 - 2017-03-08 23:45 - 00000000 ___HD C:\$SysReset
2017-03-08 20:17 - 2017-03-08 20:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-03-06 22:50 - 2017-03-06 22:50 - 00046184 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-03-04 21:01 - 2017-03-04 21:01 - 00000000 ____D C:\Users\Dima\AppData\Local\ElevatedDiagnostics
2017-03-04 13:11 - 2017-03-04 13:11 - 00000000 ___HD C:\OneDriveTemp
2017-02-27 00:41 - 2017-02-28 02:02 - 00000000 ____D C:\Users\Dima\AppData\LocalLow\uTorrent
2017-02-27 00:41 - 2017-02-27 00:44 - 00000000 ____D C:\Users\Dima\Downloads\The.100.Season.3.S03.720p.10bit.BluRay.x265.HEVC-MZABI
2017-02-25 18:07 - 2017-02-25 18:07 - 00000000 ____D C:\Users\Dima\Desktop\second
2017-02-25 17:59 - 2017-02-25 18:00 - 00000000 ____D C:\Users\Dima\Desktop\first
2017-02-25 11:48 - 2017-02-25 11:48 - 00000000 ____D C:\Program Files\Common Files\AV
2017-02-25 11:16 - 2015-10-28 23:45 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170225-111650.backup
2017-02-25 11:09 - 2017-02-25 11:09 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2017-02-25 11:08 - 2017-03-09 00:24 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-02-25 11:08 - 2017-03-09 00:00 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-02-25 11:01 - 2017-02-25 11:02 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Dima\Downloads\spybot-2.4.exe
2017-02-24 13:58 - 2017-02-25 15:36 - 00000000 ____D C:\Users\Dima\Downloads\VikingsSeason4_second_part
2017-02-24 13:22 - 2017-02-24 13:22 - 01381582 _____ (Igor Pavlov) C:\Users\Dima\Downloads\7z1604-x64.exe
2017-02-24 13:22 - 2017-02-24 13:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2017-02-24 12:55 - 2017-02-24 12:55 - 00000000 ____D C:\Users\Dima\AppData\Local\Apps\2.0
2017-02-24 10:54 - 2017-02-24 10:54 - 00000000 ____D C:\TEMP
2017-02-24 10:41 - 2017-02-24 11:02 - 00000000 ____D C:\Users\Dima\AppData\Local\Azsdworks
2017-02-24 10:41 - 2017-02-24 10:41 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
2017-02-24 10:41 - 2017-02-24 10:41 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
2017-02-10 20:42 - 2017-02-10 20:42 - 00045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-02-10 20:42 - 2017-02-10 20:42 - 00045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-02-10 11:07 - 2017-02-10 11:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-02-10 11:06 - 2017-01-04 15:24 - 00222648 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2017-02-10 11:06 - 2016-12-29 15:06 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-02-10 11:06 - 2016-12-29 14:43 - 00133056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-09 00:45 - 2015-10-28 21:51 - 00000000 ___RD C:\Users\Dima\OneDrive
2017-03-09 00:44 - 2016-10-05 03:23 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-09 00:44 - 2016-10-05 03:01 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-09 00:43 - 2016-07-16 08:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-03-09 00:40 - 2015-10-31 12:41 - 00001166 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-03-09 00:23 - 2016-10-05 03:05 - 00000000 ____D C:\Users\Dima
2017-03-08 23:57 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-08 23:57 - 2016-07-16 08:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-03-08 23:48 - 2015-10-29 01:15 - 00000000 ____D C:\Users\Dima\AppData\Roaming\KeePass
2017-03-08 23:47 - 2016-07-16 13:45 - 00000000 ____D C:\WINDOWS\INF
2017-03-08 23:41 - 2016-10-05 02:59 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-03-08 21:41 - 2015-10-29 00:03 - 00000000 ____D C:\ProgramData\MFAData
2017-03-08 20:18 - 2015-10-29 00:43 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-03-08 16:46 - 2016-07-16 13:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-08 09:45 - 2016-10-05 03:22 - 00003668 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task
2017-03-05 23:21 - 2016-02-21 21:24 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-03-05 23:20 - 2016-02-21 21:24 - 00001040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2017-03-04 10:37 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-02-28 23:26 - 2016-11-09 17:39 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-02-28 21:01 - 2015-12-12 06:22 - 00000000 ____D C:\Users\Dima\AppData\Local\CrashDumps
2017-02-28 20:53 - 2016-07-16 13:47 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2017-02-28 10:17 - 2015-12-04 14:30 - 00000000 ____D C:\Users\Dima\AppData\Roaming\FileZilla
2017-02-28 02:02 - 2015-10-28 21:29 - 00000000 ____D C:\Users\Dima\AppData\Roaming\uTorrent
2017-02-27 00:43 - 2016-12-31 11:41 - 00000000 ____D C:\Program Files (x86)\OnePlus USB Drivers
2017-02-27 00:43 - 2016-12-31 11:41 - 00000000 ____D C:\Android
2017-02-25 15:49 - 2016-02-02 22:26 - 00000000 ____D C:\Users\Dima\AppData\Roaming\Mp3tag
2017-02-25 15:30 - 2016-07-16 20:48 - 00000776 _____ C:\Users\Dima\Desktop\Change_TV_series_names.ps1
2017-02-25 11:38 - 2015-10-29 00:06 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-02-24 13:27 - 2015-10-28 23:02 - 01566602 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-24 13:23 - 2016-04-20 00:33 - 00000000 ____D C:\Program Files\7-Zip
2017-02-24 13:01 - 2016-10-05 03:22 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-02-24 13:01 - 2016-10-05 03:22 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-02-24 10:59 - 2016-11-01 02:13 - 00000000 ____D C:\WINDOWS\Minidump
2017-02-23 16:40 - 2016-11-19 17:25 - 00000000 ____D C:\Users\Dima\Desktop\מיכל
2017-02-23 09:42 - 2015-10-29 00:04 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-23 09:40 - 2015-10-29 00:04 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-22 11:44 - 2016-07-16 13:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-22 09:09 - 2016-12-10 18:36 - 00003272 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-02-22 09:09 - 2015-10-28 23:07 - 00002397 _____ C:\Users\Dima\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-22 08:56 - 2015-10-28 23:05 - 00000000 ____D C:\Users\Dima\AppData\Local\Packages
2017-02-10 11:07 - 2016-10-05 03:01 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-10 11:06 - 2016-10-05 03:00 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-10 11:06 - 2016-10-05 03:00 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-10 11:06 - 2016-03-25 18:26 - 00000000 ____D C:\Program Files (x86)\VulkanRT
 
