Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CMD pop up (BITSADMIN)


  • This topic is locked This topic is locked
13 replies to this topic

#1 AleksaB96

AleksaB96

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:42 AM

Posted 25 December 2017 - 04:58 AM

A few days ago I think I downloaded something and pressed yes accidentally (it was all in strange letters). After that tabs in my opera browser started popping up. I added pop up blocker in opera, but after that cmd started misbehaving. First it was copying and downloading some stuff. Then today it said something about bitsadmin, "BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.", and then something else, it was quick so I didn't see it. Then it proceeded to download something 337000 bytes of memory. Pleasee help :))

 

EDIT1: no bitsadmin now since I exited before it, but here is how it looks

https://prntscr.com/hs1s6w

https://prntscr.com/hs1s8i

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-12-2017 01
Ran by Win7 (administrator) on WIN7-PC (25-12-2017 10:49:39)
Running from C:\Users\Win7\AppData\Local\Temp\scoped_dir1640_16301
Loaded Profiles: Win7 (Available Profiles: Win7)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(PixArt Imaging Incorporation) C:\Windows\PixArt\PAC7302\Monitor.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(BitTorrent Inc.) C:\Users\Win7\AppData\Roaming\uTorrent\uTorrent.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.2.1.1\Lightshot.exe
(BitTorrent Inc.) C:\Users\Win7\AppData\Roaming\uTorrent\updates\3.5.0_44294\utorrentie.exe
(BitTorrent Inc.) C:\Users\Win7\AppData\Roaming\uTorrent\updates\3.5.0_44294\utorrentie.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Opera Software) C:\Program Files\Opera\49.0.2725.64\opera.exe
(Opera Software) C:\Program Files\Opera\49.0.2725.64\opera_crashreporter.exe
(Opera Software) C:\Program Files\Opera\49.0.2725.64\opera.exe
(Opera Software) C:\Program Files\Opera\49.0.2725.64\opera.exe
(Opera Software) C:\Program Files\Opera\49.0.2725.64\opera.exe
(Opera Software) C:\Program Files\Opera\49.0.2725.64\opera.exe
(Opera Software) C:\Program Files\Opera\49.0.2725.64\opera.exe
(Opera Software) C:\Program Files\Opera\49.0.2725.64\opera.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_ep64.exe
(Opera Software) C:\Program Files\Opera\49.0.2725.64\opera.exe
(Opera Software) C:\Program Files\Opera\49.0.2725.64\opera.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7204568 2013-11-04] (Realtek Semiconductor)
HKLM\...\Run: [PAC7302_Monitor] => C:\Windows\PixArt\PAC7302\Monitor.exe [323584 2007-12-10] (PixArt Imaging Incorporation)
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-10-31] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [295512 2017-12-21] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [307200 2011-06-15] (PowerISO Computing, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58584 2017-05-30] (Raptr, Inc)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2014-11-18] ()
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-10-31] (AVG Technologies CZ, s.r.o.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3949541906-4103471786-196366755-1000\...\Run: [uTorrent] => C:\Users\Win7\AppData\Roaming\uTorrent\uTorrent.exe [1981624 2017-11-30] (BitTorrent Inc.)
HKU\S-1-5-21-3949541906-4103471786-196366755-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-3949541906-4103471786-196366755-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3949541906-4103471786-196366755-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3949541906-4103471786-196366755-1000\...\MountPoints2: G - G:\setup.exe
HKU\S-1-5-21-3949541906-4103471786-196366755-1000\...\MountPoints2: H - H:\setup.exe
HKU\S-1-5-21-3949541906-4103471786-196366755-1000\...\MountPoints2: {565ec636-e2df-11e5-ad6c-d43d7e48fa5e} - H:\SETUP.EXE
HKU\S-1-5-21-3949541906-4103471786-196366755-1000\...\MountPoints2: {6e1f0ce6-d53c-11e4-be1f-d43d7e48fa5e} - H:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A11B02 PID_0083
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-10-20] (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [S-1-5-21-3949541906-4103471786-196366755-1000] => proxy.sbb.rs:8080
Tcpip\..\Interfaces\{D45B78EC-FA8A-4CCB-AD9F-AB947E37622E}: [NameServer] 192.168.1.1
Tcpip\..\Interfaces\{F5BD3F82-CCFB-4EF8-9263-C655E59FE78B}: [NameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.apusx.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.apusx.com
HKU\S-1-5-21-3949541906-4103471786-196366755-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid=%7BFB9B6CDA-ECAA-4D11-83D5-A0AC0DDEFAEA%7D&mid=bf350d49332c47d2bdb2057438ac13ad-793c0be1b396f932a491c497a9f9dc3413ae8e5b&lang=en&ds=AVG&coid=avgtbavg&cmpid=0415tb&pr=fr&d=2014-12-10%2014:33:33&v=4.3.1.831&pid=wtu&sg=&sap=hp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3949541906-4103471786-196366755-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={FB9B6CDA-ECAA-4D11-83D5-A0AC0DDEFAEA}&mid=bf350d49332c47d2bdb2057438ac13ad-793c0be1b396f932a491c497a9f9dc3413ae8e5b&lang=en&ds=AVG&coid=avgtbavg&cmpid=1215tb&pr=fr&d=2014-12-10 14:33:33&v=4.3.6.255&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3949541906-4103471786-196366755-1000 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3949541906-4103471786-196366755-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={FB9B6CDA-ECAA-4D11-83D5-A0AC0DDEFAEA}&mid=bf350d49332c47d2bdb2057438ac13ad-793c0be1b396f932a491c497a9f9dc3413ae8e5b&lang=en&ds=AVG&coid=avgtbavg&cmpid=1215tb&pr=fr&d=2014-12-10 14:33:33&v=4.3.6.255&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3949541906-4103471786-196366755-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10137_cnet_150309__yaie&p={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-08-03] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-03] (Oracle Corporation)
Toolbar: HKLM - No Name - {F7C0B985-5735-4133-B5E0-ED46658D36B4} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
Toolbar: HKLM-x32 - No Name - {F7C0B985-5735-4133-B5E0-ED46658D36B4} -  No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
Toolbar: HKU\S-1-5-21-3949541906-4103471786-196366755-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
Toolbar: HKU\S-1-5-21-3949541906-4103471786-196366755-1000 -> No Name - {F7C0B985-5735-4133-B5E0-ED46658D36B4} -  No File
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-04-16] (Belarc, Inc.)
 
FireFox:
========
FF ProfilePath: C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\o9leivcq.default [2017-08-07]
FF Homepage: Mozilla\Firefox\Profiles\o9leivcq.default -> hxxps://mysearch.avg.com/?cid={FB9B6CDA-ECAA-4D11-83D5-A0AC0DDEFAEA}&mid=bf350d49332c47d2bdb2057438ac13ad-793c0be1b396f932a491c497a9f9dc3413ae8e5b&lang=en&ds=AVG&coid=avgtbavg&cmpid=0615tb&pr=fr&d=2014-12-10 14:33:33&v=4.2.1.951&pid=wtu&sg=&sap=hp
FF Extension: (AVG Web TuneUp) - C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\o9leivcq.default\Extensions\avg@toolbar.xpi [2017-01-20] [Legacy]
FF HKU\S-1-5-21-3949541906-4103471786-196366755-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll [2017-12-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_126.dll [2017-12-13] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.8\\npsitesafety.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-06-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-03] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin HKU\S-1-5-21-3949541906-4103471786-196366755-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Win7\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-20] (Unity Technologies ApS)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> mysearch.avg.com
CHR StartupUrls: Default -> "hxxp://ww-searchings.com/hp?src=zl&r=1CD03F1E5B8C28B60EAC7D9A27B76C1D"
CHR NewTab: Default ->  Active:"chrome-extension://chfdnecihphmhljaaejmgoiahnihplgn/pages/newtab.html"
CHR DefaultSearchURL: Default -> hxxp://ww-searchings.com/s?src=zl&r=1CD03F1E5B8C28B60EAC7D9A27B76C1D&q={searchTerms}
CHR DefaultSearchKeyword: Default -> searchings
CHR Profile: C:\Users\Win7\AppData\Local\Google\Chrome\User Data\Default [2017-12-24]
CHR Extension: (AVG Secure Search) - C:\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2016-02-22]
CHR Extension: (Tampermonkey) - C:\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-12-21]
CHR Extension: (ScriptGate) - C:\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeocknbjpmfgaclencnfjfkklmmfmiie [2017-12-21]
CHR Extension: (AVG SafePrice) - C:\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbckjcfnjmoiinpgddefodcighgikkgn [2017-12-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-12-21]
CHR Extension: (Chrome Media Router) - C:\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-21]
CHR HKU\S-1-5-21-3949541906-4103471786-196366755-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [chfdnecihphmhljaaejmgoiahnihplgn] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3949541906-4103471786-196366755-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx
 
