Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I believe I still have a rootkit in my system


  • This topic is locked This topic is locked
15 replies to this topic

#1 jasoncool

jasoncool

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 03 April 2017 - 08:17 PM

I noticed my mouseclicks were harder to do so I suspected malware

I ran malwarebytes and the scan stopped halfway, i also ran malwarebytes antirootkit and it didn't update but i still ran it anyway and was able to takeout 3 rootkits, but I still believe there's still malware attached to my system, please advise

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by user (administrator) on USER-PC (04-04-2017 09:10:41)
Running from C:\Users\user\Downloads
Loaded Profiles: user (Available Profiles: user)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(COMODO) C:\Program Files (x86)\Comodo\Internet Security Essentials\isesrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Akamai Technologies, Inc.) C:\Users\user\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
(MagicISO, Inc.) C:\Program Files (x86)\MagicDisc\MagicDisc.exe
(Akamai Technologies, Inc.) C:\Users\user\AppData\Local\Akamai\netsession_win.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(COMODO) C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_24_0_0_201.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_24_0_0_201.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [63432 2017-03-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [909744 2017-03-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [51talkac] => C:\Program Files (x86)\51talk\Launch.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM-x32\...\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe [3386576 2017-03-30] (COMODO)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3855579493-1485355268-1698365518-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3855579493-1485355268-1698365518-1000\...\Run: [Akamai NetSession Interface] => C:\Users\user\AppData\Local\Akamai\netsession_win.exe [4490200 2017-01-03] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3855579493-1485355268-1698365518-1000\...\Run: [{3A02F232-20AB-4DC9-AA12-B34BAAC74CD3}] => powershell.exe -noprofile -windowstyle hidden -executionpolicy bypass iex ([Text.Encoding]::ASCII.GetString([Convert]::FromBase64String((gp 'HKCU:\Software\Classes\ZKQWULDCYYUIRKI').HErXytEudN)));
HKU\S-1-5-21-3855579493-1485355268-1698365518-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk [2015-12-25]
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{52A35094-BA1E-43C6-9090-DCF2B1E1354B}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-3855579493-1485355268-1698365518-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ph.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
SearchScopes: HKU\S-1-5-21-3855579493-1485355268-1698365518-1000 -> {4F75722F-8C96-4944-A5E4-3BFFF7DECA54} URL = hxxps://ph.search.yahoo.com/search?p={searchTerms}&intl=ph&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-03-15] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-03-15] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
Toolbar: HKU\S-1-5-21-3855579493-1485355268-1698365518-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\tklwt601.default [2017-04-04]
FF Homepage: Mozilla\Firefox\Profiles\tklwt601.default -> www.google.com
FF Session Restore: Mozilla\Firefox\Profiles\tklwt601.default -> is enabled.
FF Extension: (Avira Browser Safety) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\tklwt601.default\Extensions\abs@avira.com.xpi [2017-03-15]
FF Extension: (Site Deployment Checker) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\tklwt601.default\features\{64ddf4f4-a8ce-4ea9-9f74-01fa836cfc85}\deployment-checker@mozilla.org.xpi [2017-04-04]
FF Extension: (Disable Prefetch) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\tklwt601.default\features\{64ddf4f4-a8ce-4ea9-9f74-01fa836cfc85}\disable-prefetch@mozilla.org.xpi [2017-04-04]
FF Extension: (Site Deployment Checker) - C:\Program Files (x86)\Mozilla Firefox\browser\features\deployment-checker@mozilla.org.xpi [2017-03-29] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_201.dll [2017-01-11] ()
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_201.dll [2017-01-11] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-04-30] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-04-30] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-03-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-03-15] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-02-10] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-02-10] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-20] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-07-31] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-24] (Adobe Systems Inc.)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Backup Default [2017-03-28]
CHR Extension: (Google Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-03]
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-03]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-03]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-03]
CHR Extension: (Google Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-03]
CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-03]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-03]
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2017-04-04]
CHR Extension: (Google Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-03]
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-03]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-03]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-03]
CHR Extension: (Adobe Acrobat) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-06]
CHR Extension: (Google Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-03]
CHR Extension: (Avira Browser Safety) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-11-15]
CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-03]
CHR Extension: (Yahoo Partner) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpdmjodecdegfglgaapafjleomjjlpnh [2016-11-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-03]
CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-23]
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\System Profile [2017-03-28]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fdbpcigaolookbahgdofnimidinicfid] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kpdmjodecdegfglgaapafjleomjjlpnh] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1115552 2017-03-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [487432 2017-03-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [487432 2017-03-22] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1519136 2017-03-22] (Avira Operations GmbH & Co. KG)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-28] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2014-07-23] () [File not signed]
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [349560 2017-03-09] (Avira Operations GmbH & Co. KG)
R2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-29] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-02-01] (Intel® Corporation)
R2 isesrv; C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe [118480 2017-03-30] (COMODO)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-04-30] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-12-12] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-12-12] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-02-10] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-12-12] (NVIDIA Corporation)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-20] (Adobe Systems Incorporated) [File not signed]
S2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [156928 2016-11-17] ()
S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [730304 2015-12-22] (Wacom Technology, Corp.)
S2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugin"

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-01-28] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [176968 2017-03-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [148104 2017-03-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [35328 2017-03-03] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [78600 2017-03-03] (Avira Operations GmbH & Co. KG)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [511952 2016-07-27] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-05-29] (Intel Corporation)
R1 isedrv; C:\Windows\system32\drivers\isedrv.sys [50856 2017-03-30] (COMODO)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-29] (Visicom Media Inc.)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2017-04-03] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [251840 2017-04-04] (Malwarebytes)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-29] (Visicom Media Inc.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [118272 2014-04-30] (Intel Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-12-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46016 2016-12-12] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [59448 2017-01-06] (NVIDIA Corporation)
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1476752 2012-09-22] (Realtek Semiconductor Corporation                           )
R3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
S1 1c9c3f; \??\C:\Windows\system32\drivers\1c9c3f.sys [X]
U0 aswVmm; no ImagePath
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-04 09:10 - 2017-04-04 09:11 - 00023349 _____ C:\Users\user\Downloads\FRST.txt
2017-04-04 09:09 - 2017-04-04 09:10 - 00000000 ____D C:\FRST
2017-04-04 09:09 - 2017-04-04 09:09 - 02424832 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2017-04-03 11:52 - 2017-04-03 11:53 - 00003346 _____ C:\Users\user\Desktop\Rkill.txt
2017-04-03 11:25 - 2017-04-03 15:32 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-04-03 11:24 - 2017-04-03 11:44 - 00000000 ____D C:\Users\user\Desktop\mbar
2017-04-03 11:24 - 2017-04-03 11:24 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-04-03 11:07 - 2017-04-04 08:34 - 00251840 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-04-03 11:07 - 2017-04-03 11:26 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-04-03 11:07 - 2017-04-03 11:07 - 00001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-04-03 11:07 - 2017-04-03 11:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-04-03 11:07 - 2017-02-24 06:23 - 00077408 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-04-03 08:17 - 2017-04-03 08:17 - 00001032 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PPSSPP.lnk
2017-04-03 08:17 - 2017-04-03 08:17 - 00000000 ____D C:\Users\user\Documents\PPSSPP
2017-04-03 08:16 - 2017-04-03 08:17 - 00000000 ____D C:\Program Files (x86)\PPSSPP
2017-04-02 20:54 - 2017-04-02 20:57 - 00000000 ____D C:\Users\user\Desktop\Nintendo DS
2017-04-02 20:50 - 2017-04-02 20:51 - 00002028 _____ C:\Users\user\Desktop\vba1.ini
2017-04-02 20:47 - 2017-04-02 20:47 - 00000000 ____D C:\Users\user\Downloads\VisualBoyAdvance-M-2.0.0-beta2
2017-04-01 22:18 - 2017-04-01 22:18 - 00000080 _____ C:\Windows\wininit.ini
2017-04-01 22:01 - 2015-12-30 02:48 - 00001136 _____ C:\Windows\system32\Drivers\etc\hosts.20170401-220103.backup
2017-04-01 21:40 - 2017-04-01 21:40 - 00001395 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-04-01 21:40 - 2017-04-01 21:40 - 00001383 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2017-04-01 21:40 - 2017-04-01 21:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-04-01 21:39 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2017-03-31 19:32 - 2017-04-04 08:36 - 00003018 _____ C:\Windows\System32\Tasks\MSIAfterburner
2017-03-29 23:17 - 2017-03-29 23:17 - 01700352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
2017-03-29 23:17 - 2017-03-29 23:17 - 01060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
2017-03-29 23:17 - 2017-03-29 23:17 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2017-03-29 23:12 - 2016-12-28 00:17 - 00353976 _____ (COMODO) C:\ProgramData\cmdres.dll
2017-03-29 21:59 - 2017-03-29 23:24 - 00000000 ____D C:\Users\user\AppData\Roaming\Comodo
2017-03-29 21:47 - 2017-03-30 11:10 - 00307960 _____ (COMODO) C:\Windows\system32\iseguard64.dll
2017-03-29 21:47 - 2017-03-30 11:10 - 00236792 _____ (COMODO) C:\Windows\SysWOW64\iseguard32.dll
2017-03-29 21:47 - 2017-03-30 11:10 - 00050856 _____ (COMODO) C:\Windows\system32\Drivers\isedrv.sys
2017-03-29 21:47 - 2017-03-29 21:47 - 03858824 _____ (COMODO) C:\Windows\SysWOW64\ise_installer.exe
2017-03-29 21:46 - 2017-03-29 23:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2017-03-29 21:46 - 2017-03-29 21:48 - 00000000 ____D C:\Program Files (x86)\Comodo
2017-03-29 21:46 - 2017-03-29 21:46 - 00000000 ____D C:\Users\user\AppData\Local\Comodo
2017-03-29 21:44 - 2017-03-31 15:20 - 00000000 ____D C:\ProgramData\Comodo
2017-03-28 19:24 - 2017-03-28 19:31 - 00000000 ____D C:\ProgramData\Emsisoft
2017-03-28 19:14 - 2017-03-28 19:14 - 00029153 _____ C:\ProgramData\agent.1490699683.bdinstall.bin
2017-03-28 19:13 - 2017-03-28 19:13 - 00000000 ____D C:\Users\user\AppData\Roaming\QuickScan
2017-03-28 19:11 - 2017-03-28 19:11 - 00047003 _____ C:\ProgramData\agent.1490699493.bdinstall.bin
2017-03-28 19:11 - 2017-03-28 19:11 - 00000000 ____D C:\ProgramData\Bitdefender Agent
2017-03-28 18:54 - 2017-03-28 18:56 - 00000000 ____D C:\AdwCleaner
2017-03-28 18:30 - 2017-03-28 18:30 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-28 12:31 - 2017-03-28 12:31 - 01432518 _____ C:\Users\user\Desktop\legend of zelda.txt
2017-03-28 08:30 - 2017-03-28 08:30 - 00532005 _____ C:\Users\user\Desktop\paper mario thousand year door.txt
2017-03-27 18:06 - 2017-03-27 18:06 - 00634099 _____ C:\Users\user\Desktop\paper mario.txt
2017-03-27 10:08 - 2017-03-27 10:08 - 00247306 _____ C:\Users\user\Desktop\skies of arcadia legends.txt
2017-03-26 13:55 - 2017-03-26 14:04 - 00522410 _____ C:\Users\user\Desktop\tales of symphonia.txt
2017-03-25 20:17 - 2017-04-03 18:58 - 00000000 ____D C:\Users\user\Desktop\game cube roms
2017-03-25 19:31 - 2017-03-25 19:31 - 00000000 ____D C:\Users\user\Documents\Dolphin Emulator
2017-03-25 19:30 - 2015-07-18 21:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-03-25 19:29 - 2017-03-31 10:28 - 00000953 _____ C:\Users\Public\Desktop\Dolphin.lnk
2017-03-25 19:29 - 2017-03-25 19:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolphin
2017-03-25 19:29 - 2017-03-25 19:30 - 00000000 ____D C:\Program Files\Dolphin
2017-03-25 19:09 - 2017-03-25 19:12 - 00000000 ____D C:\Users\user\Desktop\N64 Roms
2017-03-25 19:06 - 2017-03-25 19:12 - 00000000 ____D C:\Program Files (x86)\Project64 1.6
2017-03-25 19:06 - 2017-03-25 19:06 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\project64 1.6
2017-03-20 16:08 - 2017-03-20 16:08 - 00000000 ____D C:\Users\user\Downloads\Albert Odyssey (U)(Saturn)
2017-03-20 15:53 - 2017-03-20 15:53 - 00000000 ____D C:\Users\user\Downloads\satourne_beta_3_update
2017-03-19 11:19 - 2017-03-19 11:19 - 00234417 _____ C:\Users\user\Desktop\secret of mana.txt
2017-03-18 10:06 - 2017-03-18 10:07 - 39448280 _____ C:\Users\user\Downloads\How_to_Draw_Manga_Vol_3_Compiling_Application.pdf
2017-03-18 08:12 - 2017-03-18 08:12 - 00001132 _____ C:\Users\Public\Desktop\Avira Connect.lnk
2017-03-15 08:04 - 2017-03-15 08:04 - 00000000 ____D C:\Users\user\AppData\Roaming\Yahoo
2017-03-12 17:48 - 2017-03-12 17:48 - 00220313 _____ C:\Users\user\Desktop\castlevania guide.txt
2017-03-12 17:29 - 2017-03-12 17:37 - 00000000 ____D C:\ProgramData\HitmanPro
2017-03-12 16:58 - 2017-03-12 16:58 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2017-03-12 16:57 - 2017-04-01 22:18 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-03-12 16:57 - 2017-04-01 21:56 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-03-07 10:40 - 2017-03-07 10:42 - 00000000 ____D C:\Users\user\Desktop\zsnes
2017-03-07 10:38 - 2017-03-07 10:38 - 00000000 ____D C:\Users\user\AppData\Roaming\bsnes
2017-03-06 11:35 - 2017-03-06 11:35 - 00065880 _____ C:\Users\user\Desktop\vay guide.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-04 09:01 - 2015-12-24 12:49 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d13e0674c52084.job
2017-04-04 08:54 - 2015-12-24 11:00 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2017-04-04 08:43 - 2009-07-14 12:45 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-04 08:43 - 2009-07-14 12:45 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-04 08:35 - 2016-12-11 20:50 - 00000000 ____D C:\Users\user\AppData\LocalLow\Mozilla
2017-04-04 08:33 - 2017-01-14 21:16 - 00000000 ____D C:\ProgramData\NVIDIA
2017-04-04 08:33 - 2016-02-02 23:56 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d15dd2416e8361.job
2017-04-04 08:33 - 2015-12-24 11:00 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2017-04-04 08:33 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-04 07:26 - 2015-12-26 04:30 - 00000000 ____D C:\Users\user\AppData\Local\Adobe
2017-04-04 07:25 - 2015-12-24 11:44 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-04-03 11:45 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\Cursors
2017-04-01 21:56 - 2015-12-25 23:48 - 00000000 ____D C:\Program Files\Common Files\AV
2017-04-01 16:26 - 2017-02-24 18:55 - 00143743 _____ C:\Users\user\Desktop\lunar silver star guide.txt
2017-04-01 15:13 - 2009-07-14 13:08 - 00032624 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-03-31 19:35 - 2015-12-28 05:01 - 00000000 ____D C:\Users\user\AppData\Local\ElevatedDiagnostics
2017-03-31 19:35 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\NDF
2017-03-31 19:03 - 2015-12-28 04:54 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps
2017-03-31 09:44 - 2017-02-27 16:31 - 00000000 ____D C:\Users\user\Desktop\PS emulator
2017-03-31 09:36 - 2016-01-06 02:34 - 00000000 ____D C:\Users\user\Desktop\scans
2017-03-29 23:29 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\inf
2017-03-29 21:58 - 2016-11-02 18:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-29 21:58 - 2015-12-24 11:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-28 19:40 - 2015-12-24 13:11 - 00000000 ____D C:\Users\user\AppData\Roaming\uTorrent
2017-03-26 09:29 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\rescache
2017-03-25 19:30 - 2015-12-28 04:45 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-22 19:19 - 2017-02-25 14:07 - 00000000 ____D C:\Users\user\AppData\Roaming\CDisplayEx
2017-03-22 07:18 - 2016-08-06 10:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-03-16 16:14 - 2016-08-06 12:12 - 00000000 ____D C:\Users\user\Desktop\comicstrips
2017-03-15 08:58 - 2009-07-14 13:13 - 00789170 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-15 08:02 - 2016-09-01 11:12 - 00000000 ____D C:\Program Files (x86)\Java
2017-03-15 08:02 - 2015-12-28 04:08 - 00000000 ____D C:\ProgramData\Oracle
2017-03-15 08:01 - 2016-09-01 11:12 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-03-15 08:01 - 2016-09-01 11:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-03-14 21:19 - 2017-02-27 16:43 - 00000000 ____D C:\Users\user\AppData\Roaming\NVIDIA
2017-03-12 20:29 - 2017-02-25 14:06 - 00000880 _____ C:\Users\user\Desktop\CDisplayEx.lnk