==================== Files in the root of some directories =======
 
2015-10-31 13:31 - 2015-10-31 13:31 - 0000600 _____ () C:\Users\Dima\AppData\Roaming\winscp.rnd
2015-10-31 12:59 - 2016-11-11 18:33 - 0000600 _____ () C:\Users\Dima\AppData\Local\PUTTY.RND
 
Some files in TEMP:
====================
2016-10-23 12:29 - 2016-10-23 12:29 - 0737856 _____ (Oracle Corporation) C:\Users\Dima\AppData\Local\Temp\jre-8u111-windows-au.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-03-08 10:05
 
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-03-2017
Ran by Dima (09-03-2017 00:52:17)
Running from C:\Users\Dima\Desktop
Windows 10 Pro Version 1607 (X64) (2016-10-05 01:26:10)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3232512167-548306506-1567833957-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3232512167-548306506-1567833957-503 - Limited - Disabled)
Dima (S-1-5-21-3232512167-548306506-1567833957-1001 - Administrator - Enabled) => C:\Users\Dima
Guest (S-1-5-21-3232512167-548306506-1567833957-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3232512167-548306506-1567833957-1001\...\uTorrent) (Version: 3.4.9.43295 - BitTorrent Inc.)
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Acronis Drive Monitor (HKLM-x32\...\{706AE61D-40A4-4F50-8359-FE8F6F7FA461}) (Version: 1.0.566 - Acronis)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.7.0.270 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015.5 (HKLM-x32\...\PHSP_17_0) (Version: 17.0.0 - Adobe Systems Incorporated)
AirDroid 3.3.2.0 (HKLM-x32\...\AirDroid) (Version: 3.3.2.0 - Sand Studio)
Ansel (Version: 372.90 - NVIDIA Corporation) Hidden
Aspell English Dictionary-0.50-2 (HKLM-x32\...\Aspell English Dictionary_is1) (Version: - GNU)
AVG (Version: 16.141.7998 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4756 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.141.7998 - AVG Technologies)
Battlefleet Gothic: Armada (HKLM\...\Steam App 363680) (Version: - Tindalos Interactive)
Bonjour (HKLM-x32\...\{07287123-B8AC-41CE-8346-3D777245C35B}) (Version: 1.0.106 - Apple Inc.)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.70.1080 - AB Team, d.o.o.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 21.4.25 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
FileZilla Client 3.16.1 (HKLM-x32\...\FileZilla Client) (Version: 3.16.1 - Tim Kosse)
FMW 1 (Version: 1.143.3 - AVG Technologies) Hidden
GNU Aspell 0.50-3 (HKLM-x32\...\GNU Aspell_is1) (Version: - GNU)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
KeePass Password Safe 2.30 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.30 - Dominik Reichl)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3232512167-548306506-1567833957-1001\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{650c9b4a-60ec-4e4e-8d8e-32d85ce3b7c5}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 47.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.1.6018 - Mozilla)
Mp3tag v2.73 (HKLM-x32\...\Mp3tag) (Version: v2.73 - Florian Heidenreich)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.2 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.53 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.53 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
OnePlus USB Drivers 1.00 (HKLM-x32\...\OnePlus USB Drivers 1.00) (Version: 1.00 - OnePlus, Inc)
Online.io Application (x32 Version: 2.1.0 - Microleaves) Hidden <==== ATTENTION
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PowerManagerLite (HKLM-x32\...\{2CCCC3C3-6D59-4FE3-8940-685523FA94C7}) (Version: - )
Pulse Secure Setup Client (HKU\S-1-5-21-3232512167-548306506-1567833957-1001\...\Juniper_Setup_Client) (Version: 8.1.6.61491 - Pulse Secure, LLC)
Pulse Secure Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Pulse Secure, LLC)
Pulse Secure Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Pulse Secure, LLC)
Pulse Secure Terminal Services Client (HKU\S-1-5-21-3232512167-548306506-1567833957-1001\...\Juniper_Term_Services) (Version: 8.1.6.39491 - Pulse Secure, LLC)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
SmartShare (HKLM-x32\...\{BAB337AE-DD9E-45C3-BED6-0EE4732AEC60}) (Version: 2.3.1502.401 - LG Electronics Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.73909 - TeamViewer)
Total War™: WARHAMMER® (HKLM\...\Steam App 364360) (Version: - Creative Assembly)
Traffic Exchange (x32 Version: 2.1.0 - Microleaves) Hidden <==== ATTENTION
UE4 Prerequisites (x64) (HKLM-x32\...\{9514471f-b41e-41f7-af03-7da1d05b279e}) (Version: 1.0.8.0 - Epic Games, Inc.)
UE4 Prerequisites (x64) (Version: 1.0.8.0 - Epic Games, Inc.) Hidden
Update for Skype for Business 2015 (KB3039776) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{9F6B3627-AF9E-40A5-AAD5-3497C4327616}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3039776) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0419-0000-0000000FF1CE}_Office15.PROPLUS_{81313E78-6615-4DC2-9673-D9D67818F238}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3141468) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{0BA3C700-ABED-4994-BB60-2FD66DFAF674}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3141468) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{0BA3C700-ABED-4994-BB60-2FD66DFAF674}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3141468) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{0BA3C700-ABED-4994-BB60-2FD66DFAF674}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3141468) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0419-0000-0000000FF1CE}_Office15.PROPLUS_{0BA3C700-ABED-4994-BB60-2FD66DFAF674}) (Version: - Microsoft)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 4.00 (HKLM-x32\...\WinRAR 4.00) (Version: - )
Засоби перевірки правопису Microsoft Office 2013 – українська мова (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Средства проверки правописания Microsoft Office 2013 — русский (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
כלי ההגהה של Microsoft Office 2013 - עברית (HKLM\...\{90150000-001F-040D-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3232512167-548306506-1567833957-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06CD603C-63D9-408F-837D-F219DC79BEB8} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {2DA8A9DC-861D-42B7-9069-884085D78DD2} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Dima\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {88D2BA4D-0321-4E79-878D-ED6B14AA8CCC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-28] (Google Inc.)
Task: {8A03F8C6-8CBE-4B6D-9D13-838515F629DD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
Task: {8DF41D95-19B5-4476-B4D1-B046FE1A3A6B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-02-23] (Microsoft Corporation)
Task: {AF9459F5-2C9C-4A3A-BD10-5C9BDEB5FB0E} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => %ProgramFiles%\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {BA8C5E4E-4F81-459B-B234-63BE2423E341} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {CFA90AE3-794B-4C97-A3B7-E584A59E2382} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {D1845438-4632-42D2-8C00-6B18A3FD7604} - System32\Tasks\SmartShare => C:\Program Files (x86)\LG Software\LG Smart Share\SmartShareStart.exe [2014-12-05] (LG Electronics Inc.)
Task: {D7B4D6A6-F4C2-48F3-BC13-C659FD0C5C6A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-28] (Google Inc.)
Task: {FA8918B0-064D-43E3-8424-EDAF3BDFC3C0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION

