Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

High CPU Usage + Autoit Error, System Keeps Changing To Never for Sleep/Display


  • This topic is locked This topic is locked
19 replies to this topic

#1 l8trs5

l8trs5

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 17 July 2017 - 06:04 PM

Hi, having random processes that are in the task manager, and getting random sound notifications. Sometimes get the autoit error pop up message, and the computer never sleeps. I changed it to 1hr on display and sleep, but ends up always changing back to "never" Below is my FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-07-2017
Ran by WhiteTiger (administrator) on WHITETIGER-PC (17-07-2017 15:52:34)
Running from C:\Users\WhiteTiger\Downloads
Loaded Profiles: WhiteTiger (Available Profiles: WhiteTiger)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.06.01\AsusFanControlService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Proxy Labs) C:\Windows\System32\pcapsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(KeepSolid Inc.) C:\Program Files (x86)\VPN Unlimited\vpn-unlimited-daemon.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe
() C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
() C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Proxy Labs) C:\Program Files\Proxy Labs\ProxyCap\pcapui.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(KeepSolid Inc.) C:\Program Files (x86)\VPN Unlimited\vpn-unlimited.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\WDAppManager.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\Plugins\WD Backup\App\WDBackupService.exe
() C:\Program Files (x86)\VPN Unlimited\QtWebEngineProcess.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe
() C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNoticeMonitor.exe
() C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotify_PCCtrl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
() C:\Program Files (x86)\ASUS\AI Suite III\AsusMiniBar.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\Users\WhiteTiger\AppData\Roaming\MicrosoftHostHelper\Winlogin.exe
() C:\Users\WhiteTiger\AppData\Roaming\MicrosoftHostHelper\hidconall.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
() C:\Users\WhiteTiger\AppData\Roaming\MicrosoftHostHelper\hidconall.exe
(www.xmrig.com) C:\Users\WhiteTiger\AppData\Roaming\MicrosoftHostHelper\RuntimeBrokers.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7570136 2014-04-14] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1385840 2014-04-14] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-12] (NVIDIA Corporation)
HKLM\...\Run: [ProxyCap] => C:\Program Files\Proxy Labs\ProxyCap\pcapui.exe [2381312 2015-10-29] (Proxy Labs)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-20] (Intel Corporation)
HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [550272 2013-01-28] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [WDAppManager] => C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe [21384 2016-04-19] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1761120 2015-12-07] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1890664 2016-01-14] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-02-12] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.)
HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [66656 2017-06-28] (Avira Operations GmbH & Co. KG) <==== ATTENTION
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2346341255-3800263289-994878814-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27784672 2017-06-27] (Skype Technologies S.A.)
HKU\S-1-5-21-2346341255-3800263289-994878814-1000\...\Run: [VPN Unlimited] => C:\Program Files (x86)\VPN Unlimited\vpn-unlimited-launcher.exe [398168 2017-05-18] (KeepSolid Inc.)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2016-09-19]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\WhiteTiger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Internet Accelerator 8.9.4.158.lnk [2017-07-07]
ShortcutTarget: Internet Accelerator 8.9.4.158.lnk -> C:\dDusr32.tmp\OhMwmzP.vbs ()
Startup: C:\Users\WhiteTiger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Locator 4.1.2.619.lnk [2017-07-07]
ShortcutTarget: Microsoft Locator 4.1.2.619.lnk -> C:\LjKiF78.tmp\dkrZalGE.vbs ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 pcapwsp.dll => No File
Winsock: Catalog9 01 pcapwsp.dll => No File
Winsock: Catalog9 02 pcapwsp.dll => No File
Winsock: Catalog9 03 pcapwsp.dll => No File
Winsock: Catalog9 04 pcapwsp.dll => No File
Winsock: Catalog9 16 pcapwsp.dll => No File
Winsock: Catalog5-x64 08 pcapwsp.dll => No File
Winsock: Catalog9-x64 01 pcapwsp.dll => No File
Winsock: Catalog9-x64 02 pcapwsp.dll => No File
Winsock: Catalog9-x64 03 pcapwsp.dll => No File
Winsock: Catalog9-x64 04 pcapwsp.dll => No File
Winsock: Catalog9-x64 16 pcapwsp.dll => No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{87E0B509-21EE-494B-A24F-D3DB9DC5B3EF}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{C21676A5-D3AC-4331-8F43-ACA7690462B6}: [DhcpNameServer] 10.208.0.1
Tcpip\..\Interfaces\{F9DB3682-37A5-4356-86A2-49371BF03B98}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2346341255-3800263289-994878814-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2346341255-3800263289-994878814-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?ocid=U219DHP&pc=U219
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll [2010-03-27] (Adobe Systems, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-07-01] (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-07-01] (Oracle Corporation)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll [2010-03-27] (Adobe Systems, Inc.)
DPF: HKLM-x32 {EDD8DF0B-A160-45DF-A26E-67C390A57B18} hxxp://107.217.118.178:85/webrec.cab

FireFox:
========
FF ProfilePath: C:\Users\WhiteTiger\AppData\Roaming\Mozilla\Firefox\Profiles\ayr82law.default [2017-07-17]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\ayr82law.default -> Google
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\ayr82law.default -> Google
FF NetworkProxy: Mozilla\Firefox\Profiles\ayr82law.default -> ftp", "50.31.111.12"
FF NetworkProxy: Mozilla\Firefox\Profiles\ayr82law.default -> http", "50.31.111.12"
FF NetworkProxy: Mozilla\Firefox\Profiles\ayr82law.default -> http_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\ayr82law.default -> socks", "50.31.111.12"
FF NetworkProxy: Mozilla\Firefox\Profiles\ayr82law.default -> ssl", "50.31.111.12"
FF NetworkProxy: Mozilla\Firefox\Profiles\ayr82law.default -> ssl_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\ayr82law.default -> type", 0
FF Extension: (Avira Browser Safety) - C:\Users\WhiteTiger\AppData\Roaming\Mozilla\Firefox\Profiles\ayr82law.default\Extensions\abs@avira.com [2017-07-17]
FF Extension: (aProxy) - C:\Users\WhiteTiger\AppData\Roaming\Mozilla\Firefox\Profiles\ayr82law.default\Extensions\ciokan@gmail.com.xpi [2015-04-22] [not signed]
FF Extension: (Elite Proxy Switcher) - C:\Users\WhiteTiger\AppData\Roaming\Mozilla\Firefox\Profiles\ayr82law.default\Extensions\eliteproxyswitcher@my-proxy.com.xpi [2016-07-19]
FF Extension: (MEGA) - C:\Users\WhiteTiger\AppData\Roaming\Mozilla\Firefox\Profiles\ayr82law.default\Extensions\firefox@mega.co.nz.xpi [2017-06-03]
FF Extension: (Status-4-Evar) - C:\Users\WhiteTiger\AppData\Roaming\Mozilla\Firefox\Profiles\ayr82law.default\Extensions\status4evar@caligonstudios.com.xpi [2016-10-16]
FF Extension: (Alexa Sparky) - C:\Users\WhiteTiger\AppData\Roaming\Mozilla\Firefox\Profiles\ayr82law.default\Extensions\toolbar@alexa.com.xpi [2015-05-29]
FF Extension: (iMacros for Firefox) - C:\Users\WhiteTiger\AppData\Roaming\Mozilla\Firefox\Profiles\ayr82law.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}.xpi [2016-08-25]
FF Extension: (Video DownloadHelper) - C:\Users\WhiteTiger\AppData\Roaming\Mozilla\Firefox\Profiles\ayr82law.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-05-13]
FF Extension: (Adblock Plus) - C:\Users\WhiteTiger\AppData\Roaming\Mozilla\Firefox\Profiles\ayr82law.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-07]
FF SearchPlugin: C:\Users\WhiteTiger\AppData\Roaming\Mozilla\Firefox\Profiles\ayr82law.default\searchplugins\yelp.xml [2016-03-03]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-06-23] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: (Adobe Contribute Toolbar) - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2014-06-25] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_137.dll [2017-07-11] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-11] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-07-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-07-01] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-12-12] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-12-12] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2346341255-3800263289-994878814-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\WhiteTiger\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2346341255-3800263289-994878814-1000: @talk.google.com/O1DPlugin -> C:\Users\WhiteTiger\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2346341255-3800263289-994878814-1000: @tools.google.com/Google Update;version=3 -> C:\Users\WhiteTiger\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin HKU\S-1-5-21-2346341255-3800263289-994878814-1000: @tools.google.com/Google Update;version=9 -> C:\Users\WhiteTiger\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\WhiteTiger\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\WhiteTiger\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP"
CHR Profile: C:\Users\WhiteTiger\AppData\Local\Google\Chrome\User Data\Default [2017-07-17]
CHR Extension: (Google Slides) - C:\Users\WhiteTiger\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-19]
CHR Extension: (Google Docs) - C:\Users\WhiteTiger\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-19]
CHR Extension: (Google Drive) - C:\Users\WhiteTiger\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-19]
CHR Extension: (Audiense) - C:\Users\WhiteTiger\AppData\Local\Google\Chrome\User Data\Default\Extensions\bagknoiagpifjfbempgignagkejmkljm [2016-09-19]
CHR Extension: (YouTube) - C:\Users\WhiteTiger\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-19]
CHR Extension: (Firebug Lite for Google Chrome™) - C:\Users\WhiteTiger\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench [2016-09-19]
CHR Extension: (Avira Safe Shopping) - C:\Users\WhiteTiger\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccbpbkebodcjkknkfkpmfeciinhidaeh [2017-07-17]
CHR Extension: (Adblock Plus) - C:\Users\WhiteTiger\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-07-15]
CHR Extension: (Ebates: The Free Cash Back Shopping Assistant) - C:\Users\WhiteTiger\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2017-07-05]
CHR Extension: (Hide My Ass! Web Proxy) - C:\Users\WhiteTiger\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgnmcnlncejehjlnhaglpnoolgbflbd [2016-09-19]
CHR Extension: (Adobe Acrobat) - C:\Users\WhiteTiger\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-03]
CHR Extension: (Google Sheets) - C:\Users\WhiteTiger\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-19]
CHR Extension: (The QR Code Generator) - C:\Users\WhiteTiger\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcmhlmapohffdglflokbgknlknnmogbb [2016-09-19]
CHR Extension: (Google Docs Offline) - C:\Users\WhiteTiger\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-20]
CHR Extension: (Save to Google Drive) - C:\Users\WhiteTiger\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2016-10-22]
CHR Extension: (TinEye Reverse Image Search) - C:\Users\WhiteTiger\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2016-09-19]
CHR Extension: (Gradient Creator!) - C:\Users\WhiteTiger\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcplneddoadgichngfbobgpllfphdfla [2016-09-19]
CHR Extension: (TiltShiftMaker) - C:\Users\WhiteTiger\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjofhgnhekhkccpcnnloagmdpafifeo [2016-10-30]
CHR Extension: (SEO & Website Analysis) - C:\Users\WhiteTiger\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlngmmdolgbdnnimbmblfhhndibdipaf [2017-03-12]
CHR Extension: (Crackle) - C:\Users\WhiteTiger\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic [2016-09-19]
CHR Extension: (Google Mail Checker) - C:\Users\WhiteTiger\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2016-09-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\WhiteTiger\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08]
CHR Extension: (SEO for Chrome) - C:\Users\WhiteTiger\AppData\Local\Google\Chrome\User Data\Default\Extensions\oangcciaeihlfmhppegpdceadpfaoclj [2016-09-19]
CHR Extension: (Responsive Web Design Tester) - C:\Users\WhiteTiger\AppData\Local\Google\Chrome\User Data\Default\Extensions\objclahbaimlfnbjdeobicmmlnbhamkg [2017-06-23]
CHR Extension: (SEO SERP) - C:\Users\WhiteTiger\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofoaoaloeipdofknnaapbmdddddioklg [2016-09-19]
CHR Extension: (Gmail) - C:\Users\WhiteTiger\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-19]
CHR Extension: (Chrome Media Router) - C:\Users\WhiteTiger\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-15]
CHR Profile: C:\Users\WhiteTiger\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-02-07]
CHR Extension: (Google Slides) - C:\Users\WhiteTiger\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-26]
CHR Extension: (Google Docs) - C:\Users\WhiteTiger\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-26]
CHR Extension: (Google Drive) - C:\Users\WhiteTiger\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-26]
CHR Extension: (YouTube) - C:\Users\WhiteTiger\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-26]
CHR Extension: (Google Sheets) - C:\Users\WhiteTiger\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-26]
CHR Extension: (Google Docs Offline) - C:\Users\WhiteTiger\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\WhiteTiger\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-26]
CHR Extension: (Gmail) - C:\Users\WhiteTiger\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-26]
CHR Extension: (Chrome Media Router) - C:\Users\WhiteTiger\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-23]
CHR Profile: C:\Users\WhiteTiger\AppData\Local\Google\Chrome\User Data\Profile 2 [2017-02-07]
CHR Extension: (Google Slides) - C:\Users\WhiteTiger\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-26]
CHR Extension: (Google Docs) - C:\Users\WhiteTiger\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-26]
CHR Extension: (Google Drive) - C:\Users\WhiteTiger\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-26]
CHR Extension: (YouTube) - C:\Users\WhiteTiger\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-26]
CHR Extension: (Google Sheets) - C:\Users\WhiteTiger\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-26]
CHR Extension: (Google Docs Offline) - C:\Users\WhiteTiger\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\WhiteTiger\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-26]
CHR Extension: (Gmail) - C:\Users\WhiteTiger\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-26]
CHR Extension: (Chrome Media Router) - C:\Users\WhiteTiger\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-02]
CHR Profile: C:\Users\WhiteTiger\AppData\Local\Google\Chrome\User Data\System Profile [2017-02-07]
CHR HKLM\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-27] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [954648 2014-01-27] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2014-04-10] () [File not signed]
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.06.01\AsusFanControlService.exe [382776 2014-04-10] (ASUSTeK Computer Inc.)
S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
S3 BstHdAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Service.exe [428056 2017-03-03] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [406040 2017-03-03] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [452632 2017-03-03] (BlueStack Systems, Inc.)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [240576 2013-10-06] (DTS, Inc)
S3 FOLIKRSV; C:\Users\WhiteTiger\AppData\Roaming\Follow Liker\mdb\bin\folikrSrv.exe [8180224 2017-05-13] () [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-12] (NVIDIA Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-12] (NVIDIA Corporation)
R2 pcapsvc; C:\Windows\system32\pcapsvc.exe [2071040 2015-10-29] (Proxy Labs) [File not signed]
R2 SpeedupService; C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe [74800 2017-06-28] (Avira Operations GmbH & Co. KG)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-12] (DEVGURU Co., LTD.)
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10883824 2017-03-17] (TeamViewer GmbH)
R2 VPNUnlimitedService; C:\Program Files (x86)\VPN Unlimited\vpn-unlimited-daemon.exe [62296 2017-05-18] (KeepSolid Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [308088 2015-12-07] (Western Digital Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S3 WD Backup Drive Helper; C:\Windows\SysWOW64\dllhost.exe /Processid:{4AB831D3-8315-414C-8A7A-303105288D0B}
S3 WD Backup Snapshot; C:\Windows\SysWOW64\dllhost.exe /Processid:{302480DF-3AC5-4400-BE7B-DD77AF93B6DD}

