Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Chrome keeps closing and different Malwares reinstall themselves!


  • This topic is locked This topic is locked
12 replies to this topic

#1 shainess

shainess

  • Members
  • 27 posts
  • OFFLINE
  •  

Posted 26 April 2017 - 05:59 AM

Hello,

 

I have tried everything from uninstalling, removing manually, scanning with Malwarebytes, Zemana AntiMalware so on and following directions from some older topics here (of course I skipped the script part which might be why it didn't work for me) They have given me momentary results but after few days or not even that, my Google Chrome closes and Malwares like Kyubey.exe, Kitty.exe, WinSAPSvc, SNARE, Reilechjpu_, etc. have returned! And because this site has been very helpful, I finally decided that it'd be better to directly ask for help here.

 

Also thank you for anyone who picks this up! You all do such a great job helping people with computer problems, so I hope you have a cool day!

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-04-2017 01

Ran by Ilona (administrator) on HAIYENTRAN (26-04-2017 13:19:24)
Running from C:\Users\Ilona\Downloads
Loaded Profiles: Ilona (Available Profiles: Ilona & Vieras)
Platform: Windows 8.1 (Update) (X64) Language: suomi (Suomi)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
() C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\JPN\JpnIME.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(Flux Software LLC) C:\Users\Ilona\AppData\Local\FluxSoftware\Flux\flux.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.3\GoogleCrashHandler.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.3\GoogleCrashHandler64.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
() C:\Program Files (x86)\PaintToolSAI\sai.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\JPN\JpnIME.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM-x32\...\Run: [LManager] => [X]
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2688920 2014-05-26] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2015-06-08] (Power Software Ltd)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-404751162-3923029424-1761788839-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [2892992 2015-06-04] (Valve Corporation)
HKU\S-1-5-21-404751162-3923029424-1761788839-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [5077792 2017-03-28] (Nota Inc.)
HKU\S-1-5-21-404751162-3923029424-1761788839-1001\...\Run: [f.lux] => C:\Users\Ilona\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-404751162-3923029424-1761788839-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27545048 2017-03-14] (Skype Technologies S.A.)
HKU\S-1-5-21-404751162-3923029424-1761788839-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [159768 2017-04-07] (BlueStack Systems, Inc.)
HKU\S-1-5-21-404751162-3923029424-1761788839-1001\...\MountPoints2: E - "E:\Startup.exe" 
HKU\S-1-5-21-404751162-3923029424-1761788839-1001\...\MountPoints2: {03f39816-5320-11e2-be82-b888e35cb298} - "E:\Startup.exe" 
ShellExecuteHooks: No Name - {DD1FF198-FF2B-11E6-AE96-64006A5CFC23} - C:\Users\Ilona\AppData\Roaming\Kagesh\Jluingqovik.dll -> No File
ShellExecuteHooks: No Name - {36CEA340-FF2C-11E6-AB54-64006A5CFC23} - C:\Users\Ilona\AppData\Roaming\Mowercultckumition\Pmiward.dll -> No File
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-05-23] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-05-23] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-05-23] ()
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ilona\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ilona\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ilona\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ilona\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ilona\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ilona\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ilona\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
Startup: C:\Users\Ilona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-02-13]
ShortcutTarget: Dropbox.lnk -> C:\Users\Ilona\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk * bootdelete
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{573D79EA-3D8E-4464-ADEC-3423CC3C20F5}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{966A9144-A366-42BF-9B1E-189EA0131165}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{FBE6AF66-71CD-476E-9235-BD376BCF340A}: [DhcpNameServer] 192.168.1.1 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-404751162-3923029424-1761788839-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-404751162-3923029424-1761788839-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-404751162-3923029424-1761788839-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = 
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} URL = 
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-27] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-27] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-404751162-3923029424-1761788839-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-01-01] (Skype Technologies)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll [2017-04-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-05-26] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-12] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-27] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll [No File]
FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.1 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-05-26] (Adobe Systems)
FF Plugin HKU\S-1-5-21-404751162-3923029424-1761788839-1001: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
 