ShortcutWithArgument: C:\Users\Dima\Desktop\Dima - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Dima\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
ShortcutWithArgument: C:\Users\Dima\Desktop\toltol - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Dima\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
ShortcutWithArgument: C:\Users\Dima\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_lneaknkopdijkpnocmklfnjbeapigfbh\Google Maps.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=lneaknkopdijkpnocmklfnjbeapigfbh
ShortcutWithArgument: C:\Users\Dima\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_ahfgeienlihckogmohjhadlkjgocpleb\Web Store.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=ahfgeienlihckogmohjhadlkjgocpleb
ShortcutWithArgument: C:\Users\Dima\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=knipolnnllmklapflnccelgolnpehhpl
ShortcutWithArgument: C:\Users\Dima\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\WhatsChrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1" --app-id=bgkodfmeijboinjdegggmkbkjfiagaan
ShortcutWithArgument: C:\Users\Dima\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Dima\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
ShortcutWithArgument: C:\Users\Dima\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://qtipr.com/
ShortcutWithArgument: C:\Users\Dima\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\toltol - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\Dima\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5d696d521de238c3\Dima - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Dima\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://qtipr.com/

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 13:42 - 2016-07-16 13:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-14 22:52 - 2016-12-09 12:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-10-05 03:01 - 2016-12-29 14:44 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-03-01 20:50 - 2016-06-15 03:14 - 00369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-01-04 12:26 - 2016-06-15 03:14 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-04-09 13:09 - 2016-06-15 03:14 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-03-01 20:50 - 2016-06-15 03:14 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2015-10-28 16:28 - 2007-09-07 13:26 - 00430080 _____ () C:\Program Files (x86)\richcomm\PowerManagerLite\PMLService.exe
2016-04-09 13:09 - 2016-06-15 03:14 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-04-09 13:09 - 2016-06-15 03:14 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-04-09 13:09 - 2016-06-15 03:14 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-02-16 09:35 - 2016-06-15 03:14 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-04-09 13:09 - 2016-06-15 03:14 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-04-09 13:09 - 2016-06-15 03:14 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2016-12-14 22:52 - 2016-12-09 12:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-05-22 18:33 - 2016-05-22 18:33 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-06-14 12:38 - 2016-06-14 12:38 - 08909504 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-03-16 12:17 - 2016-03-16 12:17 - 00052912 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2011-03-02 12:40 - 2011-03-02 12:40 - 00164864 _____ () C:\Program Files (x86)\Winrar\rarext64.dll
2015-04-15 22:13 - 2015-04-15 22:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2016-10-05 13:54 - 2016-10-05 13:54 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-11 12:15 - 2016-12-21 09:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-11 12:14 - 2016-12-21 08:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-11 12:14 - 2016-12-21 08:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-11 12:14 - 2016-12-21 08:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-11 12:14 - 2016-12-21 08:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-11 12:14 - 2016-12-21 08:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-11 12:14 - 2016-12-21 08:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-02-22 08:54 - 2017-02-22 08:55 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-02-22 08:54 - 2017-02-22 08:55 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-22 08:54 - 2017-02-22 08:55 - 42895360 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-02-07 10:39 - 2017-02-07 10:40 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\roottools.dll
2015-10-28 16:28 - 2007-09-06 11:13 - 00090112 _____ () C:\Program Files (x86)\richcomm\PowerManagerLite\PMLiteSevUI.exe
2015-12-30 19:58 - 2014-12-09 13:36 - 01265688 _____ () C:\Program Files (x86)\LG Software\LG Smart Share\DMR\SmartShareDMR.exe
2016-05-22 18:32 - 2016-05-22 18:32 - 31680176 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2015-10-28 16:28 - 2007-08-14 09:45 - 00045056 _____ () C:\Program Files (x86)\richcomm\PowerManagerLite\PMComm.dll
2015-10-28 16:28 - 2007-09-05 16:11 - 00098304 _____ () C:\Program Files (x86)\richcomm\PowerManagerLite\PMWarn.dll
2015-10-28 16:28 - 2004-07-05 13:07 - 00049152 _____ () C:\Program Files (x86)\richcomm\PowerManagerLite\RCMsgEng.dll
2015-10-28 16:28 - 2004-07-05 12:59 - 00045056 _____ () C:\Program Files (x86)\richcomm\PowerManagerLite\RCData.dll
2015-10-28 16:28 - 2006-08-11 14:34 - 00024576 _____ () C:\Program Files (x86)\richcomm\PowerManagerLite\RCThread.dll
2015-10-28 16:28 - 2003-05-26 22:30 - 00217088 _____ () C:\Program Files (x86)\richcomm\PowerManagerLite\LIBMYSQL.dll
2015-10-29 00:34 - 2016-06-15 03:14 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-05-24 20:58 - 2016-12-23 20:28 - 00657184 _____ () D:\Games\Steam\SDL2.dll
2015-05-24 20:58 - 2016-09-01 03:02 - 04969248 _____ () D:\Games\Steam\v8.dll
2015-05-24 20:58 - 2017-01-19 03:30 - 02327840 _____ () D:\Games\Steam\video.dll
2015-05-24 20:58 - 2016-09-01 03:02 - 01563936 _____ () D:\Games\Steam\icui18n.dll
2015-05-24 20:58 - 2016-09-01 03:02 - 01195296 _____ () D:\Games\Steam\icuuc.dll
2015-05-24 20:58 - 2016-01-27 09:49 - 02549760 _____ () D:\Games\Steam\libavcodec-56.dll
2015-05-24 20:58 - 2016-01-27 09:49 - 00491008 _____ () D:\Games\Steam\libavformat-56.dll
2015-05-24 20:58 - 2016-01-27 09:49 - 00332800 _____ () D:\Games\Steam\libavresample-2.dll
2015-05-24 20:58 - 2016-01-27 09:49 - 00442880 _____ () D:\Games\Steam\libavutil-54.dll
2015-05-24 20:58 - 2016-01-27 09:49 - 00485888 _____ () D:\Games\Steam\libswscale-3.dll
2013-02-25 07:39 - 2017-01-19 03:30 - 00838432 _____ () D:\Games\Steam\bin\chromehtml.DLL
2016-03-25 14:30 - 2016-07-05 00:17 - 00266560 _____ () D:\Games\Steam\openvr_api.dll