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2013-01-28] (ASUSTek Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-01-27] ()
R3 ASMTFilter; C:\Windows\SysWow64\drivers\asmtufdriver.sys [21400 2013-01-28] (hxxp://www.asmedia.com.tw) [File not signed]
R0 asstor64; C:\Windows\System32\DRIVERS\asstor64.sys [84816 2014-03-14] (Asmedia Technology)
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2014-02-24] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-19] (MCCI Corporation)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [172760 2013-10-01] (Broadcom Corporation.)
S3 BstHdDrv; C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [152672 2017-03-03] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\Bluestacks\BstkDrv.sys [270904 2017-03-03] (Bluestack System Inc. )
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [487704 2014-03-13] (Intel Corporation)
R1 ElRawDisk; C:\Windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation)
R4 IOMap; C:\Windows\system32\drivers\IOMap64.sys [24824 2014-04-10] (ASUSTeK Computer Inc.)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [253856 2017-07-17] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 phantomtap; C:\Windows\System32\DRIVERS\phantomtap.sys [35664 2017-06-23] (The OpenVPN Project)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-06-25] (Duplex Secure Ltd.)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)
R3 vrvd5; C:\Windows\System32\DRIVERS\vrvd5.sys [13344 2014-12-21] (Rsupport Corporation)
R3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64_prewin8.sys [23200 2015-12-07] (Western Digital Technologies)
U3 amiukrvz; C:\Windows\System32\Drivers\amiukrvz.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-17 15:52 - 2017-07-17 15:52 - 02435584 _____ (Farbar) C:\Users\WhiteTiger\Downloads\FRST64.exe
2017-07-17 15:52 - 2017-07-17 15:52 - 00035211 _____ C:\Users\WhiteTiger\Downloads\FRST.txt
2017-07-17 15:52 - 2017-07-17 15:52 - 00000000 ____D C:\FRST
2017-07-17 14:59 - 2017-07-17 15:01 - 00000519 _____ C:\runcheck.txt
2017-07-17 14:54 - 2017-07-17 14:58 - 00000000 ____D C:\ComboFix
2017-07-17 14:26 - 2017-07-17 14:31 - 00000000 ____D C:\Windows\erdnt
2017-07-17 14:26 - 2017-07-17 14:26 - 00000000 ____D C:\Qoobox
2017-07-17 14:26 - 2011-06-25 23:45 - 00256000 _____ C:\Windows\PEV.exe
2017-07-17 14:26 - 2010-11-07 10:20 - 00208896 _____ C:\Windows\MBR.exe
2017-07-17 14:26 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-07-17 14:26 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-07-17 14:26 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-07-17 14:26 - 2000-08-30 17:00 - 00098816 _____ C:\Windows\sed.exe
2017-07-17 14:26 - 2000-08-30 17:00 - 00080412 _____ C:\Windows\grep.exe
2017-07-17 14:26 - 2000-08-30 17:00 - 00068096 _____ C:\Windows\zip.exe
2017-07-17 14:25 - 2017-07-17 14:25 - 00000492 _____ C:\TDSSKiller.3.1.0.15_17.07.2017_14.25.00_log.txt
2017-07-17 14:23 - 2017-07-17 14:23 - 05659794 ____R (Swearware) C:\Users\WhiteTiger\Downloads\ComboFix.exe
2017-07-17 14:22 - 2017-07-17 14:24 - 00484504 _____ C:\TDSSKiller.3.1.0.15_17.07.2017_14.22.55_log.txt
2017-07-17 14:19 - 2017-07-17 14:19 - 04922400 _____ (AO Kaspersky Lab) C:\Users\WhiteTiger\Downloads\tdsskiller.exe
2017-07-17 14:18 - 2017-07-17 14:18 - 01106888 _____ (Bleeping Computer, LLC) C:\Users\WhiteTiger\Downloads\rkill64.exe
2017-07-17 14:04 - 2017-07-17 14:04 - 00000000 ____D C:\Users\WhiteTiger\AppData\Local\AviraSpeedup
2017-07-17 14:01 - 2017-07-17 15:42 - 00000000 ____D C:\Users\Public\Speedup Sessions
2017-07-17 14:01 - 2017-07-17 14:01 - 00003658 _____ C:\Windows\System32\Tasks\AviraSystemSpeedupUpdate
2017-07-17 14:01 - 2017-07-17 14:01 - 00000000 ____D C:\Windows\System32\Tasks\Avira
2017-07-17 14:01 - 2017-07-17 14:01 - 00000000 ____D C:\Users\WhiteTiger\AppData\Local\Avira
2017-07-17 14:00 - 2017-07-17 14:00 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
2017-07-17 13:57 - 2017-07-17 15:42 - 00000000 ____D C:\Program Files (x86)\Avira
2017-07-17 13:57 - 2017-07-17 14:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-07-17 13:57 - 2017-07-17 14:53 - 00000000 ____D C:\ProgramData\Avira
2017-07-17 13:57 - 2017-07-17 13:57 - 04806912 _____ (Avira Operations GmbH & Co. KG) C:\Users\WhiteTiger\Downloads\avira_en_av_596d246be0b4b__ws.exe
2017-07-16 19:20 - 2017-07-16 19:20 - 11534624 _____ (VS Revo Group ) C:\Users\WhiteTiger\Downloads\RevoUninProSetup.exe
2017-07-16 19:20 - 2017-07-16 19:20 - 00000000 ____D C:\Users\WhiteTiger\AppData\Local\VS Revo Group
2017-07-16 19:20 - 2017-07-16 19:20 - 00000000 ____D C:\ProgramData\VS Revo Group
2017-07-16 19:15 - 2017-07-16 19:16 - 00013384 _____ C:\Users\WhiteTiger\Documents\cc_20170716_191557.reg
2017-07-16 18:21 - 2017-07-16 18:21 - 02870984 _____ (ESET) C:\Users\WhiteTiger\Downloads\esetsmartinstaller_enu.exe
2017-07-15 17:30 - 2017-07-15 17:30 - 00002070 _____ C:\Windows\system32\.crusader
2017-07-15 17:20 - 2017-07-15 17:20 - 11584088 _____ (SurfRight B.V.) C:\Users\WhiteTiger\Downloads\HitmanPro_x64.exe
2017-07-15 02:23 - 2017-07-15 17:30 - 00000000 ____D C:\ProgramData\HitmanPro
2017-07-15 02:11 - 2017-07-17 14:44 - 00003106 _____ C:\Users\WhiteTiger\Desktop\Rkill.txt
2017-07-15 02:11 - 2017-07-15 02:46 - 00000000 ____D C:\AdwCleaner
2017-07-08 16:27 - 2017-07-15 17:30 - 00000000 ____D C:\Users\WhiteTiger\AppData\Roaming\MicrosoftHostHelper
2017-07-08 16:27 - 2017-07-08 16:27 - 00003548 _____ C:\Windows\System32\Tasks\zadanie1
2017-07-07 08:02 - 2017-07-15 17:30 - 00000000 ____D C:\dDusr32.tmp
2017-07-07 07:50 - 2017-07-15 17:30 - 00000000 ____D C:\LjKiF78.tmp
2017-07-07 07:50 - 2017-07-07 07:50 - 00000000 ____D C:\Users\WhiteTiger\AppData\Roaming\RUT_settings
2017-07-05 05:57 - 2017-07-05 05:57 - 07075640 _____ (Tim Kosse) C:\Users\WhiteTiger\Downloads\FileZilla_3.26.2_win64-setup.exe
2017-06-27 03:49 - 2017-06-27 03:49 - 01398143 _____ (Igor Pavlov) C:\Users\WhiteTiger\Downloads\7z1700-x64.exe
2017-06-26 05:13 - 2017-07-10 10:39 - 00188352 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-06-26 05:13 - 2017-07-10 10:39 - 00101784 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-06-26 05:13 - 2017-07-10 10:39 - 00077376 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-06-26 05:13 - 2017-06-26 05:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-06-26 05:13 - 2017-06-26 05:13 - 00000000 ____D C:\Program Files\Malwarebytes
2017-06-23 07:42 - 2017-06-23 07:42 - 00035664 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\phantomtap.sys
2017-06-21 17:05 - 2017-06-21 17:05 - 18976464 _____ (Interapptive®, Inc. ) C:\Users\WhiteTiger\Downloads\ShipWorksSetup.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-17 15:51 - 2014-06-23 06:21 - 00000000 ____D C:\Users\WhiteTiger\AppData\Roaming\Skype
2017-07-17 15:50 - 2009-07-13 21:45 - 00027248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-17 15:50 - 2009-07-13 21:45 - 00027248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-17 15:48 - 2009-07-13 22:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2017-07-17 15:48 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2017-07-17 15:47 - 2014-06-23 08:28 - 00000000 _____ C:\Windows\Path.idx
2017-07-17 15:43 - 2016-11-23 02:39 - 00000000 ____D C:\Users\WhiteTiger\AppData\LocalLow\Mozilla
2017-07-17 15:42 - 2015-01-04 05:56 - 00000000 ____D C:\ProgramData\NVIDIA
2017-07-17 15:42 - 2014-06-23 08:05 - 01048576 _____ C:\Windows\PE_Rom.dll
2017-07-17 15:42 - 2014-06-23 07:00 - 00253856 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-07-17 15:42 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-17 15:39 - 2014-06-23 05:31 - 00000000 ____D C:\Users\WhiteTiger\AppData\Roaming\FileZilla
2017-07-17 15:38 - 2014-06-23 05:34 - 00000000 ____D C:\Users\WhiteTiger\AppData\Roaming\vlc
2017-07-17 14:58 - 2009-07-13 19:34 - 00000215 _____ C:\Windows\system.ini
2017-07-17 14:53 - 2014-06-23 01:24 - 00000000 ____D C:\ProgramData\Package Cache
2017-07-17 14:42 - 2009-07-13 21:45 - 07294056 _____ C:\Windows\system32\FNTCACHE.DAT
2017-07-17 14:07 - 2015-04-23 00:10 - 00000000 ____D C:\Program Files (x86)\GSA Search Engine Ranker
2017-07-17 14:01 - 2014-06-23 02:03 - 00241760 _____ C:\Users\WhiteTiger\AppData\Local\GDIPFONTCACHEV1.DAT
2017-07-16 09:01 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\registration
2017-07-15 02:58 - 2016-10-28 00:43 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-07-15 02:47 - 2014-06-23 01:10 - 00000000 ____D C:\Users\WhiteTiger
2017-07-15 02:46 - 2015-04-04 03:00 - 00000000 ___SD C:\Windows\system32\GWX
2017-07-15 02:46 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\Msdtc
2017-07-11 14:56 - 2014-06-23 06:21 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-07-11 14:56 - 2014-06-23 06:21 - 00000000 ____D C:\ProgramData\Skype
2017-07-11 10:58 - 2015-07-15 20:19 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-07-11 10:58 - 2014-06-23 05:34 - 00803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-07-11 10:58 - 2014-06-23 05:34 - 00144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-07-11 10:58 - 2014-06-23 05:34 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-07-11 10:58 - 2014-06-23 05:34 - 00000000 ____D C:\Windows\system32\Macromed
2017-07-10 10:40 - 2014-06-23 07:00 - 00084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-07-10 10:39 - 2014-06-23 07:00 - 00045472 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-07-10 02:30 - 2016-11-17 17:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-07-10 02:30 - 2014-06-23 05:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-07-07 06:50 - 2014-08-29 02:32 - 00000000 ____D C:\Users\WhiteTiger\AppData\Local\Adobe
2017-07-05 05:57 - 2014-06-23 05:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2017-07-05 05:57 - 2014-06-23 05:31 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2017-06-29 18:23 - 2017-01-01 22:20 - 00000000 ____D C:\Users\WhiteTiger\Desktop\poker games
2017-06-27 16:10 - 2014-06-23 05:19 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-27 00:22 - 2015-11-27 03:53 - 00000000 ____D C:\Users\WhiteTiger\Desktop\funnys
2017-06-26 05:13 - 2014-06-23 07:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-06-26 05:13 - 2014-06-23 07:00 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware

==================== Files in the root of some directories =======

2014-07-31 06:54 - 2017-02-07 00:27 - 0000132 _____ () C:\Users\WhiteTiger\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-09-08 15:05 - 2017-06-11 23:41 - 0000600 _____ () C:\Users\WhiteTiger\AppData\Roaming\winscp.rnd
2015-11-26 20:11 - 2015-11-26 20:27 - 0001456 _____ () C:\Users\WhiteTiger\AppData\Local\Adobe Save for Web 12.0 Prefs
2015-10-27 01:24 - 2015-10-27 01:29 - 0000600 _____ () C:\Users\WhiteTiger\AppData\Local\PUTTY.RND
2017-03-19 20:33 - 2017-03-19 20:33 - 0000552 _____ () C:\Users\WhiteTiger\AppData\Local\TroubleshooterConfig.json
2014-06-23 01:27 - 2014-06-23 01:27 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Files to move or delete:
====================
C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe


Some files in TEMP:
====================
2017-07-17 14:59 - 2017-07-17 14:59 - 0476672 _____ () C:\Users\WhiteTiger\AppData\Local\Temp\7za.exe
2017-07-17 14:59 - 2017-07-17 14:59 - 0020480 _____ (E Dev) C:\Users\WhiteTiger\AppData\Local\Temp\DaS_21.exe
2017-07-17 14:59 - 2017-07-17 14:59 - 0388608 _____ (Trend Micro Inc.) C:\Users\WhiteTiger\AppData\Local\Temp\hijackthis.exe
2017-07-17 14:59 - 2017-07-17 14:59 - 0030720 _____ (NirSoft) C:\Users\WhiteTiger\AppData\Local\Temp\NirCmd.exe
2017-07-17 14:59 - 2017-07-17 14:59 - 0256512 _____ () C:\Users\WhiteTiger\AppData\Local\Temp\PEVZ.EXE
2017-07-17 14:59 - 2017-07-17 14:59 - 0069632 _____ () C:\Users\WhiteTiger\AppData\Local\Temp\remove.exe
2017-07-17 14:59 - 2017-07-17 14:59 - 0098816 _____ () C:\Users\WhiteTiger\AppData\Local\Temp\sed.exe
2017-07-17 14:59 - 2017-07-17 14:59 - 0057344 _____ (Optimum X) C:\Users\WhiteTiger\AppData\Local\Temp\shortcut.exe
2017-07-17 14:59 - 2017-07-17 14:59 - 0161792 _____ (SteelWerX) C:\Users\WhiteTiger\AppData\Local\Temp\swreg.exe
2017-07-17 14:59 - 2017-07-17 14:59 - 0217088 _____ (SteelWerX) C:\Users\WhiteTiger\AppData\Local\Temp\swxcacls.exe
2017-07-17 14:59 - 2017-07-17 14:59 - 0154232 _____ (Noël Danjou) C:\Users\WhiteTiger\AppData\Local\Temp\wget.exe
2017-07-17 14:59 - 2017-07-17 14:59 - 0024064 _____ () C:\Users\WhiteTiger\AppData\Local\Temp\zoek-delete.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-07-12 00:47

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-07-2017
Ran by WhiteTiger (17-07-2017 15:52:52)
Running from C:\Users\WhiteTiger\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2014-06-23 08:09:59)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2346341255-3800263289-994878814-500 - Administrator - Disabled)
Guest (S-1-5-21-2346341255-3800263289-994878814-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2346341255-3800263289-994878814-1002 - Limited - Enabled)
WhiteTiger (S-1-5-21-2346341255-3800263289-994878814-1000 - Administrator - Enabled) => C:\Users\WhiteTiger