Chrome: 
=======
CHR NewTab: Default ->  Active:"chrome-extension://kebemdfahifkfmpgbffjjobpgjhjcdnd/index.html"
CHR Profile: C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default [2017-04-26]
CHR Extension: (Google-presentaatiot) - C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-04-12]
CHR Extension: (Google-dokumentit) - C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-04-12]
CHR Extension: (Google Drive) - C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-04-12]
CHR Extension: (YouTube) - C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-12]
CHR Extension: (NicoNico Audio Extractor) - C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\eecoahjklhopckkiefihjloeidikepdh [2017-04-12]
CHR Extension: (Google-taulukot) - C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-04-12]
CHR Extension: (Google Docsin offline-tila) - C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-04-15]
CHR Extension: (AdBlock) - C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-04-15]
CHR Extension: (New XKit) - C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\inobiceghmpkaklcknpniboilbjmlald [2017-04-12]
CHR Extension: (rikaikun) - C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipdnfibhldikgcjhfnomkfpcebammhp [2017-04-12]
CHR Extension: (Kanji Tab) - C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\kebemdfahifkfmpgbffjjobpgjhjcdnd [2017-04-12]
CHR Extension: (Chrome Web Storen maksut) - C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-12]
CHR Extension: (helpplz uber) - C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdahnpejkgddhmhabggnacmefphfpdoh [2017-04-12]
CHR Extension: (Gmail) - C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-04-12]
CHR Extension: (Chrome Media Router) - C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-12]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [387096 2017-04-07] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [369688 2017-04-07] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe [408600 2017-04-07] (BlueStack Systems, Inc.)
S3 DeviceFastLaneService; C:\Program Files\Packard Bell\Packard Bell Device Fast-lane\DeviceFastLaneSvc.exe [466064 2012-07-31] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [659600 2012-08-01] (Acer Incorporated)
S2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S2 Kitty; C:\Users\Ilona\AppData\Local\Kitty\Kitty.dll [505344 2017-04-26] (kitty) [File not signed] <==== ATTENTION
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-08-29] (Dritek System INC.)
S2 SNARE; C:\Users\Ilona\AppData\Local\SNARE\Snare.dll [833024 2017-04-26] (InterSect Alliance Pty Ltd) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [156928 2016-11-17] ()
S2 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
S2 WinSAPSvc; C:\Users\Ilona\AppData\Roaming\WinSAPSvc\WinSAP.dll [507392 2017-04-26] (win) [File not signed] <==== ATTENTION
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [627992 2013-12-17] (Wacom Technology, Corp.)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BCM43XX; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
S3 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [152672 2017-04-07] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2017-04-07] (Bluestack System Inc. )
R1 ccSet_NARA; C:\WINDOWS\system32\drivers\NARAx64\0401000.00A\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [54736 2017-03-14] ()
R1 MpKsl213668a2; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2EA28716-5840-4512-B314-2A22CE51C37B}\MpKsl213668a2.sys [44928 2017-04-25] (Microsoft Corporation)
R3 Ps2Kb2Hid; C:\WINDOWS\System32\drivers\aPs2Kb2Hid.sys [26736 2012-08-29] (Dritek System Inc.)
R0 PxHlpa64; C:\WINDOWS\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
R3 VBAudioVACMME; C:\WINDOWS\system32\DRIVERS\vbaudio_cable64_win7.sys [41192 2014-09-02] (Windows ® Win 7 DDK provider)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
R3 XSplit_Dummy; C:\WINDOWS\system32\drivers\xspltspk.sys [26200 2016-06-15] (SplitmediaLabs Limited)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-04-19] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-04-19] (Zemana Ltd.)
S3 intaud_WaveExtensible; \SystemRoot\system32\drivers\intelaud.sys [X]
S3 iwdbus; \SystemRoot\System32\drivers\iwdbus.sys [X]
U0 Partizan; system32\drivers\Partizan.sys [X]
S1 xxjfwjzo; \??\C:\WINDOWS\system32\drivers\xxjfwjzo.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-04-26 13:19 - 2017-04-26 13:22 - 00023146 _____ C:\Users\Ilona\Downloads\FRST.txt
2017-04-26 13:19 - 2017-04-26 13:19 - 00000000 ____D C:\FRST
2017-04-26 13:18 - 2017-04-26 13:18 - 02426368 _____ (Farbar) C:\Users\Ilona\Downloads\FRST64.exe
2017-04-26 09:41 - 2017-04-26 09:41 - 00003604 _____ C:\WINDOWS\System32\Tasks\Milimili
2017-04-26 09:41 - 2017-04-26 09:41 - 00003504 _____ C:\WINDOWS\System32\Tasks\Windows-PG
2017-04-26 09:41 - 2017-04-26 09:41 - 00000000 ____D C:\WINDOWS\psgo
2017-04-26 09:41 - 2017-04-26 09:41 - 00000000 ____D C:\Users\Ilona\AppData\Roaming\WinSAPSvc
2017-04-26 09:41 - 2017-04-26 09:41 - 00000000 ____D C:\Users\Ilona\AppData\Local\SNARE
2017-04-26 09:41 - 2017-04-26 09:41 - 00000000 ____D C:\Users\Ilona\AppData\Local\Kitty
2017-04-26 09:41 - 2017-04-26 09:41 - 00000000 ____D C:\Program Files (x86)\MIO
2017-04-26 09:38 - 2017-04-26 09:38 - 00000000 ____D C:\Program Files (x86)\Reilechjpu_
2017-04-26 09:37 - 2017-04-26 09:37 - 00000000 ____D C:\Insist
2017-04-22 10:01 - 2017-04-22 10:01 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000050-000000.txt
2017-04-22 09:21 - 2017-04-22 09:21 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000049-000000.txt