2017-03-08 20:17 - 2017-03-06 22:59 - 00807232 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2015-12-12 06:22 - 2017-02-09 04:19 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2015-12-12 06:22 - 2017-02-09 04:19 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2015-12-12 06:22 - 2017-02-09 04:19 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2015-12-12 06:22 - 2017-03-06 23:01 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2015-12-12 06:22 - 2017-02-09 04:19 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-03-08 20:17 - 2017-03-06 23:01 - 00020824 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2015-12-12 06:22 - 2017-02-09 04:20 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-03-08 20:17 - 2017-03-06 23:01 - 01682768 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-03-08 20:17 - 2017-03-06 23:01 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-03-08 20:17 - 2017-02-09 04:19 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-03-08 20:17 - 2017-02-09 04:20 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2017-03-08 20:17 - 2017-02-09 04:19 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2015-12-12 06:22 - 2017-02-09 04:22 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-08-05 01:54 - 2017-03-06 23:01 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-03-08 20:17 - 2017-03-06 23:01 - 00038712 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-03-08 20:17 - 2017-03-06 23:01 - 00060736 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2015-12-12 06:22 - 2017-02-09 04:22 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2015-12-12 06:22 - 2017-02-09 04:22 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-03-08 20:17 - 2017-02-09 04:19 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-03-08 20:17 - 2017-02-09 04:22 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2015-12-12 06:22 - 2017-02-09 04:22 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2015-12-12 06:22 - 2017-03-06 23:01 - 00381760 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2015-12-12 06:22 - 2017-02-09 04:22 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-08-05 01:54 - 2017-03-06 23:01 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2015-12-12 06:22 - 2017-02-09 04:22 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2015-12-12 06:22 - 2017-02-09 04:22 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2015-12-12 06:22 - 2017-02-09 04:22 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2015-12-12 06:22 - 2017-02-09 04:22 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2015-12-12 06:22 - 2017-02-09 04:22 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2015-12-12 06:22 - 2017-02-09 04:22 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-03-08 20:17 - 2017-03-06 23:01 - 00246608 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2017-03-08 20:17 - 2017-03-06 23:01 - 00027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-08-05 01:54 - 2017-02-09 04:21 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2017-03-08 20:17 - 2017-03-06 23:01 - 00022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2015-12-12 06:22 - 2017-03-06 23:01 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-12 06:22 - 2017-02-09 04:22 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-03-08 20:17 - 2017-03-06 23:01 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2015-12-12 06:22 - 2017-02-09 04:20 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-03-08 20:17 - 2017-03-06 23:01 - 01972536 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-03-08 20:17 - 2017-03-06 23:01 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-03-08 20:17 - 2017-03-06 23:01 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-02-28 01:03 - 2017-03-06 23:01 - 00053072 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-03-08 20:17 - 2017-03-06 23:01 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-03-08 20:17 - 2017-03-06 23:01 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-03-08 20:17 - 2017-03-06 23:01 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-01-24 11:53 - 2017-03-06 23:01 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2016-04-14 07:52 - 2017-03-06 23:01 - 00069968 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2017-01-24 11:53 - 2017-03-06 23:01 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-01-24 11:53 - 2017-03-06 23:01 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-01-24 11:53 - 2017-03-06 23:01 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2015-12-12 06:22 - 2017-02-09 04:22 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-03-08 20:17 - 2017-03-06 23:01 - 00103232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2016-02-10 00:35 - 2017-03-06 23:01 - 00023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-03-08 20:17 - 2017-03-06 23:01 - 00025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-03-08 20:17 - 2017-02-09 04:17 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-03-08 20:17 - 2017-03-06 23:01 - 00033112 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2017-03-08 20:17 - 2016-12-02 23:44 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2017-03-08 20:17 - 2017-03-06 23:01 - 00084288 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-03-08 20:17 - 2017-02-09 04:27 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-03-08 20:17 - 2017-02-09 04:27 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-03-08 20:17 - 2017-03-06 23:01 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-03-08 20:17 - 2017-03-06 23:01 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-03-08 20:17 - 2017-03-06 23:01 - 00357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2015-12-12 06:22 - 2017-02-09 04:22 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2016-08-05 01:54 - 2017-03-06 23:01 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-03-08 20:17 - 2017-03-06 23:01 - 00546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2011-02-24 17:39 - 2011-02-24 17:39 - 00012128 _____ () C:\Program Files (x86)\Common Files\Acronis\DriveMonitor\Common\icudt38.dll
2016-12-07 11:20 - 2016-12-07 11:20 - 48920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
2017-02-07 15:36 - 2017-02-01 11:01 - 01870168 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-07 15:36 - 2017-02-01 11:01 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
2016-12-15 03:41 - 2017-01-05 05:12 - 68813088 _____ () D:\Games\Steam\bin\cef\cef.win7\libcef.dll
2013-02-21 15:23 - 2017-01-19 03:30 - 00383776 _____ () D:\Games\Steam\steam.dll
2015-12-30 19:58 - 2013-12-06 22:06 - 00642016 _____ () C:\Program Files (x86)\LG Software\LG Smart Share\DMS\sqlite3.dll
2015-12-30 19:58 - 2014-12-09 11:55 - 00903168 _____ () C:\Program Files (x86)\LG Software\LG Smart Share\DMR\LibMediaRenderer.dll
2016-05-12 21:37 - 2016-05-12 21:37 - 00118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2016-05-12 21:37 - 2016-05-12 21:37 - 00205824 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2016-05-12 21:37 - 2016-05-12 21:37 - 00120832 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2016-05-12 21:37 - 2016-05-12 21:37 - 00126464 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2016-05-31 03:40 - 2016-05-31 03:40 - 00098496 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2016-05-12 21:37 - 2016-05-12 21:37 - 00166400 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2017-02-14 23:09 - 2017-02-02 12:30 - 17840216 _____ () C:\Users\Dima\AppData\Local\Google\Chrome\User Data\PepperFlash\24.0.0.221\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\drivers:ucdrv-x64.sys [25444]
AlternateDataStreams: C:\WINDOWS\system32\drivers:x64 [1496610]
AlternateDataStreams: C:\WINDOWS\system32\drivers:x86 [1221154]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7931 more sites.