Opera: 
=======
OPR Extension: (Popup Blocker (strict)) - C:\Users\Win7\AppData\Roaming\Opera Software\Opera Stable\Extensions\jabcemjkhjfpkhakphioakkhcnbgeomm [2017-12-22]
OPR Extension: (Adblock Plus) - C:\Users\Win7\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2017-12-22]
StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-03] (Advanced Micro Devices, Inc.) [File not signed]
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [301720 2017-12-21] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7589200 2017-12-21] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428656 2017-10-31] (AVG Technologies CZ, s.r.o.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1415176 2016-09-10] ()
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
R2 hwifisvc; c:\users\win7\appdata\local\hwifisvc\hwifisvc.dll [150656 2017-02-24] () <==== ATTENTION
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LDrvSvc; c:\program files (x86)\ostotosoft\drivertalent\LDrvSvc.dll [186544 2017-10-17] ()
R2 LHelperSvc; C:\Program Files (x86)\OSTotoSoft\ConquerorLive\LHelperSvc.dll [161968 2017-10-24] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-12-18] (TeamViewer GmbH)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [5618960 2017-11-15] (AVG Technologies CZ, s.r.o.)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [873968 2017-06-30] (Tunngle.net GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 MppSvc; C:\ProgramData\{A7FB8CB9-0BE2-4c79-BB9C-01F657A649CA}\mppsvc.dll [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdide64; C:\Windows\System32\DRIVERS\amdide64.sys [11944 2012-12-03] (Advanced Micro Devices Inc.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [177536 2017-12-21] (AVG Technologies CZ, s.r.o.)
R1 avgbdisk; C:\Windows\System32\drivers\avgbdiska.sys [166624 2017-12-21] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdrivera.sys [315152 2017-12-21] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\System32\drivers\avgbidsha.sys [193096 2017-12-21] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\Windows\System32\drivers\avgbloga.sys [337408 2017-12-21] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\System32\drivers\avgbuniva.sys [51336 2017-12-21] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\System32\drivers\avgHwid.sys [39424 2017-12-21] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [139112 2017-12-21] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\System32\drivers\avgRdr2.sys [102792 2017-12-21] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [76832 2017-12-21] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [1017624 2017-12-21] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [449848 2017-12-21] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\Windows\System32\drivers\avgStm.sys [196904 2017-12-21] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [351128 2017-12-21] (AVG Technologies CZ, s.r.o.)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-03-05] (Disc Soft Ltd)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-06-24] ()
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
R1 HWifiNetPro; C:\Users\Win7\AppData\Local\hwifisvc\HWifiNetPro64.sys [146752 2017-02-24] ()
S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [532480 2009-04-28] (PixArt Imaging Inc.)
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [11376 2015-10-11] () [File not signed]
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [25608 2017-08-07] (SlimWare Utilities, Inc.)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [39464 2016-04-26] (Tunngle.net GmbH)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [32304 2017-11-15] (AVG Netherlands B.V.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 7ByteIo; \??\C:\Program Files (x86)\Hot CPU Tester Pro 4 LE\SysInfoX64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 WinRing0_1_2_0; \??\C:\Users\Win7\Downloads\openhardwaremonitor-v0.8.0-beta\OpenHardwareMonitor\OpenHardwareMonitorLib.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-12-25 10:49 - 2017-12-25 10:49 - 000000000 ____D C:\FRST
2017-12-25 10:48 - 2017-12-25 10:48 - 002392064 _____ (Farbar) C:\Users\Win7\Downloads\FRST64.exe
2017-12-25 10:29 - 2017-12-25 10:29 - 743499158 _____ C:\Windows\MEMORY.DMP
2017-12-25 10:29 - 2017-12-25 10:29 - 000275736 _____ C:\Windows\Minidump\122517-35443-01.dmp
2017-12-25 09:25 - 2017-12-25 09:25 - 000014933 _____ C:\Users\Win7\Downloads\Mortal Kombat_ Annihilation (1997) [1080p] [YTS.PE].torrent
2017-12-25 09:23 - 2017-12-25 10:33 - 000000000 ____D C:\Users\Win7\AppData\LocalLow\uTorrent
2017-12-25 09:23 - 2017-12-25 09:23 - 000015243 _____ C:\Users\Win7\Downloads\Mortal Kombat (1995) [1080p] [YTS.AG].torrent
2017-12-25 08:09 - 2017-12-25 08:09 - 055052609 _____ C:\Users\Win7\Downloads\drift (1).7z
2017-12-25 08:09 - 2017-12-25 08:09 - 033425270 _____ C:\Users\Win7\Downloads\cars (1).7z
2017-12-25 08:09 - 2017-12-25 08:09 - 000742245 _____ C:\Users\Win7\Downloads\clockworks (1).7z
2017-12-24 21:45 - 2017-12-24 21:45 - 055052609 _____ C:\Users\Win7\Downloads\drift.7z
2017-12-24 21:45 - 2017-12-24 21:45 - 017844156 _____ C:\Users\Win7\Downloads\lmstag.7z
2017-12-24 21:45 - 2017-12-24 21:45 - 000742245 _____ C:\Users\Win7\Downloads\clockworks.7z
2017-12-24 21:44 - 2017-12-24 21:46 - 324871108 _____ C:\Users\Win7\Downloads\tracks.7z
2017-12-24 21:44 - 2017-12-24 21:45 - 033425270 _____ C:\Users\Win7\Downloads\cars.7z
2017-12-24 21:39 - 2017-12-24 21:39 - 005345361 _____ C:\Users\Win7\Downloads\rvgl_17.1222a_setup_win64.exe
2017-12-24 21:37 - 2017-12-24 21:37 - 000000000 ____D C:\Users\Win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Re-Volt
2017-12-24 21:20 - 2017-12-24 21:21 - 115887273 _____ C:\Users\Win7\Downloads\rvgl_17.1222a_win32_music.7z
2017-12-24 21:07 - 2017-12-24 21:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RV House
2017-12-24 21:06 - 2017-12-24 21:06 - 009457936 _____ (Arto Jalkanen ) C:\Users\Win7\Downloads\rv_house_setup (1).exe
2017-12-24 21:05 - 2014-03-08 00:26 - 000970766 _____ C:\Windows\SysWOW64\libstdc++-6.dll
2017-12-24 21:05 - 2014-03-08 00:26 - 000117262 _____ C:\Windows\SysWOW64\libgcc_s_dw2-1.dll
2017-12-24 21:05 - 2014-03-08 00:26 - 000048640 _____ (MingW-W64 Project. All rights reserved.) C:\Windows\SysWOW64\libwinpthread-1.dll
2017-12-24 21:04 - 2017-12-24 21:04 - 009300077 _____ (Arto Jalkanen ) C:\Users\Win7\Downloads\rv_house_setup.exe
2017-12-24 19:48 - 2017-12-24 19:49 - 039279143 _____ C:\Users\Win7\Downloads\Re-Volt.exe
2017-12-24 19:48 - 2017-12-24 19:49 - 004562923 _____ C:\Users\Win7\Downloads\rvgl_16.1230a_win64.7z
2017-12-24 19:48 - 2017-12-24 19:49 - 002328846 _____ C:\Users\Win7\Downloads\rv1.2a15.0420_setup.exe
2017-12-24 12:20 - 2017-12-24 12:20 - 000000000 ____D C:\Users\Win7\AppData\Local\yo_cm_client
2017-12-24 12:20 - 2017-12-24 12:20 - 000000000 ____D C:\Users\Win7\AppData\Local\cache
2017-12-24 11:14 - 2017-12-24 11:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2017-12-23 19:01 - 2017-12-23 19:01 - 000000695 _____ C:\Users\Public\Desktop\Life Is Feudal.lnk
2017-12-23 19:01 - 2017-12-23 19:01 - 000000000 ___HD C:\Windows\msdownld.tmp
2017-12-23 19:01 - 2017-12-23 19:01 - 000000000 ____D C:\Users\Win7\AppData\Local\launcher
2017-12-23 19:01 - 2017-12-23 19:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LiF
2017-12-23 19:00 - 2017-12-23 19:00 - 000000000 ____D C:\Users\Win7\oze
2017-12-23 15:17 - 2017-12-23 15:17 - 000262144 ____N C:\Windows\Minidump\122317-36051-01.dmp
2017-12-22 19:49 - 2017-12-24 09:00 - 000000000 ____D C:\Users\Win7\AppData\Local\Ubisoft Game Launcher
2017-12-22 19:49 - 2017-12-22 19:49 - 072445392 _____ (Ubisoft) C:\Users\Win7\Downloads\UplayInstaller.exe
2017-12-22 19:49 - 2017-12-22 19:49 - 000001201 _____ C:\Users\Win7\Desktop\Uplay.lnk
2017-12-22 19:49 - 2017-12-22 19:49 - 000000000 ____D C:\Users\Win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2017-12-22 19:49 - 2017-12-22 19:49 - 000000000 ____D C:\Program Files (x86)\Ubisoft
2017-12-22 15:58 - 2017-12-22 15:58 - 000003820 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1513954682
2017-12-22 15:58 - 2017-12-22 15:58 - 000001093 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2017-12-22 15:58 - 2017-12-22 15:58 - 000000000 ____D C:\Users\Win7\AppData\Roaming\Opera Software
2017-12-22 15:57 - 2017-12-22 15:58 - 000000000 ____D C:\Program Files\Opera
2017-12-22 15:57 - 2017-12-22 15:57 - 001264328 _____ (Opera Software) C:\Users\Win7\Downloads\OperaSetup.exe
2017-12-21 22:50 - 2017-11-15 08:59 - 000053008 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\TURegOpt.exe
2017-12-21 22:50 - 2017-11-15 08:56 - 000044304 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\authuitu.dll
2017-12-21 22:50 - 2017-11-15 08:56 - 000042256 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\SysWOW64\authuitu.dll
2017-12-21 22:49 - 2017-12-21 22:49 - 000002592 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk
2017-12-21 22:49 - 2017-12-21 22:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp
2017-12-21 22:48 - 2017-12-21 22:48 - 003449336 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Win7\Downloads\AVG_Performance_709.exe
2017-12-21 22:15 - 2017-12-21 22:15 - 000366800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2017-12-21 16:40 - 2017-12-21 16:40 - 000017221 _____ C:\Users\Win7\Downloads\262687-war_for_the_planet_of_the_apes_2017_hdrip.lat.zip
2017-12-21 13:43 - 2017-12-21 13:43 - 000000000 ____D C:\Users\Win7\Downloads\Space.Engineers.v1.185.015
2017-12-21 13:37 - 2017-12-21 13:37 - 000000000 ____D C:\Users\Win7\AppData\Local\GameAnalytics
2017-12-21 13:03 - 2017-12-21 13:03 - 000000391 _____ C:\Users\Win7\Downloads\space-engineers-deluxe-v01_185_301_Z5SUTO.torrent
2017-12-21 13:02 - 2017-12-25 10:33 - 000003466 _____ C:\Windows\System32\Tasks\TexSFf
2017-12-21 13:02 - 2017-12-25 09:21 - 000003264 _____ C:\Windows\System32\Tasks\zHfURR
2017-12-21 13:02 - 2017-12-21 13:02 - 000000001 _____ C:\Users\Win7\AppData\Local\WMI.ini
2017-12-21 13:02 - 2010-11-20 13:16 - 000186368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\8794811.exe
2017-12-21 13:02 - 2009-07-14 02:14 - 000000998 _____ C:\Users\Win7\AppData\Local\XtTzcnWGYK
2017-12-21 13:02 - 2009-07-14 02:14 - 000000960 _____ C:\Users\Win7\AppData\Local\mpTXgNuLumZ
2017-12-21 13:02 - 2009-07-14 02:14 - 000000069 _____ C:\Users\Win7\AppData\Local\vFgDHdv
2017-12-21 13:02 - 2009-07-14 02:14 - 000000068 _____ C:\Users\Win7\AppData\Local\XnGfnCC
2017-12-21 13:01 - 2017-12-21 13:01 - 000003578 _____ C:\Windows\System32\Tasks\bltopncomhohoj
2017-12-21 12:52 - 2017-12-21 12:52 - 000000391 _____ C:\Users\Win7\Downloads\space-engineers-deluxe-v01_185_301_SC2J8G.torrent
2017-12-21 11:33 - 2017-12-21 11:54 - 1063004405 _____ C:\Users\Win7\Downloads\Space.Engineers.v1.185.015.part1.rar
2017-12-21 11:33 - 2017-12-21 11:45 - 2113811304 _____ C:\Users\Win7\Downloads\Space.Engineers.v1.185.015.part2.rar
2017-12-21 11:32 - 2017-12-21 11:32 - 000000000 ____D C:\Users\Win7\Downloads\Space.Engineers.Steamworks.Fix
2017-12-20 10:49 - 2017-12-20 10:49 - 000000000 ____D C:\Users\Win7\Downloads\The.Forest.v0.71
2017-12-20 10:47 - 2017-12-20 10:47 - 004606339 _____ C:\Users\Win7\Downloads\SmartSteamEmu (1).rar
2017-12-20 10:47 - 2017-12-20 10:47 - 000000000 ____D C:\Users\Win7\Downloads\SmartSteamEmu (1)
2017-12-20 10:40 - 2017-12-20 10:48 - 2451155588 _____ C:\Users\Win7\Downloads\The.Forest.v0.71.rar
2017-12-19 21:18 - 2017-12-19 21:18 - 000002301 _____ C:\Users\Win7\Downloads\wkTrackMeBetter.zip
2017-12-19 21:17 - 2017-12-19 21:17 - 000000000 ____D C:\Users\Win7\Downloads\wkRemapKeys_1.2
2017-12-19 11:08 - 2017-12-19 11:08 - 000081414 _____ C:\Users\Win7\Downloads\drive-download-20171219T100751Z-001.zip
2017-12-17 18:41 - 2017-12-17 18:42 - 000000000 ____D C:\Program Files (x86)\KMPlayer
2017-12-17 18:41 - 2017-12-17 18:41 - 000000000 ____D C:\Users\Win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer
2017-12-17 18:39 - 2017-12-17 18:40 - 039544976 _____ (PandoraTV) C:\Users\Win7\Downloads\KMPlayer_4.2.2.5.exe
2017-12-13 03:31 - 2017-12-13 03:31 - 000000000 ___HD C:\$AV_AVG
2017-12-13 00:23 - 2017-11-17 05:23 - 003222528 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-12-13 00:23 - 2017-11-15 02:27 - 000395968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-12-13 00:23 - 2017-11-15 01:36 - 000347336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-12-13 00:23 - 2017-11-14 04:57 - 025731072 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-12-13 00:23 - 2017-11-14 04:43 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-12-13 00:23 - 2017-11-14 04:43 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-12-13 00:23 - 2017-11-14 04:32 - 002903552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-12-13 00:23 - 2017-11-14 04:31 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-12-13 00:23 - 2017-11-14 04:31 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-12-13 00:23 - 2017-11-14 04:30 - 000577024 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-12-13 00:23 - 2017-11-14 04:30 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-12-13 00:23 - 2017-11-14 04:30 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-12-13 00:23 - 2017-11-14 04:25 - 005925888 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-12-13 00:23 - 2017-11-14 04:24 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-12-13 00:23 - 2017-11-14 04:24 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-12-13 00:23 - 2017-11-14 04:21 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-12-13 00:23 - 2017-11-14 04:20 - 000817152 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-12-13 00:23 - 2017-11-14 04:20 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-12-13 00:23 - 2017-11-14 04:20 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-12-13 00:23 - 2017-11-14 04:20 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-12-13 00:23 - 2017-11-14 04:15 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-12-13 00:23 - 2017-11-14 04:12 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-12-13 00:23 - 2017-11-14 04:06 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-12-13 00:23 - 2017-11-14 04:06 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-12-13 00:23 - 2017-11-14 04:05 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-12-13 00:23 - 2017-11-14 04:03 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-12-13 00:23 - 2017-11-14 04:02 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-12-13 00:23 - 2017-11-14 04:00 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-12-13 00:23 - 2017-11-14 03:59 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-12-13 00:23 - 2017-11-14 03:51 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-12-13 00:23 - 2017-11-14 03:48 - 015267328 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-12-13 00:23 - 2017-11-14 03:48 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-12-13 00:23 - 2017-11-14 03:48 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-12-13 00:23 - 2017-11-14 03:47 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-12-13 00:23 - 2017-11-14 03:46 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-12-13 00:23 - 2017-11-14 03:39 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-12-13 00:23 - 2017-11-14 03:27 - 001544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-12-13 00:23 - 2017-11-14 03:16 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-12-13 00:23 - 2017-11-14 02:37 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-12-13 00:23 - 2017-11-14 02:15 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-12-13 00:23 - 2017-11-14 02:15 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-12-13 00:23 - 2017-11-14 02:15 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-12-13 00:23 - 2017-11-14 02:10 - 020269056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-12-13 00:23 - 2017-11-14 01:32 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-12-13 00:23 - 2017-11-14 01:31 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-12-13 00:23 - 2017-11-07 21:56 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-12-13 00:23 - 2017-11-07 21:46 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-12-13 00:23 - 2017-11-07 21:46 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-12-13 00:23 - 2017-11-07 21:46 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-12-13 00:23 - 2017-11-07 21:44 - 002293760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-12-13 00:23 - 2017-11-07 21:41 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-12-13 00:23 - 2017-11-07 21:41 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-12-13 00:23 - 2017-11-07 21:40 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-12-13 00:23 - 2017-11-07 21:39 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-12-13 00:23 - 2017-11-07 21:38 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-12-13 00:23 - 2017-11-07 21:38 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-12-13 00:23 - 2017-11-07 21:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-12-13 00:23 - 2017-11-07 21:28 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-12-13 00:23 - 2017-11-07 21:28 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-12-13 00:23 - 2017-11-07 21:27 - 004509696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-12-13 00:23 - 2017-11-07 21:26 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-12-13 00:23 - 2017-11-07 21:24 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-12-13 00:23 - 2017-11-07 21:19 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-12-13 00:23 - 2017-11-07 21:18 - 000694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-12-13 00:23 - 2017-11-07 21:17 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-12-13 00:23 - 2017-11-07 21:17 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-12-13 00:23 - 2017-11-07 21:04 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-12-13 00:23 - 2017-11-07 21:01 - 001313280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-12-13 00:23 - 2017-11-07 20:58 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-12-13 00:23 - 2017-11-07 17:31 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-12-13 00:23 - 2017-11-07 17:13 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-12-13 00:23 - 2017-11-04 16:31 - 000194048 _____ (Microsoft Corporation) C:\Windows\system32\itircl.dll
2017-12-13 00:23 - 2017-11-04 16:31 - 000170496 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
2017-12-13 00:23 - 2017-11-04 16:10 - 000158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itircl.dll
2017-12-13 00:23 - 2017-11-04 16:10 - 000142336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
2017-12-13 00:23 - 2017-11-02 17:55 - 000281600 _____ (Microsoft Corporation) C:\Windows\system32\iprtrmgr.dll
2017-12-13 00:23 - 2017-11-02 17:55 - 000138240 _____ (Microsoft Corporation) C:\Windows\system32\rtm.dll
2017-12-13 00:23 - 2017-11-02 17:55 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\mprdim.dll
2017-12-13 00:23 - 2017-11-02 17:55 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\iprtprio.dll
2017-12-13 00:23 - 2017-11-02 16:11 - 000271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtrmgr.dll
2017-12-13 00:23 - 2017-11-02 16:11 - 000115200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rtm.dll
2017-12-13 00:23 - 2017-11-02 16:11 - 000075264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprdim.dll
2017-12-13 00:23 - 2017-11-02 15:56 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtprio.dll
2017-12-13 00:23 - 2017-10-17 00:04 - 001001984 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll
2017-12-13 00:23 - 2017-10-16 23:46 - 000953344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll
2017-12-13 00:23 - 2017-10-12 01:20 - 000317440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2017-12-12 12:08 - 2017-12-12 12:08 - 000000000 ____D C:\ProgramData\Unknown Worlds
2017-12-12 10:06 - 2017-12-12 10:06 - 000000000 ____D C:\Users\Win7\Downloads\Subnautica.v57474
2017-12-02 19:34 - 2017-12-02 19:34 - 000000000 ____D C:\Users\Win7\Documents\Klei
2017-12-02 10:35 - 2017-12-02 10:35 - 000034868 _____ C:\Users\Win7\Downloads\Debug Console Enabler v1.31-1555-1-31.rar
2017-11-28 13:43 - 2017-12-21 22:15 - 000177536 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArPot.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-12-25 10:49 - 2014-06-26 21:48 - 000000000 ____D C:\Users\Win7\AppData\Roaming\uTorrent
2017-12-25 10:34 - 2014-07-13 18:10 - 000000000 ____D C:\Users\Win7\AppData\Roaming\Raptr
2017-12-25 10:30 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-12-25 10:29 - 2014-06-26 13:11 - 000000000 ____D C:\Windows\Minidump
2017-12-25 10:09 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\system32\NDF
2017-12-25 10:08 - 2014-07-13 17:37 - 000000000 ____D C:\Users\Win7\AppData\Local\ElevatedDiagnostics
2017-12-25 09:18 - 2014-11-02 12:29 - 000000000 ____D C:\Program Files (x86)\Steam
2017-12-25 09:18 - 2009-07-14 05:45 - 000020704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-12-25 09:18 - 2009-07-14 05:45 - 000020704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-12-24 19:50 - 2015-11-16 00:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Re-Volt
2017-12-24 14:41 - 2016-07-01 10:41 - 000000000 ____D C:\Users\Win7\AppData\Roaming\Tunngle
2017-12-24 11:14 - 2016-09-20 10:04 - 000003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2017-12-24 10:21 - 2017-08-04 12:59 - 000000000 ____D C:\ProgramData\Tunngle
2017-12-24 08:49 - 2009-07-14 06:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-12-23 19:14 - 2014-08-27 19:07 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2017-12-23 19:01 - 2014-06-27 17:09 - 000000000 ____D C:\Windows\SysWOW64\directx
2017-12-23 19:00 - 2014-06-26 09:13 - 000000000 ____D C:\Users\Win7
2017-12-22 15:58 - 2014-06-26 10:41 - 000000000 ____D C:\Users\Win7\AppData\Local\Opera Software
2017-12-22 15:53 - 2014-06-26 10:06 - 000000000 ____D C:\Program Files (x86)\Opera
2017-12-22 15:52 - 2014-06-26 09:13 - 000001309 _____ C:\Users\Win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-12-21 22:58 - 2017-10-21 12:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Castlevania Lords of Shadow 2
2017-12-21 22:58 - 2015-12-02 22:11 - 000000000 ____D C:\Users\Win7\Desktop\New folder
2017-12-21 22:58 - 2014-08-27 19:09 - 000000000 ____D C:\Users\Win7\AppData\Roaming\TeamViewer
2017-12-21 22:58 - 2014-08-22 00:08 - 000000000 ___RD C:\Users\Win7\Desktop\Igrice
2017-12-21 22:58 - 2014-06-26 12:45 - 000000000 ____D C:\Users\Win7\AppData\Roaming\Skype
2017-12-21 22:58 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2017-12-21 22:50 - 2015-10-25 20:18 - 000000000 ____D C:\Users\Win7\AppData\Local\AvgSetupLog
2017-12-21 22:17 - 2016-12-01 19:03 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2017-12-21 22:15 - 2017-07-25 15:06 - 000449848 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2017-12-21 22:15 - 2017-07-25 15:06 - 000351128 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
2017-12-21 22:15 - 2017-07-25 15:06 - 000196904 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
2017-12-21 22:15 - 2017-07-25 15:06 - 000139112 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2017-12-21 22:15 - 2017-07-25 15:06 - 000102792 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
2017-12-21 22:15 - 2017-07-25 15:06 - 000076832 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2017-12-21 22:15 - 2017-07-25 15:06 - 000039424 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys
2017-12-21 22:15 - 2017-07-25 15:06 - 000003920 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update
2017-12-21 22:14 - 2017-07-25 15:06 - 001017624 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2017-12-21 22:14 - 2017-07-25 15:06 - 000337408 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbloga.sys
2017-12-21 22:14 - 2017-07-25 15:06 - 000315152 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdrivera.sys
2017-12-21 22:14 - 2017-07-25 15:06 - 000193096 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsha.sys
2017-12-21 22:14 - 2017-07-25 15:06 - 000166624 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbdiska.sys
2017-12-21 22:14 - 2017-07-25 15:06 - 000051336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniva.sys
2017-12-21 16:29 - 2016-01-17 13:17 - 000000000 ____D C:\Users\Win7\AppData\Roaming\SpaceEngineers
2017-12-20 15:43 - 2017-08-16 18:30 - 000000971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2017-12-19 17:18 - 2015-02-14 12:58 - 000000000 ____D C:\Users\Win7\Documents\WB Games
2017-12-19 02:21 - 2014-06-26 10:02 - 000002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-12-17 18:53 - 2014-06-27 13:03 - 000000000 ____D C:\Users\Win7\Documents\The KMPlayer
2017-12-17 14:32 - 2014-10-20 09:29 - 000726216 _____ C:\Windows\system32\perfh019.dat
2017-12-17 14:32 - 2014-10-20 09:29 - 000151712 _____ C:\Windows\system32\perfc019.dat
2017-12-17 14:32 - 2009-07-14 06:13 - 001652088 _____ C:\Windows\system32\PerfStringBackup.INI
2017-12-13 04:06 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\rescache
2017-12-13 04:05 - 2017-07-24 14:40 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-12-13 04:05 - 2017-07-24 14:40 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-12-13 04:05 - 2017-07-24 14:40 - 000004470 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-12-13 04:05 - 2017-07-24 14:40 - 000004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-12-13 04:05 - 2014-06-26 10:01 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-12-13 04:05 - 2014-06-26 10:01 - 000000000 ____D C:\Windows\system32\Macromed
2017-12-13 03:28 - 2009-07-14 05:45 - 000453592 _____ C:\Windows\system32\FNTCACHE.DAT
2017-12-13 03:24 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\SysWOW64\Setup
2017-12-13 03:24 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\system32\Setup
2017-12-13 03:05 - 2014-06-26 12:32 - 000000000 ____D C:\Windows\system32\MRT
2017-12-13 03:01 - 2017-10-11 02:05 - 133326408 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2017-12-13 03:01 - 2014-06-26 12:32 - 133326408 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-12-12 11:15 - 2014-07-22 22:37 - 000000000 ____D C:\Users\Win7\AppData\Roaming\vlc
2017-12-04 06:38 - 2017-10-24 11:48 - 000000000 ____D C:\ProgramData\PlugCache
2017-12-02 11:09 - 2016-12-25 12:50 - 000000000 ____D C:\Users\Win7\Documents\The Witcher 3
2017-11-28 13:42 - 2017-07-25 15:06 - 000447800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys.151187301362602
 