2017-04-22 09:19 - 2017-04-22 09:19 - 00000000 ____D C:\Users\Vieras\AppData\Local\Adobe
2017-04-22 09:13 - 2017-04-22 09:13 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000048-000000.txt
2017-04-22 09:10 - 2017-04-22 09:10 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000047-000000.txt
2017-04-22 09:08 - 2017-04-22 09:19 - 00000000 ____D C:\Users\Vieras\AppData\Roaming\Adobe
2017-04-22 09:08 - 2017-04-22 09:18 - 00000000 ____D C:\Users\Vieras\AppData\Local\Packages
2017-04-22 09:08 - 2017-04-22 09:14 - 00002241 _____ C:\Users\Vieras\Desktop\Google Chrome.lnk
2017-04-22 09:08 - 2017-04-22 09:08 - 00001450 _____ C:\Users\Vieras\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-04-22 09:08 - 2017-04-22 09:08 - 00000000 ____D C:\Users\Vieras\AppData\Roaming\WTablet
2017-04-22 09:08 - 2017-04-22 09:08 - 00000000 ____D C:\Users\Vieras\AppData\Roaming\lm
2017-04-22 09:08 - 2017-04-22 09:08 - 00000000 ____D C:\Users\Vieras\AppData\Local\VirtualStore
2017-04-22 09:08 - 2017-04-22 09:08 - 00000000 ____D C:\Users\Vieras\AppData\Local\Google
2017-04-22 09:07 - 2017-04-22 09:10 - 00000000 ____D C:\Users\Vieras
2017-04-22 09:07 - 2017-04-22 09:07 - 00000020 ___SH C:\Users\Vieras\ntuser.ini
2017-04-22 09:07 - 2017-04-22 09:07 - 00000000 _SHDL C:\Users\Vieras\Verkkoympäristö
2017-04-22 09:07 - 2017-04-22 09:07 - 00000000 _SHDL C:\Users\Vieras\Tulostinympäristö
2017-04-22 09:07 - 2017-04-22 09:07 - 00000000 _SHDL C:\Users\Vieras\Omat tiedostot
2017-04-22 09:07 - 2017-04-22 09:07 - 00000000 _SHDL C:\Users\Vieras\Mallit
2017-04-22 09:07 - 2017-04-22 09:07 - 00000000 _SHDL C:\Users\Vieras\Käynnistä-valikko
2017-04-22 09:07 - 2017-04-22 09:07 - 00000000 _SHDL C:\Users\Vieras\Documents\Omat videotiedostot
2017-04-22 09:07 - 2017-04-22 09:07 - 00000000 _SHDL C:\Users\Vieras\Documents\Omat musiikkitiedostot
2017-04-22 09:07 - 2017-04-22 09:07 - 00000000 _SHDL C:\Users\Vieras\Documents\Omat kuvatiedostot
2017-04-22 09:07 - 2017-04-22 09:07 - 00000000 _SHDL C:\Users\Vieras\AppData\Roaming\Microsoft\Windows\Start Menu\Ohjelmat
2017-04-22 09:07 - 2014-07-11 05:39 - 00000000 ____D C:\Users\Vieras\AppData\Roaming\Macromedia
2017-04-22 09:07 - 2014-03-18 18:39 - 00000369 _____ C:\Users\Vieras\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2017-04-22 09:07 - 2014-03-18 18:39 - 00000369 _____ C:\Users\Vieras\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2017-04-22 09:06 - 2017-04-22 09:06 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000046-000000.txt
2017-04-22 09:05 - 2017-04-22 09:05 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000045-000000.txt
2017-04-22 04:14 - 2017-04-22 04:14 - 01305227 _____ C:\Users\Ilona\Downloads\Autoruns.zip
2017-04-21 13:51 - 2017-04-21 13:51 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000044-000000.txt
2017-04-21 13:41 - 2017-04-21 13:41 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000043-000000.txt
2017-04-21 13:03 - 2017-04-21 13:03 - 00000000 ____D C:\Program Files\Malwarebytes
2017-04-21 12:44 - 2017-04-21 12:44 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000042-000000.txt
2017-04-21 12:32 - 2017-04-21 12:32 - 14554768 _____ (Copyright 2017.) C:\Users\Ilona\Downloads\Zemana.AntiMalware.Portable.exe
2017-04-21 12:31 - 2017-04-21 12:32 - 57131432 _____ (Malwarebytes ) C:\Users\Ilona\Downloads\mb3-setup-1878.1878-3.0.6.1469-1075.exe
2017-04-21 01:52 - 2017-04-21 12:27 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-04-21 01:49 - 2017-04-21 01:50 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Ilona\Downloads\mbar-1.09.3.1001.exe
2017-04-21 01:46 - 2017-04-21 01:46 - 00000000 _____ C:\WINDOWS\SysWOW64\44
2017-04-21 01:45 - 2017-04-21 01:45 - 00000000 _____ C:\WINDOWS\SysWOW64\11
2017-04-21 01:41 - 2017-04-21 01:45 - 00000000 ____D C:\Program Files (x86)\MK
2017-04-20 12:42 - 2017-04-20 12:42 - 00000000 ____D C:\Users\Ilona\AppData\Roaming\Mozilla
2017-04-20 11:42 - 2017-04-20 11:42 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000041-000000.txt
2017-04-20 11:19 - 2017-04-20 11:19 - 00000000 ____D C:\WINDOWS\ERUNT
2017-04-20 11:18 - 2017-04-22 10:11 - 00001123 _____ C:\DelFix.txt
2017-04-20 03:17 - 2017-04-20 03:17 - 00000552 _____ C:\Users\Ilona\AppData\Local\TroubleshooterConfig.json
2017-04-20 03:05 - 2017-04-20 03:05 - 00001644 _____ C:\Users\Public\Desktop\BlueStacks.lnk
2017-04-20 03:05 - 2017-04-20 03:05 - 00001644 _____ C:\ProgramData\Microsoft\Windows\Start Menu\BlueStacks.lnk
2017-04-20 03:02 - 2017-04-20 03:02 - 00000000 ____D C:\Users\Ilona\AppData\Local\Bluestacks
2017-04-20 02:46 - 2017-04-20 03:05 - 00000000 ____D C:\Program Files (x86)\BlueStacks
2017-04-20 02:46 - 2017-04-07 09:44 - 00000000 ____D C:\ProgramData\BlueStacks
2017-04-20 02:42 - 2017-04-20 02:46 - 334643784 _____ (BlueStack Systems Inc.) C:\Users\Ilona\Downloads\BlueStacks2_native_b4feb0cc9843396854f45721c053c73a.exe
2017-04-19 22:39 - 2017-04-19 22:39 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-04-19 22:39 - 2017-04-19 22:39 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2017-04-19 22:29 - 2017-04-19 22:29 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000040-000000.txt
2017-04-19 22:18 - 2017-04-19 22:18 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000039-000000.txt
2017-04-19 21:17 - 2017-04-19 21:17 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000038-000000.txt
2017-04-19 16:45 - 2017-04-19 16:45 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000037-000000.txt
2017-04-19 01:40 - 2017-04-19 01:40 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000036-000000.txt
2017-04-19 00:58 - 2017-04-19 00:58 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000035-000000.txt