IE restricted site: HKU\S-1-5-21-3232512167-548306506-1567833957-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3232512167-548306506-1567833957-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3232512167-548306506-1567833957-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3232512167-548306506-1567833957-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3232512167-548306506-1567833957-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3232512167-548306506-1567833957-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3232512167-548306506-1567833957-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3232512167-548306506-1567833957-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3232512167-548306506-1567833957-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3232512167-548306506-1567833957-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3232512167-548306506-1567833957-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3232512167-548306506-1567833957-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3232512167-548306506-1567833957-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3232512167-548306506-1567833957-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3232512167-548306506-1567833957-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3232512167-548306506-1567833957-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3232512167-548306506-1567833957-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3232512167-548306506-1567833957-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3232512167-548306506-1567833957-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3232512167-548306506-1567833957-1001\...\123simsen.com -> www.123simsen.com

There are 7931 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-09 00:51 - 2017-03-09 00:51 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3232512167-548306506-1567833957-1001\Control Panel\Desktop\\Wallpaper -> D:\Dima\Art\Warhammer 40k\handoftheemperor.jpg
DNS Servers: 192.168.14.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run32: => "ModemListener"
HKU\S-1-5-21-3232512167-548306506-1567833957-1001\...\StartupApproved\Run: => "uTorrent"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{73CB5E09-8E7F-4F06-978B-5BEB5F2D3CAD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{D3554AEE-2A5E-4D59-A83E-85CEFBC725C4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{B87218C3-793A-4CAB-A1F6-6D44F26652E4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{8D76EC25-8ABF-4D86-8BE2-2B50EF17DA05}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [UDP Query User{C70CC819-1D17-4145-816B-DB539BD1B7FC}C:\program files (x86)\eye4\superipcam.exe] => (Allow) C:\program files (x86)\eye4\superipcam.exe
FirewallRules: [TCP Query User{A4DB612E-F5E5-4B56-AAE6-BE45355DE693}C:\program files (x86)\eye4\superipcam.exe] => (Allow) C:\program files (x86)\eye4\superipcam.exe
FirewallRules: [UDP Query User{A3FEA1F3-191E-43FE-B0D6-830641B0A42B}D:\games\dawn of war ii - retribution\dow2.exe] => (Block) D:\games\dawn of war ii - retribution\dow2.exe
FirewallRules: [TCP Query User{7374443C-C434-4109-BBB8-5013D72D7907}D:\games\dawn of war ii - retribution\dow2.exe] => (Block) D:\games\dawn of war ii - retribution\dow2.exe
FirewallRules: [UDP Query User{1CB0C4DA-DB24-452F-BA0D-4C566426E786}C:\program files (x86)\airdroid\airdroid.exe] => (Block) C:\program files (x86)\airdroid\airdroid.exe
FirewallRules: [TCP Query User{EA919F0F-E403-4BFB-86AC-B50401784D43}C:\program files (x86)\airdroid\airdroid.exe] => (Block) C:\program files (x86)\airdroid\airdroid.exe
FirewallRules: [{262CCDF2-D810-426F-AFE2-47BC309AF2E0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0EE9E4A7-330B-463F-9D34-30A4F517BCFE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [UDP Query User{09108F52-AF0F-4B12-913C-4D93C2EE6F56}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe
FirewallRules: [TCP Query User{684C358B-1A3F-4B2B-B4B4-2A8511616004}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe
FirewallRules: [UDP Query User{CC4C01B4-1930-4FE3-96CF-0228248FEB7B}D:\games\steam\steamapps\common\total war warhammer\warhammer.exe] => (Allow) D:\games\steam\steamapps\common\total war warhammer\warhammer.exe
FirewallRules: [TCP Query User{A0131993-0A9C-410E-B222-A8BFF38617F0}D:\games\steam\steamapps\common\total war warhammer\warhammer.exe] => (Allow) D:\games\steam\steamapps\common\total war warhammer\warhammer.exe
FirewallRules: [{E953DF3E-E593-4C8F-B89F-5FC00B237B44}] => (Allow) LPort=1900
FirewallRules: [{64D0EB93-C7AF-4C07-A09B-292D76CD8A50}] => (Allow) LPort=2869
FirewallRules: [{7546A4BD-22C8-4777-A767-1E5EE0C2AB87}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [UDP Query User{F42783ED-02F9-42BE-A805-C9B1D1B86226}D:\games\steam\steamapps\common\battlefleet gothic armada\battlefleetgothic\binaries\win64\battlefleetgothic-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\battlefleet gothic armada\battlefleetgothic\binaries\win64\battlefleetgothic-win64-shipping.exe
FirewallRules: [TCP Query User{9EDC4D4C-8AE5-4308-8810-8B308809D41B}D:\games\steam\steamapps\common\battlefleet gothic armada\battlefleetgothic\binaries\win64\battlefleetgothic-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\battlefleet gothic armada\battlefleetgothic\binaries\win64\battlefleetgothic-win64-shipping.exe
FirewallRules: [{420D7788-551A-4956-8F11-92D6739D7253}] => (Allow) D:\Games\Steam\steamapps\common\Battlefleet Gothic Armada\BattleFleetGothic.exe
FirewallRules: [{30683C66-DD95-47E3-BA1C-AE1950A58496}] => (Allow) D:\Games\Steam\steamapps\common\Battlefleet Gothic Armada\BattleFleetGothic.exe
FirewallRules: [UDP Query User{06359B2D-CBEA-4007-B4F1-6399DE84A950}C:\users\dima\appdata\roaming\utorrent\updates\3.4.5_41712.exe] => (Allow) C:\users\dima\appdata\roaming\utorrent\updates\3.4.5_41712.exe