==================== Files in the root of some directories =======
 
2016-03-07 14:13 - 2016-03-21 22:09 - 000003941 _____ () C:\Users\Win7\AppData\Roaming\LTspiceIV.ini
2015-03-31 09:14 - 2015-03-31 09:14 - 000005655 _____ () C:\Users\Win7\AppData\Roaming\PZtT2jHEvaoFq2
2014-08-20 07:45 - 2014-08-20 07:45 - 000000000 ___SH () C:\Users\Win7\AppData\Local\LumaEmu
2017-12-21 13:02 - 2009-07-14 02:14 - 000000960 _____ () C:\Users\Win7\AppData\Local\mpTXgNuLumZ
2009-07-14 02:14 - 2009-07-14 02:14 - 000000960 _____ () C:\Users\Win7\AppData\Local\mpTXgNuLumZ.bat
2015-03-24 15:43 - 2015-03-24 15:43 - 000000017 _____ () C:\Users\Win7\AppData\Local\resmon.resmoncfg
2015-03-10 15:48 - 2015-03-10 15:48 - 000000003 _____ () C:\Users\Win7\AppData\Local\updater.log
2015-03-10 15:48 - 2015-04-23 22:37 - 000000424 _____ () C:\Users\Win7\AppData\Local\UserProducts.xml
2017-12-21 13:02 - 2009-07-14 02:14 - 000000069 _____ () C:\Users\Win7\AppData\Local\vFgDHdv
2009-07-14 02:14 - 2009-07-14 02:14 - 000000069 _____ () C:\Users\Win7\AppData\Local\vFgDHdv.bat
2017-12-21 13:02 - 2017-12-21 13:02 - 000000001 _____ () C:\Users\Win7\AppData\Local\WMI.ini
2017-12-21 13:02 - 2009-07-14 02:14 - 000000068 _____ () C:\Users\Win7\AppData\Local\XnGfnCC
2009-07-14 02:14 - 2009-07-14 02:14 - 000000068 _____ () C:\Users\Win7\AppData\Local\XnGfnCC.bat
2017-12-21 13:02 - 2009-07-14 02:14 - 000000998 _____ () C:\Users\Win7\AppData\Local\XtTzcnWGYK
2009-07-14 02:14 - 2009-07-14 02:14 - 000000998 _____ () C:\Users\Win7\AppData\Local\XtTzcnWGYK.bat
2015-03-28 12:19 - 2015-03-28 12:19 - 000000000 _____ () C:\Users\Win7\AppData\Local\{E1E39E24-C964-4A61-90FE-59CFCA4CC910}
 