2017-04-18 15:57 - 2017-04-21 12:43 - 00000000 ____D C:\WINDOWS\Update
2017-04-17 15:14 - 2017-04-17 15:14 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000034-000000.txt
2017-04-15 16:14 - 2017-04-15 16:14 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000033-000000.txt
2017-04-12 13:32 - 2017-03-21 16:11 - 00875712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2017-04-12 13:32 - 2017-03-21 16:11 - 00869568 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2017-04-12 13:32 - 2017-03-21 16:11 - 00678592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll
2017-04-12 13:32 - 2017-03-21 16:11 - 00536768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll
2017-04-12 13:23 - 2017-03-25 22:39 - 20284416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-04-12 13:23 - 2017-03-25 22:07 - 04604416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-04-12 13:23 - 2017-03-25 22:06 - 13654016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-04-12 13:23 - 2017-03-25 21:55 - 02767360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-04-12 13:23 - 2017-03-25 21:52 - 02289152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-04-12 13:23 - 2017-03-25 21:51 - 01313280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-04-12 13:23 - 2017-03-25 21:48 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-04-12 13:23 - 2017-03-25 21:47 - 02055680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-04-12 13:23 - 2017-03-25 21:47 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-04-12 13:23 - 2017-03-25 21:46 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-04-12 13:23 - 2017-03-25 21:46 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-04-12 13:23 - 2017-03-25 21:46 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-04-12 13:23 - 2017-03-25 21:45 - 00880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2017-04-12 13:23 - 2017-03-25 21:45 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-04-12 13:23 - 2017-03-25 21:13 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-04-12 13:23 - 2017-03-25 21:10 - 02898432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-04-12 13:23 - 2017-03-25 20:56 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-04-12 13:23 - 2017-03-25 20:52 - 25746944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-04-12 13:23 - 2017-03-25 20:41 - 06045696 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-04-12 13:23 - 2017-03-25 20:12 - 01033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2017-04-12 13:23 - 2017-03-25 20:04 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-04-12 13:23 - 2017-03-25 20:00 - 00725504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-04-12 13:23 - 2017-03-25 20:00 - 00378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-04-12 13:23 - 2017-03-25 19:59 - 00806912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-04-12 13:23 - 2017-03-25 19:57 - 02131456 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-04-12 13:23 - 2017-03-25 19:28 - 15259136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-04-12 13:23 - 2017-03-25 19:24 - 03241472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-04-12 13:23 - 2017-03-25 19:10 - 01546240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-04-12 13:23 - 2017-03-25 19:01 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-04-12 13:23 - 2017-03-25 07:43 - 01375960 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2017-04-12 13:23 - 2017-03-24 21:24 - 01094656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-04-12 13:23 - 2017-03-14 22:06 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2017-04-12 13:23 - 2017-03-14 17:26 - 03714560 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-04-12 13:23 - 2017-03-14 17:09 - 02240512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2017-04-12 13:23 - 2017-03-14 17:08 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-04-12 13:23 - 2017-03-14 17:06 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-04-12 13:23 - 2017-03-13 19:13 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2017-04-12 13:23 - 2017-03-13 19:12 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2017-04-12 13:23 - 2017-03-13 19:08 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2017-04-12 13:23 - 2017-03-13 19:08 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-04-12 13:23 - 2017-03-13 18:59 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2017-04-12 13:23 - 2017-03-13 18:59 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2017-04-12 13:23 - 2017-03-13 18:56 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-04-12 13:23 - 2017-03-12 18:04 - 00033792 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-04-12 13:23 - 2017-03-11 06:59 - 01763888 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-04-12 13:23 - 2017-03-11 06:56 - 01489608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-04-12 13:23 - 2017-03-11 06:49 - 01549144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-04-12 13:23 - 2017-03-11 06:49 - 00388440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-04-12 13:23 - 2017-03-11 06:44 - 00373080 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-04-12 13:23 - 2017-03-11 06:41 - 00315224 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-04-12 13:23 - 2017-03-10 00:13 - 04169216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-04-12 13:23 - 2017-03-10 00:08 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-04-12 13:23 - 2017-03-09 22:29 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-04-12 13:23 - 2017-03-08 02:25 - 01661064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-04-12 