FirewallRules: [TCP Query User{52784B2F-617B-46D9-8F7A-6BC17CBA3136}C:\users\dima\appdata\roaming\utorrent\updates\3.4.5_41712.exe] => (Allow) C:\users\dima\appdata\roaming\utorrent\updates\3.4.5_41712.exe
FirewallRules: [{9B654E13-06B6-4A40-AF75-DA38A97A0D55}] => (Allow) LPort=1688
FirewallRules: [{9A64DEB4-7780-4924-A787-FA2E249AB54A}] => (Allow) C:\Program Files (x86)\LG Software\LG Smart Share\DMR\SmartShareDMR.exe
FirewallRules: [{6E2AA919-2674-4687-87CC-DC2E01976814}] => (Allow) C:\Program Files (x86)\LG Software\LG Smart Share\DMR\SmartShareDMR.exe
FirewallRules: [{8DDC887D-F73A-4AA4-8D8A-10735D528EAA}] => (Allow) C:\Program Files (x86)\LG Software\LG Smart Share\DMS\SmartShareDMS.exe
FirewallRules: [{7FCAAFFC-B4FD-4C91-80D8-32E3D49A93B0}] => (Allow) C:\Program Files (x86)\LG Software\LG Smart Share\DMS\SmartShareDMS.exe
FirewallRules: [{D250743E-37A5-4181-A268-7F92F1CE76FD}] => (Allow) C:\Users\Dima\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{BEDE32A0-A3B9-419A-A3B9-84428A59D2BB}] => (Allow) C:\Users\Dima\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{82BF2F79-7CFC-4EA2-89B5-6B66FA3B4456}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{5A38BA20-FA47-4EC4-ACAB-F932C3B67ED3}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{421FF32A-B1BD-475D-A39F-5AC34D79436E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{982634AE-1ED6-4D47-ACC8-5071FF547E3F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{FB552591-7FB7-4334-BD31-690CF0DD360A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{186AD6F9-EDCE-4FEA-B334-E54B2828992C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{504FB55B-B62E-4E61-BBD9-A5539EA6BD6F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{7C254108-12ED-4712-AD28-BFB80FCF7BE8}] => (Allow) C:\Users\Dima\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FE6ABF34-8194-4121-8CC8-BB8140A4876F}] => (Allow) C:\Users\Dima\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{851640E4-6342-4282-9B00-26B44762FABC}] => (Allow) C:\Users\Dima\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A928B00C-2817-4485-B816-C99515F5CAA8}] => (Allow) C:\Users\Dima\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3BB0854C-90E0-4003-9063-C0BDFE9169F7}] => (Allow) C:\Users\Dima\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4DDC1DE1-855B-4ADE-BDD6-7337B60E41BA}] => (Allow) C:\Users\Dima\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A69D9408-6A97-4F3E-9613-50A333E96C8E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B17DC43C-CEA3-45BB-9E4A-7756C959258D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2F6F59F0-1AF2-46C0-8410-89751A741641}] => (Allow) D:\Games\Steam\Steam.exe
FirewallRules: [{4B749F70-667C-49D0-9F2A-0A6F4DD25858}] => (Allow) D:\Games\Steam\Steam.exe
FirewallRules: [{7847550E-FBC8-45BB-8E40-5E257CD3AD45}] => (Allow) D:\Games\Steam\bin\steamwebhelper.exe
FirewallRules: [{43DB76DB-2B18-4924-BF78-6BAC0C7E9F75}] => (Allow) D:\Games\Steam\bin\steamwebhelper.exe
FirewallRules: [{ADD8B1B7-25FF-4C5D-8342-FCF2B0265B8E}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{DF9159E3-222B-4FED-8F38-97E8C0FC593A}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{975FD50F-A5DB-45BF-8C9E-171981C636E8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{26621667-5418-4A84-B413-41A906927FA1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3C87BC05-66A6-4371-A869-2CCD2078E0BD}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{2835C847-78E4-46D9-A651-BDC57CE6BDC0}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{112852EF-F08A-4769-95B1-18BC73813981}] => (Allow) D:\Games\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{564DA359-4848-48C4-BAF7-C295968DE4B9}] => (Allow) D:\Games\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{1672D5D8-90B8-40BD-A85E-D8C2D9D40505}] => (Allow) D:\Games\Steam\steamapps\common\Total War WARHAMMER\launcher\launcher.exe
FirewallRules: [{CCF15B5B-D52C-4C46-9E8F-A1109A60856E}] => (Allow) D:\Games\Steam\steamapps\common\Total War WARHAMMER\launcher\launcher.exe
FirewallRules: [{3FDF9CB3-126D-4B5B-B347-32A53A72CBB7}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{AC6D0190-309B-4F79-99B8-6EA116F307BB}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{2B4D81FA-D8EA-47A5-B6C6-A86E3D703580}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{BD976D91-4922-48C1-81A8-B1C09C68A26A}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
FirewallRules: [{AE29E733-DC0A-44AA-8D9C-990B60628D74}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\Downloader\download\MiniThunderPlatform.exe
FirewallRules: [{9F4B287E-3E75-476A-A763-7ADA3D6D5526}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
FirewallRules: [TCP Query User{34580956-FCA8-413B-A575-20B13E7B2D4D}D:\games\steam\steamapps\common\total war warhammer\warhammer.exe] => (Allow) D:\games\steam\steamapps\common\total war warhammer\warhammer.exe
FirewallRules: [UDP Query User{A6E483E6-04B5-4A54-9E01-40BD4F354F23}D:\games\steam\steamapps\common\total war warhammer\warhammer.exe] => (Allow) D:\games\steam\steamapps\common\total war warhammer\warhammer.exe
FirewallRules: [{1AE27AA1-9D8F-4013-846C-3248A300584C}] => (Allow) D:\Games\Steam\steamapps\common\Total War WARHAMMER\launcher\launcher.exe
FirewallRules: [{85907062-5534-4272-B7CE-A28C916C482E}] => (Allow) D:\Games\Steam\steamapps\common\Total War WARHAMMER\launcher\launcher.exe
FirewallRules: [{B507A40B-85EB-4E98-955F-84EF1F9D20B8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7C5432CD-1811-41B5-B422-7D87F4C6ACD5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{2BB38EF4-74C4-4B8C-8C9D-BD75983B9812}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{5F2E416C-3EDD-4B60-9AA4-1F883F0B5EAA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{9EC0F9DA-C738-400D-AE2A-73F37E72A87F}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