Some files in TEMP:
====================
2017-12-21 22:22 - 2017-12-21 22:22 - 000388162 ____N (                                                            ) C:\Users\Win7\AppData\Local\Temp\239757060.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-12-19 00:23
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-12-2017 01
Ran by Win7 (25-12-2017 10:50:39)
Running from C:\Users\Win7\AppData\Local\Temp\scoped_dir1640_16301
Windows 7 Ultimate Service Pack 1 (X64) (2014-06-26 17:07:23)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3949541906-4103471786-196366755-500 - Administrator - Disabled)
Guest (S-1-5-21-3949541906-4103471786-196366755-501 - Limited - Disabled)
Win7 (S-1-5-21-3949541906-4103471786-196366755-1000 - Administrator - Enabled) => C:\Users\Win7
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG Antivirus (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3949541906-4103471786-196366755-1000\...\uTorrent) (Version: 3.5.0.44294 - BitTorrent Inc.)
7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated)
Adobe Flash Player 28 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated)
AFD8 (HKLM\...\{d1e17d14-cabc-4f6f-9f46-c7ecf813645e}.sdb) (Version:  - )
Age of Empires III - The Asian Dynasties (HKLM-x32\...\{C43C1415-3DFC-4089-9A32-0BECF28A6046}) (Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Empires III - The Asian Dynasties (HKLM-x32\...\InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III - The Napoleonic Era version 2.1.8 (HKLM-x32\...\{647233CC-A29F-4961-9CB0-50AD445C7238}_is1) (Version: 2.1.8 - Napoleonic Era Team)
Age of Empires III - The WarChiefs (HKLM-x32\...\{1C08A24C-B168-407E-A826-68FAF5F20710}) (Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Empires III - The WarChiefs (HKLM-x32\...\InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (HKLM-x32\...\{70F8B183-99EB-4304-BA35-080E2DFFD2A3}) (Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Empires III (HKLM-x32\...\InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}) (Version: 1.00.0000 - Microsoft Game Studios)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
AMX Mod X Installer 1.8.2 (HKLM-x32\...\AMX Mod X Installer) (Version: 1.8.2 - AMX Mod X Dev Team)
AnyToISO (HKLM-x32\...\AnyToISO_is1) (Version: 3.6.1 - CrystalIdea Software, Inc.)
Assassin's Creed IV Black Flag (HKLM-x32\...\Uplay Install 273) (Version:  - Ubisoft)
Auslogics Disk Defrag Professional (HKLM-x32\...\{ADE1535C-C836-4F2E-BDA1-1C7C304743E3}_is1) (Version: 4.3.7.0 - Auslogics Software Pty Ltd)
AVG (HKLM\...\{E61E6143-4937-43FC-8C12-06B8A987484D}) (Version: 1.211.3 - AVG Technologies) Hidden
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 17.9.3040 - AVG Technologies)
AVG PC TuneUp (HKLM-x32\...\{82B9AF2D-4254-428A-9D1E-7714BA91A4B0}) (Version: 16.76.2 - AVG Technologies) Hidden
AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 16.76.3.18604 - AVG Technologies)
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.3.8.510 - AVG Technologies)
Banished (HKLM-x32\...\1207660783_is1) (Version: 2.5.0.9 - GOG.com)
Batman Episode 5 (HKLM-x32\...\Batman Episode 5_is1) (Version:  - )
Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
Castlevania Lords of Shadow 2 Update 1 and DLC (HKLM-x32\...\Castlevania Lords of Shadow 2 Update 1 and DLC_is1) (Version:  - CODEX)
Castlevania: Lords of Shadow 2 (HKLM-x32\...\Q2FzdGxldmFuaWFMb3Jkc29mU2hhZG93Mg==_is1) (Version: 1 - )
Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version:  - Cheat Engine)
CLEO 4.3 (HKLM-x32\...\{A8F37EB0-C741-41D7-8CAB-5B40ECEEF094}_is1) (Version: 4.3 - Seemann, Deji, Alien)
CodeBlocks (HKU\S-1-5-21-3949541906-4103471786-196366755-1000\...\CodeBlocks) (Version: 16.01 - The Code::Blocks Team)
Condition Zero 3 (HKLM-x32\...\Condition_Zero_3) (Version:  - )
Counter-Strike 1.6 (HKLM-x32\...\Counter-Strike 1.6) (Version:  - )
CPUID CPU-Z 1.81 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.81 - )
CPUID HWMonitor 1.28 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd)
Darksiders II (HKLM-x32\...\Darksiders II_is1) (Version:  - )
'Darksiders: Wrath of War' (HKLM-x32\...\'Darksiders: Wrath of War'_is1) (Version:  - )
Decal Converter (HKLM-x32\...\{5BB207D6-0E1E-11D5-9B6A-00C04F7EC248}) (Version:  - )
DRAGON BALL XENOVERSE 2 (HKLM-x32\...\DRAGON BALL XENOVERSE 2_is1) (Version:  - )
Dragonball Xenoverse (HKLM-x32\...\Dragonball Xenoverse_is1) (Version:  - )
Driver Talent (HKLM-x32\...\{29FE44D7-BC89-4188-8B0E-F6BA073C15A5}_is1) (Version: 6.4.47.146 - OSToto Co., Ltd.)
Euro Truck Simulator 2, âåðñèÿ 2.0 (HKLM-x32\...\Euro Truck Simulator 2_is1) (Version: 2.0 - Excalibur Publishing)
Eye 312 (HKLM-x32\...\{74F923F2-2B11-4E2E-B638-A1772A9F7B7B}) (Version: 1.0.0.28 - KYE SYSTEMS CORP.)
Fallout 3 (HKLM-x32\...\{974C4B12-4D02-4879-85E0-61C95CC63E9E}) (Version: 1.00.0000 - Bethesda Softworks)
Fallout 4 (HKLM-x32\...\Fallout 4_is1) (Version:  - )
FMW 1 (HKLM\...\{36133E9F-B129-4206-9FB4-13F707787542}) (Version: 1.226.3 - AVG Technologies) Hidden
FontForge version 03-03-2015 (HKLM-x32\...\{56748B9C-19AE-4689-B8C5-5A45AE0A993A}_is1) (Version: 03-03-2015 - FontForgeBuilds)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.2.2.929 - Foxit Software Inc.)
Free Studio version 6.4.0.1111 (HKLM-x32\...\Free Studio_is1) (Version: 6.4.0.1111 - DVDVideoSoft Ltd.)
GameRanger (HKU\S-1-5-21-3949541906-4103471786-196366755-1000\...\GameRanger) (Version:  - GameRanger Technologies)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.62.5207 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.108 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Graph 4.4.2 (HKLM-x32\...\Graph_is1) (Version:  - Ivan Johansen)
GS Auto Clicker (HKLM-x32\...\GS Auto Clicker_is1) (Version: V3.1.3 - goldensoft.org)
GTA San Andreas (HKLM-x32\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.00.00001 - Rockstar Games)
Halo Combat Evolved (HKLM-x32\...\Halo Combat Evolved) (Version:  - )
HexEdit (HKLM-x32\...\{083EF76E-0760-4D7A-9508-0B88A3AF1889}) (Version: 4.0.0 - Expert Commercial Software Pty Ltd)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.242 - SurfRight B.V.)
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
K-Lite Codec Pack 10.5.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.5.5 - )
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 4.2.2.5 - PandoraTV)
Layout01 Description (HKLM\...\{DFB9F382-A76D-48AF-8BBD-B32602B94768}) (Version: 1.0.3.40 - Company)
Layout02 Description (HKLM\...\{A1C73382-2935-4FAA-B400-5937B3BA33EF}) (Version: 1.0.3.40 - Company)
Lazarus 1.4.4 (HKLM\...\lazarus_is1) (Version: 1.4.4 - Lazarus Team)
Life Is Feudal  (HKLM-x32\...\Life Is Feudal) (Version:  - BitBox)
Lightshot-5.2.1.1 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.2.1.1 - Skillbrains)
LTspice IV (HKLM-x32\...\LTspice IV) (Version:  - )
Messy Lab (HKLM\...\{8FAD026B-CA55-408F-82A4-FDBC58200387}_is1) (Version: 1.01 - Messy Lab)
Microsoft .NET Framework 4.6.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Halo Custom Edition (HKLM-x32\...\Halo CE) (Version:  - )
Microsoft Keyboard Layout Creator 1.4 (HKLM-x32\...\{99E66BC9-E4B6-485F-ABFC-31EFCE36DFDF}) (Version: 1.4.6000 - Microsoft Corp.)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{1a63c099-febd-4eaf-83ad-a82ea4fdac49}) (Version: 12.0.30501.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{b55f7208-e02b-4828-ac78-59c73ddf5bc7}) (Version: 12.0.30501.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Mount and Blade (HKLM-x32\...\1207666893_is1) (Version: 2.0.0.4 - GOG.com)
Mount and Blade: Warband  - Napoleonic Wars (HKLM-x32\...\1207666923_is1) (Version: 2.028_(1.172)_hotfix_a - GOG.com)
Mount and Blade: Warband  - Viking Conquest (HKLM-x32\...\1207666933_is1) (Version: 2.028_(1.172)_hotfix_a - GOG.com)
Mount and Blade: Warband (HKLM-x32\...\1207666913_is1) (Version: 2.028_(1.172)_hotfix_a - GOG.com)
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Naruto Shippuden Ultimate Ninja Storm Revolution (HKLM-x32\...\Naruto Shippuden Ultimate Ninja Storm Revolution_is1) (Version:  - )
NARUTO SHIPPUDEN: Ultimate Ninja STORM 3 Full Burst (HKLM-x32\...\TkFSVVRPU0hJUFBVREVOVWx0aW1hdGVOaW5qYVNUT1JNM0Z1~D4302771_is1) (Version: 1 - )
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.63.13 - Black Tree Gaming)
No Mans Sky Atlas Rises (HKLM-x32\...\No Mans Sky Atlas Rises_is1) (Version:  - )
NVIDIA PhysX (Legacy) (HKLM-x32\...\{6F9D5A0B-202C-4161-BC7F-0664EA39E7E7}) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.1.0 (HKLM-x32\...\{C87EF11D-36E9-479D-9898-7541EA1E8A6A}) (Version: 4.10.9764 - Apache Software Foundation)
Opera Stable 49.0.2725.64 (HKLM-x32\...\Opera 49.0.2725.64) (Version: 49.0.2725.64 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 9.4.1.116 - Electronic Arts, Inc.)
Overgrowth (HKLM-x32\...\Overgrowth_is1) (Version:  - )
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Port Forward Network Utilities (HKLM-x32\...\{88B1D36C-7B70-4C48-8D2F-AAB956ECF4C3}) (Version: 2.0.9 - Portforward, LLC)
PowerISO (HKLM-x32\...\PowerISO) (Version: 4.8 - PowerISO Computing, Inc.)
Pro Beach Soccer (HKLM-x32\...\{DBC2F22C-B384-41E1-BB71-ECD6151BA346}) (Version: 1.00.0000 - Wanadoo Editions\Pam Developement) Hidden
Raptr (HKLM-x32\...\Raptr) (Version: 5.2.10-r123135-release - Raptr, Inc)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
Re-Volt patch 12.07 (HKLM-x32\...\Re-Volt) (Version: patch 12.07 - )
Rocket League Anniversary (HKLM-x32\...\Rocket League Anniversary_is1) (Version:  - )
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
RubberWorm 0.0.1.17 - (HKLM-x32\...\RubberWorm 0.0.1.17 -) (Version: - - Kawoosh)
RV House 0.94.3 (HKLM-x32\...\RV House_is1) (Version:  - Arto Jalkanen)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shadow Warrior 2 Bounty Hunt DLC Part 2 (HKLM-x32\...\Shadow Warrior 2 Bounty Hunt DLC Part 2_is1) (Version:  - )
SharpKeys (HKLM-x32\...\{636E94DA-99C0-448F-A931-3DAD83B4975F}) (Version: 3.5.0000 - RandyRants.com)
Skype™ 6.16 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 6.16.105 - Skype Technologies S.A.)
Sleeping Dogs Definitive Edition (HKLM-x32\...\{XXXXXXXX-XXXX-XXXX-XXXX-BLACKBOX0019}) (Version: 6.0 - Black Box)
Slender - The Arrival version 4.1.0.67110 (HKLM-x32\...\{9C70AE12-EB38-496A-8BB4-37D81DD739E8}_is1) (Version: 4.1.0.67110 - Parsec Productions, Blue Isle Studios.)
Sniper Elite 3 (HKLM-x32\...\U25pcGVyRWxpdGUz_is1) (Version: 1 - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stellaris Synthetic Dawn (HKLM-x32\...\Stellaris Synthetic Dawn_is1) (Version:  - )
System Requirements Lab (HKLM-x32\...\{8DCAB1D8-F20C-4733-9B5F-646DDFEB59C9}) (Version: 6.1.1.0 - Husdawg, LLC)
System Requirements Lab Detection (HKLM-x32\...\{E5A0802B-156A-4FF4-A409-3DFE5B1BFCBF}) (Version: 6.1.6.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.90922 - TeamViewer)
Texmaker (HKLM-x32\...\Texmaker) (Version:  - )
The Sims Medieval (HKLM-x32\...\{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}) (Version: 2.0.113 - Electronic Arts)
The Sims Medieval Pirates and Nobles (HKLM-x32\...\{0CC21836-A5D6-4641-B4AE-6FA01D021E41}) (Version: 2.0.109 - Electronic Arts)
The Witcher 3: GotY Edition (HKLM-x32\...\The Witcher 3: GotY Edition_is1) (Version:  - )
Tunngle (HKLM-x32\...\Tunngle_is1) (Version: 5.8.9 - Tunngle.net GmbH)
UE4 Prerequisites (x64) (HKLM\...\{36EAD5CF-44EF-4FCF-8BE1-D96C4835D7A4}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{2890ae6b-90e9-448d-b3e6-97e43c21e2fd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Unity Web Player (HKU\S-1-5-21-3949541906-4103471786-196366755-1000\...\UnityWebPlayer) (Version: 5.0.2f1 - Unity Technologies ApS)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Uplay (HKLM-x32\...\Uplay) (Version: 46.0 - Ubisoft)
Viber (HKU\S-1-5-21-3949541906-4103471786-196366755-1000\...\Viber) (Version: 5.1.2.24 - Viber Media Inc)
Virtua Tennis 4™ (HKLM-x32\...\{53450FA2-E900-456E-9715-501000008200}) (Version: 1.0.0000.130 - SEGA) Hidden
Virtua Tennis 4™ (HKLM-x32\...\GFWL_{53450FA2-E900-456E-9715-501000008200}) (Version: 1.0.0000.130 - SEGA)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Voyage Century Online (HKLM-x32\...\Voyage Century Online_is1) (Version: 0.117 - IGG,Inc.)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0-2) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.51.0 (HKLM\...\VulkanRT1.0.51.0) (Version: 1.0.51.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Way of the Samurai 4 (HKLM-x32\...\1443083988_is1) (Version: 2.0.0.2 - GOG.com)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
Wolfram Mathematica 10.2 (M-WIN-L 10.2.0 5353456) (HKLM\...\M-WIN-L 10.2.0 5353456_is1) (Version: 10.2.0 - Wolfram Research, Inc.)
Wolfram Mathematica 9 (M-WIN-L 9.0.1 4055652) (HKLM\...\M-WIN-L 9.0.1 4055652_is1) (Version: 9.0.1 - Wolfram Research, Inc.)
Worms Armageddon (HKLM-x32\...\Worms Armageddon) (Version: 3.7.2.1 - Jimbo)
Аrdamаx Kеylogger 4.4.2 (HKU\S-1-5-21-3949541906-4103471786-196366755-1000\...\Аrdamаx Kеylogger 4.4.2) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2017-12-21] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files (x86)\AVG\AVG PC TuneUp\SDShelEx-x64.dll [2017-11-15] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2015-08-31] (Foxit Software Inc.)
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2011-06-15] (PowerISO Computing, Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-06-10] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-06-10] (Alexander Roshal)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
ContextMenuHandlers4: [AVG Disk Space Explorer Shell Extension] -> {4838CD50-7E5D-4811-9B17-C47A85539F28} => C:\Program Files (x86)\AVG\AVG PC TuneUp\DseShExt-x64.dll [2017-11-15] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers4: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files (x86)\AVG\AVG PC TuneUp\SDShelEx-x64.dll [2017-11-15] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2011-06-15] (PowerISO Computing, Inc.)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-10-26] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2017-12-21] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2011-06-15] (PowerISO Computing, Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-06-10] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-06-10] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {2B50E9CB-F6AF-4FC8-B89F-95EEDB7A451E} - System32\Tasks\{F8FFA8CF-B207-482E-9C00-74B5F3DE7AC5} => C:\Nevezano za programe\Igrice\Rockstar Games\GTA San Andreas\GTA San Andreas\gta_sa.exe
Task: {2D2E334B-297B-401F-B9F6-1DFA8382876F} - System32\Tasks\AMD ThankingURL => "" [Argument = -LAUNCHTHQURL]
Task: {4AA0562A-7AC2-443B-88BE-03567A0FF6C0} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {4AA0562A-7AC2-443B-88BE-03567A0FF6C0} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {4AA0562A-7AC2-443B-88BE-03567A0FF6C0} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\Windows\system32\GWX\GWXDetector.exe [2015-09-30] (Microsoft Corporation)
Task: {59D7012F-2B1D-4CD3-94CF-3DD769DA89B1} - System32\Tasks\Opera scheduled Autoupdate 1513954682 => C:\Program Files\Opera\launcher.exe [2017-12-18] (Opera Software)
Task: {5ADBD26D-365E-43C0-9F95-A5E8E686C45D} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_126_pepper.exe [2017-12-13] (Adobe Systems Incorporated)
Task: {658A7173-16B7-401D-B315-83FD76F1E1BB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {75F53468-A3AF-47EF-B2DB-1D024966620C} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2017-12-21] (AVG Technologies CZ, s.r.o.)
Task: {791DDFEE-10A8-48AF-909C-F6BEA2BE0741} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-12-13] (Adobe Systems Incorporated)
Task: {922BB23B-7F99-4BB6-B385-0401FDF82152} - System32\Tasks\{1C55D76D-9159-4539-93F8-6869F0B4D47C} => C:\Windows\system32\pcalua.exe -a "F:\The KMPlayer\KMPSetup.exe" -d "F:\The KMPlayer"
Task: {A08DA72E-9907-421E-B0D4-81046F69B94A} - System32\Tasks\zHfURR => C:\Users\Win7\AppData\Local\vFgDHdv.bat [2009-07-14] () <==== ATTENTION
Task: {A36BC5DA-7F9D-4B0F-AC27-46C84577FB72} - System32\Tasks\{9E84EAAB-A2A8-4F60-A3D9-5AC6DED794CE} => E:\Igrice\Slender - The Arrival\game.exe [2013-07-27] ()
Task: {B0419A0F-62CC-468B-8759-FD482C12CE87} - System32\Tasks\{873ADAF3-6E36-48D0-8F71-CEB7831CBC31} => E:\Igrice\Slender - The Arrival\game.exe [2013-07-27] ()
Task: {BC07493F-0DBF-4C02-BEB6-A33BE52A48E1} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {CEF13864-14AF-4773-B74D-3D107BF4C074} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {D3FF3FC0-77CE-42DC-BA3F-B0698B3A67FA} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {D3FF3FC0-77CE-42DC-BA3F-B0698B3A67FA} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2015-09-30] (Microsoft Corporation)
Task: {DE1B4BC7-B383-45AF-BC6E-6DCDC29073A5} - System32\Tasks\TexSFf => C:\Users\Win7\AppData\Local\XnGfnCC.bat [2009-07-14] () <==== ATTENTION
Task: {DE4F88A2-2FAA-4A25-935E-23C31009EDD4} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {DF7861C0-C5D9-4660-BE02-31EC63D72B22} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2017-07-21] (Oracle Corporation)
Task: {E32BD3C3-29B2-454E-9991-6D8BAB3346CD} - System32\Tasks\bltopncomhohoj => C:\Program Files (x86)\Opera\49.0.2725.64\opera.exe
Task: {E404282D-6337-47A8-9A29-F02873E2EBCF} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {E404282D-6337-47A8-9A29-F02873E2EBCF} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2015-09-30] (Microsoft Corporation)
Task: {E4B91806-0117-4BCA-A8B1-A4AB610554F2} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-10-26] (Advanced Micro Devices, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-08-03 23:25 - 2015-08-03 23:25 - 000214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 000817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 003650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll
2017-06-05 05:34 - 2017-06-05 05:34 - 000015360 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.DLL
2017-06-05 05:34 - 2017-06-05 05:34 - 002519040 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2017-12-21 22:14 - 2017-12-21 22:14 - 000069040 _____ () c:\Program Files (x86)\AVG\Antivirus\x64\module_lifetime.dll
2017-12-21 22:14 - 2017-12-21 22:14 - 000069104 _____ () C:\Program Files (x86)\AVG\Antivirus\x64\dll_loader.dll
2017-12-21 22:14 - 2017-12-21 22:14 - 000237960 _____ () c:\Program Files (x86)\AVG\Antivirus\x64\vaarclient.dll
2017-12-21 22:14 - 2017-12-21 22:14 - 000903944 _____ () C:\Program Files (x86)\AVG\Antivirus\x64\ffl2.dll
2017-12-21 22:14 - 2017-12-21 22:14 - 000350688 _____ () c:\Program Files (x86)\AVG\Antivirus\x64\StreamBack.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 004300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 008801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2017-12-22 15:57 - 2017-12-18 07:42 - 094957864 _____ () C:\Program Files\Opera\49.0.2725.64\opera_browser.dll
2017-12-22 15:57 - 2017-12-18 07:42 - 004328744 _____ () C:\Program Files\Opera\49.0.2725.64\libglesv2.dll
2017-12-22 15:57 - 2017-12-18 07:42 - 000109352 _____ () C:\Program Files\Opera\49.0.2725.64\libegl.dll
2017-12-21 22:14 - 2017-12-21 22:14 - 000059136 _____ () C:\Program Files (x86)\AVG\Antivirus\module_lifetime.dll
2017-12-21 22:14 - 2017-12-21 22:14 - 000058624 _____ () C:\Program Files (x86)\AVG\Antivirus\dll_loader.dll
2017-12-21 22:14 - 2017-12-21 22:14 - 000207272 _____ () C:\Program Files (x86)\AVG\Antivirus\JsonRpcServer.dll
2017-12-21 22:14 - 2017-12-21 22:14 - 000290392 _____ () C:\Program Files (x86)\AVG\Antivirus\tasks_core.dll
2017-12-21 22:14 - 2017-12-21 22:14 - 000197368 _____ () C:\Program Files (x86)\AVG\Antivirus\network_notifications.dll
2017-12-24 14:14 - 2017-12-24 14:14 - 005763384 _____ () C:\Program Files (x86)\AVG\Antivirus\defs\17122400\algo.dll
2017-12-21 22:14 - 2017-12-21 22:14 - 000746528 _____ () C:\Program Files (x86)\AVG\Antivirus\ffl2.dll
2017-12-21 22:14 - 2017-12-21 22:14 - 000295064 _____ () C:\Program Files (x86)\AVG\Antivirus\streamback.dll
2017-03-23 14:41 - 2017-02-24 11:59 - 000150656 _____ () c:\users\win7\appdata\local\hwifisvc\hwifisvc.dll
2017-03-23 14:41 - 2017-02-24 11:59 - 000063104 _____ () c:\users\win7\appdata\local\hwifisvc\HWiFiCtrlDll.dll
2017-03-23 14:41 - 2017-02-24 11:59 - 000119424 _____ () c:\users\win7\appdata\local\hwifisvc\ServiceHelp.dll
2017-03-23 14:41 - 2017-02-24 11:59 - 000172160 _____ () c:\users\win7\appdata\local\hwifisvc\substat.dll
2017-03-23 14:41 - 2017-02-24 11:59 - 000076928 _____ () c:\users\win7\appdata\local\hwifisvc\IPC.dll
2017-03-23 14:41 - 2017-02-24 11:59 - 000110720 _____ () c:\users\win7\appdata\local\hwifisvc\Updater\UpdateHelper.dll
2017-03-23 14:41 - 2017-03-17 02:37 - 000278144 _____ () c:\users\win7\appdata\local\hwifisvc\Updater\CheckUpdate.dll
2016-12-01 20:32 - 2017-10-17 02:21 - 000186544 _____ () c:\program files (x86)\ostotosoft\drivertalent\ldrvsvc.dll
2016-12-01 20:32 - 2017-10-17 02:21 - 000263344 _____ () c:\program files (x86)\ostotosoft\drivertalent\updater\checkupdate.dll
2016-12-01 20:32 - 2017-10-17 02:21 - 000169648 _____ () c:\program files (x86)\ostotosoft\drivertalent\substat.dll
2016-12-01 20:32 - 2017-10-17 02:21 - 000169648 _____ () c:\program files (x86)\ostotosoft\drivertalent\DtlPlug.dll
2016-12-01 20:32 - 2017-10-17 02:21 - 000111280 _____ () c:\program files (x86)\ostotosoft\drivertalent\dstudp.dll
2016-12-01 20:32 - 2017-10-17 02:21 - 000123568 _____ () c:\program files (x86)\ostotosoft\drivertalent\udp.dll
2017-10-24 11:48 - 2017-10-23 07:14 - 000052736 _____ () c:\program files (x86)\ostotosoft\drivertalent\DTLPlugs\InstallCLPlugV1\InstallCLPlugV1.dll