==================== Files in the root of some directories =======

2016-05-12 12:09 - 2016-05-12 12:09 - 0000000 _____ () C:\Users\user\AppData\Local\{326BE6CE-F122-4CD9-B45B-B65AB7096567}
2016-05-12 12:09 - 2016-05-12 12:09 - 0000000 _____ () C:\Users\user\AppData\Local\{6FFCDE3D-C997-48BE-BBF1-B95971ECBCA2}
2017-03-28 19:11 - 2017-03-28 19:11 - 0047003 _____ () C:\ProgramData\agent.1490699493.bdinstall.bin
2017-03-28 19:14 - 2017-03-28 19:14 - 0029153 _____ () C:\ProgramData\agent.1490699683.bdinstall.bin
2017-03-29 23:12 - 2016-12-28 00:17 - 0353976 _____ (COMODO) C:\ProgramData\cmdres.dll
2015-12-24 11:10 - 2015-12-24 11:10 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2017-01-04 16:24 - 2017-01-11 17:42 - 0005110 _____ () C:\ProgramData\NvTelemetryContainer.log
2017-01-04 16:24 - 2017-01-11 17:10 - 0005110 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1

Files to move or delete:
====================
C:\ProgramData\cmdres.dll


Some files in TEMP:
====================
2017-04-03 07:59 - 2010-11-20 04:18 - 0805376 _____ (Microsoft Corporation) C:\Users\user\AppData\Local\Temp\cdo1721777336.dll
2017-04-03 09:11 - 2010-11-20 04:18 - 0805376 _____ (Microsoft Corporation) C:\Users\user\AppData\Local\Temp\cdo191916723.dll
2017-04-03 07:58 - 2010-11-20 04:18 - 0805376 _____ (Microsoft Corporation) C:\Users\user\AppData\Local\Temp\cdo2823678635.dll
2017-04-02 07:28 - 2010-11-20 04:18 - 0805376 _____ (Microsoft Corporation) C:\Users\user\AppData\Local\Temp\cdo4107840619.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-26 09:22

==================== End of FRST.txt ============================

 



BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,330 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:44 PM

Posted 04 April 2017 - 09:18 AM


:welcome: to BleepingComputer.

Hi there,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / music / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic ‘til you get the “all clean” post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


:step1: Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


:step2: Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step3: Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 jasoncool

jasoncool
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 04 April 2017 - 08:16 PM

here's the logs , on a note though I got confused with adw cleaner since it produced two logs ADWCleaner[S0] and ADWCleaner [S1] and its also named [S0] instead of [R0] so I posted both

 

 

 

 

 

SECURITY CHECK

 

 

 

 