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20058 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.144 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Creative Suite 5 Master Collection (HKLM-x32\...\{FBB02B04-C034-4382-A3F6-57416E2752C4}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Flash Player 26 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 4.2 64-bit (HKLM\...\{B71CCF77-38A2-4805-9759-A6F7D2C52F3A}) (Version: 4.2.1 - Adobe)
AI Suite 3 (HKLM-x32\...\{D46DA5F0-25AD-4B77-98DA-6DD6AF39FBD9}) (Version: 1.00.79 - ASUSTeK Computer Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}) (Version: 5.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}) (Version: 5.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.15.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 2.0.8.0001 - Asmedia Technology)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.6.104.6367 - BlueStack Systems, Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.32.223.1 - Broadcom Corporation)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - ‎Canon Inc.‬)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - ‪Canon Inc.‬)
Canon MG6300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6300_series) (Version: 1.01 - Canon Inc.)
Canon Utilities Digital Photo Professional (HKLM-x32\...\Digital Photo Professional) (Version: 3.13.20.0 - Canon Inc.)
Canon Utilities EOS Sample Music (HKLM-x32\...\EOS Sample Music) (Version: 1.0.1.1 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.13.20.0 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.5.1.7 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.13.20.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.30 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Hidden
FileZilla Client 3.26.2 (HKLM-x32\...\FileZilla Client) (Version: 3.26.2 - Tim Kosse)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{f3e3c5dd-edd0-406b-8aa2-ce5acb93660e}) (Version: 10.0.14 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation)
Intel® Network Connections 19.1.51.0 (HKLM\...\PROSetDX) (Version: 19.1.51.0 - Intel)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.16 - Intel Corporation)
iTunes (HKLM\...\{F0C7385A-9D20-45F3-8101-05D383885180}) (Version: 12.6.1.25 - Apple Inc.)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporation)
Jing (HKLM-x32\...\{8C784F8B-89D0-4A59-A000-7EEF129E1574}) (Version: 2.9.15255.1 - TechSmith Corporation)
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0 - Mozilla)
NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.09 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
PDF Settings CS5 (HKLM-x32\...\{A78FE97A-C0C8-49CE-89D0-EDD524A17392}) (Version: 10.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
ProxyCap (HKLM\...\{8ABD8277-D10E-426C-88AC-15E11C78340B}) (Version: 5.2.80 - Proxy Labs)
PxMergeModule (HKLM-x32\...\{024521CF-C07E-4F8E-8481-0D75695E03AF}) (Version: 1.00.0000 - Your Company Name) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7224 - Realtek Semiconductor Corp.)
Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.6 - Samsung)
Samsung SideSync 3.0 (HKLM-x32\...\Samsung SideSync) (Version: 3.1.4.827 - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 16.18.9 - NVIDIA Corporation) Hidden
Skype™ 7.38 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.38.101 - Skype Technologies S.A.)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.75813 - TeamViewer)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WD Backup (HKLM-x32\...\{4AACAFC7-951A-4215-B430-3DFCFF2E6CED}) (Version: 1.5.5953.19614 - Western Digital Technologies, Inc) Hidden
WD Backup (HKLM-x32\...\{a8c9535a-ecd9-4172-a330-0cb5ff9dbed9}) (Version: 1.5.5953.19614 - Western Digital Technologies, Inc.)
WD Drive Utilities (HKLM-x32\...\{48996CDD-DD81-4197-93FE-0971E73C5CA7}) (Version: 1.3.2.2 - Western Digital Technologies, Inc.) Hidden
WD Drive Utilities (HKLM-x32\...\{eab1fb93-61fb-48de-b815-b4e9b68d2ef1}) (Version: 1.3.2.2 - Western Digital Technologies, Inc.)
WD My Cloud (HKLM\...\{4B86F896-11DC-4711-BB60-81104832FA44}) (Version: 1.0.7.17 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{965D28B5-3C86-41FD-994E-D6376815C9B3}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{249644e6-451a-4a5c-bd5c-21eeb9eec79d}) (Version: 1.3.1.2 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{7CC2EDF2-83EC-4707-BDD3-72469236A6CC}) (Version: 1.3.1.2 - Western Digital Technologies, Inc.) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4800 - Broadcom Corporation)
WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
WinZip 17.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DD}) (Version: 17.5.10562 - WinZip Computing, S.L. )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2346341255-3800263289-994878814-1000_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\WhiteTiger\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2346341255-3800263289-994878814-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\WhiteTiger\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
ContextMenuHandlers01: [SystemSpeedupFilesMenu] -> {ef263503-8f0e-3e6a-ae2e-fe0b4b441d52} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
ContextMenuHandlers01: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org)
ContextMenuHandlers01: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-06-10] (Alexander Roshal)
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers01: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2013-07-31] (WinZip Computing, S.L.)
ContextMenuHandlers01: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
ContextMenuHandlers02: [AlcoholShellEx] -> {32020A01-506E-484D-A2A8-BE3CF17601C3} =>  -> No File
ContextMenuHandlers02: [AlcoholShellEx64] -> {AF67B665-D752-424E-9A03-C7C218F2844F} => C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxShlEx64.dll [2013-09-17] (Alcohol Soft Development Team)
ContextMenuHandlers02: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org)
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers03: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
ContextMenuHandlers04: [SystemSpeedupFoldersMenu] -> {3d52b24d-33bb-3895-99ea-a0156f24a3f9} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
ContextMenuHandlers04: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org)
ContextMenuHandlers04: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2013-07-31] (WinZip Computing, S.L.)
ContextMenuHandlers04: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
ContextMenuHandlers05: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2014-12-13] (NVIDIA Corporation)
ContextMenuHandlers05: [SystemSpeedupDesktopMenu] -> {cefaf456-bc17-3f4b-b7d9-75070925911b} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
ContextMenuHandlers05: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org)
ContextMenuHandlers05: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers06: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-06-10] (Alexander Roshal)
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers06: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2013-07-31] (WinZip Computing, S.L.)
ContextMenuHandlers06: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0F00060E-3E66-42A9-9267-5335CCCAF9F9} - System32\Tasks\ASUS\ASUS AISuiteIII => C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe [2014-04-09] (ASUSTeK Computer Inc.)
Task: {23801509-56B9-4842-9081-E3CD209088DA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2346341255-3800263289-994878814-1000UA => C:\Users\WhiteTiger\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {24EAB29C-F6A4-4DE6-B4CB-1D8B2C5870BC} - System32\Tasks\zadanie1 => C:\Users\WhiteTiger\AppData\Roaming\MicrosoftHostHelper\Winlogin.exe [2017-07-04] ()
Task: {2C7706A4-99FA-487E-9525-CF61551B5105} - System32\Tasks\ASUS\Push Notice Server Execute => C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe [2014-01-10] (ASUSTeK Computer Inc.)
Task: {42F0C146-8B53-45A3-8C76-E2D9429EB601} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {4DDF118B-1342-43D3-A0B6-DC2740A14F49} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {69C83B94-737D-451F-9123-CC6C6D00EF54} - System32\Tasks\Avira\System Speedup\SpeedupSysTray => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe [2017-06-28] (Avira Operations GmbH & Co. KG)
Task: {6DFE3EC8-69D2-4950-99FD-FDE652BABE7A} - System32\Tasks\AviraSystemSpeedupUpdate => C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe [2017-07-17] (Avira Operations GmbH & Co. KG                              )
Task: {7B0CFC77-51D0-4973-8405-60AC71C12A35} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-05-19] (Piriform Ltd)
Task: {7FFCDD41-5775-47B6-AD71-E93BD449614D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-11] (Adobe Systems Incorporated)
Task: {8B94D1A0-E0EC-4569-B192-07065B23EEF8} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr.exe [2013-07-24] (ASUSTeK Computer Inc.)
Task: {A7B5FF4C-C393-4B9A-9B36-637839AB5C09} - System32\Tasks\Avira\System Speedup\TestScheduler => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [2017-06-28] (Avira Operations GmbH & Co. KG)
Task: {BB66C6C8-17AB-4585-A110-E66CA8C217DB} - System32\Tasks\ASUS\ASUS DIPAwayMode => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe [2014-04-16] ()
Task: {CAA2360A-4344-4EBE-A324-CDAD3F42774D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {CD821DD2-14A6-46B8-BFBD-DE8D1BBF3554} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {F1668051-5ED4-48B1-A2D3-0A8F5BB22E5A} - System32\Tasks\AdobeAAMUpdater-1.0-WhiteTiger-PC-WhiteTiger => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {FADD9822-ABA5-4474-A3B0-6CE556442E57} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2346341255-3800263289-994878814-1000Core => C:\Users\WhiteTiger\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {FBF9D0BE-D0A2-4B1E-8BF6-83B2DE0A830D} - System32\Tasks\ASUS\GpuFanHelper => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\GpuFanHelper.exe [2014-04-11] (TODO: <Company name>)
Task: {FCB1D4B5-8CA1-49E0-84BC-304A4F7BA613} - System32\Tasks\ASUS\Ez Update => C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe [2014-03-27] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\WhiteTiger\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\My Glamour Life - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2"
ShortcutWithArgument: C:\Users\WhiteTiger\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Danceshowoff - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\WhiteTiger\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\52eebb101667bbb2\Responsive Web Design Tester.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=objclahbaimlfnbjdeobicmmlnbhamkg

==================== Loaded Modules (Whitelisted) ==============

2015-01-04 05:56 - 2014-12-13 01:03 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-05-09 00:44 - 2017-05-09 00:44 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-27 20:16 - 2014-01-27 20:16 - 00936728 ____R () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
2014-06-23 07:59 - 2014-04-10 23:51 - 01360016 ____R () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
2014-06-23 07:59 - 2014-04-16 16:45 - 01270552 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
2014-06-23 07:59 - 2014-03-27 19:33 - 01430328 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe
2017-05-18 07:45 - 2017-05-17 12:51 - 00013312 _____ () C:\Program Files (x86)\VPN Unlimited\QtWebEngineProcess.exe
2014-06-23 07:59 - 2014-04-11 09:53 - 01045304 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNoticeMonitor.exe
2014-06-23 08:00 - 2014-04-11 10:53 - 00037176 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotify_PCCtrl.exe
2014-06-23 07:59 - 2014-04-02 16:23 - 00947512 _____ () C:\Program Files (x86)\ASUS\AI Suite III\ASUSMiniBar.exe
2017-07-04 01:27 - 2017-07-04 01:27 - 00983552 ____H () C:\Users\WhiteTiger\AppData\Roaming\MicrosoftHostHelper\Winlogin.exe
2008-08-25 04:09 - 2008-08-25 04:09 - 00001024 ____H () C:\Users\WhiteTiger\AppData\Roaming\MicrosoftHostHelper\hidconall.exe
2014-06-23 07:56 - 2017-07-17 15:42 - 00037672 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll
2014-06-23 07:56 - 2014-01-27 20:16 - 00104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.02.00\ATKEX.dll
2017-04-20 03:25 - 2017-05-18 16:50 - 00111448 _____ () C:\Program Files (x86)\VPN Unlimited\enc.dll
2014-06-23 07:59 - 2014-01-28 11:16 - 00091648 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Log4cxxWrapper.dll
2014-06-23 07:59 - 2014-01-28 11:16 - 00147456 _____ () C:\Program Files (x86)\ASUS\AI Suite III\AssistFunc.dll
2014-06-23 07:59 - 2013-10-29 11:53 - 00872960 _____ () C:\Program Files (x86)\ASUS\AI Suite III\AI Charger+\AIChargerPlus.dll
2014-06-23 07:59 - 2014-04-17 02:12 - 04042752 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\dip4.dll
2014-06-23 07:59 - 2014-04-11 14:50 - 00091648 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\Log4cxxWrapper.dll
2014-06-23 07:59 - 2014-02-25 16:53 - 01138176 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EasyUpdt.dll
2014-06-23 07:59 - 2014-02-14 18:54 - 00827392 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Version\Version.dll
2014-06-23 07:59 - 2014-04-10 23:51 - 00053248 ____R () C:\Program Files (x86)\ASUS\VGA COM\1.00.17\Exeio.dll
2014-06-23 07:59 - 2014-04-10 23:51 - 00278528 ____R () C:\Program Files (x86)\ASUS\VGA COM\1.00.17\Vender.dll
2014-06-23 07:56 - 2014-01-27 20:16 - 00662016 ____R () C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMLib.dll
2014-06-23 07:59 - 2014-04-11 14:50 - 00010240 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\IccHelper.dll
2014-06-23 08:01 - 2012-01-19 09:39 - 00028672 _____ () C:\Program Files (x86)\ASUS\AI Suite III\USB BIOS Flashback\PEInfo.dll
2014-06-23 07:59 - 2014-01-28 11:16 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite III\ImageHelper.dll
2014-06-23 07:59 - 2014-01-28 11:16 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite III\pngio.dll
2014-06-23 08:01 - 2013-11-04 13:18 - 00062976 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Wi-Fi Engine\IsSupported.dll
2014-06-23 08:01 - 2010-09-23 11:51 - 00114688 _____ () C:\Program Files (x86)\ASUS\AI Suite III\USB BIOS Flashback\AsIdxParser.dll
2014-06-23 08:01 - 2010-02-25 14:01 - 00139264 _____ () C:\Program Files (x86)\ASUS\AI Suite III\USB BIOS Flashback\Aszip.dll
2014-06-23 07:59 - 2014-04-18 15:31 - 00711168 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4DIGIPowerControlAction.dll
2014-06-23 07:59 - 2014-04-11 14:50 - 00859136 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4EpuAction.dll
2014-06-23 07:59 - 2014-04-11 14:50 - 00801280 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4FanAction.dll
2014-06-23 07:59 - 2014-04-11 14:50 - 00807936 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4TurboVEVOAction.dll
2014-06-23 07:59 - 2014-04-11 14:50 - 00010240 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\IccHelper.dll
2014-06-23 07:59 - 2014-03-27 19:32 - 05778096 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzULIB.dll
2014-06-23 07:59 - 2014-02-24 17:49 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\ImageHelper.dll
2017-06-20 11:28 - 2017-06-20 11:28 - 01997792 ____R () C:\Program Files (x86)\Skype\Phone\skypert.dll
2017-04-20 03:25 - 2017-05-18 16:50 - 01099096 _____ () C:\Program Files (x86)\VPN Unlimited\rpc_lib.dll
2017-04-20 03:25 - 2017-05-18 16:50 - 00828248 _____ () C:\Program Files (x86)\VPN Unlimited\open_vpn_wrapper_lib.dll
2017-04-20 03:25 - 2017-05-18 16:50 - 00046424 _____ () C:\Program Files (x86)\VPN Unlimited\qtkeychain.dll
2014-06-23 07:59 - 2013-11-20 10:10 - 00662016 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\aaHMLib.dll
2014-06-23 07:59 - 2013-07-02 10:40 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\pngio.dll
2014-06-23 07:59 - 2014-04-11 14:50 - 00743424 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\EPU.dll
2014-06-23 07:59 - 2014-04-11 14:50 - 00908288 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\FAN.dll
2014-06-23 07:59 - 2014-04-10 15:23 - 00643584 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNoticeMiniMsg.dll
2014-03-20 11:43 - 2014-03-20 11:43 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\WhiteTiger\AppData\Local\2oDqxPyU6:aca2xRGQetNi7assn1beHbJeAK3O [2386]
AlternateDataStreams: C:\Users\WhiteTiger\AppData\Local\dvDhgkePAkn:5X9ZSU9xry2xAcjyUeZrHOE [2488]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2015-04-28 01:32 - 00002402 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 hl2rcv.adobe.com
127.0.0.1 adobeereg.com
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 3dns.adobe.com
127.0.0.1 3dns-1.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-4.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-1.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 adobe-dns-4.adobe.com
127.0.0.1 adobe-dns-5.adobe.com
127.0.0.1 hh-software.com
127.0.0.1 www.hh-software.com
127.0.0.1 activate.adobe.de
127.0.0.1 practivate.adobe.de
127.0.0.1 ereg.adobe.de
127.0.0.1 activate.wip3.adobe.de
127.0.0.1 wip3.adobe.de
127.0.0.1 3dns-3.adobe.de

There are 22 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2346341255-3800263289-994878814-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\WhiteTiger\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ImageBrowser EX Agent.lnk => C:\Windows\pss\ImageBrowser EX Agent.lnk.CommonStartup
MSCONFIG\startupreg: AdobeBridge =>
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: AlcoholAutomount => "C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" -automount
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\Bluestacks\HD-Agent.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Jing => C:\Program Files (x86)\TechSmith\Jing\Jing.exe
MSCONFIG\startupreg: RemoteView5 Tray => "C:\Program Files (x86)\Samsung\Remote PC\rvagtray.exe" /background
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{BA7166BD-1721-41A8-8DF1-6631B277E1F1}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{D13EA0E0-78E8-4447-B53A-CADF35AB8AAC}C:\program files (x86)\asus\ai suite iii\aisuite3.exe] => (Allow) C:\program files (x86)\asus\ai suite iii\aisuite3.exe
FirewallRules: [UDP Query User{2A02661B-8572-40C5-905F-B803AAD1B7E4}C:\program files (x86)\asus\ai suite iii\aisuite3.exe] => (Allow) C:\program files (x86)\asus\ai suite iii\aisuite3.exe
FirewallRules: [TCP Query User{4FADDC45-879B-43A7-90D3-DA3CA4440C59}C:\program files (x86)\asus\ai suite iii\aisuite3.exe] => (Allow) C:\program files (x86)\asus\ai suite iii\aisuite3.exe
FirewallRules: [UDP Query User{B1940D94-F017-434B-8866-8CD343143E44}C:\program files (x86)\asus\ai suite iii\aisuite3.exe] => (Allow) C:\program files (x86)\asus\ai suite iii\aisuite3.exe
FirewallRules: [{6626BD73-2CAD-4032-9A98-A44A070075A6}] => (Allow) C:\Program Files (x86)\Samsung\SideSync3\SideSync3.exe
FirewallRules: [{69DC21D1-D811-4022-8C9F-F01B2B93BC6D}] => (Allow) C:\Program Files (x86)\Samsung\SideSync3\SideSync3.exe
FirewallRules: [{FD1FFA51-0663-48F1-BF15-257916D7C9D0}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{F1C50528-DE77-4203-B4F7-3883C9EB277B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{2666B7A7-05FC-4B32-B128-C5BBA690FF3D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{568BDB41-FB19-43E1-8CF2-73E3F9F78D78}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{9C3D0153-2DB4-4B39-A447-BAE110827BFB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F3BCA8A8-9392-4FE4-A1C9-202C08B3E3FD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{9BC19815-781A-4B56-ABC4-12D43A002643}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BA9989AF-79D1-4967-9DF7-F5C6EFE913C8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{9C05CB7E-71E1-42D4-B5B3-0E3B0214DA9D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{52154240-4FDE-406F-B79C-4BE32C1EBA7A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{FAF705CB-1534-4F2B-9398-8476DDE72F02}C:\program files (x86)\filezilla ftp client\filezilla.exe] => (Allow) C:\program files (x86)\filezilla ftp client\filezilla.exe
FirewallRules: [UDP Query User{4BF4F1CA-B5ED-47D7-913D-04E8E97A1D59}C:\program files (x86)\filezilla ftp client\filezilla.exe] => (Allow) C:\program files (x86)\filezilla ftp client\filezilla.exe
FirewallRules: [{42517BBA-2E33-493F-B8AD-525D694B5632}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6CD93789-94DC-4DCF-BC59-67701D0329AE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C1636A2F-D766-4D71-A201-8EE9F0C43E8D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{9C3E1E06-802F-4CB1-BC21-4D2981950866}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{44BD4D86-4A45-49C3-A403-8789F9CC6F4E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{2F17A75B-9C4D-4014-A243-B931795857D3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{D94C39BC-A85B-47B2-8305-41F4A9F7A4C2}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{53BF2155-76BA-4BF9-B808-4BA577C830C7}] => (Allow) C:\Program Files (x86)\VPN Unlimited\vpn-unlimited.exe
FirewallRules: [{6E19C8DF-7C8D-488C-A428-0B74DFCC0538}] => (Allow) C:\Program Files (x86)\VPN Unlimited\vpn-unlimited.exe
FirewallRules: [{64833035-EC6B-42AB-B596-158AE8F644AD}] => (Allow) C:\Program Files (x86)\VPN Unlimited\openvpn.exe
FirewallRules: [{4826A2E8-8BEB-4C9F-9C26-BE5622537A64}] => (Allow) C:\Program Files (x86)\VPN Unlimited\openvpn.exe
FirewallRules: [{F67F4006-7975-4928-9B56-C8E957534D04}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{F63CF301-F7E2-4E64-90EF-3DEBF27160B7}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe
FirewallRules: [{C80C5B64-DAE5-4E5E-A1C0-1F3D50511D14}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Samsung\Remote PC\rsautoup_.exe] => Enabled:RSupport AutoUpdate

==================== Restore Points =========================

10-06-2014 06:28:34 Windows Update
11-06-2014 03:00:24 Windows Update
15-06-2014 20:48:14 Windows Backup
17-06-2014 11:25:45 Windows Update
17-07-2017 14:26:21 ComboFix created restore point
17-07-2017 14:52:02 Removed Avira Software Updater

==================== Faulty Device Manager Devices =============

Name: Broadcom 802.11ac Network Adapter
Description: Broadcom 802.11ac Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: BCM43XX
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Bluetooth USB module
Description: Bluetooth USB module
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/17/2017 03:44:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (07/17/2017 02:51:29 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Samsung\SideSync3\SideSync3.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (07/17/2017 02:43:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (07/17/2017 02:42:57 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Samsung\SideSync3\SideSync3.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (07/17/2017 02:30:03 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/02FAF3E291435468607857694DF5E45B68851868.crt> with error: 12007 (0x2ee7).