2017-10-24 11:48 - 2017-10-24 11:48 - 000161968 _____ () c:\program files (x86)\ostotosoft\conquerorlive\lhelpersvc.dll
2017-10-24 11:48 - 2017-10-24 11:48 - 000263344 _____ () c:\program files (x86)\ostotosoft\conquerorlive\updater\checkupdate.dll
2017-10-24 11:48 - 2017-10-24 11:48 - 000169648 _____ () c:\program files (x86)\ostotosoft\conquerorlive\substat.dll
2016-11-28 12:43 - 2016-11-28 12:42 - 048920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
2017-07-25 15:06 - 2017-07-25 15:06 - 067109376 _____ () C:\Program Files (x86)\AVG\Antivirus\libcef.dll
2015-05-08 02:37 - 2015-05-08 02:37 - 000087040 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_ctypes.pyd
2015-05-08 02:37 - 2015-05-08 02:37 - 000043008 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_socket.pyd
2015-05-08 02:37 - 2015-05-08 02:37 - 000805376 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_ssl.pyd
2015-05-08 02:39 - 2015-05-08 02:39 - 005812736 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtGui.pyd
2017-05-04 20:01 - 2017-05-04 20:01 - 000067584 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\sip.pyd
2015-05-08 02:39 - 2015-05-08 02:39 - 001662464 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtCore.pyd
2015-05-08 02:39 - 2015-05-08 02:39 - 000494592 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtNetwork.pyd
2015-05-08 02:39 - 2015-05-08 02:39 - 000096256 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32api.pyd
2015-05-08 02:38 - 2015-05-08 02:38 - 000110592 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\pywintypes26.dll
2015-05-08 02:37 - 2015-05-08 02:37 - 000010240 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\select.pyd
2015-05-08 02:37 - 2015-05-08 02:37 - 000356864 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_hashlib.pyd
2015-05-08 02:39 - 2015-05-08 02:39 - 000036352 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32process.pyd
2015-05-08 02:39 - 2015-05-08 02:39 - 000111104 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32file.pyd
2015-05-08 02:37 - 2015-05-08 02:37 - 000044544 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_sqlite3.pyd
2015-05-08 02:49 - 2015-05-08 02:49 - 000417501 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\sqlite3.dll
2015-05-08 02:39 - 2015-05-08 02:39 - 000167936 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32gui.pyd
2015-05-08 02:39 - 2015-05-08 02:39 - 000313856 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtWebKit.pyd
2015-05-08 02:37 - 2015-05-08 02:37 - 000127488 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\pyexpat.pyd
2015-05-08 02:37 - 2015-05-08 02:37 - 000009216 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\winsound.pyd
2015-11-13 22:59 - 2015-11-13 22:59 - 000113171 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libvlc.dll
2015-11-13 22:59 - 2015-11-13 22:59 - 002396691 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libvlccore.dll
2015-05-08 02:37 - 2015-05-08 02:37 - 000583680 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\unicodedata.pyd
2015-05-08 02:39 - 2015-05-08 02:39 - 000141312 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\gobject._gobject.pyd
2017-05-04 18:33 - 2017-05-04 18:33 - 002717595 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\heliotrope._purple.pyd
2015-05-08 02:49 - 2015-05-08 02:49 - 001213633 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libxml2-2.dll
2015-05-08 02:55 - 2015-05-08 02:55 - 000055808 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\zlib1.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 000495680 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libaim.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 001183699 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\liboscar.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 000483306 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libicq.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 000655356 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libirc.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 001306387 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libmsn.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 000565461 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libxmpp.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 001640221 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libjabber.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 000506276 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libyahoo.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 001053730 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libymsg.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 000497782 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libyahoojp.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 000603326 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\ssl-nss.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 000474199 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\ssl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:34 - 2009-06-10 22:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3949541906-4103471786-196366755-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{DEB1FE9F-73AE-4500-9E9D-F37ED1D53B07}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{83D879EA-07D3-452E-96D2-84351ABFA466}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{8CDB542C-81A0-4288-942A-D23ED8629CF2}] => (Allow) C:\Users\Win7\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D19E5714-34B9-4B6E-93EB-354B8D54071B}] => (Allow) C:\Users\Win7\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{00589A4F-C107-4008-BD3B-1CD20B3F887E}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{53D19596-7FBD-4E41-8BBC-93593F5F754B}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [TCP Query User{2B6232D5-0093-4FC2-8DD2-4B88D6149D04}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Block) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{AF895B26-02FE-45EB-9DDC-DBB5A46EF3EA}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Block) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{7552145E-5F6C-4EA2-A919-BD85769FF183}] => (Allow) E:\Igrice\Virtua Tennis 4\VT4.exe
FirewallRules: [{73B7943F-394F-4E95-8E93-3809880CA7B1}] => (Allow) E:\Igrice\Virtua Tennis 4\VT4.exe
FirewallRules: [{158A95B4-9F71-463A-9664-9C8ACB0FECDE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{42615072-535E-4F92-AE77-1E6DCAA419DA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C90A3A01-5E85-4BCB-978E-5C57110512A3}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{03DB4193-0CD9-4AE9-B3D8-DF42A2DFC4DE}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{66D38060-564B-4A5F-9A34-7393E18F4AFD}] => (Allow) C:\Program Files (x86)\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [{23C4B55F-CB1C-4240-A2B7-4693ECDCBAFC}] => (Allow) C:\Program Files (x86)\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [TCP Query User{7B30874A-A5BD-470E-AAB3-9E3F89EEA901}E:\igrice\naruto shippuden ultimate ninja storm revolution\nsunsr.exe] => (Allow) E:\igrice\naruto shippuden ultimate ninja storm revolution\nsunsr.exe
FirewallRules: [UDP Query User{13B85BE3-128E-4159-8DA2-EFAE5EB495AF}E:\igrice\naruto shippuden ultimate ninja storm revolution\nsunsr.exe] => (Allow) E:\igrice\naruto shippuden ultimate ninja storm revolution\nsunsr.exe
FirewallRules: [TCP Query User{049B0CC2-1534-4371-AC23-3E20EF8A6F60}E:\igrice\counter-strike 1.6\hl.exe] => (Allow) E:\igrice\counter-strike 1.6\hl.exe
FirewallRules: [UDP Query User{F3E9F2CD-488C-41BB-B428-7156A4D8DAE5}E:\igrice\counter-strike 1.6\hl.exe] => (Allow) E:\igrice\counter-strike 1.6\hl.exe
FirewallRules: [TCP Query User{85EDF3BE-64CE-4898-99B5-7B2A0BC3320F}E:\igrice\counter-strike warzone\hl.exe] => (Allow) E:\igrice\counter-strike warzone\hl.exe
FirewallRules: [UDP Query User{9801DD52-F41E-46E6-AB5B-C90179670B66}E:\igrice\counter-strike warzone\hl.exe] => (Allow) E:\igrice\counter-strike warzone\hl.exe
FirewallRules: [TCP Query User{35C30E7D-DAF7-4D63-83B5-459964AD4EBF}E:\igrice\counter-strike warzone\hlds.exe] => (Allow) E:\igrice\counter-strike warzone\hlds.exe
FirewallRules: [UDP Query User{7C0D538A-CB38-4200-97FE-EA3862E6979F}E:\igrice\counter-strike warzone\hlds.exe] => (Allow) E:\igrice\counter-strike warzone\hlds.exe
FirewallRules: [{4D5B4F23-44F7-4786-92F1-FADD7AEC9D9B}] => (Allow) D:\Igrice\Age of Empires III\age3.exe
FirewallRules: [{F08FE4DF-303C-4C8E-83AC-3994A313E906}] => (Allow) D:\Igrice\Age of Empires III\age3.exe
FirewallRules: [{87E92CE0-8BCE-4DAD-B9F8-DAC21E3481AE}] => (Allow) D:\Igrice\Age of Empires III\age3x.exe
FirewallRules: [{4A33B56D-6AE6-48A5-B5CC-D0814FF2F473}] => (Allow) D:\Igrice\Age of Empires III\age3x.exe
FirewallRules: [{C2B2E2AC-BA5E-40C0-85AA-6B8967359B85}] => (Allow) D:\Igrice\Age of Empires III\age3y.exe
FirewallRules: [{F1B17E6C-EDE4-4398-A7A0-9A80469F497E}] => (Allow) D:\Igrice\Age of Empires III\age3y.exe
FirewallRules: [TCP Query User{D3D94D88-E1B0-4C39-868A-17F815780FB0}C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe] => (Allow) C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe
FirewallRules: [UDP Query User{B0F6B974-9533-48E0-9F5A-DBC36CD07932}C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe] => (Allow) C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe
FirewallRules: [{6C5F797F-93A0-45D3-921B-E9507E3345A7}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{26872B4A-4586-4476-BAA3-A4CBC94A509C}] => (Allow) C:\Program Files (x86)\Tunngle\Tnglctrl.exe
FirewallRules: [TCP Query User{6B9A3F0B-1EE8-4106-82B9-0B0062495D54}C:\program files (x86)\fontforgebuilds\bin\vcxsrv\vcxsrv.exe] => (Allow) C:\program files (x86)\fontforgebuilds\bin\vcxsrv\vcxsrv.exe
FirewallRules: [UDP Query User{05D30689-8788-46B1-8005-32A9E5FAAD78}C:\program files (x86)\fontforgebuilds\bin\vcxsrv\vcxsrv.exe] => (Allow) C:\program files (x86)\fontforgebuilds\bin\vcxsrv\vcxsrv.exe
FirewallRules: [TCP Query User{440E7418-C02E-4326-A07A-5BEEF5710CA7}E:\igrice\call of duty modern warfare 2\iw4mp.exe] => (Allow) E:\igrice\call of duty modern warfare 2\iw4mp.exe
FirewallRules: [UDP Query User{F45A76DA-DA35-46AA-8B52-931DD4C3D334}E:\igrice\call of duty modern warfare 2\iw4mp.exe] => (Allow) E:\igrice\call of duty modern warfare 2\iw4mp.exe
FirewallRules: [TCP Query User{030658E1-C981-436B-A3F6-0D4B59CC87E5}D:\igrice\kanter ruski\(crazy-css.tk) css-zombie mod\hl2.exe] => (Allow) D:\igrice\kanter ruski\(crazy-css.tk) css-zombie mod\hl2.exe
FirewallRules: [UDP Query User{CB5A6C84-DBC4-4F72-8F20-DFA96DE34EF2}D:\igrice\kanter ruski\(crazy-css.tk) css-zombie mod\hl2.exe] => (Allow) D:\igrice\kanter ruski\(crazy-css.tk) css-zombie mod\hl2.exe
FirewallRules: [{B39DC964-A4F7-4276-A19F-A1927F9E00B2}] => (Allow) LPort=25565
FirewallRules: [{8C91993A-A086-4CAA-B1C7-F1D64523ADC6}] => (Allow) LPort=25565
FirewallRules: [TCP Query User{657EB9D7-EDBE-4E1F-9832-C307563E1D2C}C:\users\win7\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\win7\appdata\roaming\gameranger\gameranger\gameranger.exe
FirewallRules: [UDP Query User{A788EF49-C5FF-42C6-8F13-728E6B787EC2}C:\users\win7\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\win7\appdata\roaming\gameranger\gameranger\gameranger.exe
FirewallRules: [{DD102A40-55CC-4547-9D79-15F8E2D1AA9A}] => (Allow) D:\Igrice\Crusaders Stronghold\Stronghold Crusader.exe
FirewallRules: [{8A9D450D-D48F-42A6-BE5A-C390EEEB4D0B}] => (Allow) D:\Igrice\Crusaders Stronghold\Stronghold Crusader.exe
FirewallRules: [{DBDC9B38-B1AA-490E-9AB9-D9176A83BD8A}] => (Allow) D:\Igrice\Crusaders Stronghold\Stronghold Crusader.exe
FirewallRules: [{40264B8C-A74B-40C4-9D68-1A52898D7F31}] => (Allow) D:\Igrice\Crusaders Stronghold\Stronghold Crusader.exe
FirewallRules: [TCP Query User{56ABF8D1-C055-4D2D-BC48-B906AA9421AE}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{50CFAB0E-115B-4AEE-9F85-393DE771A446}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [{3A934ED3-4A1A-49CB-8B20-583A87CDC222}] => (Allow) D:\Igrice\Halo\halo.exe
FirewallRules: [{597C295F-F94F-4E47-8C03-AA33D0CC8AE5}] => (Allow) D:\Igrice\Halo\halo.exe
FirewallRules: [{6289F7BD-0855-4409-920E-1EE5785C87C6}] => (Allow) D:\Igrice\Halo\halo.exe
FirewallRules: [{DF56BEB9-F217-4B5C-BA1F-D9F940A7B823}] => (Allow) D:\Igrice\Halo\halo.exe
FirewallRules: [{EF153247-AAA9-4C74-A548-8B3ADD9F5D93}] => (Allow) D:\Igrice\Halo Custom Edition\haloce.exe
FirewallRules: [{7AE986E2-8E53-4897-BD98-5C5F7C6B294D}] => (Allow) D:\Igrice\Halo Custom Edition\haloce.exe
FirewallRules: [{12206405-2AFE-451F-95B8-8D90C64EF804}] => (Allow) D:\Igrice\Halo Custom Edition\haloce.exe
FirewallRules: [{722FB9C8-7CF5-4650-90FD-76F8AAD4F5A7}] => (Allow) D:\Igrice\Halo Custom Edition\haloce.exe
FirewallRules: [{16B3571F-ED0A-4281-A9AB-7AE2EED6179A}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\10.2\Mathematica.exe
FirewallRules: [{245EF56D-8D44-4E07-B495-2FFF5F5E6596}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\10.2\Mathematica.exe
FirewallRules: [{8E813B02-97BF-48C6-B3DA-88CEAB19ACA7}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\10.2\MathKernel.exe
FirewallRules: [{F1457225-AB60-4669-952A-7B1DAF7399F9}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\10.2\MathKernel.exe
FirewallRules: [{EFBA2D2E-440D-4D77-A2CB-B604690FF14B}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\10.2\math.exe
FirewallRules: [{407C1FEF-7846-4795-8ED8-06F55A2F69AA}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\10.2\math.exe
FirewallRules: [{2D42F554-9A6E-4F61-B232-A9C0A976CF1A}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\9.0\Mathematica.exe
FirewallRules: [{5C8323A0-071C-47C7-A69E-94A43D124D34}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\9.0\Mathematica.exe
FirewallRules: [{16CE03D7-49D1-4A09-BA31-47563EFE71DA}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\9.0\MathKernel.exe
FirewallRules: [{2928104B-3B3D-4070-8D92-2A055F3EA149}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\9.0\MathKernel.exe
FirewallRules: [{ACB26DB1-5D3F-4FE6-B585-2CA0B0BF9055}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\9.0\math.exe
FirewallRules: [{93586AB8-F751-435C-83CB-74BF582E8F8C}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\9.0\math.exe
FirewallRules: [TCP Query User{4B426DB4-D375-42B5-B5B4-C778B0587207}C:\program files (x86)\ostotosoft\drivertalent\drivertalent.exe] => (Block) C:\program files (x86)\ostotosoft\drivertalent\drivertalent.exe
FirewallRules: [UDP Query User{37E3AE75-BE52-4393-A7CB-17EDFBDF8E21}C:\program files (x86)\ostotosoft\drivertalent\drivertalent.exe] => (Block) C:\program files (x86)\ostotosoft\drivertalent\drivertalent.exe
FirewallRules: [{DECCBFAF-5A26-44F8-AA50-5D8C57A04D89}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DriverTalent.exe
FirewallRules: [{1E0D2D51-1A19-4CF9-91FE-CB823FF6BAEC}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DTLService.exe
FirewallRules: [{1E424909-D13D-4AF5-9775-4FA8DD2ECE6F}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\download\MiniThunderPlatform.exe
FirewallRules: [TCP Query User{CA3D0ED9-11A0-48C2-86C0-E31D5D808CA1}D:\igrice\worms armageddon\wa.exe] => (Allow) D:\igrice\worms armageddon\wa.exe
FirewallRules: [UDP Query User{0C6F1E7A-8D87-4DE2-A8A8-BFC8705A2AE1}D:\igrice\worms armageddon\wa.exe] => (Allow) D:\igrice\worms armageddon\wa.exe
FirewallRules: [TCP Query User{5F885D6C-867F-475A-82C1-5159D5134BE0}C:\nevezano za programe\igrice\hltv.exe] => (Block) C:\nevezano za programe\igrice\hltv.exe
FirewallRules: [UDP Query User{4E9425D6-485E-4163-B6E8-8CA75195A87B}C:\nevezano za programe\igrice\hltv.exe] => (Block) C:\nevezano za programe\igrice\hltv.exe
FirewallRules: [TCP Query User{59012093-0352-41B9-A24A-DA1737C4F4C3}C:\nevezano za programe\igrice\hl.exe] => (Block) C:\nevezano za programe\igrice\hl.exe
FirewallRules: [UDP Query User{23B95C50-40CF-4AF9-AF00-96C9FE1D0A23}C:\nevezano za programe\igrice\hl.exe] => (Block) C:\nevezano za programe\igrice\hl.exe
FirewallRules: [{7AAF5374-C375-4313-A404-27583615C7EC}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{83C17F38-9F59-4DB0-86C0-73F39D426EFC}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{C2FD64E6-6824-4E1C-90D4-E970C1D7ED9E}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{92345CD0-9BD6-40BE-939D-FC9B54DB3EC4}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{03658FE6-2BE1-427B-8402-35C2415ABABD}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{9DF6C3A3-3101-49EA-9494-D2504E8ECFF7}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{2F107CF5-CB03-47BD-81C6-D84FC00BF89F}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{81C96146-6344-4503-83D0-AA96F69430E9}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [TCP Query User{D8687591-074D-4877-BBA9-14C261BEF8DB}E:\igrice\crvici\wa.exe] => (Allow) E:\igrice\crvici\wa.exe
FirewallRules: [UDP Query User{284DE222-E695-49BB-8BF6-E2FE6858637B}E:\igrice\crvici\wa.exe] => (Allow) E:\igrice\crvici\wa.exe
FirewallRules: [TCP Query User{5DBD7E40-6C5B-4048-80C6-89C187418EEB}C:\users\win7\downloads\subnautica.v57474\subnautica.v57474\subnautica.exe] => (Block) C:\users\win7\downloads\subnautica.v57474\subnautica.v57474\subnautica.exe
FirewallRules: [UDP Query User{2301BB62-633A-4C77-87DE-FDEAB19377EB}C:\users\win7\downloads\subnautica.v57474\subnautica.v57474\subnautica.exe] => (Block) C:\users\win7\downloads\subnautica.v57474\subnautica.v57474\subnautica.exe
FirewallRules: [{0B92C84C-594D-4DF8-B4AF-A6C030934B91}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{3B13F8B5-D34D-42BF-9248-97672B55D832}C:\users\win7\downloads\the.forest.v0.71\the.forest.v0.71\theforest.exe] => (Allow) C:\users\win7\downloads\the.forest.v0.71\the.forest.v0.71\theforest.exe
FirewallRules: [UDP Query User{2CE08C26-983C-4298-A1E5-A15FB3465BC7}C:\users\win7\downloads\the.forest.v0.71\the.forest.v0.71\theforest.exe] => (Allow) C:\users\win7\downloads\the.forest.v0.71\the.forest.v0.71\theforest.exe
FirewallRules: [TCP Query User{EF192173-273F-440B-919D-799B499150B0}C:\users\win7\downloads\the.forest.v0.71\the.forest.v0.71\theforest32.exe] => (Allow) C:\users\win7\downloads\the.forest.v0.71\the.forest.v0.71\theforest32.exe
FirewallRules: [UDP Query User{39CCEEF3-02B4-4748-8173-5CEA8F6D5D80}C:\users\win7\downloads\the.forest.v0.71\the.forest.v0.71\theforest32.exe] => (Allow) C:\users\win7\downloads\the.forest.v0.71\the.forest.v0.71\theforest32.exe
FirewallRules: [{2D2675B3-C25A-4AA4-847E-AF1D37087AFE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{3CEFF09C-A950-42D3-A60F-34D909E18636}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{F9E919A9-6FF0-46A3-9894-CDAC20DFB16B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{0AA14B34-5F2C-4C03-A335-21E2F104BA9E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{80EF21E5-0726-4480-9546-C7ED05D11EF0}] => (Allow) C:\Users\Win7\Downloads\Space.Engineers.v1.185.015\Space.Engineers.v1.185.015\Space Enginners\Bin64\SpaceEngineers.exe
FirewallRules: [{C87A1B7E-923B-48C7-89C7-FDB41BD1BD2F}] => (Allow) C:\Users\Win7\Downloads\Space.Engineers.v1.185.015\Space.Engineers.v1.185.015\Space Enginners\Bin64\SpaceEngineers.exe
FirewallRules: [{454DCC8A-E49B-4425-87E9-DD57AC1B74CC}] => (Allow) C:\Users\Win7\Downloads\Space.Engineers.v1.185.015\Space.Engineers.v1.185.015\Space Enginners\Bin64\SpaceEngineers.exe
FirewallRules: [{A19F6FCD-0E3C-474D-9704-151C1208AC09}] => (Allow) C:\Users\Win7\Downloads\Space.Engineers.v1.185.015\Space.Engineers.v1.185.015\Space Enginners\Bin64\SpaceEngineers.exe
FirewallRules: [{47B7553A-103E-4C90-B31D-7AD67B2C4B6F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{67F9B4FF-63AA-4E74-B164-9A7BA0A19ABC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{84350D78-F88D-4DFB-AC3B-F73BE11397E9}] => (Allow) C:\Program Files\Opera\49.0.2725.64\opera.exe
FirewallRules: [{C7039458-EF49-4892-A5D4-8B8D6E34B95E}] => (Allow) C:\Users\Win7\Downloads\game-win64-mmo_0_10_5_0-snapshot-1511118585\cm_client.exe
FirewallRules: [{96D79017-0082-4322-81DB-6A5A02006329}] => (Allow) C:\Users\Win7\Downloads\game-win64-mmo_0_10_5_0-snapshot-1511118585\cm_client.exe
FirewallRules: [{663EA104-A3A7-4010-BD98-4C7C299E99E9}] => (Allow) C:\Users\Win7\Downloads\game-win64-mmo_0_10_5_0-snapshot-1511118585\cm_client.exe
FirewallRules: [{D2346901-64AF-4ECE-B5C3-EACBF2093EAF}] => (Allow) C:\Users\Win7\Downloads\game-win64-mmo_0_10_5_0-snapshot-1511118585\cm_client.exe
FirewallRules: [{21138051-DBDA-4AF2-99FA-6D8A7CB9DFC9}] => (Allow) E:\Igrice\Life is Feudal MMO\launcher.exe
FirewallRules: [{6AADA34A-1947-4BF0-8858-6F1149E5DE00}] => (Allow) E:\Igrice\Life is Feudal MMO\launcher.exe
FirewallRules: [{F6607B32-362E-4CB5-B9A7-CB25D6384B86}] => (Allow) D:\Igrice\Assassin's Creed IV Black Flag\AC4BFSP.exe
FirewallRules: [{06A6205A-2DA7-4D02-AB0B-35D9B598058F}] => (Allow) D:\Igrice\Assassin's Creed IV Black Flag\AC4BFSP.exe
FirewallRules: [{9B569BB3-7C47-4D43-8EA1-0A5A3C5F560F}] => (Allow) D:\Igrice\Assassin's Creed IV Black Flag\AC4BFMP.exe
FirewallRules: [{585E80D7-54C0-4B5D-802A-5EAD7192912E}] => (Allow) D:\Igrice\Assassin's Creed IV Black Flag\AC4BFMP.exe
FirewallRules: [TCP Query User{742B2D4B-932C-4FEB-9003-72507CDE35B4}E:\igrice\revolt\revolt.exe] => (Allow) E:\igrice\revolt\revolt.exe
FirewallRules: [UDP Query User{EDD8F922-1063-4014-A4CB-CE728D944CE3}E:\igrice\revolt\revolt.exe] => (Allow) E:\igrice\revolt\revolt.exe
FirewallRules: [TCP Query User{737279F0-B468-4D1E-AF85-64991F283727}E:\igrice\rv house\rv_house.exe] => (Allow) E:\igrice\rv house\rv_house.exe
FirewallRules: [UDP Query User{05EB1213-8C74-442E-9A97-123E4B134775}E:\igrice\rv house\rv_house.exe] => (Allow) E:\igrice\rv house\rv_house.exe
FirewallRules: [{0C52A243-ADF8-4370-A110-5D1CB7B8E838}] => (Allow) LPort=2301
 