 Results of screen317's Security Check version 1.014 --- 12/23/15  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Avira Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Spybot - Search & Destroy
 Java 8 Update 121  
 Java version 32-bit out of Date!
 Adobe Flash Player 24.0.0.201  
 Mozilla Firefox (52.0.2)
 Google Chrome (56.0.2924.87)
 Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Spybot Teatimer.exe is disabled!
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
 Avira Antivirus sched.exe  
 Avira Antivirus avshadow.exe  
 Avira Antivirus update.exe  
 Avira Antivirus updrgui.exe  
 Malwarebytes Anti-Malware mbamtray.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 4%
````````````````````End of Log``````````````````````
 

 

 

 

 

 

MBAR-LOG-2017-04-05 (08-42-06)

 

 

 

 

 

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2017.04.04.04
  rootkit: v2017.04.02.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17843
user :: USER-PC [administrator]

4/5/2017 8:42:06 AM
mbar-log-2017-04-05 (08-42-06).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 307068
Time elapsed: 17 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

 

 

 

adwcleaner produced two logs, I got confused so I just posted both

 

 

ADWCleaner[S0]

 

 

# AdwCleaner v6.044 - Logfile created 28/03/2017 at 18:55:39
# Updated on 28/02/2017 by Malwarebytes
# Database : 2017-03-28.1 [Server]
# Operating System : Windows 7 Ultimate Service Pack 1 (X64)
# Username : user - USER-PC
# Running from : C:\Users\user\Downloads\adwcleaner_6.044.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

Folder Found:  C:\users\user\AppData\Local\YSearchUtil
Folder Found:  C:\users\user\AppData\Roaming\Tencent
Folder Found:  C:\Users\Public\Documents\Tencent
Folder Found:  C:\Program Files (x86)\Yahoo!\yset
Folder Found:  C:\Program Files (x86)\Tencent
Folder Found:  C:\Program Files (x86)\Common Files\Tencent
Folder Found:  C:\Windows\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil


***** [ Files ] *****

File Found:  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\tklwt601.default\extensions\jid1-16aeif9OQIRKxA@jetpack.xpi


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

Key Found:  HKCU\Software\184a14e035fd5df3
Key Found:  HKLM\SOFTWARE\Classes\metnsd
Key Found:  HKLM\SOFTWARE\Classes\protector_dll.Protector
Key Found:  HKLM\SOFTWARE\Classes\protector_dll.Protector.1
Key Found:  HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
Key Found:  HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
Key Found:  HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
Key Found:  HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\metnsd
Key Found:  [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector
Key Found:  [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
Key Found:  [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
Key Found:  [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
Key Found:  HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet
Key Found:  HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
Key Found:  HKLM\SOFTWARE\MozillaPlugins\@qq.com/TXSSO
Key Found:  HKLM\SOFTWARE\MozillaPlugins\@qq.com/npqscall
Key Found:  HKLM\SOFTWARE\MozillaPlugins\@qq.com/npchrome


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
Chrome pref Found:  [C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found:  [C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [2966 Bytes] - [28/03/2017 18:55:39]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3039 Bytes] ##########
 

 

 

 

 

and here's the ADWCleaner[S01]

 

 

 

# AdwCleaner v6.045 - Logfile created 05/04/2017 at 09:03:02
# Updated on 28/03/2017 by Malwarebytes
# Database : 2017-04-04.2 [Server]
# Operating System : Windows 7 Ultimate Service Pack 1 (X64)
# Username : user - USER-PC
# Running from : C:\Users\user\Desktop\AdwCleaner.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

No malicious folders found.


***** [ Files ] *****

No malicious files found.


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

Key Found:  HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\geekbuddyrsp
Key Found:  [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\geekbuddyrsp


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
Chrome pref Found:  [C:\Users\user\AppData\Local\Comodo\Dragon\User Data\Default\Web data] - yahoo.com
Chrome pref Found:  [C:\Users\user\AppData\Local\Comodo\Dragon\User Data\Default\Web data] - aol.com
Chrome pref Found:  [C:\Users\user\AppData\Local\Comodo\Dragon\User Data\Default\Web data] - ask.com

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [3361 Bytes] - [28/03/2017 18:56:05]
C:\AdwCleaner\AdwCleaner[S0].txt - [3146 Bytes] - [28/03/2017 18:55:39]
C:\AdwCleaner\AdwCleaner[S1].txt - [1538 Bytes] - [05/04/2017 09:03:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1611 Bytes] ##########
 


Edited by jasoncool, 04 April 2017 - 08:19 PM.


#4 Jo*

Jo*

  • Malware Response Team
  • 3,330 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:44 PM

Posted 05 April 2017 - 02:16 AM

Hello,

:step1: Run Malwarebytes Anti-Rootkit again: Double click mbar.exe to run the tool.
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • Scan your system for malware
  • If malware is found, click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • then please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step2: Double click on AdwCleaner.exe to run the tool again.
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***


:step3: Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.


***


:step4: How the computer is running now?


***


:step5: FRST / FSRT64: run it again.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Put a check into the box next to Addition.txt and press the Scan button.
  • When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from.
  • Please copy and paste both logs in your next reply.
-----------------------------------------------------------

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 jasoncool

jasoncool
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 05 April 2017 - 03:10 AM

malwarebytes anti-rootkit didn't detect any malware

 

1. MALWAREBYTES ANTI-ROOTKIT

 

 

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2017.04.05.04
  rootkit: v2017.04.02.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17843
user :: USER-PC [administrator]

4/5/2017 3:29:53 PM
mbar-log-2017-04-05 (15-29-53).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 307092
Time elapsed: 16 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2017.04.05.04
  rootkit: v2017.04.02.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17843
user :: USER-PC [administrator]

4/5/2017 3:29:53 PM
mbar-log-2017-04-05 (15-29-53).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 307092
Time elapsed: 16 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

 

 

 

2. ADWCleaner[C2]

 

 

# AdwCleaner v6.045 - Logfile created 05/04/2017 at 15:49:14
# Updated on 28/03/2017 by Malwarebytes
# Database : 2017-04-04.2 [Local]
# Operating System : Windows 7 Ultimate Service Pack 1 (X64)
# Username : user - USER-PC
# Running from : C:\Users\user\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****



***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\geekbuddyrsp
[#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\geekbuddyrsp


***** [ Web browsers ] *****

[-] [C:\Users\user\AppData\Local\Comodo\Dragon\User Data\Default\Web data] [Search Provider] Deleted: yahoo.com
[-] [C:\Users\user\AppData\Local\Comodo\Dragon\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\user\AppData\Local\Comodo\Dragon\User Data\Default\Web data] [Search Provider] Deleted: ask.com


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [3361 Bytes] - [28/03/2017 18:56:05]
C:\AdwCleaner\AdwCleaner[C2].txt - [1359 Bytes] - [05/04/2017 15:49:14]
C:\AdwCleaner\AdwCleaner[S0].txt - [3146 Bytes] - [28/03/2017 18:55:39]
C:\AdwCleaner\AdwCleaner[S1].txt - [1694 Bytes] - [05/04/2017 09:03:02]
C:\AdwCleaner\AdwCleaner[S2].txt - [1766 Bytes] - [05/04/2017 15:48:48]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1651 Bytes] ##########

 

 

 

 

 

3. Junkware Removal Tool

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.2 (03.10.2017)
Operating System: Windows 7 Ultimate x64
Ran by user (Administrator) on Wed 04/05/2017 at 15:54:58.62
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 9

Successfully deleted: C:\Windows\wininit.ini (File)
Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5R5CEEI0 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9LBP434C (Temporary Internet Files Folder)
Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CY3S6MKI (Temporary Internet Files Folder)
Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZBEQTJAS (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5R5CEEI0 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9LBP434C (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CY3S6MKI (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZBEQTJAS (Temporary Internet Files Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 04/05/2017 at 15:56:45.62
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

4.  The computer runs fine but my mouseclicks are still erratic, I feel there were some malware left behind still

 

 

 

 

5. FRST64

 

FRST.txt

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by user (administrator) on USER-PC (05-04-2017 16:00:16)
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(COMODO) C:\Program Files (x86)\Comodo\Internet Security Essentials\isesrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [63432 2017-03-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [909744 2017-03-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [51talkac] => C:\Program Files (x86)\51talk\Launch.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM-x32\...\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe [3386576 2017-03-30] (COMODO)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3855579493-1485355268-1698365518-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3855579493-1485355268-1698365518-1000\...\Run: [Akamai NetSession Interface] => C:\Users\user\AppData\Local\Akamai\netsession_win.exe [4490200 2017-01-03] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3855579493-1485355268-1698365518-1000\...\Run: [{3A02F232-20AB-4DC9-AA12-B34BAAC74CD3}] => powershell.exe -noprofile -windowstyle hidden -executionpolicy bypass iex ([Text.Encoding]::ASCII.GetString([Convert]::FromBase64String((gp 'HKCU:\Software\Classes\ZKQWULDCYYUIRKI').HErXytEudN)));
HKU\S-1-5-21-3855579493-1485355268-1698365518-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk [2015-12-25]
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{52A35094-BA1E-43C6-9090-DCF2B1E1354B}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-3855579493-1485355268-1698365518-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ph.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
SearchScopes: HKU\S-1-5-21-3855579493-1485355268-1698365518-1000 -> {4F75722F-8C96-4944-A5E4-3BFFF7DECA54} URL = hxxps://ph.search.yahoo.com/search?p={searchTerms}&intl=ph&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-03-15] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-03-15] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
Toolbar: HKU\S-1-5-21-3855579493-1485355268-1698365518-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\tklwt601.default [2017-04-05]
FF Homepage: Mozilla\Firefox\Profiles\tklwt601.default -> www.google.com
FF Session Restore: Mozilla\Firefox\Profiles\tklwt601.default -> is enabled.
FF Extension: (Avira Browser Safety) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\tklwt601.default\Extensions\abs@avira.com.xpi [2017-03-15]
FF Extension: (Site Deployment Checker) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\tklwt601.default\features\{64ddf4f4-a8ce-4ea9-9f74-01fa836cfc85}\deployment-checker@mozilla.org.xpi [2017-04-04]
FF Extension: (Disable Prefetch) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\tklwt601.default\features\{64ddf4f4-a8ce-4ea9-9f74-01fa836cfc85}\disable-prefetch@mozilla.org.xpi [2017-04-04]
FF Extension: (Site Deployment Checker) - C:\Program Files (x86)\Mozilla Firefox\browser\features\deployment-checker@mozilla.org.xpi [2017-03-29] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_201.dll [2017-01-11] ()
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_201.dll [2017-01-11] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-04-30] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-04-30] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-03-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-03-15] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-02-10] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-02-10] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-20] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-07-31] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-24] (Adobe Systems Inc.)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Backup Default [2017-03-28]
CHR Extension: (Google Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-03]