Error: (07/17/2017 02:19:10 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Users\WhiteTiger\Downloads\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (07/17/2017 02:02:03 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Samsung\SideSync3\SideSync3.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (07/17/2017 02:01:09 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Samsung\SideSync3\SideSync3.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (07/17/2017 02:00:14 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Samsung\SideSync3\SideSync3.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (07/16/2017 07:24:51 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Samsung\SideSync3\SideSync3.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.


System errors:
=============
Error: (07/17/2017 03:43:26 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (07/17/2017 03:42:23 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{22279AF5-03AE-4CAF-989D-2530918B2F1C}
 and APPID
{0773CCD6-59A2-4D26-B235-19247767E645}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (07/17/2017 03:42:23 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{22279AF5-03AE-4CAF-989D-2530918B2F1C}
 and APPID
{0773CCD6-59A2-4D26-B235-19247767E645}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (07/17/2017 02:58:12 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (07/17/2017 02:56:41 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (07/17/2017 02:55:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ASUS System Control Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/17/2017 02:49:38 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: 490@01010004

Error: (07/17/2017 02:45:03 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {B77C4C36-0154-4C52-AB49-FAA03837E47F} did not register with DCOM within the required timeout.

Error: (07/17/2017 02:44:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ProxyCap Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/17/2017 02:43:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================
  Date: 2017-07-17 15:52:05.667
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-07-17 15:42:34.945
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-07-17 15:06:52.635
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-07-17 14:43:03.946
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-07-17 14:39:21.010
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-07-17 14:31:22.845
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-07-17 14:31:22.805
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-07-17 14:16:03.890
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-07-17 13:43:38.245
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-07-17 12:58:00.548
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i5-4670K CPU @ 3.40GHz
Percentage of memory in use: 49%
Total physical RAM: 8133.66 MB
Available physical RAM: 4115.67 MB
Total Virtual: 16265.51 MB
Available Virtual: 12177.58 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.78 GB) (Free:111.87 GB) NTFS
Drive e: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: () (Fixed) (Total:465.66 GB) (Free:223.12 GB) NTFS
Drive h: (WD Unlocker) (CDROM) (Total:0.01 GB) (Free:0 GB) UDF
Drive i: (Elements) (Fixed) (Total:1397.26 GB) (Free:583.86 GB) NTFS
Drive j: (My Book) (Fixed) (Total:3725.99 GB) (Free:2634.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: EE7D811D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 232.9 GB) (Disk ID: 1ED6DB6E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 3726 GB) (Disk ID: 16F2A91F)

Partition: GPT.

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 1397.3 GB) (Disk ID: 000303EE)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



BC AdBot (Login to Remove)

 


#2 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,917 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:06:15 PM

Posted 18 July 2017 - 07:01 AM

l8trs5https:

 
:welcome: to the Bleeping Computer Virus, Trojans, Spyware, and Malware Removal Logs Forum.  My name is Phil.  May I address you by your first name?
 
I will be assisting you with your computer issues.  I will endeavor to respond within a reasonable time, normally 48 hours after your last post.
 
I would ask that you please continue to copy and paste the contents of all requested log files directly into your replies.   Please do not use "code" or "quote" boxes.  Thank you for your anticipated cooperation.
 
I will need some time to review your FRST logs.  That could take a day or two.
 
PLEASE DO NOT RUN ANY ADDITIONAL SCANS OR ANTI-MALWARE REMOVAL TOOLS UNTIL YOU HAVE RECEIVED A RESPONSE FROM ME.
Doing so would complicate the situation and it would cause further delays in resolving your issues.  It could also potentially result in harm to your computer because my "fix" will be based on the FRST scan logs you have already submitted.
 
Thank you and have a great day.
 
Regards,
-Phil

Graduate of the Bleeping Computer Malware Removal Study Hall


#3 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,917 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:06:15 PM

Posted 18 July 2017 - 10:02 AM

l8trs5:
 
Thank you for your patience while I analyzed your FRST logs.

.

:step1: Unfortunately, in going over your logs, I see evidence of possible evasion, either past or current, of software licensing requirements for one or more programs. You might not be aware of this/these program(s), so I am NOT accusing you of knowingly installing this/these program(s) on your computer.

Bleeping Computer does not condone software piracy. Downloading and using such software, apart from being illegal by infringing on copyrights, is a MAJOR attack vector for malware. If you use such software, it is not a question of "IF" your computer will be infected, but only "WHEN", and by HOW MANY different variants of malware!

I am going to have to ask you to remove any and all software that you do not own. If you are not aware of any illicit software on your computer, then you must agree, that as a part of my "fix" for your computer, I will remove/disable any, and all, such software, tasks, etc., designed to evade legal software licencing requirements that I detect in the scan logs.

If that is agreeable to you, then after you have uninstalled any illicit software, please run the following scan for me.  If it is not agreeable to you, then please let me know and I will conclude your topic.

.

:step2: ckscanner.jpg Scan with CKScanner

Download CKScanner by askey127 and save it to your desktop.

  • Right-click on ckscanner.jpg icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • click Search For Files.
  • When finished, click Save List To File.
  • Remember to run this tool once only, if not asked to run it again.

Please copy and paste the content of CKFiles.txt into your next reply.

.

Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#4 l8trs5

l8trs5
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 18 July 2017 - 10:29 AM

Not a problem,

 

Here's the log:

 

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files\adobe\adobe premiere pro cs5\plug-ins\en_us\vstplugins\decrackler1.dll
c:\program files\adobe\adobe premiere pro cs5\plug-ins\en_us\vstplugins\decrackler2.dll
c:\program files\adobe\adobe premiere pro cs5\plug-ins\en_us\vstplugins\decrackler6.dll
c:\program files (x86)\adobe\adobe flash catalyst cs5\plugins\com.adobe.thermo.core_1.0.0.273393\com\adobe\thermo\undo\thermoundosystem$undoabledocumentchangecracker.class
c:\program files (x86)\asus\asusfancontrolservice\1.06.01\app_keys.ini
c:\program files (x86)\common files\adobe\adobe contribute cs5\app\configuration\browsers\mozilla run time libraries\dist\idl\nsikeygenthread.idl
c:\program files (x86)\common files\adobe\adobe contribute cs5\app\configuration\browsers\mozilla run time libraries\dist\include\nsikeygenthread.h
c:\program files (x86)\gsa captcha breaker\captcha_systems\other\sitescrack\sitescrack.ini
c:\programdata\asus\ai suite iii\dip5\appsetup\asusfanctrlsvc\app_keys.ini
c:\programdata\bluestacks\userdata\inputmapper\com.fluik.plumbercrack.cfg
c:\programdata\bluestacks\userdata\inputmapper\com.fluik.plumbercrack.cfg.cfg
c:\programdata\bluestacks\userdata\inputmapper\com.polarbit.crackingsands.cfg
c:\programdata\bluestacks\userdata\inputmapper\com.polarbit.crackingsands.cfg.cfg
c:\programdata\bluestacks\userdata\inputmapper\com.polarbit.crackingsandsads.cfg
c:\programdata\bluestacks\userdata\inputmapper\com.polarbit.crackingsandsads.cfg.cfg
c:\programdata\bluestacks\userdata\inputmapper\org.supergonk.safecrackerpremium.cfg
c:\programdata\bluestacks\userdata\inputmapper\org.supergonk.safecrackerpremium.cfg.cfg
hosts 127.0.0.1 hl2rcv.adobe.com
hosts 127.0.0.1 adobeereg.com
hosts 127.0.0.1 activate.adobe.com
hosts 127.0.0.1 practivate.adobe.com
hosts 127.0.0.1 ereg.adobe.com
hosts 127.0.0.1 activate.wip3.adobe.com
hosts 127.0.0.1 ereg.wip3.adobe.com
hosts 127.0.0.1 wip3.adobe.com
hosts 127.0.0.1 activate-sea.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip60.adobe.com
hosts 127.0.0.1 activate-sjc0.adobe.com
hosts 127.0.0.1 3dns.adobe.com
hosts 127.0.0.1 3dns-1.adobe.com
hosts 127.0.0.1 3dns-2.adobe.com
hosts 127.0.0.1 3dns-3.adobe.com
hosts 127.0.0.1 3dns-4.adobe.com
hosts 127.0.0.1 adobe-dns.adobe.com
hosts 127.0.0.1 adobe-dns-1.adobe.com
hosts 127.0.0.1 adobe-dns-2.adobe.com
hosts 127.0.0.1 adobe-dns-3.adobe.com
hosts 127.0.0.1 adobe-dns-4.adobe.com
hosts 127.0.0.1 adobe-dns-5.adobe.com
scanner sequence 3.ZZ.11.LNNAQZ
 ----- EOF -----
 



#5 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,917 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:06:15 PM

Posted 18 July 2017 - 03:06 PM

l8trs5:

 

Thank you for your CKScanner log.

 

Please confirm that you are willing to execute a FRST "fixlist" script, which will remove any identified possible entries in the FRST logs that could indicate the presence of pirated software on your computer.  The entries targeted for removal by the FRST "fixlist" script that I have prepared have no other purpose than to defeat legitimate software licensing.

 

The FRST "fixlist" script is prepared for your computer, but I am not prepared to provide it to you without your written consent.  I had an unfortunate experience with a previous client, some time ago, who was most upset that the "cracked" software that client had installed, did not work after the the FRST "fixlist" script that I provided was run, despite the fact that I had told that client explicitly that it would remove any "cracks" that I had detected in the FRST logs.

 

It is entirely your decision because it is your computer.  My primary aim is to disinfect your computer, and that alone.

 

The issue arises that some of the standard anti-malware scans that I will use subsequently will remove "cracks", "keygens", and other illicit apps designed to circumvent legitimate licensing of software applications on your computer without notice, so it is best that we have this conversation, "up-front."  It is very difficult, if not impossible, to disinfect a computer completely and leave illicit apps that might re-download malware that I have removed.  Since I am volunteering my time, my personal policy is not to waste my time if the user does not want to part with their "cracked" software.

 

That is their decision.  I don't work for the software companies, but I do want to make sure that when I have declared a computer "clean", it is indeed clean.  What happens after that is not my responsibility.

 

So please let me know if you want to proceed with disinfecting your computer.  I am more than willing to help you.  Many people who I have assisted on this Forum did not even know that a friend or family member had installed cracked software on their computer; or, they bought a used computer from someone and they had nothing whatsoever to do with the cracked software and they knew nothing about it.  As I told you, in my previous post, I am not even suggesting that you knowingly installed the software "cracks."

 

If you don't want my further assistance, please let me know and I will conclude your topic.

 

Thank you and have a great day.

 

Regards,

-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#6 l8trs5

l8trs5
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 18 July 2017 - 05:23 PM

Not a problem, I want to have this computer fixed and working at optimal performance and want to continue. I appreciate your assistance so far and ready to proceed.


Edited by l8trs5, 18 July 2017 - 05:24 PM.


#7 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,917 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:06:15 PM

Posted 19 July 2017 - 11:38 AM

l8trs5:

Thank you for your patience while I analyzed your FRST logs and for your consent to remove possible software "cracks" from your computer.

Before we start dealing with the problems you are experiencing, I would ask that you to take note of the following points:

  • I am a Bleeping Computer volunteer, so I ask you to be patient. I know it is frustrating when your computer is not working properly, but malware removal takes time.
  • Please also remember that I can only dedicate a limited number of hours a day to helping people. We may live in different time zones, which may cause delays in responding.
  • If I have not responded to you within 48 hours, please send me a personal message. Likewise, I expect you to respond within 48 hours, and sooner is better because we can fix your computer faster.
  • If I have not heard from you in three days, I will "bump" your post. After five days of no response, I will consider that you no longer need my assistance and this thread will be closed.
  • Logs can take a while to research, so please be patient.
  • Some issues just cannot be solved so you must be prepared for this.
  • Please read and follow the instructions in the exact sequence that they are posted to avoid making a bad situation worse.
  • Please print or copy and save the instructions.
  • Back up all your data and important files on another (external) drive before starting to run malware removal tools.
  • You should try to limit your browsing with this computer until you are given the "All Clear." Some malware applications steal passwords.
  • Please do not install or uninstall any applications, unless directed. Don't run any scripts or tools on your own because unsupervised usage may cause more harm than good.
  • Please use only the tools you have been instructed to use.
  • If you are using CD/DVD emulation software, this should be uninstalled or disabled as it can interfere with the removal of some malware. It can be turned off with Defogger and then turned back on when you get the "All Clear."
  • Please copy and paste the requested log files inside your post(s), unless otherwise instructed. Please do not use code or quote boxes.
  • There are no silly questions. Ask for clarification, if you have any questions or concerns.
  • Bleeping Computer does not support any piracy. Evidence of illegal OS, software, cracks/keygens, etc., will be revealed by scan logs, and if found, further assistance may be suspended. Uninstall such software before proceeding!
  • Any P2P software such as uTorrent, BitTorrent, Kazaa, etc. must be uninstalled or completely disabled. P2P software is a major security risk to your computer and may have been the route the malware used to infect your computer.
  • Failure to follow these guidelines may result in assistance being withdrawn and your thread being closed.
  • I am volunteering my time to help you, and I will need you to help me. Together, we can, hopefully, disinfect your computer and get if functioning properly again. That is my only aim.

.

OK, let's get started ...

.

:step1: The FRST logs show that you have run ComboFix. That is not a good idea. :( Please see this link for more information. We will have to remove its many files and programs in a subsequent step.

.

:step2: I have found some suspicious files that might be malware.

Please upload the following file(s) individually to VirusTotal.:

  • C:\Users\WhiteTiger\AppData\Roaming\MicrosoftHostHelper\Winlogin.exe
  • C:\Users\WhiteTiger\AppData\Roaming\MicrosoftHostHelper\hidconall.exe
  • C:\Users\WhiteTiger\AppData\Roaming\MicrosoftHostHelper\RuntimeBrokers.exe
  • C:\dDusr32.tmp\OhMwmzP.vbs
  • C:\LjKiF78.tmp\dkrZalGE.vbs
  • C:\Windows\System32\DRIVERS\phantomtap.sys
  • C:\Windows\PE_Rom.dll
  • C:\Users\WhiteTiger\AppData\Local\Temp\DaS_21.exe
  • Please press the Scan it! button to produce a fresh scan.
  • When the scan completes, please copy and paste the URL/link at the top of the screen into your next reply so that I can review the scan results.
  • Repeat until all of the files listed above have been scanned and all URLs/links have been copied into your reply.

.

:step3: Please run a FRST fix for me.

There are remnants of Avira present on your computer. This FRST "fixlist" script will remove them. If you do not want them to be removed, please do not run the script. Avira is not showing as an installed program on your computer.

NOTICE: This FRST "fixlist" script was written specifically for this user, for use on this individual computer. Running this on another computer may cause damage to your operating system.
 