13:23 - 2017-03-08 02:21 - 01212760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-04-12 13:23 - 2017-03-04 22:24 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-04-12 13:23 - 2017-03-04 22:06 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-04-12 13:23 - 2017-03-04 21:15 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-04-12 13:23 - 2017-03-04 19:37 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-04-12 13:23 - 2017-03-03 18:11 - 01697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-04-12 13:23 - 2017-03-03 18:10 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-04-12 13:23 - 2017-03-03 18:06 - 01501184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-04-12 13:23 - 2017-03-03 18:04 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-04-12 02:44 - 2017-04-19 22:16 - 00002629 _____ C:\Users\Ilona\Desktop\Google Chrome.lnk
2017-04-12 02:06 - 2017-04-12 02:06 - 00002253 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-12 01:59 - 2017-04-12 01:59 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000032-000000.txt
2017-04-11 14:58 - 2017-04-11 14:58 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000031-000000.txt
2017-04-10 20:20 - 2017-04-10 20:20 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000030-000000.txt
2017-04-10 20:11 - 2017-02-11 21:18 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2017-04-10 20:11 - 2017-02-11 20:00 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-04-10 20:11 - 2017-02-11 19:49 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2017-04-10 20:11 - 2017-02-11 19:42 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
2017-04-10 20:11 - 2017-02-10 22:06 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-04-10 20:11 - 2017-02-10 17:37 - 00046600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2017-04-10 20:11 - 2017-02-04 20:53 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2017-04-10 20:11 - 2017-02-04 20:51 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-04-10 20:11 - 2017-02-04 20:19 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2017-04-10 20:11 - 2017-02-01 22:44 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-04-10 20:11 - 2017-02-01 22:42 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2017-04-10 20:11 - 2017-01-19 05:18 - 01113944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-04-10 20:11 - 2017-01-18 17:35 - 00994760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-04-10 20:11 - 2017-01-18 17:34 - 00922432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-04-10 20:11 - 2017-01-14 23:32 - 00955016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-04-10 20:11 - 2017-01-14 22:18 - 00787688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-04-10 20:11 - 2017-01-14 17:37 - 00447095 _____ C:\WINDOWS\system32\ApnDatabase.xml
2017-04-10 20:11 - 2017-01-12 19:51 - 00274776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2017-04-10 20:11 - 2017-01-12 19:51 - 00117592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2017-04-10 20:11 - 2017-01-12 09:12 - 00990040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2017-04-10 20:11 - 2017-01-11 22:12 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\SessEnv.dll
2017-04-10 20:11 - 2017-01-11 20:28 - 00422744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2017-04-10 20:11 - 2017-01-11 18:09 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SessEnv.dll
2017-04-10 20:11 - 2017-01-11 01:37 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2017-04-10 20:11 - 2017-01-11 00:06 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-04-10 20:11 - 2017-01-10 23:46 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2017-04-10 20:11 - 2017-01-10 22:20 - 00696832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-04-10 20:11 - 2017-01-10 22:09 - 01108480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2017-04-10 20:11 - 2017-01-06 20:25 - 02513408 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2017-04-10 20:11 - 2017-01-06 20:04 - 01495552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2017-04-10 20:11 - 2016-12-25 04:21 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scfilter.sys
2017-04-10 20:11 - 2016-12-25 04:14 - 00242176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-04-10 20:11 - 2016-12-25 03:48 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-04-10 20:11 - 2016-12-25 03:19 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-04-10 20:11 - 2016-12-25 02:39 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-04-10 20:11 - 2016-12-09 11:08 - 00379736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-04-10 15:26 - 2017-04-10 15:26 - 00000007 _____ C:\WINDOWS\SysWOW64\3C55.tmp
2017-04-10 15:26 - 2017-04-10 15:26 - 00000000 ____D C:\ProgramData\common
2017-04-08 22:02 - 2017-04-08 22:02 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000029-000000.txt
2017-04-07 17:19 - 2017-04-07 17:19 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000028-000000.txt
2017-04-07 17:03 - 2017-04-07 17:03 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000027-000000.txt
2017-04-05 01:11 - 2017-04-05 01:11 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000026-000000.txt
2017-04-02 00:32 - 2017-04-02 00:32 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000025-000000.txt
2017-03-31 14:42 - 2017-03-31 14:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-03-31 14:34 - 2017-04-19 00:57 - 00012596 _____ C:\WINDOWS\SysWOW64\PARTIZAN.TXT
2017-03-31 14:34 - 2017-03-31 14:34 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000024-000000.txt