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-03]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-03]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-03]
CHR Extension: (Google Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-03]
CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-03]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-03]
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2017-04-05]
CHR Extension: (Google Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-03]
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-03]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-03]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-03]
CHR Extension: (Adobe Acrobat) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-06]
CHR Extension: (Google Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-03]
CHR Extension: (Avira Browser Safety) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-11-15]
CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-03]
CHR Extension: (Yahoo Partner) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpdmjodecdegfglgaapafjleomjjlpnh [2016-11-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-03]
CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-23]
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\System Profile [2017-03-28]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fdbpcigaolookbahgdofnimidinicfid] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kpdmjodecdegfglgaapafjleomjjlpnh] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1115552 2017-03-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [487432 2017-03-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [487432 2017-03-22] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1519136 2017-03-22] (Avira Operations GmbH & Co. KG)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-28] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2014-07-23] () [File not signed]
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [349560 2017-03-09] (Avira Operations GmbH & Co. KG)
R2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-29] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-02-01] (Intel® Corporation)
R2 isesrv; C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe [118480 2017-03-30] (COMODO)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-04-30] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-12-12] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-12-12] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-02-10] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-12-12] (NVIDIA Corporation)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-20] (Adobe Systems Incorporated) [File not signed]
S2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [156928 2016-11-17] ()
S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [730304 2015-12-22] (Wacom Technology, Corp.)
S2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugin"

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-01-28] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [176968 2017-03-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [148104 2017-03-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [35328 2017-03-03] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [78600 2017-03-03] (Avira Operations GmbH & Co. KG)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [511952 2016-07-27] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-05-29] (Intel Corporation)
R1 isedrv; C:\Windows\system32\drivers\isedrv.sys [50856 2017-03-30] (COMODO)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-29] (Visicom Media Inc.)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251832 2017-04-05] (Malwarebytes)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-29] (Visicom Media Inc.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [118272 2014-04-30] (Intel Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-12-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46016 2016-12-12] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [59448 2017-01-06] (NVIDIA Corporation)
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1476752 2012-09-22] (Realtek Semiconductor Corporation                           )
R3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
S1 1c9c3f; \??\C:\Windows\system32\drivers\1c9c3f.sys [X]
U0 aswVmm; no ImagePath
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-05 16:00 - 2017-04-05 16:00 - 00022180 _____ C:\Users\user\Desktop\FRST.txt
2017-04-05 15:56 - 2017-04-05 15:56 - 00001919 _____ C:\Users\user\Desktop\JRT.txt
2017-04-05 15:53 - 2017-04-05 15:53 - 01663904 _____ (Malwarebytes) C:\Users\user\Desktop\JRT.exe
2017-04-05 10:38 - 2017-04-05 11:02 - 00000000 ____D C:\Users\user\Desktop\capcom's anatomy lessons
2017-04-05 09:01 - 2017-04-05 09:01 - 04089296 _____ C:\Users\user\Desktop\AdwCleaner.exe
2017-04-05 08:41 - 2017-04-05 15:46 - 00000000 ____D C:\Users\user\Desktop\mbar
2017-04-05 08:39 - 2017-04-05 08:39 - 16563352 _____ (Malwarebytes Corp.) C:\Users\user\Desktop\mbar-1.09.3.1001.exe
2017-04-05 07:33 - 2017-04-05 07:33 - 00852798 _____ C:\Users\user\Downloads\SecurityCheck.exe
2017-04-04 20:54 - 2017-04-04 20:54 - 00209737 _____ C:\Users\user\Desktop\phoenix wright.txt
2017-04-04 09:09 - 2017-04-05 16:00 - 00000000 ____D C:\FRST
2017-04-04 09:09 - 2017-04-04 09:09 - 02424832 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2017-04-03 11:25 - 2017-04-05 15:46 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-04-03 11:24 - 2017-04-05 15:29 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-04-03 11:07 - 2017-04-05 15:51 - 00251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-04-03 11:07 - 2017-04-04 17:29 - 00077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-04-03 11:07 - 2017-04-03 11:26 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-04-03 11:07 - 2017-04-03 11:07 - 00001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-04-03 11:07 - 2017-04-03 11:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-04-03 08:17 - 2017-04-03 08:17 - 00001032 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PPSSPP.lnk
2017-04-03 08:17 - 2017-04-03 08:17 - 00000000 ____D C:\Users\user\Documents\PPSSPP
2017-04-03 08:16 - 2017-04-03 08:17 - 00000000 ____D C:\Program Files (x86)\PPSSPP
2017-04-02 20:54 - 2017-04-02 20:57 - 00000000 ____D C:\Users\user\Desktop\Nintendo DS
2017-04-02 20:50 - 2017-04-02 20:51 - 00002028 _____ C:\Users\user\Desktop\vba1.ini
2017-04-02 20:47 - 2017-04-02 20:47 - 00000000 ____D C:\Users\user\Downloads\VisualBoyAdvance-M-2.0.0-beta2
2017-04-01 22:01 - 2015-12-30 02:48 - 00001136 _____ C:\Windows\system32\Drivers\etc\hosts.20170401-220103.backup
2017-04-01 21:40 - 2017-04-01 21:40 - 00001395 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-04-01 21:40 - 2017-04-01 21:40 - 00001383 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2017-04-01 21:40 - 2017-04-01 21:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-04-01 21:39 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2017-03-31 19:32 - 2017-04-05 15:52 - 00003018 _____ C:\Windows\System32\Tasks\MSIAfterburner
2017-03-29 23:17 - 2017-03-29 23:17 - 01700352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
2017-03-29 23:17 - 2017-03-29 23:17 - 01060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
2017-03-29 23:17 - 2017-03-29 23:17 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2017-03-29 23:12 - 2016-12-28 00:17 - 00353976 _____ (COMODO) C:\ProgramData\cmdres.dll
2017-03-29 21:59 - 2017-03-29 23:24 - 00000000 ____D C:\Users\user\AppData\Roaming\Comodo
2017-03-29 21:47 - 2017-03-30 11:10 - 00307960 _____ (COMODO) C:\Windows\system32\iseguard64.dll
2017-03-29 21:47 - 2017-03-30 11:10 - 00236792 _____ (COMODO) C:\Windows\SysWOW64\iseguard32.dll
2017-03-29 21:47 - 2017-03-30 11:10 - 00050856 _____ (COMODO) C:\Windows\system32\Drivers\isedrv.sys
2017-03-29 21:47 - 2017-03-29 21:47 - 03858824 _____ (COMODO) C:\Windows\SysWOW64\ise_installer.exe
2017-03-29 21:46 - 2017-03-29 23:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2017-03-29 21:46 - 2017-03-29 21:48 - 00000000 ____D C:\Program Files (x86)\Comodo
2017-03-29 21:46 - 2017-03-29 21:46 - 00000000 ____D C:\Users\user\AppData\Local\Comodo
2017-03-29 21:44 - 2017-03-31 15:20 - 00000000 ____D C:\ProgramData\Comodo
2017-03-28 19:24 - 2017-03-28 19:31 - 00000000 ____D C:\ProgramData\Emsisoft
2017-03-28 19:14 - 2017-03-28 19:14 - 00029153 _____ C:\ProgramData\agent.1490699683.bdinstall.bin
2017-03-28 19:13 - 2017-03-28 19:13 - 00000000 ____D C:\Users\user\AppData\Roaming\QuickScan
2017-03-28 19:11 - 2017-03-28 19:11 - 00047003 _____ C:\ProgramData\agent.1490699493.bdinstall.bin
2017-03-28 19:11 - 2017-03-28 19:11 - 00000000 ____D C:\ProgramData\Bitdefender Agent
2017-03-28 18:54 - 2017-04-05 15:49 - 00000000 ____D C:\AdwCleaner
2017-03-28 18:30 - 2017-03-28 18:30 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-28 12:31 - 2017-03-28 12:31 - 01432518 _____ C:\Users\user\Desktop\legend of zelda.txt
2017-03-28 08:30 - 2017-03-28 08:30 - 00532005 _____ C:\Users\user\Desktop\paper mario thousand year door.txt
2017-03-27 18:06 - 2017-03-27 18:06 - 00634099 _____ C:\Users\user\Desktop\paper mario.txt
2017-03-27 10:08 - 2017-03-27 10:08 - 00247306 _____ C:\Users\user\Desktop\skies of arcadia legends.txt
2017-03-26 13:55 - 2017-03-26 14:04 - 00522410 _____ C:\Users\user\Desktop\tales of symphonia.txt
2017-03-25 20:17 - 2017-04-04 19:05 - 00000000 ____D C:\Users\user\Desktop\game cube roms
2017-03-25 19:31 - 2017-03-25 19:31 - 00000000 ____D C:\Users\user\Documents\Dolphin Emulator
2017-03-25 19:30 - 2015-07-18 21:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-03-25 19:30 - 2015-07-18 21:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-03-25 19:29 - 2017-03-31 10:28 - 00000953 _____ C:\Users\Public\Desktop\Dolphin.lnk
2017-03-25 19:29 - 2017-03-25 19:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolphin
2017-03-25 19:29 - 2017-03-25 19:30 - 00000000 ____D C:\Program Files\Dolphin
2017-03-25 19:09 - 2017-03-25 19:12 - 00000000 ____D C:\Users\user\Desktop\N64 Roms
2017-03-25 19:06 - 2017-03-25 19:12 - 00000000 ____D C:\Program Files (x86)\Project64 1.6
2017-03-25 19:06 - 2017-03-25 19:06 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\project64 1.6
2017-03-20 16:08 - 2017-03-20 16:08 - 00000000 ____D C:\Users\user\Downloads\Albert Odyssey (U)(Saturn)
2017-03-20 15:53 - 2017-03-20 15:53 - 00000000 ____D C:\Users\user\Downloads\satourne_beta_3_update
2017-03-19 11:19 - 2017-03-19 11:19 - 00234417 _____ C:\Users\user\Desktop\secret of mana.txt
2017-03-18 10:06 - 2017-03-18 10:07 - 39448280 _____ C:\Users\user\Downloads\How_to_Draw_Manga_Vol_3_Compiling_Application.pdf
2017-03-18 08:12 - 2017-03-18 08:12 - 00001132 _____ C:\Users\Public\Desktop\Avira Connect.lnk
2017-03-15 08:04 - 2017-03-15 08:04 - 00000000 ____D C:\Users\user\AppData\Roaming\Yahoo
2017-03-12 17:48 - 2017-03-12 17:48 - 00220313 _____ C:\Users\user\Desktop\castlevania guide.txt
2017-03-12 17:29 - 2017-03-12 17:37 - 00000000 ____D C:\ProgramData\HitmanPro
2017-03-12 16:58 - 2017-03-12 16:58 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2017-03-12 16:57 - 2017-04-01 22:18 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-03-12 16:57 - 2017-04-01 21:56 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-03-07 10:40 - 2017-03-07 10:42 - 00000000 ____D C:\Users\user\Desktop\zsnes
2017-03-07 10:38 - 2017-03-07 10:38 - 00000000 ____D C:\Users\user\AppData\Roaming\bsnes
2017-03-06 11:35 - 2017-03-06 11:35 - 00065880 _____ C:\Users\user\Desktop\vay guide.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-05 15:59 - 2009-07-14 12:45 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-05 15:59 - 2009-07-14 12:45 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-05 15:56 - 2016-12-11 20:50 - 00000000 ____D C:\Users\user\AppData\LocalLow\Mozilla
2017-04-05 15:55 - 2017-01-14 21:16 - 00000000 ____D C:\ProgramData\NVIDIA
2017-04-05 15:54 - 2015-12-24 11:00 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2017-04-05 15:50 - 2016-02-02 23:56 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d15dd2416e8361.job
2017-04-05 15:50 - 2015-12-24 11:00 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2017-04-05 15:50 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-05 15:25 - 2015-12-24 11:44 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-04-05 11:01 - 2015-12-24 12:49 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d13e0674c52084.job
2017-04-05 07:35 - 2015-12-26 04:30 - 00000000 ____D C:\Users\user\AppData\Local\Adobe
2017-04-03 11:45 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\Cursors
2017-04-01 21:56 - 2015-12-25 23:48 - 00000000 ____D C:\Program Files\Common Files\AV
2017-04-01 16:26 - 2017-02-24 18:55 - 00143743 _____ C:\Users\user\Desktop\lunar silver star guide.txt
2017-04-01 15:13 - 2009-07-14 13:08 - 00032624 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-03-31 19:35 - 2015-12-28 05:01 - 00000000 ____D C:\Users\user\AppData\Local\ElevatedDiagnostics
2017-03-31 19:35 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\NDF
2017-03-31 19:03 - 2015-12-28 04:54 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps
2017-03-31 09:44 - 2017-02-27 16:31 - 00000000 ____D C:\Users\user\Desktop\PS emulator
2017-03-31 09:36 - 2016-01-06 02:34 - 00000000 ____D C:\Users\user\Desktop\scans