Start::
CreateRestorePoint:
CloseProcesses:
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe
HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [66656 2017-06-28] (Avira Operations GmbH & Co. KG) <==== ATTENTION
R2 SpeedupService; C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe [74800 2017-06-28] (Avira Operations GmbH & Co. KG)
C:\Program Files (x86)\Avira
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
File: C:\dDusr32.tmp\OhMwmzP.vbs
File: C:\LjKiF78.tmp\dkrZalGE.vbs
CMD: netsh winsock reset
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Extension: (Video DownloadHelper) - C:\Users\WhiteTiger\AppData\Roaming\Mozilla\Firefox\Profiles\ayr82law.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-05-13]
U3 amiukrvz; C:\Windows\System32\Drivers\amiukrvz.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
C:\Windows\System32\Drivers\amiukrvz.sys
2017-07-17 14:04 - 2017-07-17 14:04 - 00000000 ____D C:\Users\WhiteTiger\AppData\Local\AviraSpeedup
2017-07-17 14:01 - 2017-07-17 15:42 - 00000000 ____D C:\Users\Public\Speedup Sessions
2017-07-17 14:01 - 2017-07-17 14:01 - 00003658 _____ C:\Windows\System32\Tasks\AviraSystemSpeedupUpdate
2017-07-17 14:01 - 2017-07-17 14:01 - 00000000 ____D C:\Windows\System32\Tasks\Avira
2017-07-17 14:01 - 2017-07-17 14:01 - 00000000 ____D C:\Users\WhiteTiger\AppData\Local\Avira
2017-07-17 13:57 - 2017-07-17 15:42 - 00000000 ____D C:\Program Files (x86)\Avira
2017-07-17 13:57 - 2017-07-17 14:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-07-17 13:57 - 2017-07-17 14:53 - 00000000 ____D C:\ProgramData\Avira
2017-07-17 13:57 - 2017-07-17 13:57 - 04806912 _____ (Avira Operations GmbH & Co. KG) C:\Users\WhiteTiger\Downloads\avira_en_av_596d246be0b4b__ws.exe
Folder: C:\Users\WhiteTiger\AppData\Roaming\MicrosoftHostHelper
File: C:\Windows\System32\Tasks\zadanie1
Folder: C:\dDusr32.tmp
Folder: C:\LjKiF78.tmp
Folder: C:\Users\WhiteTiger\AppData\Roaming\RUT_settings
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers01: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
ContextMenuHandlers02: [AlcoholShellEx] -> {32020A01-506E-484D-A2A8-BE3CF17601C3} =>  -> No File
ContextMenuHandlers03: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
ContextMenuHandlers04: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
ContextMenuHandlers05: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers06: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
Task: {6DFE3EC8-69D2-4950-99FD-FDE652BABE7A} - System32\Tasks\AviraSystemSpeedupUpdate => C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe [2017-07-17] (Avira Operations GmbH & Co. KG                              )
Task: {A7B5FF4C-C393-4B9A-9B36-637839AB5C09} - System32\Tasks\Avira\System Speedup\TestScheduler => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [2017-06-28] (Avira Operations GmbH & Co. KG)
AlternateDataStreams: C:\Users\WhiteTiger\AppData\Local\2oDqxPyU6:aca2xRGQetNi7assn1beHbJeAK3O [2386]
AlternateDataStreams: C:\Users\WhiteTiger\AppData\Local\dvDhgkePAkn:5X9ZSU9xry2xAcjyUeZrHOE [2488]
Hosts:
End::
  • Please highlight the entire contents of the code box above, from the "Start::" line to the "End::" line, including both of those lines, right click, and select "Copy", which will copy the "fix" script into the Windows clipboard.
  • Right click FRST/FRST64.exe, and select "Run as Administrator".
  • Press Fix button once and wait.
  • Please reboot the computer, if requested.
  • A log file called "fixlog.txt" will be saved in the same folder as the FRST program is located.
  • Please copy and paste the contents of the "fixlog.txt" file into your next reply.

.


Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#8 l8trs5

l8trs5
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 19 July 2017 - 10:07 PM

1. https://www.virustotal.com/en/file/3b3e2d4b4367c434cc90c53165f370356383447520861cf5320d3ec68678560a/analysis/

2 .https://www.virustotal.com/en/file/022e9ae2cf5ab246eea133c6c322fc14cc3237f3c68224934de20934c1a781c0/analysis/

3. https://www.virustotal.com/en/file/4fed20bb0f3b9551cd5e5bf384a3b0fdf6396a007a63b6e732004a585c37de3a/analysis/

4. https://www.virustotal.com/en/file/473ee1d3d09f75556a0998ee8aa5ea202eaf187184933e4af61ea107ab252192/analysis/1500519280/

5. https://www.virustotal.com/en/file/ddb666d36fdad9e607b92c273e085b44ecfd1e0b089ff98b6211ca62163751d1/analysis/

6. https://www.virustotal.com/en/file/e93ba7d608ef1c709d02a2106c7a8a1ee181756bd578cdd57c6b4929b15a4d10/analysis/

7. https://www.virustotal.com/en/file/b854c540b9a59d3fb501256c2cd1424d26a324048078e68cc598b1c9b4b10649/analysis/

8. https://www.virustotal.com/en/file/9e6120050ad9e41fa1666a386760625231e52503a8823a479ca4925a016f1f52/analysis/

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-07-2017
Ran by WhiteTiger (19-07-2017 20:03:04) Run:1
Running from C:\Users\WhiteTiger\Downloads
Loaded Profiles: WhiteTiger (Available Profiles: WhiteTiger)
Boot Mode: Normal
==============================================

fixlist content:
*****************

CreateRestorePoint:
CloseProcesses:
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe
HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [66656 2017-06-28] (Avira Operations GmbH & Co. KG) <==== ATTENTION
R2 SpeedupService; C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe [74800 2017-06-28] (Avira Operations GmbH & Co. KG)
C:\Program Files (x86)\Avira
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
File: C:\dDusr32.tmp\OhMwmzP.vbs
File: C:\LjKiF78.tmp\dkrZalGE.vbs
CMD: netsh winsock reset
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Extension: (Video DownloadHelper) - C:\Users\WhiteTiger\AppData\Roaming\Mozilla\Firefox\Profiles\ayr82law.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-05-13]
U3 amiukrvz; C:\Windows\System32\Drivers\amiukrvz.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
C:\Windows\System32\Drivers\amiukrvz.sys
2017-07-17 14:04 - 2017-07-17 14:04 - 00000000 ____D C:\Users\WhiteTiger\AppData\Local\AviraSpeedup
2017-07-17 14:01 - 2017-07-17 15:42 - 00000000 ____D C:\Users\Public\Speedup Sessions
2017-07-17 14:01 - 2017-07-17 14:01 - 00003658 _____ C:\Windows\System32\Tasks\AviraSystemSpeedupUpdate
2017-07-17 14:01 - 2017-07-17 14:01 - 00000000 ____D C:\Windows\System32\Tasks\Avira
2017-07-17 14:01 - 2017-07-17 14:01 - 00000000 ____D C:\Users\WhiteTiger\AppData\Local\Avira
2017-07-17 13:57 - 2017-07-17 15:42 - 00000000 ____D C:\Program Files (x86)\Avira
2017-07-17 13:57 - 2017-07-17 14:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-07-17 13:57 - 2017-07-17 14:53 - 00000000 ____D C:\ProgramData\Avira
2017-07-17 13:57 - 2017-07-17 13:57 - 04806912 _____ (Avira Operations GmbH & Co. KG) C:\Users\WhiteTiger\Downloads\avira_en_av_596d246be0b4b__ws.exe
Folder: C:\Users\WhiteTiger\AppData\Roaming\MicrosoftHostHelper
File: C:\Windows\System32\Tasks\zadanie1
Folder: C:\dDusr32.tmp
Folder: C:\LjKiF78.tmp
Folder: C:\Users\WhiteTiger\AppData\Roaming\RUT_settings
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers01: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
ContextMenuHandlers02: [AlcoholShellEx] -> {32020A01-506E-484D-A2A8-BE3CF17601C3} =>  -> No File
ContextMenuHandlers03: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
ContextMenuHandlers04: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
ContextMenuHandlers05: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers06: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
Task: {6DFE3EC8-69D2-4950-99FD-FDE652BABE7A} - System32\Tasks\AviraSystemSpeedupUpdate => C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe [2017-07-17] (Avira Operations GmbH & Co. KG                              )
Task: {A7B5FF4C-C393-4B9A-9B36-637839AB5C09} - System32\Tasks\Avira\System Speedup\TestScheduler => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [2017-06-28] (Avira Operations GmbH & Co. KG)
AlternateDataStreams: C:\Users\WhiteTiger\AppData\Local\2oDqxPyU6:aca2xRGQetNi7assn1beHbJeAK3O [2386]
AlternateDataStreams: C:\Users\WhiteTiger\AppData\Local\dvDhgkePAkn:5X9ZSU9xry2xAcjyUeZrHOE [2488]
Hosts:

*****************

Restore point was successfully created.
Processes closed successfully.
C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe => No running process found
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Avira System Speedup User Starter => value removed successfully
HKLM\System\CurrentControlSet\Services\SpeedupService => key removed successfully
SpeedupService => service removed successfully

"C:\Program Files (x86)\Avira" folder move:

Could not move "C:\Program Files (x86)\Avira" => Scheduled to move on reboot.

HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE => value removed successfully

========================= File: C:\dDusr32.tmp\OhMwmzP.vbs ========================

File not signed
MD5: A0ABA142CE9C0C2D0EB485B7EE943D86
Creation and modification date: 2017-07-07 08:02 - 2017-07-07 07:57
Size: 0037483
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:

====== End of File: ======


========================= File: C:\LjKiF78.tmp\dkrZalGE.vbs ========================

File not signed
MD5: EA2105AE9B84632C24655E7C438C3813
Creation and modification date: 2017-07-07 07:50 - 2017-07-05 01:27
Size: 0028987
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:

====== End of File: ======


========= netsh winsock reset =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
C:\Users\WhiteTiger\AppData\Roaming\Mozilla\Firefox\Profiles\ayr82law.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi => moved successfully
amiukrvz => service not found.
"C:\Windows\System32\Drivers\amiukrvz.sys" => not found.
C:\Users\WhiteTiger\AppData\Local\AviraSpeedup => moved successfully
C:\Users\Public\Speedup Sessions => moved successfully
C:\Windows\System32\Tasks\AviraSystemSpeedupUpdate => moved successfully
C:\Windows\System32\Tasks\Avira => moved successfully
C:\Users\WhiteTiger\AppData\Local\Avira => moved successfully

"C:\Program Files (x86)\Avira" folder move:

Could not move "C:\Program Files (x86)\Avira" => Scheduled to move on reboot.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira => moved successfully
C:\ProgramData\Avira => moved successfully
C:\Users\WhiteTiger\Downloads\avira_en_av_596d246be0b4b__ws.exe => moved successfully

========================= Folder: C:\Users\WhiteTiger\AppData\Roaming\MicrosoftHostHelper ========================

2017-07-08 16:27 - 2017-07-09 02:59 - 0000090 _____ () C:\Users\WhiteTiger\AppData\Roaming\MicrosoftHostHelper\config.ini
2008-08-25 04:09 - 2008-08-25 04:09 - 0001024 ____H () C:\Users\WhiteTiger\AppData\Roaming\MicrosoftHostHelper\hidconall.exe
2017-07-01 13:16 - 2017-07-01 13:16 - 2985984 ____H (www.xmrig.com) C:\Users\WhiteTiger\AppData\Roaming\MicrosoftHostHelper\RuntimeBrokers.exe
2017-07-04 01:27 - 2017-07-04 01:27 - 0983552 ____H () C:\Users\WhiteTiger\AppData\Roaming\MicrosoftHostHelper\Winlogin.exe

====== End of Folder: ======


========================= File: C:\Windows\System32\Tasks\zadanie1 ========================

File not signed
MD5: C563B6A561DC3119226CC0506941EE0A
Creation and modification date: 2017-07-08 16:27 - 2017-07-08 16:27
Size: 0003548
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:

====== End of File: ======


========================= Folder: C:\dDusr32.tmp ========================

2017-07-07 08:02 - 2017-07-07 07:57 - 0037483 _____ () C:\dDusr32.tmp\OhMwmzP.vbs

====== End of Folder: ======


========================= Folder: C:\LjKiF78.tmp ========================

2017-07-07 07:50 - 2017-07-05 01:27 - 0028987 _____ () C:\LjKiF78.tmp\dkrZalGE.vbs

====== End of Folder: ======


========================= Folder: C:\Users\WhiteTiger\AppData\Roaming\RUT_settings ========================

2017-07-07 07:50 - 2017-07-07 07:50 - 0000000 ____D () C:\Users\WhiteTiger\AppData\Roaming\RUT_settings\Logs
2017-07-07 07:50 - 2017-07-15 17:30 - 0149032 _____ () C:\Users\WhiteTiger\AppData\Roaming\RUT_settings\Logs\rms_log_2017-07.html

====== End of Folder: ======

HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32 => key removed successfully
HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA} => key not found.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX => key removed successfully
HKLM\Software\Classes\CLSID\{6C467336-8281-4E60-8204-430CED96822D} => key not found.
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\AlcoholShellEx => key removed successfully
HKLM\Software\Classes\CLSID\{32020A01-506E-484D-A2A8-BE3CF17601C3} => key not found.
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX => key removed successfully
HKLM\Software\Classes\CLSID\{6C467336-8281-4E60-8204-430CED96822D} => key not found.
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX => key removed successfully
HKLM\Software\Classes\CLSID\{6C467336-8281-4E60-8204-430CED96822D} => key not found.
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX => key removed successfully
HKLM\Software\Classes\CLSID\{6C467336-8281-4E60-8204-430CED96822D} => key not found.
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32 => key removed successfully
HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA} => key not found.
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX => key removed successfully
HKLM\Software\Classes\CLSID\{6C467336-8281-4E60-8204-430CED96822D} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6DFE3EC8-69D2-4950-99FD-FDE652BABE7A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6DFE3EC8-69D2-4950-99FD-FDE652BABE7A} => key removed successfully
C:\Windows\System32\Tasks\AviraSystemSpeedupUpdate => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AviraSystemSpeedupUpdate => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A7B5FF4C-C393-4B9A-9B36-637839AB5C09} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7B5FF4C-C393-4B9A-9B36-637839AB5C09} => key removed successfully
C:\Windows\System32\Tasks\Avira\System Speedup\TestScheduler => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avira\System Speedup\TestScheduler => key removed successfully
C:\Users\WhiteTiger\AppData\Local\2oDqxPyU6 => ":aca2xRGQetNi7assn1beHbJeAK3O" ADS removed successfully.
C:\Users\WhiteTiger\AppData\Local\dvDhgkePAkn => ":5X9ZSU9xry2xAcjyUeZrHOE" ADS removed successfully.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 19-07-2017 20:05:28)

C:\Program Files (x86)\Avira => Is moved successfully
C:\Program Files (x86)\Avira => Is moved successfully

==== End of Fixlog 20:05:28 ====



#9 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,917 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:06:15 PM

Posted 20 July 2017 - 10:39 AM

l8trs5:

Thank you for the VirusTotal links and for the running the FRST "fixlist" script for me.

.


:step1: Please run another FRST fix for me.

NOTICE: This FRST "fixlist" script was written specifically for this user, for use on this individual computer. Running this on another computer may cause damage to your operating system.



Start::
CreateRestorePoint:
CloseProcesses:
() C:\Users\WhiteTiger\AppData\Roaming\MicrosoftHostHelper\Winlogin.exe
() C:\Users\WhiteTiger\AppData\Roaming\MicrosoftHostHelper\hidconall.exe
() C:\Users\WhiteTiger\AppData\Roaming\MicrosoftHostHelper\hidconall.exe
(www.xmrig.com) C:\Users\WhiteTiger\AppData\Roaming\MicrosoftHostHelper\RuntimeBrokers.exe
C:\dDusr32.tmp
C:\LjKiF78.tmp
C:\Users\WhiteTiger\AppData\Roaming\MicrosoftHostHelper
Folder: C:\ComboFix
Task: {24EAB29C-F6A4-4DE6-B4CB-1D8B2C5870BC} - System32\Tasks\zadanie1 => C:\Users\WhiteTiger\AppData\Roaming\MicrosoftHostHelper\Winlogin.exe [2017-07-04] ()
C:\Windows\System32\Tasks\zadanie1
EmptyTemp:
End::
  • Please highlight the entire contents of the code box above, from the "Start::" line to the "End::" line, including both of those lines, right click, and select "Copy", which will copy the "fix" script into the Windows clipboard.
  • Right click FRST/FRST64.exe, and select "Run as Administrator".
  • Press Fix button once and wait.
  • Please reboot the computer, if requested.
  • A log file called "fixlog.txt" will be saved in the same folder as the FRST program is located.
  • Please copy and paste the contents of the "fixlog.txt" file into your next reply.

.


Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#10 l8trs5

l8trs5
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 20 July 2017 - 10:47 AM

Here's the log:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-07-2017
Ran by WhiteTiger (20-07-2017 08:42:47) Run:2
Running from C:\Users\WhiteTiger\Downloads
Loaded Profiles: WhiteTiger (Available Profiles: WhiteTiger)
Boot Mode: Normal
==============================================

fixlist content:
*****************

CreateRestorePoint:
CloseProcesses:
() C:\Users\WhiteTiger\AppData\Roaming\MicrosoftHostHelper\Winlogin.exe
() C:\Users\WhiteTiger\AppData\Roaming\MicrosoftHostHelper\hidconall.exe
() C:\Users\WhiteTiger\AppData\Roaming\MicrosoftHostHelper\hidconall.exe
(www.xmrig.com) C:\Users\WhiteTiger\AppData\Roaming\MicrosoftHostHelper\RuntimeBrokers.exe
C:\dDusr32.tmp
C:\LjKiF78.tmp
C:\Users\WhiteTiger\AppData\Roaming\MicrosoftHostHelper
Folder: C:\ComboFix
Task: {24EAB29C-F6A4-4DE6-B4CB-1D8B2C5870BC} - System32\Tasks\zadanie1 => C:\Users\WhiteTiger\AppData\Roaming\MicrosoftHostHelper\Winlogin.exe [2017-07-04] ()
C:\Windows\System32\Tasks\zadanie1
EmptyTemp:

*****************

Restore point was successfully created.
Processes closed successfully.
[9488] C:\Users\WhiteTiger\AppData\Roaming\MicrosoftHostHelper\Winlogin.exe => process closed successfully.
C:\Users\WhiteTiger\AppData\Roaming\MicrosoftHostHelper\hidconall.exe => No running process found
C:\Users\WhiteTiger\AppData\Roaming\MicrosoftHostHelper\hidconall.exe => No running process found
C:\Users\WhiteTiger\AppData\Roaming\MicrosoftHostHelper\RuntimeBrokers.exe => No running process found
C:\dDusr32.tmp => moved successfully
C:\LjKiF78.tmp => moved successfully
C:\Users\WhiteTiger\AppData\Roaming\MicrosoftHostHelper => moved successfully