==================== Restore Points =========================
 
23-12-2017 19:42:45 Scheduled Checkpoint
24-12-2017 08:46:56 Installed DirectX
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/25/2017 10:48:51 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Users\Win7\Downloads\vcredist_arm.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (12/24/2017 09:39:03 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Users\Win7\Downloads\vcredist_arm.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (12/24/2017 07:48:48 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Users\Win7\Downloads\vcredist_arm.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (12/24/2017 06:41:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 39373652.exe, version: 0.0.0.0, time stamp: 0x2a425e19
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x6459595a
Faulting process id: 0x1f3c
Faulting application start time: 0x01d37cde6134d23d
Faulting application path: C:\Users\Win7\AppData\Local\Temp\39373652.exe
Faulting module path: unknown
Report Id: a0e2e12f-e8d1-11e7-9bee-d43d7e48fa5e
 
Error: (12/24/2017 06:41:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 39373652.exe, version: 0.0.0.0, time stamp: 0x2a425e19
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000e578
Faulting process id: 0x1f3c
Faulting application start time: 0x01d37cde6134d23d
Faulting application path: C:\Users\Win7\AppData\Local\Temp\39373652.exe
Faulting module path: unknown
Report Id: a00b42b7-e8d1-11e7-9bee-d43d7e48fa5e
 
Error: (12/24/2017 12:21:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 2170423526.exe, version: 0.0.0.0, time stamp: 0x2a425e19
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x6459595a
Faulting process id: 0x1cc0
Faulting application start time: 0x01d37c44b5cc8975
Faulting application path: C:\Users\Win7\AppData\Local\Temp\2170423526.exe
Faulting module path: unknown
Report Id: f527e24e-e837-11e7-9bee-d43d7e48fa5e
 
Error: (12/24/2017 12:21:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 2170423526.exe, version: 0.0.0.0, time stamp: 0x2a425e19
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000e578
Faulting process id: 0x1cc0
Faulting application start time: 0x01d37c44b5cc8975
Faulting application path: C:\Users\Win7\AppData\Local\Temp\2170423526.exe
Faulting module path: unknown
Report Id: f47ef5a5-e837-11e7-9bee-d43d7e48fa5e
 
Error: (12/24/2017 12:21:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 8794811.exe, version: 7.5.7601.17514, time stamp: 0x4ce791e9
Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time stamp: 0x4eeaf722
Exception code: 0xc0000005
Fault offset: 0x0000b515
Faulting process id: 0xb68
Faulting application start time: 0x01d37c44b2419d2e
Faulting application path: C:\Windows\SysWOW64\8794811.exe
Faulting module path: C:\Windows\syswow64\msvcrt.dll
Report Id: f2a79b3e-e837-11e7-9bee-d43d7e48fa5e
 
Error: (12/22/2017 07:49:22 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Users\Win7\Downloads\vcredist_arm.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (12/22/2017 04:22:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 2892025243.exe, version: 0.0.0.0, time stamp: 0x2a425e19
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x6459595a
Faulting process id: 0x254
Faulting application start time: 0x01d37ad409868dd2
Faulting application path: C:\Users\Win7\AppData\Local\Temp\2892025243.exe
Faulting module path: unknown
Report Id: 4913dd57-e6c7-11e7-9cc6-d43d7e48fa5e
 
 
System errors:
=============
Error: (12/25/2017 10:35:47 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.
 
Error: (12/25/2017 10:30:14 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Service service terminated with the following error: 
The specified module could not be found.
 
Error: (12/25/2017 10:29:45 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck.  The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa800808cad0, 0xfffffa800808cdb0, 0xfffff800037e2600). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122517-35443-01.
 
Error: (12/25/2017 10:29:44 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:27:50 AM on ‎12/‎25/‎2017 was unexpected.
 
Error: (12/23/2017 06:43:50 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (12/23/2017 03:20:48 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
 
Error: (12/23/2017 03:18:23 PM) (Source: Microsoft-Windows-WHEA-Logger) (EventID: 20) (User: NT AUTHORITY)
Description: A fatal hardware error has occurred.
 
Component: AMD Northbridge
Error Source: 3
Error Type: 7
Processor ID: 0
 
The details view of this entry contains further information.
 
Error: (12/23/2017 03:17:50 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Service service terminated with the following error: 
The specified module could not be found.
 
Error: (12/23/2017 03:17:18 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000124 (0x0000000000000000, 0xfffffa8008156788, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\Minidump\122317-36051-01.dmp. Report Id: 122317-36051-01.
 
Error: (12/23/2017 03:17:18 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:16:12 PM on ‎12/‎23/‎2017 was unexpected.
 
 
CodeIntegrity:
===================================
  Date: 2014-11-14 20:14:25.106
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\AVG\AVG2015\avghooka.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-13 23:20:23.663
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\AVG\AVG2015\avghooka.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-13 20:29:02.549
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\AVG\AVG2015\avghooka.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-13 20:12:46.715
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\AVG\AVG2015\avghooka.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-13 19:52:10.228
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\AVG\AVG2015\avghooka.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-13 17:17:08.712
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\AVG\AVG2015\avghooka.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-13 11:17:14.810
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\AVG\AVG2015\avghooka.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-13 08:43:21.324
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\AVG\AVG2015\avghooka.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: AMD FX™-8320 Eight-Core Processor 
Percentage of memory in use: 33%
Total physical RAM: 8175.18 MB
Available physical RAM: 5395.74 MB
Total Virtual: 16348.54 MB
Available Virtual: 12822.29 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:443.23 GB) (Free:87.02 GB) NTFS
Drive d: () (Fixed) (Total:195.21 GB) (Free:30.91 GB) NTFS
Drive e: () (Fixed) (Total:292.97 GB) (Free:41.39 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 9783F09B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=293 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=443.2 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

Edited by AleksaB96, 25 December 2017 - 08:20 AM.


BC AdBot (Login to Remove)

 


#2 AleksaB96

AleksaB96
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:42 AM

Posted 26 December 2017 - 09:57 AM

P.S. I have now realized that whenever my computer starts for a split second taskeng.exe comes up at the beginning before everything else, and after that cmd.exe.



#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,210 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:42 PM

Posted 26 December 2017 - 10:42 AM

Greetings AleksaB96 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me just a bit of time to review what you have posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 AleksaB96

AleksaB96
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:42 AM

Posted 26 December 2017 - 02:38 PM

All right Gary, feel free to call me Alex. It happened again but this time it was downloading from internet, souflord.com I think, zip archive, and putting it in system32. I closed cmd before it finished.

 

Thank you, btw :)



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,210 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:42 PM

Posted 26 December 2017 - 07:09 PM

Greetings Alex. Thank you for your patience.

Your computer is quite sick. :(

You might want to consider moving FRST64.exe onto your Desktop;

Running from C:\Users\Win7\AppData\Local\Temp\scoped_dir1640_16301


-----

Did you install these programs?

AFD8
Аrdamаx Kеylogger 4.4.2
Driver Talent


-----

Please consider and do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have Peer 2 Peer (torrent) program(s) installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Peer 2 Peer programs, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about CryptoLocker Ransomware, a type of Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.


===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-3949541906-4103471786-196366755-1000\...\MountPoints2: G - G:\setup.exe
HKU\S-1-5-21-3949541906-4103471786-196366755-1000\...\MountPoints2: H - H:\setup.exe
HKU\S-1-5-21-3949541906-4103471786-196366755-1000\...\MountPoints2: {565ec636-e2df-11e5-ad6c-d43d7e48fa5e} - H:\SETUP.EXE
HKU\S-1-5-21-3949541906-4103471786-196366755-1000\...\MountPoints2: {6e1f0ce6-d53c-11e4-be1f-d43d7e48fa5e} - H:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A11B02 PID_0083
ProxyServer: [S-1-5-21-3949541906-4103471786-196366755-1000] => proxy.sbb.rs:8080
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.apusx.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.apusx.com
Toolbar: HKLM - No Name - {F7C0B985-5735-4133-B5E0-ED46658D36B4} -  No File
Toolbar: HKLM-x32 - No Name - {F7C0B985-5735-4133-B5E0-ED46658D36B4} -  No File
Toolbar: HKU\S-1-5-21-3949541906-4103471786-196366755-1000 -> No Name - {F7C0B985-5735-4133-B5E0-ED46658D36B4} -  No File
FF HKU\S-1-5-21-3949541906-4103471786-196366755-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff => not found
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.8\\npsitesafety.dll [No File]
CHR StartupUrls: Default -> "hxxp://ww-searchings.com/hp?src=zl&r=1CD03F1E5B8C28B60EAC7D9A27B76C1D"
CHR NewTab: Default ->  Active:"chrome-extension://chfdnecihphmhljaaejmgoiahnihplgn/pages/newtab.html"
CHR DefaultSearchURL: Default -> hxxp://ww-searchings.com/s?src=zl&r=1CD03F1E5B8C28B60EAC7D9A27B76C1D&q={searchTerms}
CHR DefaultSearchKeyword: Default -> searchings
R2 hwifisvc; c:\users\win7\appdata\local\hwifisvc\hwifisvc.dll [150656 2017-02-24] () <==== ATTENTION
c:\users\win7\appdata\local\hwifisvc
S2 MppSvc; C:\ProgramData\{A7FB8CB9-0BE2-4c79-BB9C-01F657A649CA}\mppsvc.dll [X]
S3 7ByteIo; \??\C:\Program Files (x86)\Hot CPU Tester Pro 4 LE\SysInfoX64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 WinRing0_1_2_0; \??\C:\Users\Win7\Downloads\openhardwaremonitor-v0.8.0-beta\OpenHardwareMonitor\OpenHardwareMonitorLib.sys [X]
2017-12-24 12:20 - 2017-12-24 12:20 - 000000000 ____D C:\Users\Win7\AppData\Local\yo_cm_client
2017-12-24 12:20 - 2017-12-24 12:20 - 000000000 ____D C:\Users\Win7\AppData\Local\cache
2017-12-23 19:01 - 2017-12-23 19:01 - 000000000 ___HD C:\Windows\msdownld.tmp
2017-12-21 13:02 - 2017-12-25 10:33 - 000003466 _____ C:\Windows\System32\Tasks\TexSFf
2017-12-21 13:02 - 2017-12-25 09:21 - 000003264 _____ C:\Windows\System32\Tasks\zHfURR
2017-12-21 13:02 - 2017-12-21 13:02 - 000000001 _____ C:\Users\Win7\AppData\Local\WMI.ini
2017-12-21 13:02 - 2010-11-20 13:16 - 000186368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\8794811.exe
2017-12-21 13:02 - 2009-07-14 02:14 - 000000998 _____ C:\Users\Win7\AppData\Local\XtTzcnWGYK
2017-12-21 13:02 - 2009-07-14 02:14 - 000000960 _____ C:\Users\Win7\AppData\Local\mpTXgNuLumZ
2017-12-21 13:02 - 2009-07-14 02:14 - 000000069 _____ C:\Users\Win7\AppData\Local\vFgDHdv
2017-12-21 13:02 - 2009-07-14 02:14 - 000000068 _____ C:\Users\Win7\AppData\Local\XnGfnCC
2017-12-21 13:01 - 2017-12-21 13:01 - 000003578 _____ C:\Windows\System32\Tasks\bltopncomhohoj
2015-03-31 09:14 - 2015-03-31 09:14 - 000005655 _____ () C:\Users\Win7\AppData\Roaming\PZtT2jHEvaoFq2
2017-12-21 13:02 - 2009-07-14 02:14 - 000000960 _____ () C:\Users\Win7\AppData\Local\mpTXgNuLumZ
2009-07-14 02:14 - 2009-07-14 02:14 - 000000960 _____ () C:\Users\Win7\AppData\Local\mpTXgNuLumZ.bat
2017-12-21 13:02 - 2009-07-14 02:14 - 000000069 _____ () C:\Users\Win7\AppData\Local\vFgDHdv
2009-07-14 02:14 - 2009-07-14 02:14 - 000000069 _____ () C:\Users\Win7\AppData\Local\vFgDHdv.bat
2017-12-21 13:02 - 2017-12-21 13:02 - 000000001 _____ () C:\Users\Win7\AppData\Local\WMI.ini
2017-12-21 13:02 - 2009-07-14 02:14 - 000000068 _____ () C:\Users\Win7\AppData\Local\XnGfnCC
2009-07-14 02:14 - 2009-07-14 02:14 - 000000068 _____ () C:\Users\Win7\AppData\Local\XnGfnCC.bat
2017-12-21 13:02 - 2009-07-14 02:14 - 000000998 _____ () C:\Users\Win7\AppData\Local\XtTzcnWGYK
2009-07-14 02:14 - 2009-07-14 02:14 - 000000998 _____ () C:\Users\Win7\AppData\Local\XtTzcnWGYK.bat
2015-03-28 12:19 - 2015-03-28 12:19 - 000000000 _____ () C:\Users\Win7\AppData\Local\{E1E39E24-C964-4A61-90FE-59CFCA4CC910}
2017-12-21 22:22 - 2017-12-21 22:22 - 000388162 ____N (                                                            ) C:\Users\Win7\AppData\Local\Temp\239757060.exe
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
Task: {A08DA72E-9907-421E-B0D4-81046F69B94A} - System32\Tasks\zHfURR => C:\Users\Win7\AppData\Local\vFgDHdv.bat [2009-07-14] () <==== ATTENTION
Task: {DE1B4BC7-B383-45AF-BC6E-6DCDC29073A5} - System32\Tasks\TexSFf => C:\Users\Win7\AppData\Local\XnGfnCC.bat [2009-07-14] () <==== ATTENTION
Task: {DE4F88A2-2FAA-4A25-935E-23C31009EDD4} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
C:\Users\Win7\AppData\Local\Temp\39373652.exe
C:\Users\Win7\AppData\Local\Temp\2170423526.exe
C:\Users\Win7\AppData\Local\Temp\2892025243.exe
cmd: netsh winsock reset catalog
cmd: netsh int ip reset C:\resettcpip.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: Bitsadmin /Reset /Allusers
cmd: ipconfig /flushdns
Removeproxy:
hosts:
emptytemp:
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Copy/paste the following in the Search: box
Searchall: *apusx*;TexSVx;*umOsFTCCL*
  • Click Search File(s) button
  • When completed click OK and a Search.txt document will open on your desktop
  • Copy and paste the contents of that document your reply
===================================================