==================== Restore Points =========================

18-02-2017 12:05:51 Scheduled Checkpoint
22-02-2017 11:43:28 Windows Update
02-03-2017 21:27:52 Scheduled Checkpoint
08-03-2017 23:46:30 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/09/2017 12:04:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MsMpEng.exe, version: 4.10.14393.0, time stamp: 0x57899b98
Faulting module name: mpsvc.dll, version: 4.10.14393.0, time stamp: 0x57899860
Exception code: 0xc0000005
Fault offset: 0x00000000000052b5
Faulting process id: 0x10b4
Faulting application start time: 0x01d29856dff0e7a6
Faulting application path: C:\Program Files\Windows Defender\MsMpEng.exe
Faulting module path: C:\Program Files\Windows Defender\mpsvc.dll
Report Id: fdfbd482-de34-48cb-96cf-c73824207b53
Faulting package full name:
Faulting package-relative application ID:

Error: (03/08/2017 11:57:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NvStreamUserAgent.exe, version: 7.1.2084.9592, time stamp: 0x57605c64
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
Exception code: 0xc0000005
Fault offset: 0x0000000000030bdd
Faulting process id: 0x1704
Faulting application start time: 0x01d29856e6af30c8
Faulting application path: C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: d945ae3f-4474-4830-9e64-c2a26f65dbd4
Faulting package full name:
Faulting package-relative application ID:

Error: (03/08/2017 11:46:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (03/07/2017 05:48:03 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (03/06/2017 08:46:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NvStreamUserAgent.exe, version: 7.1.2084.9592, time stamp: 0x57605c64
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
Exception code: 0xc0000005
Fault offset: 0x0000000000030bdd
Faulting process id: 0x2a68
Faulting application start time: 0x01d296455f0a6ff4
Faulting application path: C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: dea665e2-993d-4307-a6ed-cdec96748fa8
Faulting package full name:
Faulting package-relative application ID:

Error: (03/05/2017 11:20:35 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (03/05/2017 11:09:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NvStreamUserAgent.exe, version: 7.1.2084.9592, time stamp: 0x57605c64
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
Exception code: 0xc0000005
Fault offset: 0x0000000000030bdd
Faulting process id: 0x1ff4
Faulting application start time: 0x01d295f4c19880ba
Faulting application path: C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 577784f1-e5e5-4902-80e1-078bda21c640
Faulting package full name:
Faulting package-relative application ID:

Error: (03/04/2017 02:00:52 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (03/04/2017 01:11:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NvStreamUserAgent.exe, version: 7.1.2084.9592, time stamp: 0x57605c64
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
Exception code: 0xc0000005
Fault offset: 0x0000000000030bdd
Faulting process id: 0x22dc
Faulting application start time: 0x01d294d816b971ad
Faulting application path: C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 8dd6cc76-e8c8-4dcb-a70d-52d8564b6132
Faulting package full name:
Faulting package-relative application ID:

Error: (03/02/2017 09:28:04 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.


System errors:
=============
Error: (03/09/2017 12:49:29 AM) (Source: DCOM) (EventID: 10016) (User: DIMA-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user DIMA-PC\Dima SID (S-1-5-21-3232512167-548306506-1567833957-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (03/09/2017 12:44:38 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/09/2017 12:44:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinDefend service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (03/09/2017 12:43:32 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
Access is denied.

Error: (03/09/2017 12:43:31 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/09/2017 12:42:30 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
An instance of the service is already running.

Error: (03/09/2017 12:42:01 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Steam Client Service service terminated unexpectedly. It has done this 1 time(s).

Error: (03/09/2017 12:42:00 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (03/09/2017 12:41:58 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The PMLService service terminated unexpectedly. It has done this 1 time(s).

Error: (03/09/2017 12:41:58 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Streamer Service service terminated unexpectedly. It has done this 1 time(s).