2017-03-31 14:31 - 2017-03-31 18:21 - 00000000 ____D C:\@RestoreQuarantine
2017-03-31 14:21 - 2017-04-19 00:06 - 00000000 ____D C:\ProgramData\RegRun
2017-03-31 14:15 - 2017-04-19 00:10 - 00000000 ____D C:\Users\Ilona\Documents\RegRun2
2017-03-31 14:15 - 2017-03-31 14:15 - 00000002 RSHOT C:\WINDOWS\winstart.bat
2017-03-31 14:15 - 2017-03-31 14:15 - 00000002 RSHOT C:\WINDOWS\SysWOW64\CONFIG.NT
2017-03-31 14:15 - 2017-03-31 14:15 - 00000002 RSHOT C:\WINDOWS\SysWOW64\AUTOEXEC.NT
2017-03-30 10:21 - 2017-04-12 01:35 - 00000000 ____D C:\Update
2017-03-27 01:22 - 2017-03-27 01:22 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000023-000000.txt
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-04-26 13:22 - 2017-03-14 19:23 - 00420310 _____ C:\WINDOWS\ZAM.krnl.trace
2017-04-26 13:22 - 2017-03-14 19:23 - 00380130 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-04-26 13:21 - 2012-12-31 12:10 - 00000000 ____D C:\Users\Ilona\AppData\Roaming\Skype
2017-04-26 09:45 - 2017-03-05 06:24 - 00000000 _____ C:\WINDOWS\SysWOW64\1
2017-04-26 09:40 - 2012-11-21 14:23 - 00000000 ____D C:\Users\Ilona\AppData\Local\Adobe
2017-04-26 09:38 - 2016-01-14 17:46 - 00003954 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{47C9991F-5ACF-4D83-A791-F239DFBE3DE2}
2017-04-24 22:58 - 2013-04-10 21:05 - 00000000 ____D C:\Program Files (x86)\PaintToolSAI
2017-04-22 17:49 - 2012-11-15 16:36 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-404751162-3923029424-1761788839-1001
2017-04-22 17:32 - 2014-01-26 00:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-04-22 10:01 - 2013-08-22 17:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-04-22 09:57 - 2017-03-04 17:40 - 01623624 _____ C:\WINDOWS\ntbtlog.txt
2017-04-22 09:23 - 2013-08-22 18:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-04-21 13:59 - 2014-07-11 05:28 - 00000000 ____D C:\Users\Ilona
2017-04-20 11:28 - 2012-11-25 15:54 - 14729728 ___SH C:\Users\Ilona\Downloads\Thumbs.db
2017-04-20 03:21 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Inf
2017-04-20 03:18 - 2013-03-17 12:05 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2017-04-20 03:05 - 2013-08-22 18:36 - 00000000 __RHD C:\Users\Public\Libraries
2017-04-19 23:31 - 2013-04-10 20:00 - 06948864 ___SH C:\Users\Ilona\Documents\Thumbs.db
2017-04-19 22:28 - 2013-08-22 16:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2017-04-15 17:04 - 2013-08-22 18:36 - 00000000 ____D C:\WINDOWS\rescache
2017-04-15 16:13 - 2014-08-20 14:48 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-04-15 16:13 - 2014-08-20 14:48 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-04-15 16:13 - 2013-08-22 17:44 - 05776896 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-04-12 13:41 - 2014-05-11 20:37 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-04-12 13:38 - 2014-08-20 14:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-04-12 13:38 - 2014-05-11 20:37 - 148601744 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-04-12 13:36 - 2012-07-26 10:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-04-12 01:44 - 2014-07-26 19:37 - 00007617 _____ C:\Users\Ilona\AppData\Local\Resmon.ResmonCfg
2017-04-12 00:59 - 2013-08-22 18:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-04-12 00:59 - 2013-08-22 18:36 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-04-12 00:59 - 2012-11-24 07:25 - 00004288 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-04-12 00:55 - 2015-06-12 15:34 - 00001984 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-04-11 00:55 - 2012-11-15 17:26 - 00003330 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-11 00:55 - 2012-11-15 17:26 - 00003202 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-10 20:37 - 2012-08-29 11:10 - 00000000 ___HD C:\Program Files (x86)\Temp
2017-04-10 20:25 - 2014-03-18 18:31 - 00005430 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-04-10 20:25 - 2014-03-18 17:54 - 00500552 _____ C:\WINDOWS\system32\perfh00B.dat
2017-04-10 20:25 - 2014-03-18 17:54 - 00152372 _____ C:\WINDOWS\system32\perfc00B.dat
2017-04-10 20:13 - 2013-08-22 18:36 - 00000000 ___RD C:\WINDOWS\ToastData
2017-04-10 20:13 - 2013-08-22 18:36 - 00000000 ____D C:\Program Files\Windows Defender
2017-04-10 20:13 - 2013-08-22 18:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-04-10 16:54 - 2017-03-07 17:00 - 00000000 ____D C:\Users\Ilona\AppData\LocalLow\Mozilla
2017-04-08 01:06 - 2014-07-12 22:25 - 00532136 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-04-05 01:25 - 2013-01-03 19:18 - 00000000 ____D C:\Users\Ilona\AppData\Local\ElevatedDiagnostics
2017-04-04 03:59 - 2015-09-26 03:50 - 00003412 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachineDaily
2017-04-04 03:59 - 2015-09-26 03:50 - 00003286 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachine
2017-04-04 03:59 - 2012-11-16 06:24 - 00000000 ____D C:\Program Files (x86)\Gyazo
2017-04-01 04:36 - 2012-12-30 08:00 - 00001456 _____ C:\Users\Ilona\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-04-01 04:12 - 2016-07-22 16:50 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-04-01 04:12 - 2016-07-22 16:50 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-31 14:43 - 2012-12-31 12:10 - 00000000 ____D C:\ProgramData\Skype
2017-03-31 14:42 - 2016-01-13 15:55 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-31 14:42 - 2015-12-18 08:58 - 00002713 _____ C:\Users\Public\Desktop\Skype.lnk
2017-03-31 14:42 - 2014-10-01 08:30 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-03-31 03:22 - 2012-11-21 19:46 - 00000132 _____ C:\Users\Ilona\AppData\Roaming\Adobe PNG Format CS6 Prefs
2017-03-27 01:11 - 2013-08-22 18:36 - 00000000 ____D C:\WINDOWS\system32\NDF
 