2017-03-29 23:29 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\inf
2017-03-29 21:58 - 2016-11-02 18:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-29 21:58 - 2015-12-24 11:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-28 19:40 - 2015-12-24 13:11 - 00000000 ____D C:\Users\user\AppData\Roaming\uTorrent
2017-03-26 09:29 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\rescache
2017-03-25 19:30 - 2015-12-28 04:45 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-22 19:19 - 2017-02-25 14:07 - 00000000 ____D C:\Users\user\AppData\Roaming\CDisplayEx
2017-03-22 07:18 - 2016-08-06 10:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-03-16 16:14 - 2016-08-06 12:12 - 00000000 ____D C:\Users\user\Desktop\comicstrips
2017-03-15 08:58 - 2009-07-14 13:13 - 00789170 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-15 08:02 - 2016-09-01 11:12 - 00000000 ____D C:\Program Files (x86)\Java
2017-03-15 08:02 - 2015-12-28 04:08 - 00000000 ____D C:\ProgramData\Oracle
2017-03-15 08:01 - 2016-09-01 11:12 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-03-15 08:01 - 2016-09-01 11:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-03-14 21:19 - 2017-02-27 16:43 - 00000000 ____D C:\Users\user\AppData\Roaming\NVIDIA
2017-03-12 20:29 - 2017-02-25 14:06 - 00000880 _____ C:\Users\user\Desktop\CDisplayEx.lnk

==================== Files in the root of some directories =======

2016-05-12 12:09 - 2016-05-12 12:09 - 0000000 _____ () C:\Users\user\AppData\Local\{326BE6CE-F122-4CD9-B45B-B65AB7096567}
2016-05-12 12:09 - 2016-05-12 12:09 - 0000000 _____ () C:\Users\user\AppData\Local\{6FFCDE3D-C997-48BE-BBF1-B95971ECBCA2}
2017-03-28 19:11 - 2017-03-28 19:11 - 0047003 _____ () C:\ProgramData\agent.1490699493.bdinstall.bin
2017-03-28 19:14 - 2017-03-28 19:14 - 0029153 _____ () C:\ProgramData\agent.1490699683.bdinstall.bin
2017-03-29 23:12 - 2016-12-28 00:17 - 0353976 _____ (COMODO) C:\ProgramData\cmdres.dll
2015-12-24 11:10 - 2015-12-24 11:10 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2017-01-04 16:24 - 2017-01-11 17:42 - 0005110 _____ () C:\ProgramData\NvTelemetryContainer.log
2017-01-04 16:24 - 2017-01-11 17:10 - 0005110 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1

Files to move or delete:
====================
C:\ProgramData\cmdres.dll


Some files in TEMP:
====================
2017-04-03 07:59 - 2010-11-20 04:18 - 0805376 _____ (Microsoft Corporation) C:\Users\user\AppData\Local\Temp\cdo1721777336.dll
2017-04-03 09:11 - 2010-11-20 04:18 - 0805376 _____ (Microsoft Corporation) C:\Users\user\AppData\Local\Temp\cdo191916723.dll
2017-04-03 07:58 - 2010-11-20 04:18 - 0805376 _____ (Microsoft Corporation) C:\Users\user\AppData\Local\Temp\cdo2823678635.dll
2017-04-02 07:28 - 2010-11-20 04:18 - 0805376 _____ (Microsoft Corporation) C:\Users\user\AppData\Local\Temp\cdo4107840619.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-26 09:22

==================== End of FRST.txt ============================

 

 

 

 

Addition.txt

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by user (05-04-2017 16:00:50)
Running from C:\Users\user\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2015-12-24 02:50:08)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3855579493-1485355268-1698365518-500 - Administrator - Disabled)
Guest (S-1-5-21-3855579493-1485355268-1698365518-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3855579493-1485355268-1698365518-1002 - Limited - Enabled)
user (S-1-5-21-3855579493-1485355268-1698365518-1000 - Administrator - Enabled) => C:\Users\user

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

. . . (Version: 2.1.28.3 - Intel) Hidden
. . . (x32 Version: 2.6.2.4 - Intel) Hidden
µTorrent (HKU\S-1-5-21-3855579493-1485355268-1698365518-1000\...\uTorrent) (Version: 3.4.8.42449 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.201 - Adobe Systems Incorporated)
Adobe Flash Professional CS5.5 (HKLM-x32\...\{23E445D5-FD83-4C50-A211-EB26A2975317}) (Version: 11.5 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-3855579493-1485355268-1698365518-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Ansel (Version: 378.66 - NVIDIA Corporation) Hidden
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.026 - ASUSTek Computer Inc.)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.25.172 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{0b46d918-af4f-4612-8076-5c0ae67cb2aa}) (Version: 1.2.81.41506 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.81.41506 - Avira Operations GmbH & Co. KG) Hidden
CDisplayEx 1.10.29 (HKLM\...\CDisplayEx_is1) (Version:  - Progdigy Software S.A.R.L.)
Command & Conquer™ Red Alert™ 3 Uprising (HKLM-x32\...\{DDE59617-F59A-473B-BC4E-C2B81F6CD38D}) (Version: 1.0.1.0 - Electronic Arts)
Dolphin (HKLM-x32\...\Dolphin) (Version: 5.0 - Dolphin Team)
Epic Games Launcher Prerequisites (x64) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.21.115 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.2.1000 - Intel Corporation)
Intel® Network Connections 21.1.30.0 (HKLM\...\PROSetDX) (Version: 21.1.30.0 - Intel)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.1.0.1058 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.1.41 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{66307462-7d19-4f1a-af82-aa04b6017f05}) (Version: 2.6.2.4 - Intel)
Internet Security Essentials (HKLM-x32\...\ComodoIse) (Version: 1.1.413499.43 - Comodo)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Launcher Prerequisites (x64) (x32 Version: 1.0.0.0 - Epic Games, Inc.) Hidden
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version:  - )
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft DirectX SDK (June 2010) (HKLM-x32\...\Microsoft DirectX SDK (June 2010)) (Version: 9.29.1962.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}) (Version: 3.1.99.0 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Firefox 52.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 52.0.2 (x86 en-US)) (Version: 52.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.2.6291 - Mozilla)
MSI Afterburner 4.3.0 (HKLM-x32\...\Afterburner) (Version: 4.3.0 - MSI Co., LTD)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 378.66 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.1.2.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.1.2.31 - NVIDIA Corporation)
NVIDIA Graphics Driver 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.66 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.21 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.1.2.31 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 1.2.0.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.2 - NVIDIA Corporation) Hidden
PakkISO 0.4 (HKLM-x32\...\PakkISO_is1) (Version: PakkISO 0.4 by zorted, installer by BitLooter - )
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PPSSPP version 1.4 (HKLM-x32\...\PPSSPP_is1) (Version: 1.4 - )
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7422 - Realtek Semiconductor Corp.)
RivaTuner Statistics Server 6.5.0 (HKLM-x32\...\RTSS) (Version: 6.5.0 - Unwinder)
Scrivener (HKLM-x32\...\Scrivener 102) (Version: 102 - Literature and Latte)
SHIELD Streaming (Version: 7.1.0340 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.1.2.31 - NVIDIA Corporation) Hidden
Skype™ 7.31 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.31.104 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1.1 - Krzysztof Kowalczyk)
The Elder Scrolls V Skyrim - Legendary Edition (HKLM-x32\...\{EAABE756-8A47-440F-AAC7-2F6BFF589169}) (Version: 6.0 - Black Box)
Titan Souls (HKLM-x32\...\1427985242_is1) (Version: 2.0.0.1 - GOG.com)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN)
VueScan (HKLM\...\VueScan) (Version:  - )
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.15-2 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0E51EF46-6639-44B3-BFA8-7A7D9A3BB7C1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-24] (Google Inc.)
Task: {0EEFE762-6D2F-4122-842D-E4CD3DCC99B1} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-12-12] (NVIDIA Corporation)
Task: {12DC8C31-2D01-43E6-9F66-EF3C118ABB3B} - System32\Tasks\{290D617D-9C3E-4EBD-98F8-0C899AFA1740} => Chrome.exe hxxps://ui.skype.com/ui/0/7.30.64.105/en/go/help.faq.installer?LastError=1603
Task: {1C6131D1-2B61-4BAB-AB55-4007DEAE0C60} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-12-12] (NVIDIA Corporation)
Task: {1FA20835-643B-4588-827A-B676CA72FAA0} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2014-03-26] (ASUSTek Computer Inc.)
Task: {21983B20-FF23-4B5A-9D7A-01003C5C3D55} - System32\Tasks\{9C8E788D-61BB-445E-B1FB-7243324A421C} => Chrome.exe
Task: {24AEEA6B-0D4B-4863-B961-53EDBF2B4B91} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {2510E38A-21D8-4996-A41E-C7FC97882F10} - System32\Tasks\AdobeAAMUpdater-1.0-user-PC-user => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {36F6C0C3-0444-4894-A3D2-CBB761AFF3F7} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-12-12] (NVIDIA Corporation)
Task: {4004DECD-F1DC-467A-935C-134302372C41} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {4BE534E0-085E-481F-9547-22B6A281392C} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => Wscript.exe //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\task.vbs"
Task: {4E9263DD-78F3-47C3-BC7D-0BE7C3930251} - System32\Tasks\{13696D15-BF1B-4D3B-9D45-1D999D3B06E5} => pcalua.exe -a C:\Users\user\Downloads\SkypeSetupFull.exe -d C:\Users\user\Downloads
Task: {4F58581E-CF8C-468A-9E35-9E9BF0ED6474} - System32\Tasks\GoogleUpdateTaskMachineCore1d15dd2416e8361 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-24] (Google Inc.)
Task: {52AB9C84-A96F-45C3-A9B8-AF08EF8D3EDD} - System32\Tasks\GoogleUpdateTaskMachineCore1d1ab3a3cffb1b2 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-24] (Google Inc.)
Task: {58511210-2517-44F8-A523-55749945EBB5} - System32\Tasks\GoogleUpdateTaskMachineUA1d1ea002e3894f8 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-24] (Google Inc.)
Task: {71310C05-AE81-453D-BD73-540A515E903E} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-02-07] (AVAST Software)
Task: {77C38663-74B5-4BB4-A639-CD1F43ECB20F} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-12-12] (NVIDIA Corporation)
Task: {8963AFEA-D494-41AD-9880-FE8E6747F5BB} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {8AE7DCFB-D18C-45BF-B58F-2DC042E24061} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-11] (Adobe Systems Incorporated)
Task: {8EBD2EF4-C9EE-461B-A83A-52D8E9CD3629} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {8F83CF26-03FA-4B91-9034-3DF8B4995B91} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-12-12] (NVIDIA Corporation)
Task: {918EA3BB-B2F8-457B-AE37-A3FD4A2016FB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-24] (Google Inc.)
Task: {A7058671-3DA4-43EE-964F-B06358953C53} - System32\Tasks\{5A246F61-3F0F-4BDF-B7E2-9E63253C57F5} => pcalua.exe -a C:\Users\user\AppData\Local\Temp\jre-8u111-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {A9663166-7A97-4AD0-A45E-2E37A2B9B338} - System32\Tasks\GoogleUpdateTaskMachineUA1d15dd241f16f10 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-24] (Google Inc.)
Task: {B4335047-4097-4A79-959A-BEB94DAE3D96} - System32\Tasks\GoogleUpdateTaskMachineUA1d13e0674c52084 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-24] (Google Inc.)
Task: {B67C7F37-834B-45BD-BC74-D21DBAEC1A60} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {E33B83ED-A919-4509-ADAE-1727D0498436} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2016-12-12] (NVIDIA Corporation)
Task: {F1FB5D7C-7D4F-4889-ABED-2341E060E5D1} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2016-10-24] ()
Task: {F528F6FA-BE09-4CB9-8282-9E0DDD2F1179} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-12-12] (NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d15dd2416e8361.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d13e0674c52084.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d15dd241f16f10.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-12-24 11:01 - 2014-01-28 11:16 - 00936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
2015-12-24 11:04 - 2014-07-23 09:59 - 01360016 ____R () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
2015-12-24 11:43 - 2005-06-08 04:26 - 00043008 _____ () C:\Portable\Winrar 4.65 (Full)\rarext64.dll
2017-04-03 11:07 - 2017-04-04 17:29 - 02271520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-01-07 18:18 - 2016-11-17 22:16 - 00805632 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe
2017-01-07 18:18 - 2016-11-17 22:18 - 01981184 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_modeler.dll
2017-01-07 18:18 - 2016-11-17 22:11 - 00247552 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\acpi_battery_input.dll
2017-01-07 18:18 - 2016-11-17 22:10 - 00212736 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\wifi_input.dll
2017-01-07 18:18 - 2016-11-17 22:11 - 00174848 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\devices_use_input.dll
2017-01-07 18:18 - 2016-11-17 22:10 - 00203520 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_system_power_state_input.dll
2017-01-07 18:18 - 2016-11-17 22:09 - 00206592 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_disktrace_input.dll
2017-01-07 18:18 - 2016-11-17 22:09 - 00336640 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_process_input.dll