========================= Folder: C:\ComboFix ========================

2013-08-14 20:57 - 2017-07-17 14:54 - 0056252 _____ () C:\ComboFix\023.dat
2010-11-26 12:07 - 2010-11-26 12:07 - 0002181 _____ () C:\ComboFix\023v.dat
2010-02-12 10:55 - 2010-02-12 10:55 - 0000660 _____ () C:\ComboFix\023w7.dat
2017-07-17 14:55 - 2017-07-17 14:55 - 0000000 _____ () C:\ComboFix\3r
2012-02-10 11:12 - 2012-02-10 11:12 - 0000690 _____ () C:\ComboFix\ActiveDrv.vbs
2017-07-17 14:58 - 2017-07-17 14:58 - 0001548 _____ () C:\ComboFix\AllDrivesFolders
2017-07-17 14:54 - 2017-07-17 14:27 - 0000128 _____ () C:\ComboFix\AppData.folder.dat
2000-08-30 17:00 - 2000-08-30 17:00 - 0006760 _____ () C:\ComboFix\appinit.bad
2009-07-13 08:09 - 2009-07-13 08:09 - 0000602 _____ () C:\ComboFix\asp.str
2010-04-15 07:11 - 2010-04-15 07:11 - 0004144 _____ () C:\ComboFix\Assoc.cmd
2017-07-17 14:55 - 2017-07-17 14:55 - 0450477 _____ () C:\ComboFix\attr.dat.tmp
2017-07-17 14:45 - 2009-07-13 18:38 - 0018432 ____R (Microsoft Corporation) C:\ComboFix\ATTRIB.3XE
2017-07-17 14:58 - 2017-07-17 14:58 - 0000064 _____ () C:\ComboFix\AuthenticationPackages00
2012-06-07 03:56 - 2012-06-07 03:56 - 0004638 _____ () C:\ComboFix\av.cmd
2010-12-15 08:02 - 2010-12-15 08:02 - 0002933 _____ () C:\ComboFix\av.vbs
2012-01-03 02:27 - 2012-01-03 02:27 - 0040960 _____ () C:\ComboFix\BFE.dat
2017-07-17 14:56 - 2017-07-17 14:56 - 0000000 _____ () C:\ComboFix\BHO.dat
2017-07-17 14:56 - 2017-07-17 14:56 - 0000000 _____ () C:\ComboFix\BHOFiles.dat
2017-07-17 14:56 - 2017-07-17 14:56 - 0000845 _____ () C:\ComboFix\BHOQuery.dat
2017-07-17 14:57 - 2017-07-17 14:57 - 0000738 _____ () C:\ComboFix\BitsStr
2013-06-27 11:07 - 2013-06-27 11:07 - 0008564 _____ () C:\ComboFix\Boot.bat
2010-07-27 01:55 - 2010-07-27 01:55 - 0000875 _____ () C:\ComboFix\BootDrv.vbs
2012-09-11 07:47 - 2012-09-11 07:47 - 0005343 _____ () C:\ComboFix\Boot-Rk.cmd
2017-07-17 14:55 - 2017-07-17 14:55 - 0001504 _____ () C:\ComboFix\borlander_file.dat.tmp
2017-07-17 14:55 - 2017-07-17 14:55 - 0000439 _____ () C:\ComboFix\borlander_folder.dat.tmp
2017-07-17 14:54 - 2017-07-17 14:54 - 0000000 _____ () C:\ComboFix\c.mrk
2017-07-17 14:54 - 2017-07-17 14:27 - 0000233 _____ () C:\ComboFix\Cache.folder.dat
2017-07-17 14:55 - 2017-07-17 14:29 - 0000000 _____ () C:\ComboFix\catch_k.dat
2009-04-17 02:37 - 2009-04-17 02:37 - 0147456 ____R () C:\ComboFix\catchme.3XE
2009-04-17 02:37 - 2009-04-17 02:37 - 0147456 _____ () C:\ComboFix\Catchme.tmp
2010-10-21 01:45 - 2010-10-21 01:45 - 0001080 _____ () C:\ComboFix\Catch-sub.cmd
2017-07-17 14:54 - 2017-07-17 14:55 - 0000105 _____ () C:\ComboFix\CCS.bat
2017-07-17 14:54 - 2010-11-20 20:23 - 0345088 ____R (Microsoft Corporation) C:\ComboFix\CF1104.3XE
2017-07-17 14:57 - 2017-07-17 14:57 - 0008192 _____ () C:\ComboFix\cfdummy
2017-07-17 14:55 - 2017-07-17 14:55 - 15305422 _____ () C:\ComboFix\Cfiles.dat.tmp
2017-07-17 14:55 - 2017-07-17 14:55 - 2054275 _____ () C:\ComboFix\Cfolders.dat.tmp
2017-07-17 14:55 - 2017-07-17 14:55 - 0000003 _____ () C:\ComboFix\cfrun
2017-07-17 14:45 - 2017-07-17 14:45 - 0000019 _____ () C:\ComboFix\CHCP.bat
2017-07-17 14:55 - 2017-07-17 14:55 - 1712497 _____ () C:\ComboFix\ClistB.dat
2017-07-17 14:54 - 2017-07-17 14:54 - 0733512 _____ () C:\ComboFix\clsid.dat
2017-07-17 14:56 - 2017-07-17 14:56 - 21468450 _____ () C:\ComboFix\ClsidDumped
2017-07-17 14:56 - 2017-07-17 14:56 - 0386913 _____ () C:\ComboFix\ClsidFiles
2010-08-19 08:16 - 2010-08-19 08:16 - 0001024 _____ () C:\ComboFix\Combo-Fix.sys
2017-07-17 14:58 - 2017-07-17 14:58 - 0000502 _____ () C:\ComboFix\ComboFix.tmp
2017-07-17 14:58 - 2017-07-17 14:58 - 0020122 _____ () C:\ComboFix\ComboFix.txt
2000-08-30 17:00 - 2000-08-30 17:00 - 0236032 ____R () C:\ComboFix\ComboFix-Download.3XE
2017-07-17 14:54 - 2017-07-17 14:54 - 0002574 _____ () C:\ComboFix\ConEnv.sed
2015-08-02 11:30 - 2017-07-17 14:57 - 0628696 _____ () C:\ComboFix\Creg.dat
2017-07-17 14:58 - 2017-07-17 14:58 - 0002446 _____ () C:\ComboFix\CregB.dat
2014-07-18 12:13 - 2014-07-18 12:13 - 0004628 _____ () C:\ComboFix\CregC.cmd
2010-04-17 02:21 - 2017-07-17 14:58 - 0045864 _____ () C:\ComboFix\CregC.dat
2017-07-17 14:58 - 2017-07-17 14:58 - 0000013 _____ () C:\ComboFix\CregCx64.dat
2017-07-17 14:45 - 2013-10-11 18:33 - 0156160 ____R (Microsoft Corporation) C:\ComboFix\CSCRIPT.3XE
2011-06-06 02:52 - 2011-06-06 02:52 - 0101376 ____R () C:\ComboFix\dd.3XE
2009-05-24 18:59 - 2009-05-24 18:59 - 0007983 _____ () C:\ComboFix\ddsDo.sed
2017-07-17 14:57 - 2017-07-17 14:57 - 0000000 _____ () C:\ComboFix\del00
2013-09-10 09:17 - 2013-09-10 09:17 - 0001996 _____ () C:\ComboFix\DelClsid.bat
2017-07-17 14:56 - 2017-07-17 14:57 - 0000000 _____ () C:\ComboFix\delclsid00
2013-09-10 09:17 - 2013-09-10 09:17 - 0002005 _____ () C:\ComboFix\DelClsid64.bat
2017-07-17 14:45 - 2017-07-17 14:45 - 0000006 _____ () C:\ComboFix\DisclaimED.dat
2017-07-17 14:54 - 2017-07-17 14:54 - 0003193 _____ () C:\ComboFix\dll_whitelist.dat
2017-07-17 14:55 - 2017-07-17 14:55 - 0006386 _____ () C:\ComboFix\dll_whitelist.dat.tmp
2017-07-17 14:54 - 2017-07-17 14:54 - 0042215 _____ () C:\ComboFix\dnd.dat
2017-07-17 14:58 - 2017-07-17 14:58 - 0000211 _____ () C:\ComboFix\dollar_log.dat
2000-08-30 17:00 - 2000-08-30 17:00 - 0000746 _____ () C:\ComboFix\DPF.str
2017-07-17 14:55 - 2017-07-17 14:31 - 0000040 _____ () C:\ComboFix\drev_.dat
2017-07-17 14:55 - 2017-07-17 14:31 - 0000027 _____ () C:\ComboFix\drev_F.dat
2017-07-17 14:55 - 2017-07-17 14:55 - 0000020 _____ () C:\ComboFix\Drive.folder.dat
2017-07-17 14:55 - 2017-07-17 14:55 - 0000084 _____ () C:\ComboFix\DriveFile.dat
2017-07-17 14:58 - 2017-07-17 14:58 - 0000012 _____ () C:\ComboFix\DrivesB.dat
2010-04-18 11:44 - 2010-04-18 11:44 - 0000650 _____ () C:\ComboFix\DrvRun.vbs
2000-08-30 17:00 - 2000-08-30 17:00 - 0051200 ____R () C:\ComboFix\dumphive.3XE
2000-08-30 17:00 - 2000-08-30 17:00 - 0000303 _____ () C:\ComboFix\embedded.sed
2017-07-17 14:54 - 2017-07-17 14:54 - 0000565 _____ () C:\ComboFix\Env.sed
2005-10-20 05:02 - 2005-10-20 05:02 - 0163328 _____ () C:\ComboFix\ERDNT.e_e
2000-08-30 17:00 - 2000-08-30 17:00 - 0002815 _____ () C:\ComboFix\ERDNTDOS.LOC
2000-08-30 17:00 - 2000-08-30 17:00 - 0003275 _____ () C:\ComboFix\ERDNTWIN.LOC
2017-07-17 14:55 - 2017-07-17 14:57 - 0000573 _____ () C:\ComboFix\ErrTrap1
2005-10-20 05:00 - 2005-10-20 05:00 - 0394752 ____R () C:\ComboFix\ERUNT.3XE
2017-07-17 14:54 - 2017-07-17 14:26 - 0000010 _____ () C:\ComboFix\erunt.dat
2000-08-30 17:00 - 2000-08-30 17:00 - 0004090 _____ () C:\ComboFix\ERUNT.LOC
2014-07-18 12:03 - 2014-07-18 12:03 - 0018262 _____ () C:\ComboFix\Exe.reg
2000-08-30 17:00 - 2000-08-30 17:00 - 0052736 ____R () C:\ComboFix\extract.3XE
2017-07-17 14:54 - 2017-07-17 14:54 - 0000000 _____ () C:\ComboFix\f_system
2017-07-17 14:58 - 2017-07-17 14:58 - 0000000 _____ () C:\ComboFix\F3m.mrk
2017-07-17 14:55 - 2017-07-17 14:55 - 0000022 _____ () C:\ComboFix\FavFolderD.dat
2017-07-17 14:54 - 2017-07-17 14:54 - 0000034 _____ () C:\ComboFix\FdsvOK
2010-08-29 13:45 - 2010-08-29 13:45 - 0038901 _____ () C:\ComboFix\ffdefstr.dll
2012-10-13 15:36 - 2012-10-13 15:36 - 0000480 _____ () C:\ComboFix\ffext.pif
2017-07-17 14:58 - 2017-07-17 14:58 - 0000040 _____ () C:\ComboFix\FFRootB
2000-08-30 17:00 - 2000-08-30 17:00 - 0145920 ____R () C:\ComboFix\FileKill.3XE
2017-07-11 09:27 - 2017-07-11 09:27 - 0003490 _____ () C:\ComboFix\files.pif
2010-08-09 13:32 - 2010-08-09 13:32 - 0000677 _____ () C:\ComboFix\Fin.dat
2014-07-20 11:12 - 2014-07-20 11:12 - 0036477 _____ () C:\ComboFix\FIND3M.bat
2013-10-03 02:05 - 2013-10-03 02:05 - 0079579 _____ () C:\ComboFix\FIXLSP.bat
2013-10-03 04:05 - 2013-10-03 04:05 - 0066239 _____ () C:\ComboFix\FIXLSP64.cmd
2011-07-19 13:38 - 2011-07-19 13:38 - 0001115 _____ () C:\ComboFix\FKMGen.cmd
2017-07-17 14:54 - 2017-07-17 14:54 - 0000895 _____ () C:\ComboFix\ForeignWht
2017-07-17 14:58 - 2017-07-17 14:58 - 0008262 _____ () C:\ComboFix\FPlugins
2017-07-17 14:58 - 2017-07-17 14:58 - 0000879 _____ () C:\ComboFix\FPluginsB
2017-07-17 14:54 - 2017-07-17 14:54 - 0000013 _____ () C:\ComboFix\Gateway
2013-06-06 04:20 - 2013-06-06 04:20 - 0006103 _____ () C:\ComboFix\GetHive.cmd
2017-07-17 14:55 - 2017-07-17 14:55 - 0032027 _____ () C:\ComboFix\GOLDUN.DAT.tmp
2000-08-30 17:00 - 2000-08-30 17:00 - 0080412 ____R () C:\ComboFix\grep.3XE
2000-08-30 17:00 - 2000-08-30 17:00 - 0015360 ____R () C:\ComboFix\gsar.3XE
2008-11-17 22:15 - 2008-11-17 22:15 - 0417136 ____R (Sysinternals) C:\ComboFix\handle.3XE
2005-08-15 10:54 - 2005-08-15 10:54 - 0001536 ____R () C:\ComboFix\hidec.3XE
2009-10-20 02:25 - 2009-10-20 02:25 - 0000954 _____ () C:\ComboFix\history.bat
2017-07-17 14:54 - 2017-07-17 14:27 - 0000063 _____ () C:\ComboFix\History.folder.dat
2009-04-19 21:56 - 2009-04-19 21:56 - 0060416 _____ (NirSoft) C:\ComboFix\iexplore.exe
2000-08-30 17:00 - 2000-08-30 17:00 - 0001057 _____ () C:\ComboFix\image001.gif
2010-09-04 16:07 - 2010-09-04 16:07 - 0000224 _____ () C:\ComboFix\Imefile.dat
2011-03-08 18:49 - 2011-03-08 18:49 - 0001374 _____ () C:\ComboFix\katch.cmd
2017-07-17 14:54 - 2017-07-17 14:54 - 0000012 _____ () C:\ComboFix\kmd.dat
2012-09-03 07:04 - 2012-09-03 07:04 - 0000322 _____ () C:\ComboFix\KNetSvcs.vbs
2017-07-17 14:58 - 2017-07-17 14:58 - 0000258 _____ () C:\ComboFix\L_Beep00
2012-06-24 17:55 - 2012-06-24 17:55 - 0254294 _____ () C:\ComboFix\Lang.bat
2017-07-17 14:55 - 2017-07-17 14:55 - 0000754 _____ () C:\ComboFix\LegacyFull
2017-07-17 14:55 - 2017-07-17 14:55 - 0000058 _____ () C:\ComboFix\LegacyNoSvc
2013-06-12 15:25 - 2013-06-12 15:25 - 0002556 _____ () C:\ComboFix\lnkread.vbs
2017-07-17 14:54 - 2017-07-17 14:27 - 0000104 _____ () C:\ComboFix\LocalAppData.folder.dat
2000-08-30 17:00 - 2017-07-17 14:58 - 0000294 _____ () C:\ComboFix\LocalService.dat
2000-08-30 17:00 - 2017-07-17 14:58 - 0000149 _____ () C:\ComboFix\LocalServiceNetworkRestricted.dat
2017-07-17 14:54 - 2017-07-17 14:27 - 0000104 _____ () C:\ComboFix\LocalSettings.folder.dat
2000-08-30 17:00 - 2017-07-17 14:58 - 0000254 _____ () C:\ComboFix\LocalSystemNetworkRestricted.dat
2017-07-17 14:58 - 2017-07-17 14:58 - 0000115 _____ () C:\ComboFix\Look.dat
2017-07-17 14:58 - 2017-07-17 14:58 - 0000000 _____ () C:\ComboFix\LSPDone
2009-10-24 15:11 - 2009-10-24 15:11 - 0184320 ____R () C:\ComboFix\mbr.3XE
2010-08-28 20:30 - 2010-08-28 20:30 - 0002141 _____ () C:\ComboFix\mbr.chk
2017-07-11 09:27 - 2017-07-17 14:54 - 0007616 _____ () C:\ComboFix\md5sum.pif
2012-07-25 13:26 - 2012-07-25 13:26 - 0279004 _____ () C:\ComboFix\MDWht.dat
2017-07-17 14:58 - 2017-07-17 14:58 - 0000770 _____ () C:\ComboFix\MissingFiles.dat
2011-07-28 12:06 - 2011-07-28 12:06 - 0002862 _____ () C:\ComboFix\MoveIt.bat
2012-02-10 21:48 - 2012-02-10 21:48 - 0008192 _____ () C:\ComboFix\MpsSvc.dat
2000-08-30 17:00 - 2000-08-30 17:00 - 0011264 ____R () C:\ComboFix\mtee.3XE
2017-07-17 14:45 - 2017-07-17 14:45 - 0000007 _____ () C:\ComboFix\MUI
2017-07-17 14:54 - 2017-07-17 14:27 - 0000054 _____ () C:\ComboFix\Music.folder.dat
2017-07-17 14:54 - 2017-07-17 14:54 - 0000794 _____ () C:\ComboFix\MWindows.dat
2000-08-30 17:00 - 2000-08-30 17:00 - 0000000 _____ () C:\ComboFix\mynul.dat
2013-01-31 11:43 - 2013-01-31 11:43 - 0000033 _____ () C:\ComboFix\MZChanged.dat
2011-08-26 05:38 - 2017-07-17 14:55 - 0008821 ____R () C:\ComboFix\ncmd.com
2012-10-30 08:56 - 2012-10-30 08:56 - 0067554 _____ () C:\ComboFix\ND_.bat
2012-10-30 08:57 - 2012-10-30 08:57 - 0018996 _____ () C:\ComboFix\ND_64.bat
2009-12-24 01:12 - 2009-12-24 01:12 - 0000283 _____ () C:\ComboFix\ndis_combofix.dat
2017-07-17 14:54 - 2017-07-17 14:27 - 0000075 _____ () C:\ComboFix\NetHood.folder.dat
2010-04-14 03:21 - 2017-07-17 14:57 - 0126122 _____ () C:\ComboFix\netsvc.bad.dat
2000-08-30 17:00 - 2017-07-17 14:54 - 0000489 _____ () C:\ComboFix\netsvc.dat
2017-07-17 14:58 - 2017-07-17 14:58 - 0000353 _____ () C:\ComboFix\netsvc_x86.dat
2017-07-17 14:58 - 2017-07-17 14:58 - 0000008 _____ () C:\ComboFix\netsvc64.bad.dat
2000-08-30 17:00 - 2017-07-17 14:58 - 0000126 _____ () C:\ComboFix\NetworkService.dat
2009-04-19 21:56 - 2009-04-19 21:56 - 0060416 ____R (NirSoft) C:\ComboFix\NirCmd.3XE
2017-07-17 14:45 - 2009-04-19 21:56 - 0060416 _____ (NirSoft) C:\ComboFix\NircmdB.exe
2009-04-19 21:56 - 2009-04-19 21:56 - 0058880 ____R (NirSoft) C:\ComboFix\NirCmdC.3XE
2009-04-19 21:56 - 2009-04-19 21:56 - 0060416 ____R (NirSoft) C:\ComboFix\NIRKMD.3XE
2017-07-17 14:45 - 2017-07-17 14:45 - 0000006 _____ () C:\ComboFix\NlsLanguageDefault
2017-07-17 14:58 - 2017-07-17 14:58 - 0000045 _____ () C:\ComboFix\NoX2del
2013-07-07 09:43 - 2013-07-07 09:43 - 0049591 _____ () C:\ComboFix\NT-OS.cmd
2017-07-17 14:54 - 2017-07-17 14:58 - 0000003 _____ () C:\ComboFix\NULL
2017-07-17 14:57 - 2017-07-17 14:57 - 0000312 _____ () C:\ComboFix\OriO4Files.dat
2017-07-17 14:57 - 2017-07-17 14:57 - 0002975 _____ () C:\ComboFix\OriO4FilesB.dat
2017-07-17 14:54 - 2017-07-17 14:54 - 0000080 _____ () C:\ComboFix\OsId.txt
2000-08-30 17:00 - 2000-08-30 17:00 - 0000977 _____ () C:\ComboFix\OSid.vbs
2017-07-17 14:57 - 2017-07-17 14:57 - 0000000 _____ () C:\ComboFix\patched.af
2017-07-17 14:57 - 2017-07-17 14:57 - 0000094 _____ () C:\ComboFix\PathSearch
2002-09-28 22:01 - 2002-09-28 22:01 - 0180224 ____R () C:\ComboFix\pausep.3XE
2017-07-17 14:54 - 2017-07-17 14:54 - 0000802 _____ () C:\ComboFix\pend.txt
2011-06-25 23:45 - 2011-06-25 23:45 - 0256000 ____R () C:\ComboFix\pev.3XE
2017-07-17 14:45 - 2011-06-25 23:45 - 0256000 _____ () C:\ComboFix\PEV.exe
2011-01-27 18:28 - 2011-01-27 18:28 - 0102400 ____R () C:\ComboFix\pevb.3XE
2017-07-17 14:54 - 2017-07-17 14:27 - 0000089 _____ () C:\ComboFix\Pictures.folder.dat
2017-07-17 14:45 - 2009-07-13 18:39 - 0016896 ____R (Microsoft Corporation) C:\ComboFix\PING.3XE
2009-07-05 12:51 - 2009-07-05 12:51 - 0002992 _____ () C:\ComboFix\Policies.dat
2017-07-17 14:56 - 2017-07-17 14:56 - 0000000 _____ () C:\ComboFix\Poweliks.dat
2010-05-13 01:57 - 2010-05-13 01:57 - 0000064 _____ () C:\ComboFix\powp.dat
2017-07-17 14:54 - 2017-07-17 14:54 - 0000037 _____ () C:\ComboFix\PreDIR
2013-08-16 09:55 - 2013-08-16 09:55 - 0002896 _____ () C:\ComboFix\Prep.inf
2017-07-17 14:54 - 2017-07-17 14:27 - 0000075 _____ () C:\ComboFix\PrintHood.folder.dat
2017-07-17 14:54 - 2017-07-17 14:27 - 0000224 _____ () C:\ComboFix\Profiles.Folder.dat
2017-07-17 14:54 - 2017-07-17 14:27 - 0000253 _____ () C:\ComboFix\Profiles.Folder.folder.dat
2017-07-17 14:54 - 2017-07-17 14:27 - 0000063 _____ () C:\ComboFix\Profiles_wo_ntuser.Folder.dat
2017-07-17 14:54 - 2017-07-17 14:55 - 0076464 _____ () C:\ComboFix\progfile.dat
2000-08-30 17:00 - 2000-08-30 17:00 - 0000404 _____ () C:\ComboFix\Purity.dat
2006-03-02 23:42 - 2006-03-02 23:42 - 0073728 ____R () C:\ComboFix\PV.3XE
2006-03-02 08:42 - 2006-03-02 08:42 - 0073728 _____ () C:\ComboFix\pv.com
2017-07-17 14:45 - 2017-07-17 14:45 - 0000118 _____ () C:\ComboFix\rar_sfx.cmd
2000-08-30 17:00 - 2000-08-30 17:00 - 0007478 _____ () C:\ComboFix\RCLink.dat
2017-07-17 14:57 - 2017-07-17 14:57 - 0000417 _____ () C:\ComboFix\RcRdyList
2017-07-17 14:54 - 2017-07-17 14:54 - 0000007 _____ () C:\ComboFix\RcVer00
2017-07-17 14:54 - 2017-07-17 14:27 - 0000064 _____ () C:\ComboFix\Recent.folder.dat
2000-08-30 17:00 - 2000-08-30 17:00 - 0003558 _____ () C:\ComboFix\REGDACL.sed
2000-08-30 17:00 - 2000-08-30 17:00 - 0009203 _____ () C:\ComboFix\RegDo.sed
2010-09-16 13:03 - 2010-09-16 13:03 - 0001153 _____ () C:\ComboFix\region.dat
2017-07-17 14:56 - 2017-07-17 14:56 - 0000006 _____ () C:\ComboFix\RegRun01
2017-07-17 14:58 - 2017-07-17 14:58 - 0000180 _____ () C:\ComboFix\RegRunOriB
2012-11-02 05:55 - 2012-11-02 05:55 - 0022204 _____ () C:\ComboFix\RegScan64.cmd
2017-07-17 14:54 - 2017-07-17 14:54 - 0427008 _____ (Microsoft Corporation) C:\ComboFix\REGT.3XE
2017-07-17 14:55 - 2017-07-17 14:57 - 0000000 _____ () C:\ComboFix\RenVDel.dat
2017-07-17 14:57 - 2017-07-17 14:57 - 0000000 _____ () C:\ComboFix\RenVSuspect
2017-07-17 14:45 - 2017-07-17 14:47 - 0000236 _____ () C:\ComboFix\Resident.txt
2017-07-17 14:54 - 2017-07-17 14:54 - 0000000 _____ () C:\ComboFix\restore_pt.dat
2009-11-14 14:35 - 2009-11-14 14:35 - 0000442 _____ () C:\ComboFix\Rkey.cmd
2010-11-07 10:20 - 2010-11-07 10:20 - 0208896 ____R () C:\ComboFix\rmbr.3XE
2012-08-30 14:19 - 2012-08-30 14:19 - 0819857 ____R () C:\ComboFix\RNullFix64.3XE
2012-10-30 10:43 - 2012-10-30 10:43 - 0000810 _____ () C:\ComboFix\rogues.dat
2017-07-17 14:45 - 2009-07-13 18:39 - 0021504 ____R (Microsoft Corporation) C:\ComboFix\ROUTE.3XE
2017-07-17 14:54 - 2017-07-17 14:54 - 0002548 _____ () C:\ComboFix\run.sed
2000-08-30 17:00 - 2000-08-30 17:00 - 0000287 _____ () C:\ComboFix\run2.sed
2009-06-09 20:38 - 2009-06-09 20:38 - 0000030 _____ () C:\ComboFix\Rust.str
1999-11-10 09:00 - 1999-11-10 09:00 - 0038400 ____R () C:\ComboFix\s0rt.3XE
2000-08-30 17:00 - 2000-08-30 17:00 - 0000329 _____ () C:\ComboFix\safeboot.dat
2012-11-01 23:25 - 2017-07-17 14:54 - 0001892 _____ () C:\ComboFix\safeboot.def.dat
2017-07-17 14:58 - 2017-07-17 14:58 - 0000156 _____ () C:\ComboFix\safeboot00
2000-08-30 17:00 - 2000-08-30 17:00 - 0098816 ____R () C:\ComboFix\sed.3XE
2017-07-17 14:54 - 2017-07-17 14:27 - 0000064 _____ () C:\ComboFix\SendTo.folder.dat
2017-07-17 14:55 - 2017-07-17 14:55 - 0056593 _____ () C:\ComboFix\ServiceFiles.dat
2014-07-11 21:42 - 2014-07-11 21:42 - 0017606 _____ () C:\ComboFix\SetEnvmt.bat
2000-08-30 17:00 - 2000-08-30 17:00 - 0066172 ____R () C:\ComboFix\setpath.3XE
2017-07-17 14:54 - 2017-07-17 14:54 - 0006531 _____ () C:\ComboFix\SetPath.bat
2017-07-17 14:45 - 2017-07-17 14:45 - 0002571 _____ () C:\ComboFix\setpath_N.cmd
2006-06-10 14:42 - 2006-06-10 14:42 - 0049152 _____ (Inv Softworks LLC) C:\ComboFix\SF.exe
2017-07-17 14:45 - 2017-07-17 14:45 - 0000014 _____ () C:\ComboFix\sfx.cmd
2012-05-23 09:10 - 2012-05-23 09:10 - 0376832 _____ () C:\ComboFix\ShAccess.dat
2011-06-23 11:52 - 2011-06-23 11:52 - 0004634 _____ () C:\ComboFix\SnapShot.cmd
2009-05-24 17:52 - 2009-05-24 17:52 - 0520621 ____R () C:\ComboFix\sqlite3.3XE
2015-10-07 01:03 - 2015-10-07 01:03 - 0404614 _____ () C:\ComboFix\srizbi.md5
2017-07-17 14:54 - 2017-07-17 14:54 - 0000002 _____ () C:\ComboFix\Start_dat
2017-07-17 14:54 - 2017-07-17 14:27 - 0000394 _____ () C:\ComboFix\StartUp.folder.dat
2017-07-17 14:58 - 2017-07-17 14:58 - 0000000 _____ () C:\ComboFix\StartupOrphans.txt
2012-11-12 01:48 - 2012-11-12 01:48 - 0021075 _____ () C:\ComboFix\SuppScan.cmd
2017-07-17 14:56 - 2017-07-17 14:56 - 0000000 _____ () C:\ComboFix\SuspectB_netsvc.dat
2017-07-17 14:55 - 2017-07-17 14:57 - 0002685 _____ () C:\ComboFix\suspectSvc.dat
2009-11-28 15:42 - 2017-07-17 14:54 - 0014828 _____ () C:\ComboFix\svc_wht.dat
2017-07-17 14:55 - 2017-07-17 14:57 - 0149180 _____ () C:\ComboFix\SvcCovered
2017-07-17 14:55 - 2017-07-17 14:55 - 0000862 _____ () C:\ComboFix\SvcDiff
2000-08-30 17:00 - 2000-08-30 17:00 - 0002176 _____ () C:\ComboFix\SvcDrv.vbs
2017-07-17 14:55 - 2017-07-17 14:55 - 0034964 _____ () C:\ComboFix\SvcDump
2017-07-17 14:55 - 2017-07-17 14:55 - 0007001 _____ () C:\ComboFix\SvcDumpB
2017-07-17 14:55 - 2017-07-17 14:55 - 1050686 _____ () C:\ComboFix\SvcDumpFull
2017-07-17 14:55 - 2017-07-17 14:55 - 0006982 _____ () C:\ComboFix\SvcFull
2013-06-03 10:06 - 2013-06-03 10:06 - 0001467 _____ () C:\ComboFix\svchost.dat
2017-07-17 14:55 - 2017-07-17 14:58 - 0041019 _____ () C:\ComboFix\svclist.dat
2017-07-17 14:55 - 2017-07-17 14:27 - 0000117 _____ () C:\ComboFix\SvcTarget.dat
2017-07-17 14:57 - 2017-07-17 14:57 - 1748150 _____ () C:\ComboFix\SvcTempAa
2000-08-30 17:00 - 2000-08-30 17:00 - 0518144 ____R (SteelWerX) C:\ComboFix\swreg.3XE
2000-08-30 17:00 - 2000-08-30 17:00 - 0406528 ____R (SteelWerX) C:\ComboFix\swsc.3XE
2000-08-30 17:00 - 2000-08-30 17:00 - 0212480 ____R (SteelWerX) C:\ComboFix\swxcacls.3XE
2017-07-17 14:58 - 2017-07-17 14:58 - 0034482 _____ () C:\ComboFix\sys_enum.dat
2017-07-17 14:54 - 2017-07-17 14:26 - 0000829 _____ () C:\ComboFix\SysPath.dat
2000-08-30 17:00 - 2000-08-30 17:00 - 0000276 _____ () C:\ComboFix\system_ini.dat
1999-11-09 17:00 - 1999-11-09 17:00 - 0035328 ____R () C:\ComboFix\tail.3XE
2017-07-17 14:58 - 2017-07-17 14:58 - 0009737 _____ () C:\ComboFix\temp00-X64
2017-07-17 14:58 - 2017-07-17 14:58 - 0008893 _____ () C:\ComboFix\temp01-X64
2017-07-17 14:58 - 2017-07-17 14:58 - 0000000 _____ () C:\ComboFix\temp02-X64
2017-07-17 14:56 - 2017-07-17 14:56 - 0000000 _____ () C:\ComboFix\temp0900
2017-07-17 14:56 - 2017-07-17 14:56 - 0000000 _____ () C:\ComboFix\temp2000
2017-07-17 14:57 - 2017-07-17 14:57 - 0000000 _____ () C:\ComboFix\temp4000
2017-07-17 14:57 - 2017-07-17 14:57 - 0000000 _____ () C:\ComboFix\temp5000
2017-07-17 14:58 - 2017-07-17 14:58 - 0000122 _____ () C:\ComboFix\ToolB-00-X64
2009-10-29 22:26 - 2009-10-29 22:26 - 0000633 _____ () C:\ComboFix\toolbar.sed
2017-07-17 14:54 - 2017-07-17 14:54 - 0000606 _____ () C:\ComboFix\unhand.dat
2017-07-17 14:55 - 2017-07-17 14:55 - 0000000 _____ () C:\ComboFix\Unhandled.dat
2012-01-09 18:47 - 2012-01-09 18:47 - 0003987 _____ () C:\ComboFix\Update-CF.cmd
2017-07-17 14:56 - 2017-07-17 14:56 - 0000000 _____ () C:\ComboFix\UploadThese
2017-07-17 14:58 - 2017-07-17 14:58 - 0000000 _____ () C:\ComboFix\uWebBrowser01-X64
2017-07-17 14:58 - 2017-07-17 14:58 - 0000000 _____ () C:\ComboFix\uWebBrowser02-X64
2017-07-17 14:56 - 2017-07-17 14:56 - 0003544 _____ () C:\ComboFix\v_str.dat
2017-07-17 14:54 - 2017-07-17 14:54 - 0049082 _____ () C:\ComboFix\v_wht.dat
2017-07-17 14:55 - 2017-07-17 14:55 - 0098090 _____ () C:\ComboFix\v_wht.dat.tmp
2012-02-18 12:06 - 2012-02-18 12:06 - 0009098 _____ () C:\ComboFix\VBR.pif
2017-07-17 14:45 - 2017-07-17 14:54 - 0000583 _____ () C:\ComboFix\VerCF.bat
2017-07-17 14:56 - 2017-07-17 14:56 - 0000000 _____ () C:\ComboFix\V-FilesB.dat
2017-07-17 14:58 - 2017-07-17 14:58 - 0000973 _____ () C:\ComboFix\Vfwall
2017-07-17 14:45 - 2017-07-17 14:55 - 0530292 _____ () C:\ComboFix\VikPev00
2017-07-17 14:54 - 2017-07-17 14:56 - 0000000 _____ () C:\ComboFix\Vikpev01
2017-07-17 14:57 - 2017-07-17 14:57 - 0022681 _____ () C:\ComboFix\VInfo2
2011-06-22 01:40 - 2011-06-22 01:40 - 0000557 _____ () C:\ComboFix\VINFO3
2010-05-10 08:30 - 2010-05-10 08:30 - 0000308 _____ () C:\ComboFix\Vipev.dat
2017-07-17 14:45 - 2017-07-17 14:54 - 0000004 _____ () C:\ComboFix\Vista.krl
2010-07-26 12:17 - 2010-07-26 12:17 - 0000440 _____ () C:\ComboFix\vistaMcode.dat
2017-07-17 14:54 - 2017-07-17 14:56 - 0053155 _____ () C:\ComboFix\vRun_DLL
2017-07-17 14:55 - 2017-07-17 14:55 - 0008146 _____ () C:\ComboFix\vRun_DLL.tmp
2017-07-17 14:57 - 2017-07-17 14:57 - 0000000 _____ () C:\ComboFix\v-tmp.dat
2010-06-20 13:05 - 2010-06-20 13:05 - 0007584 _____ () C:\ComboFix\vun.dat
2017-07-17 14:55 - 2017-07-17 14:55 - 0000070 _____ () C:\ComboFix\vundonames.dat.tmp
2010-07-31 02:05 - 2010-07-31 02:05 - 0000244 _____ () C:\ComboFix\VwinTemp.dacl
2017-07-17 14:45 - 2017-07-17 14:45 - 0000002 _____ () C:\ComboFix\W6432.dat
2017-07-17 14:45 - 2017-07-17 14:45 - 0000006 _____ () C:\ComboFix\W7.mac
2010-07-23 13:20 - 2010-07-23 13:20 - 0000440 _____ () C:\ComboFix\w7Mcode.dat
2017-07-17 14:54 - 2017-07-17 14:54 - 0092221 _____ () C:\ComboFix\whiteAll.dat
2017-07-17 14:54 - 2017-07-17 14:54 - 0000000 _____ () C:\ComboFix\WhiteTiger.user.cf
2010-12-11 12:38 - 2010-12-11 12:38 - 0001127 _____ () C:\ComboFix\Wmi_rem.vbs
2017-07-17 14:56 - 2017-07-17 14:56 - 0000000 _____ () C:\ComboFix\WrgNameDLL
2010-07-22 07:14 - 2010-07-22 07:14 - 0000440 _____ () C:\ComboFix\xpmcode.dat
2010-02-02 03:41 - 2010-02-02 03:41 - 0013090 _____ () C:\ComboFix\XPSBoot.reg
2000-08-30 17:00 - 2000-08-30 17:00 - 0023773 _____ () C:\ComboFix\zDomain.dat
2000-08-30 17:00 - 2000-08-30 17:00 - 0068096 ____R () C:\ComboFix\zip.3XE
2017-07-17 14:54 - 2017-07-17 14:54 - 0000000 ____D () C:\ComboFix\en-US
2017-07-17 14:54 - 2010-11-21 00:06 - 0002048 _____ (Microsoft Corporation) C:\ComboFix\en-US\ATTRIB.3XE.mui
2017-07-17 14:54 - 2010-11-21 00:06 - 0131072 _____ (Microsoft Corporation) C:\ComboFix\en-US\CF1104.3XE.mui
2017-07-17 14:54 - 2010-11-21 00:06 - 0131072 _____ (Microsoft Corporation) C:\ComboFix\en-US\cmd.3XE.mui
2017-07-17 14:54 - 2010-11-21 00:06 - 0011264 _____ (Microsoft Corporation) C:\ComboFix\en-US\CSCRIPT.3XE.mui
2017-07-17 14:54 - 2005-08-15 10:54 - 0001536 _____ () C:\ComboFix\en-US\iexplore.exe
2017-07-17 14:54 - 2010-11-21 00:06 - 0009728 _____ (Microsoft Corporation) C:\ComboFix\en-US\PING.3XE.mui
2017-07-17 14:54 - 2010-11-21 00:06 - 0045056 _____ (Microsoft Corporation) C:\ComboFix\en-US\REGT.3XE.mui
2017-07-17 14:54 - 2010-11-21 00:06 - 0012288 _____ (Microsoft Corporation) C:\ComboFix\en-US\ROUTE.3XE.mui
2017-07-17 14:54 - 2017-07-17 14:58 - 0000000 ____D () C:\ComboFix\N_
2017-07-17 14:58 - 2017-07-17 14:58 - 0071566 _____ () C:\ComboFix\N_\RegScan
2017-07-17 14:58 - 2017-07-17 14:59 - 0017888 _____ () C:\ComboFix\N_\SuppScan