==================== Files in the root of some directories =======
 
2013-07-04 17:12 - 2013-07-04 17:12 - 0000132 _____ () C:\Users\Ilona\AppData\Roaming\Adobe AIFF Format CS6 Prefs
2013-05-09 03:57 - 2013-05-09 03:58 - 0000132 _____ () C:\Users\Ilona\AppData\Roaming\Adobe BMP Format CS6 Prefs
2013-01-10 23:21 - 2013-01-10 23:21 - 0000132 _____ () C:\Users\Ilona\AppData\Roaming\Adobe GIF Format CS6 Prefs
2012-11-21 19:46 - 2017-03-31 03:22 - 0000132 _____ () C:\Users\Ilona\AppData\Roaming\Adobe PNG Format CS6 Prefs
2012-12-30 08:00 - 2017-04-01 04:36 - 0001456 _____ () C:\Users\Ilona\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-07-26 19:37 - 2017-04-12 01:44 - 0007617 _____ () C:\Users\Ilona\AppData\Local\Resmon.ResmonCfg
2017-04-20 03:17 - 2017-04-20 03:17 - 0000552 _____ () C:\Users\Ilona\AppData\Local\TroubleshooterConfig.json
 
Some files in TEMP:
====================
2015-07-08 03:23 - 2015-07-08 03:23 - 4791112 _____ (Google) C:\Users\Ilona\AppData\Local\Temp\630.exe
2015-07-19 14:32 - 2015-07-19 14:33 - 19062208 _____ (Disc Soft Ltd) C:\Users\Ilona\AppData\Local\Temp\DAEMON Tools Lite.exe
2014-09-29 20:06 - 2014-09-29 20:06 - 0937896 _____ (Oracle Corporation) C:\Users\Ilona\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
2016-09-23 22:04 - 2016-09-23 22:04 - 0737856 _____ (Oracle Corporation) C:\Users\Ilona\AppData\Local\Temp\jre-8u111-windows-au.exe
2016-12-14 21:04 - 2016-12-14 21:04 - 0739904 _____ (Oracle Corporation) C:\Users\Ilona\AppData\Local\Temp\jre-8u121-windows-au.exe
2014-12-18 20:29 - 2014-12-18 20:29 - 0641448 _____ (Oracle Corporation) C:\Users\Ilona\AppData\Local\Temp\jre-8u31-windows-au.exe
2015-05-01 02:37 - 2015-05-01 02:37 - 0562272 _____ (Oracle Corporation) C:\Users\Ilona\AppData\Local\Temp\jre-8u45-windows-au.exe
2015-08-07 02:10 - 2015-08-07 02:10 - 0585824 _____ (Oracle Corporation) C:\Users\Ilona\AppData\Local\Temp\jre-8u60-windows-au.exe
2015-11-10 18:59 - 2015-11-10 18:59 - 0585824 _____ (Oracle Corporation) C:\Users\Ilona\AppData\Local\Temp\jre-8u66-windows-au.exe
2015-12-23 21:48 - 2015-12-23 21:48 - 0644704 _____ (Oracle Corporation) C:\Users\Ilona\AppData\Local\Temp\jre-8u71-windows-au.exe
2016-03-21 18:12 - 2016-03-21 18:12 - 0736320 _____ (Oracle Corporation) C:\Users\Ilona\AppData\Local\Temp\jre-8u77-windows-au.exe
2016-06-21 21:15 - 2016-06-21 21:15 - 0739904 _____ (Oracle Corporation) C:\Users\Ilona\AppData\Local\Temp\jre-8u91-windows-au.exe
2017-03-07 15:55 - 2017-03-07 15:56 - 76210176 _____ () C:\Users\Ilona\AppData\Local\Temp\mpam-6f40dfb0.exe
2017-03-07 15:58 - 2017-03-07 15:59 - 137061648 _____ (Microsoft Corporation) C:\Users\Ilona\AppData\Local\Temp\mpam-bda36258.exe
2013-01-25 17:09 - 2013-01-25 17:09 - 2940496 _____ () C:\Users\Ilona\AppData\Local\Temp\safeguard.exe
2015-01-01 02:09 - 2017-03-20 23:19 - 57547224 _____ (Skype Technologies S.A.) C:\Users\Ilona\AppData\Local\Temp\SkypeSetup.exe
2017-04-21 12:45 - 2017-04-21 12:45 - 0000000 _____ () C:\Users\Ilona\AppData\Local\Temp\wtfcfhmb.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-04-22 11:06
 
==================== End of FRST.txt ============================

 

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:09 PM

Posted 26 April 2017 - 08:29 AM

Hello

  •   Welcome to Bleeping Computer.
  •   My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  •   Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  •   If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  •   Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  •   In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.
  •   Finally, please reply using the Post button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

    

 

1.

Download attached fixlist.txt file and save it to  the Desktop

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

 

2.

Download Malwarebytes Anti-Rootkit Supplement from here

Once you have downloaded the tool (contained in a .zip folder), you will need to extract the contents. We recommend extracting to your desktop.
 
To extract the files, locate the zipped folder that you want to unzip (extract) files or folders from. To unzip all the contents of the zipped folder, press and hold (or right-click) the folder, select Extract All, and then follow the instructions. Save them on your desktop

After the files are extracted, double-click the mbar.cmd file. If you are unsure which file this is, try double-clicking both files named mbar - only one of them will run.
 
Update the Database, then click on Next, then on Scan.

  • Let it completes its scan (this can take a while);
  • Once the scan is done, make sure that every item is checked, and click on the Cleanup button (a reboot might be required);
  • After that (and the reboot, if one was required), go back in the mbar folder and look for a text file called mbar-log-TODAY'S-DATE.txt;
  • Copy/paste the content of that log in your next reply;

 

 

Things to include in your next reply::

Fixlog.txt

MBAr log

How is the computer running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 shainess

shainess
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  

Posted 26 April 2017 - 10:48 AM

Thank you for helping me out! Below are the Fixlog.txt and my MBAr log.
 
Fixlog.txt
 

Attached File  Fixlog.txt   11.38KB   1 downloads
 
MBAr log

 

Attached File  mbar-log-2017-04-26 (17-06-24).txt   3.6KB   4 downloads

 

 

My PC seems to work pretty normally. Google Chrome is doing same as always so far!


Edited by shainess, 26 April 2017 - 10:49 AM.


#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:09 PM

Posted 26 April 2017 - 10:50 AM

So is google running normally or still having malware issues?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 shainess

shainess
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  

Posted 26 April 2017 - 10:53 AM

Google is working normally, but I'm not 100% sure since it usually takes a day or random amount of hours to close itself when I'm out of the house.



#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:09 PM

Posted 26 April 2017 - 11:06 AM

Let's make one more check for any leftover malware

 

ZN3USrZ.png Emsisoft Emergency Kit

  • Click here to download Emsisoft Emergency Kit. The download will automatically start after a moment.
  • Save EmsisoftEmergencyKit.exe to your Desktop.
  • Double click on EmsisoftEmergencyKit.exe (Windows Vista/7/8 users: Accept UAC warning if it is enabled). A screen like this will appear:
    dQVDkTW.png
  • Leave everything as it is, then click Extract. This will unpack Emsisoft Emergency Kit to the EEK folder located in the root drive (usually C:\).
  • Once the extraction is done, an icon qwL1Upn.png will appear on your Desktop. Double click it to start Emsisoft Emergency Kit.
  • Wait for Emsisoft Emergency Kit to finish loading signatures. A screen like this should appear:
    yEgPemv.png
  • Choose Yes, then wait for EEK to finish updating.
  • Choose Malware Scan under the Scan button. When EEK asks to activate PUP detection, choose Yes.
  • Wait for the scan to finish.
    RUeRoi4.png
  • If EEK detects something, all detected items will be displayed. Place a checkmark before everything, then choose Quarantine Selected.
  • If Emsisoft Emergency Kit asks to reboot, please do so immediately.
  • The scan log is located in Logs -> Scan Logs. Click on the entry of the latest scan, choose Export and save the report on your Desktop.
    P7FSALs.png
  • Please Copy and Paste the contents of the scan log in your next reply.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 shainess

shainess
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  

Posted 26 April 2017 - 11:57 AM

Here's the scan log!