CodeIntegrity:
===================================
Date: 2017-03-09 00:44:29.058
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume1\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\msvcp140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-03-09 00:44:29.054
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume1\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-03-09 00:44:29.053
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume1\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-03-09 00:44:28.915
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume1\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\msvcp140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-03-09 00:44:28.912
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume1\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-03-09 00:44:28.911
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume1\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-03-09 00:44:28.227
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-03-09 00:44:28.083
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume1\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-03-09 00:24:24.335
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume1\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\msvcp140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-03-09 00:24:24.333
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume1\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i3-3220 CPU @ 3.30GHz
Percentage of memory in use: 36%
Total physical RAM: 8158.96 MB
Available physical RAM: 5146.4 MB
Total Virtual: 9438.96 MB
Available Virtual: 5884.09 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.32 GB) (Free:320.06 GB) NTFS
Drive d: (Data) (Fixed) (Total:465.76 GB) (Free:38.13 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: DF2AFF3B)
Partition 1: (Not Active) - (Size=465.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 1BCE1BCD)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 09 March 2017 - 02:24 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,136 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:13 PM

Posted 09 March 2017 - 10:14 AM

Greetings Dimaka and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me just a bit of time to review what you have posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 RayS

RayS

  • Malware Study Hall Senior
  • 2,128 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:13 AM

Posted 09 March 2017 - 07:44 PM

Hello Dimaka,

My name is Ray.

 

Gary has invited me to assisting you with your issue. Please give me a day or two to review your logs and prepare a reply. Since I'm still a trainee, all my posts have to be reviewed by Gary prior to being posted to make sure that you receive the best assistance possible.

Thank you for your understanding, I'll be with you shortly!

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#4 RayS

RayS

  • Malware Study Hall Senior
  • 2,128 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:13 AM

Posted 16 March 2017 - 03:21 PM

Hello again, Dimaka, and welcome to Bleeping Computer.

Please call me "Ray".

  • Always read my entire message before you begin to follow my instructions.
  • It may be helpful for you to print my instructions for easy reference.
  • Perform my instructions in the order as given.
  • Click More Reply Options and then Preview Post before you post a reply. Be sure your message addresses all the issues I raise.
  • Any fixes I provide are for this specific problem on this machine only.
  • Removing malware is hazardous. I will not knowingly advise actions that will damage your computer, but it is impossible to guarantee the safety of your system. It may even become necessary to re-format and re-install your operating system. Before we proceed, you should back up all your data -- preferably to a different computer or to off-line storage.


Peer-to-Peer File Sharing Warning

Going over your logs, I noticed that you have uTorrent and Popcorn Time installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and trojans spread across P2P file sharing networks, gaming, and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get re-infected.
I would recommend that you uninstall uTorrent and Popcorn Time, however, that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs. You can also use the Revo Uninstaller to remove these programs (see next section below).

If you wish to keep them, it is necessary that you don't use them until your computer is cleaned. Please let me know whether you will refrain from using both uTorrent and Popcorn Time or will delete them.



We need to remove some programs with Revo Uninstaller Free:

Note: Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.
Note: If any program you want to uninstall is not listed by Revo, let me know and we will try an alternate method of removal.

  • Please download and install Revo Uninstaller Free.
    note: there is no need to click anything on that page. The download will start automatically.
  • Double click Revo Uninstaller to run it.
  • From the list of programs, double click on the listed program(s), or anything similar, to remove it (them):
    Traffic Exchange or Microleaves
  • When prompted if you want to uninstall, click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run. If prompted again, click Yes.
  • When the built-in uninstaller is finished, click Next.
  • Once the program has searched for leftovers, click Next.
  • Check the items in bold only on the list. Then click Delete.
    note: you may have to expand some folders by clicking the "+" mark.
  • When prompted, click Yes and then Next.
  • Put a checkmark on any folders that are found and select Delete.
  • When prompted, select Yes then Next.
  • When done click Finish.


Let's run Farbar Recovery Scan Tool (FRST) in FIX mode

Save your work and exit all programs because Farbar Recovery Scan Tool may reboot your computer.

Press the Windows key + R on your keyboard at the same time. This will open the Run dialog box.
Type Notepad into the Run box and click OK.
Please copy and paste the entire contents of the code box below into a new file.


Start

CloseProcesses:
Folder: C:\Users\Dima\Downloads\The.100.Season.3.S03.720p.10bit.BluRay.x265.HEVC-MZABI
Folder: C:\Users\Dima\AppData\Local\Azsdworks
WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION
ShortcutWithArgument: C:\Users\Dima\Desktop\Dima - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Dima\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
ShortcutWithArgument: C:\Users\Dima\Desktop\toltol - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Dima\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
C:\Users\Dima\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk
ShortcutWithArgument: C:\Users\Dima\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://qtipr.com/
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Dima\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://qtipr.com/
AlternateDataStreams: C:\WINDOWS\system32\drivers:ucdrv-x64.sys [25444]
AlternateDataStreams: C:\WINDOWS\system32\drivers:x64 [1496610]
AlternateDataStreams: C:\WINDOWS\system32\drivers:x86 [1221154]

End

On the Notepad menu, click Format and remove the checkmark from Word Wrap.
Save the file as fixlist.txt into the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST64.exe and click Fix only once and wait until the program completes execution.

NOTICE: This script was written specifically for this user to be used on this particular machine. Running this script on another machine may cause damage to your operating system.

If requested, restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt). Please post it into your reply.



Re-scan with Farbar Recovery Scan Tool
This tool is frequently updated. Please download a fresh copy of Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click Run as administrator.
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce logs called FRST.txt and Addition.txt in the same directory where the tool was run from.
  • Please copy and paste both logs into your next reply.

 

In your next reply...

  • Confirm that you have backed up all your important files.
  • Did you delete uTorrent and Popcorn Time? If not, will you refrain from using them until this topic is closed?
  • Did you uninstall Traffic Exchange and/or Microleaves from your PC?
  • Copy and paste the entire contents of Fixlog.txt into the body of your message.
  • Copy and paste the entire contents of FRST.txt and Addition.txt into the body of your message.
  • Please tell me how your PC is running now. Give full description of symptoms and verbatim copies of error messages (if any).

Thank you,

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,136 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:13 PM

Posted 19 March 2017 - 09:06 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users