====== End of Folder: ======

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{24EAB29C-F6A4-4DE6-B4CB-1D8B2C5870BC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{24EAB29C-F6A4-4DE6-B4CB-1D8B2C5870BC} => key removed successfully
C:\Windows\System32\Tasks\zadanie1 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\zadanie1 => key removed successfully
"C:\Windows\System32\Tasks\zadanie1" => not found.

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 197750482 B
Java, Flash, Steam htmlcache => 2090 B
Windows/system/drivers => 100512 B
Edge => 0 B
Chrome => 872156839 B
Firefox => 420042765 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 66356 B
systemprofile32 => 66356 B
LocalService => 66228 B
NetworkService => 286730 B
WhiteTiger => 1191773307 B

RecycleBin => 0 B
EmptyTemp: => 2.5 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 08:43:37 ====



#11 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,917 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:06:15 PM

Posted 20 July 2017 - 11:00 AM

l8trs5:
 
Thank you for the FRST "fixlog".  That looks good.  Let's uninstall ComboFix next.

The following will implement some ComboFix cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

Please copy and paste the contents of any logs that might be generated. If there are errors, please report the details.

Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#12 l8trs5

l8trs5
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 20 July 2017 - 11:09 AM

Uninstalled comboFix, just says it was uninstalled



#13 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,917 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:06:15 PM

Posted 20 July 2017 - 11:18 AM

l8trs5:
 
That's great news.  Sometimes there can be issues with getting ComboFix to uninstall.  Personally, I have never used that program, on my own, or on a client's computer who came here for assistance.  It is a very powerful program and it can easily render a computer unbootable.  It is like using a nuclear weapon to kill a fly!  For me, that program will always be a "last resort" program to use, ... and I have been trained in its use!  I am personally happy that ComboFix is not compatible with Windows 8, 8.1, and 10.  That alone has saved many users from borking their computers when all they were trying to do was fix them. :smash:
 
.
 
:step1: ESET Online Scanner using Internet Explorer:

Note 1: These instructions are for Internet Explorer only! If you're using Chrome or Firefox, you will need to download and install the ESET Smart Installer tool before it can scan. See instructions here.
Note 2: You will need to disable your currently installed Anti-Virus, how to do so can be found here.

  • Download esetsmartinstaller_enu.exe and save it to your Desktop.
  • Double click the icon.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Then select: "Enable detection of potentially unwanted applications" - Yes.
  • Click Advanced settings.
  • Check the following items.

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Change next to Current scan targets:
  • Place a check mark in any additional drive you wish to scan then click OK.
  • Click Start.
  • ESET will then download updates and begin scanning your computer.
  • If no threats are found simply click Uninstall application on close and hit Finish.
  • If threats are found click List of found threats.
  • Click Export to text file.
  • Save the file on your Desktop as ESET.txt.
  • Click Back.
  • Check Uninstall application on close and Delete quarantined files.
  • Click Finish.
  • Close the ESET Online Scanner window.
  • Copy and paste the contents of ESET.txt into your reply, if any threats were detected.

Don't forget to re-enable your antivirus when finished!

.

:step2: Please run a Malwarebytes Anti-Malware scan for me.

  • Please download Malwarebytes to your Desktop.
  • Double-click mb3-setup-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Next, please go to "Settings", "Protection", and turn on "Scan for rootkits", if it is not "On."
  • Ensure that under "Potential Threat Protection", both switches are set to "Always Detect PUPs/PUMs (recommended).
  • Then scroll to the bottom of that page and ensure that "Automatic Quarantine" is turned "On."
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If an update of the definitions is available, it will be downloaded and installed before the scan commences.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.

The Scan log is available through History ->Application logs. Please copy and paste the contents of the log into your next reply.

.

Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#14 l8trs5

l8trs5
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 22 July 2017 - 06:05 AM

C:\FRST\Quarantine\C\dDusr32.tmp\OhMwmzP.vbs    VBS/RA-based.AJ trojan    cleaned by deleting
C:\FRST\Quarantine\C\LjKiF78.tmp\dkrZalGE.vbs    VBS/RA-based.AJ trojan    cleaned by deleting
C:\Users\WhiteTiger\AppData\LocalLow\Oracle\Java\jre1.8.0_66\java_sp.dll    a variant of Win32/Bundled.Toolbar.Ask.O potentially unsafe application    cleaned by deleting
C:\Users\WhiteTiger\Downloads\Alcohol52_trial_2.0.2.5830_c8e951a36d08b72b2c6b62d96084589d.exe    Win32/SmartFileAdvisor.B potentially unwanted application    cleaned by deleting
C:\Windows\Installer\1b3e2.msi    a variant of Win32/Systweak.L potentially unwanted application    deleted
F:\AdwCleaner\Quarantine\C\Users\JB\AppData\Local\Babylon\Setup\BExternal.dll.vir    a variant of Win32/Toolbar.Babylon.F potentially unwanted application    cleaned by deleting
F:\AdwCleaner\Quarantine\C\Users\JB\AppData\Local\Babylon\Setup\IECookieLow.dll.vir    a variant of Win32/Toolbar.Babylon.E potentially unwanted application    cleaned by deleting
F:\AdwCleaner\Quarantine\C\Users\JB\AppData\Local\Babylon\Setup\Setup.exe.vir    a variant of Win32/Toolbar.Babylon.E potentially unwanted application    cleaned by deleting
F:\Program Files (x86)\BitTorrent\BitTorrent.exe    a variant of Win32/Bunndle potentially unsafe application    cleaned by deleting
F:\Users\JB\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\60c89614-351d1274    multiple threats    cleaned by deleting
F:\Users\JB\Desktop\android backup\TitaniumBackup\com.gogii.textplus-da0f842126223938fb5a020df612b64e.apk.gz    a variant of Android/Inmobi.A potentially unsafe application    deleted
F:\Users\JB\Desktop\android backup\TitaniumBackup\com.jellybus.tiltshiftfree-721e3cf0500f98416b4e34c2b150bc7e.apk.gz    a variant of Android/Inmobi.A potentially unsafe application    deleted
F:\Users\JB\Desktop\android backup\TitaniumBackup\com.omgpop.dstfree-a4a59329d2c512b7737963c530cc34e8.apk.gz    a variant of Android/Inmobi.A potentially unsafe application    deleted
F:\Users\JB\Desktop\android backup\TitaniumBackup\com.vp.alarmClockPlusDock-6318ef0975c95ab0e8b364e1832064fb.apk.gz    a variant of Android/Inmobi.A potentially unsafe application    deleted
F:\Users\JB\Desktop\android backup\TitaniumBackup\net.zedge.android-8d9e02ec707a1f12fb460ad2c644b42e.apk.gz    a variant of Android/Inmobi.A potentially unsafe application    deleted
F:\Users\JB\Downloads\ccsetup414.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    cleaned by deleting
F:\Users\JB\Downloads\android\S4 Root\VRoot_1.7.0.3882_Setup.exe    a variant of Android/Spy.Agent.BK trojan    cleaned by deleting
F:\Users\JB\Downloads\android\TiBu\com.mobo.task.killer-92c66bf1cf3704aefef946aea67fed73.apk.gz    a variant of Android/Inmobi.A potentially unsafe application    deleted
F:\Users\JB\Downloads\android\TiBu\com.omgpop.dstfree-46338132ade4cc2e65c46c8d65e8f4bc.apk.gz    a variant of Android/Inmobi.A potentially unsafe application    deleted
F:\Users\JB\Downloads\android\TiBu\com.vp.alarmClockPlusDock-381b2112cd639415ad050397b5b853a7.apk.gz    a variant of Android/Inmobi.A potentially unsafe application    deleted
F:\Users\JB\Downloads\android\TiBu\com.zynga.hanging-34793c40fe4556c95fa5e9ec011ea4a4.apk.gz    a variant of Android/Inmobi.A potentially unsafe application    deleted
F:\Users\JB\Downloads\android\TiBu\com.zynga.words-f21ee0c89f62700efb49c6314e321ab7.apk.gz    a variant of Android/Inmobi.A potentially unsafe application    deleted
F:\Users\JB\Downloads\android\TiBu\net.zedge.android-a84b18fe957b83f7d2a899fc9c2d5877.apk.gz    a variant of Android/Inmobi.A potentially unsafe application    deleted

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 7/22/17
Scan Time: 3:58 AM
Log File: mbam.txt
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.139
Update Package Version: 1.0.2414
License: Free

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: WhiteTiger-PC\WhiteTiger

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 382515
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 4 min, 10 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)
 



#15 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,917 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:06:15 PM

Posted 23 July 2017 - 12:08 PM

l8trs5:
 
Thank you for the ESET Online scan and Malwarebytes scan logs.  Please accept my apologies for not responding sooner.  I was offline all of yesterday, mowing my large rural property.  Although we have 48 hours to respond, I like to respond daily to the users that I am helping.
 
OK, let's run some more standard anti-malware scans.
 
.
 
:step1: Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait for it to complete the update.
  • Click on I Agree button.
  • Click on the Scan button.
  • AdwCleaner will begin its scan ... please be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, then make sure that you uncheck it before running the "Clean" process.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
  • After the scan has finished ...
  • Uncheck any PUP and adware applications that you want to keep.


If you are unsure about one or more of the detected programs, then please copy and paste the scan log, with your questions, and I will provide you with advice about those files.
The Scan logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
Do not follow the remaining instructions until directed to do so by me.  If you have no questions about any of the detections, then please proceed to the "Clean" steps below.

  • Then click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Please copy and paste the contents of that logfile into your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

.
 
:step2: Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Please copy and paste the contents of JRT.txt into your next message.

.
 
Thank you and have a great day.
 
Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users