 

Emsisoft Emergency Kit - Version 2017.2
Last update: 2017/04/26 19:22:22
User account: haiyentran\Ilona
Computer name: HAIYENTRAN
OS version: Windows 8.1x64 
 
Scan settings:
 
Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files
 
Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Direct disk access: Off
 
Scan start: 2017/04/26 19:25:17
 
Scanned 163478
Found 0
 
Scan end: 2017/04/26 19:46:21
Scan time: 0:21:04
 

 

 

 

It didn't detect any malwares but when I open my Program Files (x86) the folder for Reilechjpu_ and MIO.exe are still there.

 

Reilechjpu_ folder consists of C:\Program Files (x86)\Reilechjpu_\_ALLOWDEL_14846c9b with an empty file named "33"

MIO folder has C:\Program Files (x86)\MIO with an empty folder named "loader" and an MIO.exe file.



#8 shainess

shainess
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  

Posted 26 April 2017 - 12:25 PM

I'd also like to quickly add that after checking C:\Users\Ilona\AppData\Local I found the folders of Kitty and SNARE both of them containing a .dll file.



#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:09 PM

Posted 26 April 2017 - 02:22 PM

we will get rid of those files and folders. Those dll files cant run as we have deleted the drivers already.

 

Download attached fixlist.txt file and save it to  the Desktop

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 shainess

shainess
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  

Posted 26 April 2017 - 02:33 PM

Here's the Fixlog.txt!

Fix result of Farbar Recovery Scan Tool (x64) Version: 26-04-2017
Ran by Ilona (26-04-2017 22:27:17) Run:2
Running from C:\Users\Ilona\Downloads
Loaded Profiles: Ilona (Available Profiles: Ilona & Vieras)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
C:\Users\Ilona\AppData\Roaming\WinSAPSvc
C:\Users\Ilona\AppData\Local\Kitty
C:\Program Files (x86)\MIO
C:\Users\Ilona\AppData\Local\Kitty
C:\Program Files (x86)\MIO
C:\Program Files (x86)\Reilechjpu_
C:\Users\Ilona\AppData\Local\SNARE
C:\Program Files (x86)\Reilechjpu
 
*****************
 
"C:\Users\Ilona\AppData\Roaming\WinSAPSvc" => not found.
C:\Users\Ilona\AppData\Local\Kitty => moved successfully
C:\Program Files (x86)\MIO => moved successfully
"C:\Users\Ilona\AppData\Local\Kitty" => not found.
"C:\Program Files (x86)\MIO" => not found.
C:\Program Files (x86)\Reilechjpu_ => moved successfully
C:\Users\Ilona\AppData\Local\SNARE => moved successfully
"C:\Program Files (x86)\Reilechjpu" => not found.
 
==== End of Fixlog 22:27:24 ====

 

I checked again and the files aren't there anymore. Overall everything looks pretty good!



#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:09 PM

Posted 26 April 2017 - 03:00 PM

Your computer now appears to be Clean

***



Clean up:

***



Right-click  AdwCleaner.exe and select Run As Administrator.
  • It Appears That Your Pc Is Now Clean!
  • Click on the Uninstall button.
  • A window will open, press the Confirm button.
  • AdwCleaner will uninstall now.


***



Clean up with delfix:
  • please download delfix to your desktop.
  • Close all other programms and start delfix.
  • Please check all the boxes and run the tool.
  • delfix will now delete all found traces of our removal process

***



Delete the log files our tools created; they are located at your desktop or at the
"c:\users\{.......}\Downloads" folder.
Highlight them, and press the del or delete key on the keyboard.
You can browse to the location of the file or folder using either My Computer or Windows Explorer.

***



Here are some Preventive tips to reduce the potential for spyware infection in the future

:step1: Browse more secure


:step2: Make sure you keep your Windows OS current.
  • Windows XP users can visit Windows update regularly to download and install any critical updates and service packs.
  • Windows Vista / 7 / 8 users can update via
    Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane).

:step3: Avoid P2P
  • If you think you're using a "safe" P2P program, only the program is safe, not the data.
  • You will share files from unsafe sources, and these may be infected.
  • Some bad guys use P2P filesharing as an important chanel to spread their wares.

:step4: Use only one anti-virus software and keep it up-to-date.

:step5: Firewall
Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

:step6: Backup regularly
You never know when your PC will become unstable or become so infected that you can't recover it.

:step7: Use Strong passwords!

:step8: Email attachments
Do not open any unknown email attachments, which you received without asking for it!


Extra note:
Keep your Browser, Java, pdf Reader and Adobe Flash Up to Date.
And you could install Malwarebytes Anti-Exploit to run alongside your traditional anti-virus or anti-malware products.

Make sure your programs are up to date - because older versions may contain Security Leaks.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 shainess

shainess
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  

Posted 26 April 2017 - 03:44 PM

I cleaned up everything, updated my outdated Java and downloaded Malwarebytes Anti-Exploit as you recommended, hopefully my Chrome window will now on stop randomly closing and bringing these malwares in.

 

And thank you so much for your help, I'm really grateful for all this!



#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:09 PM

Posted 28 April 2017 - 07:36 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users