2017-01-07 18:18 - 2016-11-17 22:06 - 00147712 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_winstat_input.dll
2017-01-07 18:18 - 2016-11-17 22:11 - 00213248 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\sema_thermal_input.dll
2017-01-07 18:18 - 2016-11-17 22:07 - 00229120 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_quality_and_reliability_input.dll
2017-01-07 18:18 - 2016-11-17 22:08 - 00224000 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_sampler_input.dll
2017-01-07 18:18 - 2016-11-17 22:06 - 00211712 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_stress_odometer_input.dll
2017-01-07 18:18 - 2016-11-17 22:08 - 00219904 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_turbo_input.dll
2017-01-14 21:17 - 2016-12-12 10:37 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-01-14 21:17 - 2016-12-12 10:37 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2017-01-14 21:18 - 2016-12-12 10:37 - 00418752 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\_nvspserviceplugin64.dll
2017-01-14 21:16 - 2017-02-10 06:57 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-12-24 11:01 - 2017-04-05 15:50 - 00035472 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll
2015-12-24 11:01 - 2014-01-28 11:16 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\ATKEX.dll
2014-04-30 08:23 - 2014-04-30 08:23 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2017-01-14 21:17 - 2016-12-12 10:37 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2017-01-14 21:17 - 2016-12-12 10:37 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-01-14 21:17 - 2016-12-12 10:37 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7933 more sites.

IE restricted site: HKU\S-1-5-21-3855579493-1485355268-1698365518-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3855579493-1485355268-1698365518-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3855579493-1485355268-1698365518-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3855579493-1485355268-1698365518-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3855579493-1485355268-1698365518-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3855579493-1485355268-1698365518-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3855579493-1485355268-1698365518-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3855579493-1485355268-1698365518-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3855579493-1485355268-1698365518-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3855579493-1485355268-1698365518-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3855579493-1485355268-1698365518-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3855579493-1485355268-1698365518-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3855579493-1485355268-1698365518-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3855579493-1485355268-1698365518-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3855579493-1485355268-1698365518-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3855579493-1485355268-1698365518-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3855579493-1485355268-1698365518-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3855579493-1485355268-1698365518-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3855579493-1485355268-1698365518-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3855579493-1485355268-1698365518-1000\...\123simsen.com -> www.123simsen.com

There are 7933 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 10:34 - 2015-12-30 02:48 - 00001136 ____N C:\Windows\system32\Drivers\etc\hosts

127.0.0.1                   activate.adobe.com
127.0.0.1                   practivate.adobe.com
127.0.0.1                   lmlicenses.wip4.adobe.com
127.0.0.1                   lm.licenses.adobe.com
127.0.0.1                   na1r.services.adobe.com
127.0.0.1                   hlrcv.stage.adobe.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3855579493-1485355268-1698365518-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: IAStorIcon => "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
MSCONFIG\startupreg: ManyCam => "C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe" /silent
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{089FCBD2-41C3-4745-9518-E741B96BF7E5}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{E7174570-FA62-408F-9798-78A35970B640}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{3357FF15-B561-4E0B-B638-4F3A7CE16C5F}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7E59615F-CE93-49AC-8A0B-724B8A17E4B8}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0357D577-C809-4599-A87E-DF280F912B0C}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C4DBA045-681F-495F-8EA7-1A34E8F07432}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4CF24A49-7FD3-4F61-99EE-19C865792922}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4DB7D324-8382-4635-BAF8-6035D3EC3318}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{08050246-E723-45E8-A076-4447F3462FD6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{31B72156-41AC-434C-8F26-C602541B2D79}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{DC9D44A8-EB04-4CA5-B4BF-AB267F10534B}C:\users\user\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\user\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{DBC69261-F533-457B-B8D0-9DB0E65E5D31}C:\users\user\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\user\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{977D2456-D992-49F4-BB0A-5A7B181CD6D8}C:\users\user\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\user\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{ED303168-A002-42FE-90FC-F62B6BB4BB35}C:\users\user\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\user\appdata\local\akamai\netsession_win.exe
FirewallRules: [{E8960FEF-3CE6-4AC6-8430-A6C2B9EE4F5A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{75F19F22-890C-459A-8D00-E6B419A94BB6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6B1FE28D-3FDC-42F0-8174-54D2B6DD5DA5}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{87044785-26AB-4B43-B0A8-E0472B383282}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{7A30D47D-2757-4A96-9DFB-8E5B1951E51B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BDD9951C-15FD-45AB-B219-4002817F043D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E7704F34-8F22-4D45-A797-A37F6BD609DA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{75D40C26-1759-4C1C-A9DA-0F9748C02088}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [TCP Query User{E0877294-09A2-4692-9EBC-8B982721989D}C:\program files (x86)\steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe
FirewallRules: [UDP Query User{AFC33B7B-34BA-42CD-B47B-5EF4C416A973}C:\program files (x86)\steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe
FirewallRules: [{29DA2854-4F88-4F53-9A45-03B65DD68930}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{CE8234DA-BB91-48BB-8B62-CDE6E008ED68}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3B37412E-BFDF-4A7F-B969-11D01133B91D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BEB8BAE8-35B5-426B-BA73-B1A20097B6A1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B97032B2-4D06-4F1D-A538-07BEDA3C7B01}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{485301D2-DD33-4BEC-8943-E7759DE75F01}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{FC46C336-DDB7-4C97-B809-C7B8865E966E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4D1EBB43-43D4-457D-9540-461C56DD805D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{EF5A919A-5905-4B7C-BCDB-9E404F98DB9F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{122FFA0A-DF3E-46E6-9853-2993C3D7CE6E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C47D1151-E532-41F1-A482-371145A1D461}] => (Allow) LPort=3935
FirewallRules: [{28AEEC21-6A35-4A5E-A662-A2FCC363FDEC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FC6DD9F9-97D3-4465-A3C9-998F23511BF2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E7C2E3C8-5826-4F88-8AA9-EB97A7DE2915}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E2D31E36-7143-491A-8FAF-73BD3D44BE76}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E03F9BC5-BA0F-4562-8DFC-094042A7C16E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5026EA31-6EF3-472B-9DF8-01E441036B17}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4E96CEF6-F9E6-4065-A092-D22E66D01407}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{576FCE30-2053-46C6-AB0D-B59D72717DE9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{124AA0D5-192E-4474-A5CE-5FF0D2C3022E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{16BC9DA2-4994-4F3B-A693-AE90AB62BCAB}] => (Allow) C:\Program Files (x86)\51talk\Launch.exe
FirewallRules: [{4708992D-B1AE-4D98-9056-EA50EEE355CF}] => (Allow) C:\Program Files (x86)\51talk\Launch.exe
FirewallRules: [{A761FF79-462F-4B26-8DB1-0CDE97E846A3}] => (Allow) C:\Program Files (x86)\51talk\2.5.74.26223\ACUpdate.exe
FirewallRules: [{6A301F45-49C7-4FB6-B595-39D10DB876D3}] => (Allow) C:\Program Files (x86)\51talk\2.5.74.26223\ACUpdate.exe
FirewallRules: [{2AFF4EA0-2DE1-48D0-B2BF-12A4F6653551}] => (Allow) C:\Program Files (x86)\51talk\2.5.74.26223\ACReport.exe
FirewallRules: [{69027BD2-0C38-4415-AF5E-F6FF0452FBA5}] => (Allow) C:\Program Files (x86)\51talk\2.5.74.26223\ACReport.exe
FirewallRules: [{7270D7DF-A44C-4D89-82D1-FE36397D3D59}] => (Allow) C:\Program Files (x86)\51talk\2.5.74.26223\ACTalk.exe
FirewallRules: [{DB53D093-2200-4C8B-A400-EE026E998E1F}] => (Allow) C:\Program Files (x86)\51talk\2.5.74.26223\ACTalk.exe
FirewallRules: [{9DA7B50A-4062-46B1-B5AE-4DC07A91BC49}] => (Allow) C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe
FirewallRules: [{833FB854-8921-46E6-BEA6-14827E560932}] => (Allow) C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe
FirewallRules: [{0315F575-8FE4-4BD1-BEBE-558D31B81656}] => (Allow) C:\Program Files (x86)\Common Files\Tencent\QQDownload\119\Tencentdl.exe
FirewallRules: [{6817EDFE-029E-45DC-AC28-13457EBD5204}] => (Allow) C:\Program Files (x86)\Common Files\Tencent\QQDownload\119\Tencentdl.exe
FirewallRules: [{CF491C2E-2C86-4074-8D4E-3E681006EF2F}] => (Allow) C:\Program Files (x86)\51talk\2.6.140.40\ACUpdate.exe
FirewallRules: [{19299859-B8DD-43D2-94E1-4A12DD35AAA6}] => (Allow) C:\Program Files (x86)\51talk\2.6.140.40\ACUpdate.exe
FirewallRules: [{951BF0E3-7170-403D-9500-B1B2D165FE18}] => (Allow) C:\Program Files (x86)\51talk\2.6.140.40\ACReport.exe
FirewallRules: [{F2E64D9B-FBC8-4422-8ADA-FCD4F5B43270}] => (Allow) C:\Program Files (x86)\51talk\2.6.140.40\ACReport.exe
FirewallRules: [{F242FB60-D059-4E09-B22E-5126DD1DA962}] => (Allow) C:\Program Files (x86)\51talk\2.6.140.40\ACTalk.exe
FirewallRules: [{209FACDD-2035-4C8A-9314-52FA4EEF99D4}] => (Allow) C:\Program Files (x86)\51talk\2.6.140.40\ACTalk.exe
FirewallRules: [{99550EC8-DA21-411C-8922-D7B8656B668C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{19E617B5-AC98-4B49-B9C3-5A255BE20DE3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0FB474FF-DB74-4F5F-ABFB-596A11A0BF4E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{75B8AFBA-DFE0-46E6-BD9A-DCA98FB2951E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8B464373-8F0F-472B-89C6-FC12759BD233}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{5D325340-57BB-41E7-9CC7-71547EE5F61B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{86EC5C45-0CEC-4E96-957E-99038D77176D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F49F3FF2-A6BE-47B9-8642-05B5EB4BFBB7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1B82046D-29B7-46F1-9E8D-F4F9368E39F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B5F5E5DD-60F7-45C0-9785-A83951E8A68C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0171F45F-E40C-4DDD-8105-33318277E8AF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A23381F0-DD3C-415D-853F-698EC217F643}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BE3A55E3-5300-4400-9541-8AB50F73D877}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3C3DC26A-CC57-445F-86AE-90E3172B74E3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4B111501-A578-437D-B692-1B9F9A6ED497}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2D193ED4-C6A1-42E8-946B-9D20C1FF7079}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{AC3CB82F-78DF-4749-A0FA-4002606884AA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9C9BD82E-2706-4BC0-8631-ACD48191F4A4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9A476096-A26D-4718-ABC9-8ADEE61948F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{609C9897-DD74-41D4-A808-900E0105C851}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FDEADE74-4BF7-46F6-BC7E-7598B10B0FA0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8827B0CD-69D0-445A-A7B0-E7EC998BF794}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{36F998F6-B88C-4BC3-BEDE-C6C98CE3137E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F7835E97-4CF3-42E2-9EF2-C3ED1B395C68}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9452531B-FA1B-463B-846E-174D586424A4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C7B899F2-1E2C-4DCF-B4DF-60FA5FB9CBAC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E2759D37-61FC-4E28-8312-9A82A4D531E1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2388CDAF-2FA7-4759-A15D-346467797673}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{22FA8DEC-E7A5-47E7-9A73-C1A0348B8CF1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{789C68C9-8869-486C-90CD-008DD7E969BF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{229478CA-F62F-4B75-8FC5-7B6864B9F484}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D0A751EE-3BF9-47C1-81F3-C3EC1FC47609}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7C0A212C-0ADD-4AF5-8A00-95CF8CB0D5C2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{294D55A6-2028-4636-98C5-46F6B6770BFA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5D9F2C35-6368-4CBC-A969-A3F1F1DADDEC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FA666C78-21CF-4C85-913F-FF221D308488}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9B958339-857E-4747-9951-8AA65B13FD44}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E0CAB81E-48D5-4205-ACDE-B38C0F570F5C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5486DD78-7CE3-4189-B5B7-F68D05848065}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A675C965-45E7-4866-A512-04C44AC7CBDF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4D8A7D7C-B9DA-4706-8B09-D64960B03B46}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{265E5BBB-71EB-4A58-8C02-157090932049}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5FA767BC-6340-4F2A-9B4D-C9EFD91F1C47}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FDDD6D0F-855D-4B86-B6AD-74A68169AC0F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{96901D70-885B-4BA9-B0B9-9544FB5A2644}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3CCE6EC8-017E-495A-8657-C4352C379B8F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FA84A0B3-DCFD-4AE6-B548-B365848CAA8E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7720382E-7D08-43E7-B3C9-CAD4BA1FE05C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D17BCA44-5FB3-49D1-A603-0041345A2FEF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7F0C3F72-BFB6-4A1A-A882-66AD502D0D48}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{46A9159E-B4FB-4370-9E40-E807F0EFA2C2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C7EBE465-091D-46A0-8646-CB93137994BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2E110A72-B685-4A5F-BDCE-D8C7A60A5467}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E1B6464A-AA1B-4D58-A13B-106B20A88E00}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{29BC1E25-B6D3-47C4-B914-99F74C53A783}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{338191CC-B8B2-43F6-951E-6BFF45D7193B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4FCE2DCF-825B-449E-BF13-6AA9D1786D3C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6EE5B14C-F3EF-494C-96EE-17403D977AE3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E977373B-0F6B-4E1D-BBFE-73DE557374F8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B949EE1A-305C-45D1-9FF4-F73A6090B06D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{799E2048-F927-4378-A0F8-44D3C3F4579B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{84279333-931B-466B-935C-EAC4A14BE03E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{EC2979CC-0F43-46CE-A537-76E9A9014BED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2CC145B7-5F61-4957-B0E7-EA9A3792536C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F7DD8588-5961-4991-9203-0A52C06F87D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5FFAC260-457B-4AC2-904D-12F8E6154AF3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5123A5C7-28F3-49DA-AADE-198588609162}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7D13EA5E-6F8A-42D8-B859-4298066C9B5D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7A4F5175-170B-4A18-AF85-7EF3575A61B3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BD0AD139-495E-41B4-A0D9-ADC924A6911A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2B04C8B5-E109-46AC-99B3-404E5C21999F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{909C6CFA-48D9-4E95-964F-CD6812744BBB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4A774BBC-9A2D-4495-A4F6-80539C2B067A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D15FEB79-B0CC-4E96-9B1B-BF2B74BDA5B4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{620C4781-4CBC-48A0-8332-18ADBEA4DB9B}] => (Allow) LPort=49168
FirewallRules: [{3BBB8062-5B00-4671-902C-5E940A692A4A}] => (Allow) LPort=5000
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

29-03-2017 21:48:29 Installed COMODO Secure Shopping
29-03-2017 21:49:40 Installing COMODO Internet Security Pro
29-03-2017 21:50:16 Device Driver Package Install: COMODO Network Service
29-03-2017 23:11:52 Removing COMODO Endpoint Security
29-03-2017 23:18:41 Removed COMODO Secure Shopping
01-04-2017 22:18:50 Cleaner (Spybot - Search & Destroy 2.6, administrator privileges
03-04-2017 11:44:03 Malwarebytes Anti-Rootkit Restore Point
05-04-2017 15:55:01 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/05/2017 07:26:29 AM) (Source: SystemUsageReportSvc) (EventID: 0) (User: )
Description: Service cannot be started. The service process could not connect to the service controller

Error: (04/03/2017 11:27:11 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbar.exe version 1.9.3.1001 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 10a4

Start Time: 01d2ac29c9bfecef

Termination Time: 8409

Application Path: C:\Users\user\Desktop\mbar\mbar.exe

Report Id: 65c5d4f1-181d-11e7-9024-14dda97e5e17

Error: (04/01/2017 09:46:29 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: NT AUTHORITY)
Description: Application or service 'Spybot-S&D 2 Security Center Service' could not be restarted.

Error: (03/31/2017 07:03:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 52.0.2.6291, time stamp: 0x58d41a2d
Faulting module name: mozglue.dll, version: 52.0.2.6291, time stamp: 0x58d41a1f
Exception code: 0x80000003
Fault offset: 0x0000f73b
Faulting process id: 0xc84
Faulting application start time: 0x01d2aa0d83966d1d
Faulting application path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Faulting module path: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
Report Id: a5dd82fe-1601-11e7-8d72-14dda97e5e17

Error: (03/31/2017 07:03:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 52.0.2.6291 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1254

Start Time: 01d2aa0d826d03f2

Termination Time: 29

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: a36351f6-1601-11e7-8d72-14dda97e5e17

Error: (03/31/2017 07:02:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Dolphin.exe, version: 0.0.0.0, time stamp: 0x576cf5f6
Faulting module name: nvoglv64.DLL, version: 21.21.13.7866, time stamp: 0x589cea94
Exception code: 0x40000015
Fault offset: 0x0000000000f85e5e
Faulting process id: 0xbc0
Faulting application start time: 0x01d2aa0a608c3e5c
Faulting application path: C:\Program Files\Dolphin\Dolphin.exe
Faulting module path: C:\Windows\system32\nvoglv64.DLL
Report Id: 991cb500-1601-11e7-8d72-14dda97e5e17

Error: (03/31/2017 07:02:57 PM) (Source: NVIDIA OpenGL Driver) (EventID: 1) (User: )
Description: Unable to recover from a kernel exception. The application must close.


Error code: 3 (subcode 2)
 (pid=3008 tid=3248 dolphin.exe 64bit)

Visit http://www.nvidia.com/page/support.html for more information.

Error: (03/30/2017 03:05:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mmc.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc808
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc000041d
Fault offset: 0x0000000000000000
Faulting process id: 0x157c
Faulting application start time: 0x01d2a923d6c0740e
Faulting application path: C:\Windows\system32\mmc.exe
Faulting module path: unknown
Report Id: 4127d007-1517-11e7-ac24-14dda97e5e17

Error: (03/30/2017 03:05:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mmc.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc808
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0x157c
Faulting application start time: 0x01d2a923d6c0740e
Faulting application path: C:\Windows\system32\mmc.exe
Faulting module path: unknown
Report Id: 3f7db9b6-1517-11e7-ac24-14dda97e5e17

Error: (03/29/2017 11:09:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DiskTrace.exe, version: 1.0.6.0, time stamp: 0x57e02b85
Faulting module name: clr.dll, version: 4.0.30319.18408, time stamp: 0x52310b2d
Exception code: 0xc0000005
Fault offset: 0x000b0baa
Faulting process id: 0xf58
Faulting application start time: 0x01d2a89e7ccd6fe1
Faulting application path: C:\Program Files\Intel\SUR\QUEENCREEK\DiskTrace.exe
Faulting module path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
Report Id: baf52fa8-1491-11e7-8a19-14dda97e5e17


System errors:
=============
Error: (04/05/2017 03:55:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA LocalSystem Container service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (04/05/2017 03:51:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (04/05/2017 03:51:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® System Usage Report Service SystemUsageReportSvc_QUEENCREEK service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (04/05/2017 03:51:23 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Intel® System Usage Report Service SystemUsageReportSvc_QUEENCREEK service to connect.

Error: (04/05/2017 03:50:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (04/05/2017 03:50:48 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (04/05/2017 03:49:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error:
The service did not start due to a logon failure.

Error: (04/05/2017 03:49:40 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WMPNetworkSvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error:
The request is not supported.


To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (04/05/2017 03:49:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
The service did not start due to a logon failure.

Error: (04/05/2017 03:49:40 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
The request is not supported.


To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).


CodeIntegrity:
===================================
  Date: 2017-04-05 16:00:34.305
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

  Date: 2017-04-05 16:00:34.290
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

  Date: 2017-04-05 16:00:34.259
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

  Date: 2017-04-05 16:00:34.227
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

  Date: 2017-04-05 15:51:57.791
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

  Date: 2017-04-05 15:30:59.125
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

  Date: 2017-04-05 15:30:59.099
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

  Date: 2017-04-05 15:30:59.075
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

  Date: 2017-04-05 15:30:59.044
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

  Date: 2017-04-05 15:30:59.018
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 28%
Total physical RAM: 8134.45 MB
Available physical RAM: 5817.07 MB
Total Virtual: 16267.09 MB
Available Virtual: 13712.65 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:249.9 GB) (Free:124.15 GB) NTFS
Drive f: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 8D37C493)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=249.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=215.8 GB) - (Type=06)

==================== End of Addition.txt ============================


Edited by jasoncool, 05 April 2017 - 03:13 AM.


#6 Jo*

Jo*

  • Malware Response Team
  • 3,330 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:44 PM

Posted 05 April 2017 - 04:00 AM

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt


 
Start
CreateRestorePoint:
CloseProcesses:
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3855579493-1485355268-1698365518-1000\...\Run: [AdobeBridge] => [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-23]
S1 1c9c3f; \??\C:\Windows\system32\drivers\1c9c3f.sys [X]
U0 aswVmm; no ImagePath
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\ProgramData\cmdres.dll
Task: {4BE534E0-085E-481F-9547-22B6A281392C} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => Wscript.exe //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\task.vbs"
Task: {A7058671-3DA4-43EE-964F-B06358953C53} - System32\Tasks\{5A246F61-3F0F-4BDF-B7E2-9E63253C57F5} => pcalua.exe -a C:\Users\user\AppData\Local\Temp\jre-8u111-windows-au.exe -d C:\Windows\SysWOW64 -cmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
FirewallRules: [{9DA7B50A-4062-46B1-B5AE-4DC07A91BC49}] => (Allow) C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe
FirewallRules: [{833FB854-8921-46E6-BEA6-14827E560932}] => (Allow) C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe
FirewallRules: [{0315F575-8FE4-4BD1-BEBE-558D31B81656}] => (Allow) C:\Program Files (x86)\Common Files\Tencent\QQDownload\119\Tencentdl.exe
FirewallRules: [{6817EDFE-029E-45DC-AC28-13457EBD5204}] => (Allow) C:\Program Files (x86)\Common Files\Tencent\QQDownload\119\Tencentdl.exe
EmptyTemp:
End
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST / FSRT64 again as Administrator like we did before but this time press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.


How the computer is running now?

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#7 jasoncool

jasoncool
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 05 April 2017 - 07:28 AM

looks good now, mouseclicking is responsive, not sure if there's still any malware left, but I'll leave that to you to determine

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by user (05-04-2017 20:19:39) Run:1
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3855579493-1485355268-1698365518-1000\...\Run: [AdobeBridge] => [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-23]
S1 1c9c3f; \??\C:\Windows\system32\drivers\1c9c3f.sys [X]
U0 aswVmm; no ImagePath
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\ProgramData\cmdres.dll
Task: {4BE534E0-085E-481F-9547-22B6A281392C} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => Wscript.exe //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\task.vbs"
Task: {A7058671-3DA4-43EE-964F-B06358953C53} - System32\Tasks\{5A246F61-3F0F-4BDF-B7E2-9E63253C57F5} => pcalua.exe -a C:\Users\user\AppData\Local\Temp\jre-8u111-windows-au.exe -d C:\Windows\SysWOW64 -cmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
FirewallRules: [{9DA7B50A-4062-46B1-B5AE-4DC07A91BC49}] => (Allow) C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe
FirewallRules: [{833FB854-8921-46E6-BEA6-14827E560932}] => (Allow) C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe
FirewallRules: [{0315F575-8FE4-4BD1-BEBE-558D31B81656}] => (Allow) C:\Program Files (x86)\Common Files\Tencent\QQDownload\119\Tencentdl.exe
FirewallRules: [{6817EDFE-029E-45DC-AC28-13457EBD5204}] => (Allow) C:\Program Files (x86)\Common Files\Tencent\QQDownload\119\Tencentdl.exe
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon => key removed successfully
HKU\S-1-5-21-3855579493-1485355268-1698365518-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 => key removed successfully
C:\Program Files (x86)\Yahoo!\Shared\npYState.dll => moved successfully
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
HKLM\System\CurrentControlSet\Services\1c9c3f => key removed successfully
1c9c3f => service removed successfully
HKLM\System\CurrentControlSet\Services\aswVmm => key removed successfully
aswVmm => service removed successfully
HKLM\System\CurrentControlSet\Services\Synth3dVsc => key removed successfully
Synth3dVsc => service removed successfully
HKLM\System\CurrentControlSet\Services\tsusbhub => key removed successfully
tsusbhub => service removed successfully
HKLM\System\CurrentControlSet\Services\VGPU => key removed successfully
VGPU => service removed successfully
C:\ProgramData\cmdres.dll => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4BE534E0-085E-481F-9547-22B6A281392C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4BE534E0-085E-481F-9547-22B6A281392C} => key removed successfully
C:\Windows\System32\Tasks\USER_ESRV_SVC_QUEENCREEK => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\USER_ESRV_SVC_QUEENCREEK => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A7058671-3DA4-43EE-964F-B06358953C53} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7058671-3DA4-43EE-964F-B06358953C53} => key removed successfully
C:\Windows\System32\Tasks\{5A246F61-3F0F-4BDF-B7E2-9E63253C57F5} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5A246F61-3F0F-4BDF-B7E2-9E63253C57F5} => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9DA7B50A-4062-46B1-B5AE-4DC07A91BC49} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{833FB854-8921-46E6-BEA6-14827E560932} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0315F575-8FE4-4BD1-BEBE-558D31B81656} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6817EDFE-029E-45DC-AC28-13457EBD5204} => value removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 14799898 B
Java, Flash, Steam htmlcache => 9646336 B
Windows/system/drivers => 14383 B
Edge => 0 B
Chrome => 223201211 B
Firefox => 370500051 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 83519 B
systemprofile32 => 243681 B
LocalService => 132244 B
NetworkService => 66228 B
user => 13443255 B

RecycleBin => 16876694 B
EmptyTemp: => 626.9 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 20:20:27 ====



#8 Jo*

Jo*

  • Malware Response Team
  • 3,330 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:44 PM

Posted 05 April 2017 - 08:05 AM

Hello again,

:step1: Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 5 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7/8/10 users need to right click and choose Run as Administrator
You only need to get one of them to run, not all of them.Do not reboot your computer after running rkill as the malware programs will start again.

---


:step2: Malwarebytes' Anti-Malware
If this program is already installed: Skip the installation and run only the scan!
Download and install: Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
How to get logs: (Export log to save as txt)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.
(Copy to clipboard for pasting into forum replies or tickets)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

---


:step3:
ZN3USrZ.png Emsisoft Emergency Kit
  • Click here to download Emsisoft Emergency Kit. The download will automatically start after a moment.
  • Save EmsisoftEmergencyKit.exe to your Desktop.
  • Double click on EmsisoftEmergencyKit.exe (Windows Vista/7/8 users: Accept UAC warning if it is enabled). A screen like this will appear:
    dQVDkTW.png
  • Leave everything as it is, then click Extract. This will unpack Emsisoft Emergency Kit to the EEK folder located in the root drive (usually C:\).
  • Once the extraction is done, an icon qwL1Upn.png will appear on your Desktop. Double click it to start Emsisoft Emergency Kit.
  • Wait for Emsisoft Emergency Kit to finish loading signatures. A screen like this should appear:
    yEgPemv.png
  • Choose Yes, then wait for EEK to finish updating.
  • Choose Malware Scan under the Scan button. When EEK asks to activate PUP detection, choose Yes.
  • Wait for the scan to finish.
    RUeRoi4.png
  • If EEK detects something, all detected items will be displayed. Place a checkmark before everything, then choose Quarantine Selected.
  • If Emsisoft Emergency Kit asks to reboot, please do so immediately.
  • The scan log is located in Logs -> Scan Logs. Click on the entry of the latest scan, choose Export and save the report on your Desktop.
    P7FSALs.png
  • Please Copy and Paste the contents of the scan log in your next reply.

***


:step4: How the computer is running now?

***


:step5: Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

---


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#9 jasoncool

jasoncool
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 05 April 2017 - 07:59 PM

I wasnt able to finish the malwarebytes scan because it froze 3\4 of the progress bar,

there's something i forgot to tell you too

whenever I start my pc a powershell ISE will show up during when the windows desktop appears  and then disappear,

connecting to the internet takes a long time too

 

 

EMSisoft emergency kit log

 

 

 

 

 

 

 

Emsisoft Emergency Kit - Version 2017.2
Scan log

Date    Scan Method    Objects Scanned    Objects Detected    Duration    Type    Computer Name    
4/6/2017 7:28:06 AM    Malware    139935    0    0:05:01    Manual scan    USER-PC    

 

 

FARBAR SERVICE SCANNER

 

 

 

Farbar Service Scanner Version: 27-01-2016
Ran by user (administrator) on 06-04-2017 at 07:36:10
Running from "C:\Users\user\Desktop"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****



#10 Jo*

Jo*

  • Malware Response Team
  • 3,330 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:44 PM

Posted 06 April 2017 - 02:08 AM

I wasnt able to finish the malwarebytes scan because it froze 3\4 of the progress bar,
there's something i forgot to tell you too
whenever I start my pc a powershell ISE will show up during when the windows desktop appears  and then disappear,
connecting to the internet takes a long time too

What is ISE ?

How the computer is running now?

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#11 jasoncool

jasoncool
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 06 April 2017 - 02:24 AM

powershell ISE- integrated scripting environment, for some reason the there's a tab called Powershell ISE that keeps popping out when I reach windows desktop from booting and will disappear after half a minute

 

the computer runs fine



#12 Jo*

Jo*

  • Malware Response Team
  • 3,330 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:44 PM

Posted 06 April 2017 - 04:21 AM

***


:step1: ESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.
Open the scan log and copy and paste the content to your next reply.
 

***


:step2: How the computer is running now?


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#13 jasoncool

jasoncool
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 06 April 2017 - 05:58 AM

ESET Online scanner

 

C:\Portable\Ccleaner_Portable.rar    Win32/Bundled.Toolbar.Google.E potentially unsafe application    deleted
C:\Portable\Ccleaner_Portable\Ccleaner Portable\$PLUGINSDIR\g\PRFB-IEToolbar.exe    Win32/Bundled.Toolbar.Google.E potentially unsafe application    cleaned by deleting
C:\Program Files (x86)\The Elder Scrolls V Skyrim - Legendary Edition\Temp\PROPHET\CZ\steam_api.dll    Win32/HackTool.Crack.BQ potentially unsafe application    cleaned by deleting
C:\Program Files (x86)\The Elder Scrolls V Skyrim - Legendary Edition\Temp\PROPHET\DE\steam_api.dll    Win32/HackTool.Crack.BQ potentially unsafe application    cleaned by deleting
C:\Program Files (x86)\The Elder Scrolls V Skyrim - Legendary Edition\Temp\PROPHET\EN\steam_api.dll    Win32/HackTool.Crack.BQ potentially unsafe application    cleaned by deleting
C:\Program Files (x86)\The Elder Scrolls V Skyrim - Legendary Edition\Temp\PROPHET\ES\steam_api.dll    Win32/HackTool.Crack.BQ potentially unsafe application    cleaned by deleting
C:\Program Files (x86)\The Elder Scrolls V Skyrim - Legendary Edition\Temp\PROPHET\FR\steam_api.dll    Win32/HackTool.Crack.BQ potentially unsafe application    cleaned by deleting
C:\Program Files (x86)\The Elder Scrolls V Skyrim - Legendary Edition\Temp\PROPHET\IT\steam_api.dll    Win32/HackTool.Crack.BQ potentially unsafe application    cleaned by deleting
C:\Program Files (x86)\The Elder Scrolls V Skyrim - Legendary Edition\Temp\PROPHET\PL\steam_api.dll    Win32/HackTool.Crack.BQ potentially unsafe application    cleaned by deleting
C:\Program Files (x86)\The Elder Scrolls V Skyrim - Legendary Edition\Temp\PROPHET\RU\steam_api.dll    Win32/HackTool.Crack.BQ potentially unsafe application    cleaned by deleting

 

 

computer seems to be running fine
 


Edited by jasoncool, 06 April 2017 - 05:59 AM.


#14 Jo*

Jo*

  • Malware Response Team
  • 3,330 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:44 PM

Posted 06 April 2017 - 06:29 AM

Your remaining issues are not malware related, if you need still help, please start a new topic at our MS Windows forum section.
or
internet-networking forum section.



===================================


***


It Appears That Your Pc Is Clean!


***


Clean up:


***


Right-click AdwCleaner.exe and select Run As Administrator.
  • Click on the Uninstall button.
  • A window will open, press the Confirm button.
  • AdwCleaner will uninstall now.

***


Clean up with delfix:
  • please download delfix to your desktop.
  • Close all other programms and start delfix.
  • Please check all the boxes and run the tool.
  • delfix will now delete all found traces of our removal process

***


Delete the log files our tools created; they are located at your desktop or at the
"c:\users\{.......}\Downloads" folder.
Highlight them, and press the del or delete key on the keyboard.
You can browse to the location of the file or folder using either My Computer or Windows Explorer.

===================================

Here are some Preventive tips to reduce the potential for spyware infection in the future

:step1: Make sure you keep your Windows OS current.
  • Windows XP users can visit Windows update regularly to download and install any critical updates and service packs.
  • Windows Vista / 7 / 8 users can update via
    Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane).
:step2: Avoid P2P
  • If you think you're using a "safe" P2P program, only the program is safe, not the data.
  • You will share files from unsafe sources, and these may be infected.
  • Some bad guys use P2P filesharing as an important chanel to spread their wares.
:step3: Use only one anti-virus software and keep it up-to-date.

:step4: Firewall
Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

:step5: Backup regularly
You never know when your PC will become unstable or become so infected that you can't recover it.

:step6: Use Strong passwords!

:step7: Email attachments
Do not open any unknown email attachments, which you received without asking for it!


Extra note:
Keep your Browser, Java, pdf Reader and Adobe Flash Up to Date.
And you could install Malwarebytes Anti-Exploit to run alongside your traditional anti-virus or anti-malware products.

Make sure your programs are up to date - because older versions may contain Security Leaks.


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#15 jasoncool

jasoncool
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 06 April 2017 - 07:22 AM

thanks a lot!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users