Malwarebytes Anti-Rootkit - Scan Only

--------------------
  • Download Malwarebytes Anti-Rootkit and save it to your desktop
  • Right click the mbar icon and select Run as administrator
  • Click OK to install it on your desktop
  • Click Next on the following screen
  • On the Update Database: screen click Update to download the latest definition updates then click Next
  • On the Scan System: screen place checkmarks in the Drivers, Sectors, and System boxes (should be checked by default) then click Scan. Please be patient and allow the process to complete
  • Click the Exit button not Cleanup
  • A system-log report will be created in the mbar folder, please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Programs
  • Fixlog
  • Search.txt
  • MBAR report
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 AleksaB96

AleksaB96
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:42 AM

Posted 27 December 2017 - 04:09 AM

1.I remember installing only ardamax keylogger, I forgot to uninstall it. It was months ago. As for afd8 never heard of it. Also never heard of Driver Talent (I did install some driver update software a year ago, it was not this but maybe it got installed through those)

 

2.

Fix result of Farbar Recovery Scan Tool (x64) Version: 26-12-2017
Ran by Win7 (27-12-2017 09:11:41) Run:1
Running from C:\Users\Win7\Downloads
Loaded Profiles: Win7 (Available Profiles: Win7)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-3949541906-4103471786-196366755-1000\...\MountPoints2: G - G:\setup.exe
HKU\S-1-5-21-3949541906-4103471786-196366755-1000\...\MountPoints2: H - H:\setup.exe
HKU\S-1-5-21-3949541906-4103471786-196366755-1000\...\MountPoints2: {565ec636-e2df-11e5-ad6c-d43d7e48fa5e} - H:\SETUP.EXE
HKU\S-1-5-21-3949541906-4103471786-196366755-1000\...\MountPoints2: {6e1f0ce6-d53c-11e4-be1f-d43d7e48fa5e} - H:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A11B02 PID_0083
ProxyServer: [S-1-5-21-3949541906-4103471786-196366755-1000] => proxy.sbb.rs:8080
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.apusx.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.apusx.com
Toolbar: HKLM - No Name - {F7C0B985-5735-4133-B5E0-ED46658D36B4} -  No File
Toolbar: HKLM-x32 - No Name - {F7C0B985-5735-4133-B5E0-ED46658D36B4} -  No File
Toolbar: HKU\S-1-5-21-3949541906-4103471786-196366755-1000 -> No Name - {F7C0B985-5735-4133-B5E0-ED46658D36B4} -  No File
FF HKU\S-1-5-21-3949541906-4103471786-196366755-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff => not found
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.8\\npsitesafety.dll [No File]
CHR StartupUrls: Default -> "hxxp://ww-searchings.com/hp?src=zl&r=1CD03F1E5B8C28B60EAC7D9A27B76C1D"
CHR NewTab: Default ->  Active:"chrome-extension://chfdnecihphmhljaaejmgoiahnihplgn/pages/newtab.html"
CHR DefaultSearchURL: Default -> hxxp://ww-searchings.com/s?src=zl&r=1CD03F1E5B8C28B60EAC7D9A27B76C1D&q={searchTerms}
CHR DefaultSearchKeyword: Default -> searchings
R2 hwifisvc; c:\users\win7\appdata\local\hwifisvc\hwifisvc.dll [150656 2017-02-24] () <==== ATTENTION
c:\users\win7\appdata\local\hwifisvc
S2 MppSvc; C:\ProgramData\{A7FB8CB9-0BE2-4c79-BB9C-01F657A649CA}\mppsvc.dll [X]
S3 7ByteIo; \??\C:\Program Files (x86)\Hot CPU Tester Pro 4 LE\SysInfoX64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 WinRing0_1_2_0; \??\C:\Users\Win7\Downloads\openhardwaremonitor-v0.8.0-beta\OpenHardwareMonitor\OpenHardwareMonitorLib.sys [X]
2017-12-24 12:20 - 2017-12-24 12:20 - 000000000 ____D C:\Users\Win7\AppData\Local\yo_cm_client
2017-12-24 12:20 - 2017-12-24 12:20 - 000000000 ____D C:\Users\Win7\AppData\Local\cache
2017-12-23 19:01 - 2017-12-23 19:01 - 000000000 ___HD C:\Windows\msdownld.tmp
2017-12-21 13:02 - 2017-12-25 10:33 - 000003466 _____ C:\Windows\System32\Tasks\TexSFf
2017-12-21 13:02 - 2017-12-25 09:21 - 000003264 _____ C:\Windows\System32\Tasks\zHfURR
2017-12-21 13:02 - 2017-12-21 13:02 - 000000001 _____ C:\Users\Win7\AppData\Local\WMI.ini
2017-12-21 13:02 - 2010-11-20 13:16 - 000186368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\8794811.exe
2017-12-21 13:02 - 2009-07-14 02:14 - 000000998 _____ C:\Users\Win7\AppData\Local\XtTzcnWGYK
2017-12-21 13:02 - 2009-07-14 02:14 - 000000960 _____ C:\Users\Win7\AppData\Local\mpTXgNuLumZ
2017-12-21 13:02 - 2009-07-14 02:14 - 000000069 _____ C:\Users\Win7\AppData\Local\vFgDHdv
2017-12-21 13:02 - 2009-07-14 02:14 - 000000068 _____ C:\Users\Win7\AppData\Local\XnGfnCC
2017-12-21 13:01 - 2017-12-21 13:01 - 000003578 _____ C:\Windows\System32\Tasks\bltopncomhohoj
2015-03-31 09:14 - 2015-03-31 09:14 - 000005655 _____ () C:\Users\Win7\AppData\Roaming\PZtT2jHEvaoFq2
2017-12-21 13:02 - 2009-07-14 02:14 - 000000960 _____ () C:\Users\Win7\AppData\Local\mpTXgNuLumZ
2009-07-14 02:14 - 2009-07-14 02:14 - 000000960 _____ () C:\Users\Win7\AppData\Local\mpTXgNuLumZ.bat
2017-12-21 13:02 - 2009-07-14 02:14 - 000000069 _____ () C:\Users\Win7\AppData\Local\vFgDHdv
2009-07-14 02:14 - 2009-07-14 02:14 - 000000069 _____ () C:\Users\Win7\AppData\Local\vFgDHdv.bat
2017-12-21 13:02 - 2017-12-21 13:02 - 000000001 _____ () C:\Users\Win7\AppData\Local\WMI.ini
2017-12-21 13:02 - 2009-07-14 02:14 - 000000068 _____ () C:\Users\Win7\AppData\Local\XnGfnCC
2009-07-14 02:14 - 2009-07-14 02:14 - 000000068 _____ () C:\Users\Win7\AppData\Local\XnGfnCC.bat
2017-12-21 13:02 - 2009-07-14 02:14 - 000000998 _____ () C:\Users\Win7\AppData\Local\XtTzcnWGYK
2009-07-14 02:14 - 2009-07-14 02:14 - 000000998 _____ () C:\Users\Win7\AppData\Local\XtTzcnWGYK.bat
2015-03-28 12:19 - 2015-03-28 12:19 - 000000000 _____ () C:\Users\Win7\AppData\Local\{E1E39E24-C964-4A61-90FE-59CFCA4CC910}
2017-12-21 22:22 - 2017-12-21 22:22 - 000388162 ____N (                                                            ) C:\Users\Win7\AppData\Local\Temp\239757060.exe
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
Task: {A08DA72E-9907-421E-B0D4-81046F69B94A} - System32\Tasks\zHfURR => C:\Users\Win7\AppData\Local\vFgDHdv.bat [2009-07-14] () <==== ATTENTION
Task: {DE1B4BC7-B383-45AF-BC6E-6DCDC29073A5} - System32\Tasks\TexSFf => C:\Users\Win7\AppData\Local\XnGfnCC.bat [2009-07-14] () <==== ATTENTION
Task: {DE4F88A2-2FAA-4A25-935E-23C31009EDD4} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
C:\Users\Win7\AppData\Local\Temp\39373652.exe
C:\Users\Win7\AppData\Local\Temp\2170423526.exe
C:\Users\Win7\AppData\Local\Temp\2892025243.exe
cmd: netsh winsock reset catalog
cmd: netsh int ip reset C:\resettcpip.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: Bitsadmin /Reset /Allusers
cmd: ipconfig /flushdns
Removeproxy:
hosts:
emptytemp:
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-3949541906-4103471786-196366755-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G" => removed successfully
"HKU\S-1-5-21-3949541906-4103471786-196366755-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H" => removed successfully
"HKU\S-1-5-21-3949541906-4103471786-196366755-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{565ec636-e2df-11e5-ad6c-d43d7e48fa5e}" => removed successfully
HKLM\Software\Classes\CLSID\{565ec636-e2df-11e5-ad6c-d43d7e48fa5e} => key not found
"HKU\S-1-5-21-3949541906-4103471786-196366755-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e1f0ce6-d53c-11e4-be1f-d43d7e48fa5e}" => removed successfully
HKLM\Software\Classes\CLSID\{6e1f0ce6-d53c-11e4-be1f-d43d7e48fa5e} => key not found
"HKU\S-1-5-21-3949541906-4103471786-196366755-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer" => removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\Windows\system32\GroupPolicy\User => moved successfully
"HKLM\SOFTWARE\Policies\Google" => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
"HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page" => removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{F7C0B985-5735-4133-B5E0-ED46658D36B4}" => removed successfully
HKLM\Software\Classes\CLSID\{F7C0B985-5735-4133-B5E0-ED46658D36B4} => key not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{F7C0B985-5735-4133-B5E0-ED46658D36B4}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{F7C0B985-5735-4133-B5E0-ED46658D36B4} => key not found
"HKU\S-1-5-21-3949541906-4103471786-196366755-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F7C0B985-5735-4133-B5E0-ED46658D36B4}" => removed successfully
HKLM\Software\Classes\CLSID\{F7C0B985-5735-4133-B5E0-ED46658D36B4} => key not found
"HKU\S-1-5-21-3949541906-4103471786-196366755-1000\Software\Mozilla\Firefox\Extensions\\{B64D9B05-48E1-4CEB-BF58-E0643994E900}" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin" => removed successfully
"Chrome StartupUrls" => removed successfully
"Chrome NewTab" => removed successfully
"Chrome DefaultSearchURL" => removed successfully
"Chrome DefaultSearchKeyword" => removed successfully
"HKLM\System\CurrentControlSet\Services\hwifisvc" => removed successfully
hwifisvc => service removed successfully
c:\users\win7\appdata\local\hwifisvc => moved successfully
"HKLM\System\CurrentControlSet\Services\MppSvc" => removed successfully
MppSvc => service removed successfully
"HKLM\System\CurrentControlSet\Services\7ByteIo" => removed successfully
7ByteIo => service removed successfully
"HKLM\System\CurrentControlSet\Services\Synth3dVsc" => removed successfully
Synth3dVsc => service removed successfully
"HKLM\System\CurrentControlSet\Services\tsusbhub" => removed successfully
tsusbhub => service removed successfully
"HKLM\System\CurrentControlSet\Services\VGPU" => removed successfully
VGPU => service removed successfully
"HKLM\System\CurrentControlSet\Services\WinRing0_1_2_0" => removed successfully
WinRing0_1_2_0 => service removed successfully
C:\Users\Win7\AppData\Local\yo_cm_client => moved successfully
C:\Users\Win7\AppData\Local\cache => moved successfully
C:\Windows\msdownld.tmp => moved successfully
C:\Windows\System32\Tasks\TexSFf => moved successfully
C:\Windows\System32\Tasks\zHfURR => moved successfully
C:\Users\Win7\AppData\Local\WMI.ini => moved successfully
C:\Windows\SysWOW64\8794811.exe => moved successfully
C:\Users\Win7\AppData\Local\XtTzcnWGYK => moved successfully
C:\Users\Win7\AppData\Local\mpTXgNuLumZ => moved successfully
C:\Users\Win7\AppData\Local\vFgDHdv => moved successfully
C:\Users\Win7\AppData\Local\XnGfnCC => moved successfully
C:\Windows\System32\Tasks\bltopncomhohoj => moved successfully
C:\Users\Win7\AppData\Roaming\PZtT2jHEvaoFq2 => moved successfully
"C:\Users\Win7\AppData\Local\mpTXgNuLumZ" => not found
C:\Users\Win7\AppData\Local\mpTXgNuLumZ.bat => moved successfully
"C:\Users\Win7\AppData\Local\vFgDHdv" => not found
C:\Users\Win7\AppData\Local\vFgDHdv.bat => moved successfully
"C:\Users\Win7\AppData\Local\WMI.ini" => not found
"C:\Users\Win7\AppData\Local\XnGfnCC" => not found
C:\Users\Win7\AppData\Local\XnGfnCC.bat => moved successfully
"C:\Users\Win7\AppData\Local\XtTzcnWGYK" => not found
C:\Users\Win7\AppData\Local\XtTzcnWGYK.bat => moved successfully
C:\Users\Win7\AppData\Local\{E1E39E24-C964-4A61-90FE-59CFCA4CC910} => moved successfully
C:\Users\Win7\AppData\Local\Temp\239757060.exe => moved successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending" => removed successfully
HKLM\Software\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => key not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced" => removed successfully
HKLM\Software\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => key not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing" => removed successfully
HKLM\Software\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => key not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg" => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => key not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => key not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A08DA72E-9907-421E-B0D4-81046F69B94A} => could not remove key. ErrorCode1: 0x00000002
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A08DA72E-9907-421E-B0D4-81046F69B94A}" => removed successfully
"C:\Windows\System32\Tasks\zHfURR" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\zHfURR" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DE1B4BC7-B383-45AF-BC6E-6DCDC29073A5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DE1B4BC7-B383-45AF-BC6E-6DCDC29073A5}" => removed successfully
"C:\Windows\System32\Tasks\TexSFf" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TexSFf" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{DE4F88A2-2FAA-4A25-935E-23C31009EDD4}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DE4F88A2-2FAA-4A25-935E-23C31009EDD4}" => removed successfully
C:\Windows\System32\Tasks\AutoKMS => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => removed successfully
"C:\Users\Win7\AppData\Local\Temp\39373652.exe" => not found
"C:\Users\Win7\AppData\Local\Temp\2170423526.exe" => not found
"C:\Users\Win7\AppData\Local\Temp\2892025243.exe" => not found
 
========= netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
========= netsh int ip reset C:\resettcpip.txt =========
 
Reseting Global, OK!
Reseting Interface, OK!
Reseting Unicast Address, OK!
Reseting Route, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall set allprofiles state ON =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= Bitsadmin /Reset /Allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-3949541906-4103471786-196366755-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-3949541906-4103471786-196366755-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
 
 
========= End of RemoveProxy: =========
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9247310 B
Java, Flash, Steam htmlcache => 188699433 B
Windows/system/drivers => 4044215 B
Edge => 0 B
Chrome => 15316538 B
Firefox => 33059664 B
Opera => 192946976 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 58558592 B
systemprofile32 => 94498 B
LocalService => 0 B
NetworkService => 0 B
Win7 => 369638427 B
 
RecycleBin => 1806447168 B
EmptyTemp: => 2.5 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 09:14:56 ====
 
3.
Farbar Recovery Scan Tool (x64) Version: 26-12-2017
Ran by Win7 (27-12-2017 09:25:22)
Running from C:\Users\Win7\Downloads
Boot Mode: Normal
 
================== Search Files: "Searchall: *apusx*;TexSVx;*umOsFTCCL*" =============
 
File:
========
 
folder:
========
 
Registry:
========
 
===================== Search result for "apusx" ==========
 
 
===================== Search result for "TexSVx" ==========
 
 
===================== Search result for "umOsFTCCL" ==========
 
 
====== End of Search ======
 
4.
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.10.3.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.18860
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 3.500000 GHz
Memory total: 8572297216, free: 5137760256
 
Downloaded database version: v2017.12.27.01
Downloaded database version: v2017.11.28.01
=======================================
Initializing...
Driver version: 4.3.0.15
------------ Kernel report ------------
     12/27/2017 09:40:27
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\amdide64.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\vmbus.sys
\SystemRoot\system32\drivers\winhv.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\avgRvrt.sys
\SystemRoot\system32\drivers\avgVmm.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\drivers\avgbuniva.sys
\SystemRoot\system32\drivers\avgbloga.sys
\SystemRoot\system32\drivers\avgbidsha.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\drivers\avgSP.sys
\SystemRoot\system32\drivers\avgSnx.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\avgRdr2.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\System32\Drivers\SCDEmu.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\drivers\avgbidsdrivera.sys
\SystemRoot\system32\drivers\avgbdiska.sys
\SystemRoot\system32\drivers\avgArPot.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\drivers\usbohci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\tap0901t.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\dtlitescsibus.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\drivers\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\drivers\usbccgp.sys
\SystemRoot\system32\drivers\USBD.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\avgMonFlt.sys
\SystemRoot\system32\drivers\avgStm.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\spsys.sys
\??\C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\356153E1.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\oleaut32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\normaliz.dll
\Windows\System32\lpk.dll
\Windows\System32\urlmon.dll
\Windows\System32\user32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\sechost.dll
\Windows\System32\imm32.dll
\Windows\System32\msctf.dll
\Windows\System32\setupapi.dll
\Windows\System32\clbcatq.dll
\Windows\System32\imagehlp.dll
\Windows\System32\kernel32.dll
\Windows\System32\iertutil.dll
\Windows\System32\usp10.dll
\Windows\System32\ole32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\psapi.dll
\Windows\System32\gdi32.dll
\Windows\System32\difxapi.dll
\Windows\System32\nsi.dll
\Windows\System32\advapi32.dll
\Windows\System32\wininet.dll
\Windows\System32\msvcrt.dll
\Windows\System32\shell32.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\wintrust.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\userenv.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\msasn1.dll
\Windows\System32\profapi.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
 
Scan started
Database versions:
  main:    v2017.12.27.01
  rootkit: v2017.10.14.01
 
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007b6d790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80078f5960, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007b6d790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80077d9520, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8007791680, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 9783F09B
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition is bootable
    Partition file system is NTFS
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 409395200
    Partition is not bootable
    Partition file system is NTFS
 
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 409602048  Numsec = 614400000
    Partition is not bootable
    Partition file system is NTFS
 
    Partition 3 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1024002048  Numsec = 929519616
    Partition is not bootable
    Partition file system is NTFS
 
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
 
Done!
Infected: C:\Users\Win7\Desktop\Igrice\Punch Club V1.00 Trainer +1 MrAntiFun.EXE --> [CheatTool.CETTrainer]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{d1e17d14-cabc-4f6f-9f46-c7ecf813645e}.sdb --> [Rogue.SearchEngage]
Scan finished
User declined to cleanup malware.
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-206848-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-2-409602048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-3-1024002048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 
 
5. When computer restarted after fixing I allowed utorrent to connect (never got anything malicious from torrents, but I did from direct downloads like now). Also my internet got cut off, but I realised that my static IP configuration that I configured for port forwarding was wiped so had to do it again. There can be no identity theft on this computer, it is just for gaming and movies :)

But jesus christ mate, that fix worked wonders!! My computer seems to have gotten faster, no cmd popping up no nuthn, it is all golden. (or so it seems xD)
 


#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,210 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:42 PM

Posted 27 December 2017 - 04:02 PM

Greetings,

Glad we made some progress.

Please do these things.

===================================================

Uninstalling Programs Using Revo Uninstaller Free

--------------------

I recommend uninstalling the below listed program(s) from your computer.

Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.

Please note there is a chance when you look for this program to uninstall through Revo it might not be listed because of a previous uninstall. If that is the case simply stop and let me know.
  • Please download and install Revo Uninstaller Free
  • Double click the Revo Uninstaller icon
  • From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists)
afd8
Driver Talent
AVG PC TuneUp
  • If presented with the program uninstall option click Uninstall
  • If asked to reboot select Reboot later
  • Under Scanning Modes select Advanced then select Scan
  • On the Found leftover Registry items window click on Select all, Delete, Yes, then Finish
  • When prompted click on Next
  • On the Found leftover files and folders window click on Select all, Delete, Yes, then Finish
  • Reboot your computer
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
File: C:\Windows\system32\drivers\356153E1.sys
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
Please do this.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Review the list of entries and if there are any you want to keep stop and copy/paste the ESET.txt report in your reply for my review
  • If you do not wish to keep any of the entries check Uninstall application on close and Delete quarantined files
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply
===================================================

Security Analysis by Rocket Grannie

--------------------
  • Please download Security Analysis by Rocket Grannie and save it to your Desktop
  • Right click on the icon and select Run as administrator
  • Click OK on the disclaimer and ignore any security warnings that may appear
  • In your reply, please copy and paste the contents of the Notepad document that will appear on your desktop
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Uninstall?
  • Fixlog
  • ESET log
  • Security Analysis log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 AleksaB96

AleksaB96
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:42 AM

Posted 28 December 2017 - 09:36 AM

1. I have uninstalled all 3.

 

2. Fix result of Farbar Recovery Scan Tool (x64) Version: 26-12-2017
Ran by Win7 (28-12-2017 10:03:28) Run:2
Running from C:\Users\Win7\Downloads
Loaded Profiles: Win7 (Available Profiles: Win7)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
File: C:\Windows\system32\drivers\356153E1.sys
 
*****************
 
========================= File: C:\Windows\system32\drivers\356153E1.sys ========================
 
C:\Windows\system32\drivers\356153E1.sys
File is digitally signed
MD5: BDFA7A13CC73B180BBDF1ABA280E1CF7
Creation and modification date: 2017-12-27 09:40 - 2017-12-27 09:40
Size: 000255928
Attributes: ----A
Company Name: Malwarebytes
Internal Name: 
Original Name: 
Product: Malwarebytes SwissArmy
Description: Malwarebytes SwissArmy
File Version: 4.3.0.15
Product Version: 4.3.0.15
Copyright: © Malwarebytes. All rights reserved.
 
====== End of File: ======
 
 
==== End of Fixlog 10:03:29 ====
 
3.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Ge-Force\1293297481.mxaddon.vir JS/Toolbar.Crossrider.AH potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Ge-Force\9c028884-24c0-4442-9b0c-84f99cb86701.crx.vir JS/Toolbar.Crossrider.AV potentially unwanted application deleted
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Ge-Force\a2b69986-9ee8-4c0e-bd88-cf3fb0900c78.crx.vir JS/Toolbar.Crossrider.R potentially unwanted application deleted
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Ge-Force\a2b69986-9ee8-4c0e-bd88-cf3fb0900c78.xpi.vir JS/Toolbar.Crossrider.AA potentially unwanted application deleted
C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe.vir a variant of Win32/AlteredSoftware.B potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateHelper.msi.vir Win32/AlteredSoftware.L potentially unwanted application deleted
C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdateres_en.dll.vir a variant of Win32/AlteredSoftware.B potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SavePass 1.1\1293297481.mxaddon.vir JS/Toolbar.Crossrider.AH potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SavePass 1.1\50d4aed4-2aaa-454f-abde-2027603ed4ce.crx.vir JS/Toolbar.Crossrider.E potentially unwanted application deleted
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SavePass 1.1\50d4aed4-2aaa-454f-abde-2027603ed4ce.xpi.vir JS/Toolbar.Crossrider.J potentially unwanted application deleted
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SavePass 1.1\f4b1b179-2c88-4a16-b515-c49c45868d4f.crx.vir JS/Toolbar.Crossrider.J potentially unwanted application deleted
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Sense\1293297481.mxaddon.vir JS/Toolbar.Crossrider.AH potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Sense\5dbe138f-8991-43db-8348-2facbe46fd5a.crx.vir JS/Toolbar.Crossrider.AM potentially unwanted application deleted
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Sense\5dbe138f-8991-43db-8348-2facbe46fd5a.xpi.vir JS/Toolbar.Crossrider.AA potentially unwanted application deleted
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Sense\f3a7cb5f-514f-442a-a8e2-b0c335d7dbcf.crx.vir JS/Toolbar.Crossrider.AV potentially unwanted application deleted
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Sense\f6ceeebe-f004-434b-9d6b-0d9413c935d1.crx.vir JS/Toolbar.Crossrider.AM potentially unwanted application deleted
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\web\indexIE8.html.vir JS/Lightning.F potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\web\js\common.js.vir JS/Lightning.E potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\web\js\jquery.autocomplete.js.vir JS/Lightning.B potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\web\js\js.js.vir JS/Lightning.C potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\web\js\xagainit-ie8.js.vir JS/Lightning.A potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\web\js\xagainit2.0.js.vir JS/Lightning.A potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TNT2\TNT2UserPS64.dll.vir a variant of Win32/Toolbar.TNT2.E potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TNT2\2.0.0.1928\IEToolbar.dll.vir a variant of Win32/Toolbar.TNT2.B potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TNT2\2.0.0.1928\IEToolbar64.dll.vir a variant of Win64/Toolbar.TNT2.A potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TNT2\Profiles\11185\passport.dll.vir a variant of Win32/Toolbar.TNT2.E potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TNT2\Profiles\11185\passport64.dll.vir a variant of Win32/Toolbar.TNT2.E potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\102.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\104.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\119.js.vir JS/Toolbar.Crossrider.K potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\123.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\13.js.vir JS/Toolbar.Crossrider.AE potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\14.js.vir JS/Toolbar.Crossrider.O potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\17.js.vir JS/Toolbar.Crossrider.AL potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\178.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\179.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\180.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\184.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\189.js.vir JS/Toolbar.Crossrider.K potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\19.js.vir JS/Toolbar.Crossrider.G potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\191.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\195.js.vir JS/Toolbar.Crossrider.K potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\200.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\217.js.vir JS/Toolbar.Crossrider.K potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\221.js.vir JS/Toolbar.Crossrider.K potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\223.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\231.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\232.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\234.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\242.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\244.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\246.js.vir JS/Toolbar.Crossrider.AV potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\260.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\262.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\263.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\267.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\273.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\275.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\281.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\286.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\288.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\289.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\291.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\300.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\302.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\315.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\4.js.vir JS/Toolbar.Crossrider.AU potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\47.js.vir JS/Toolbar.Crossrider.M potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\64.js.vir JS/Toolbar.Crossrider.P potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\7.js.vir JS/Toolbar.Crossrider.U potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\78.js.vir JS/Toolbar.Crossrider.AB potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\9.js.vir JS/Toolbar.Crossrider.Y potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\93.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\plugins\97.js.vir JS/Toolbar.Crossrider.N potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\extensionData\userCode\background.js.vir JS/Toolbar.Crossrider.X potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\js\4e508becf21fde18ed30714698a88eab.js.vir JS/Toolbar.Crossrider.AM potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\js\abed4f66d3b8517e469de897d6dec172.js.vir JS/Toolbar.Crossrider.E potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\js\main.js.vir JS/Toolbar.Crossrider.S potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\js\api\ab92ffddf55ef56c4c210f241e120b1c.js.vir JS/Toolbar.Crossrider.Z potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\js\api\pageAction.js.vir JS/Toolbar.Crossrider.W potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\js\lib\1c13bebd39791882a69b394444891555.js.vir JS/Toolbar.Crossrider.H potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\js\lib\56986e70fc5268f9e33f26b0238cbef9.js.vir JS/Toolbar.Crossrider.AO potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\js\lib\8eb62d9d7dfb8896abc6437329509d7c.js.vir JS/Toolbar.Crossrider.AP potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\js\lib\9c29bf1b72ee61786fa81db6cb049dff.js.vir JS/Toolbar.Crossrider.AS potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\js\lib\a7eaf210620da6f772ae4c4c4cd5e26f.js.vir JS/Toolbar.Crossrider.AF potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\js\lib\ab28597de48921fb72ed40f04267c44a.js.vir JS/Toolbar.Crossrider.G potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\js\lib\app_api.js.vir JS/Toolbar.Crossrider.AC potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\js\lib\bfb29dddc9bf560517d9f873190d8c2f.js.vir JS/Toolbar.Crossrider.G potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\js\lib\c96611bb8d33cb25366515b8af294f0c.js.vir JS/Toolbar.Crossrider.AQ potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\js\lib\db8f24b892793f10185e4e0ad8ed1397.js.vir JS/Toolbar.Crossrider.AD potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\js\lib\e3ce8b92f967fb75764f568d1fa17acb.js.vir JS/Toolbar.Crossrider.V potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\js\lib\ff443054e31eaef60356bb04e8474880.js.vir JS/Toolbar.Crossrider.G potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\js\lib\popupResource\newPopup.js.vir JS/Toolbar.Crossrider.AJ potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\gafhhbahpojnjfhpepjjfjojbphnogmn\12.10.6.15045_0\components\api\background\widget-api-impl.js.vir JS/Mindspark.E potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\gafhhbahpojnjfhpepjjfjojbphnogmn\12.10.6.15045_0\js\scriptInjector.js.vir JS/Mindspark.E potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\TNT2\2.0.0.1928\Autorun.inf.vir Win32/Toolbar.TNT2.F potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\TNT2\2.0.0.1928\GameConsole.exe.vir a variant of Win32/Toolbar.TNT2.E potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\TNT2\2.0.0.1928\IEToolbar.dll.vir a variant of Win32/Toolbar.TNT2.B potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\TNT2\2.0.0.1928\IEToolbar64.dll.vir a variant of Win64/Toolbar.TNT2.A potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\TNT2\2.0.0.1928\npTNT2.dll.vir a variant of Win32/Toolbar.TNT2.H potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\TNT2\2.0.0.1928\passport.dll.vir a variant of Win32/Toolbar.TNT2.E potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\TNT2\2.0.0.1928\passport64.dll.vir a variant of Win32/Toolbar.TNT2.E potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\TNT2\2.0.0.1928\TNT2User.exe.vir a variant of Win32/Toolbar.TNT2.A potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\TNT2\2.0.0.1928\TNT2UserPS64.dll.vir a variant of Win32/Toolbar.TNT2.E potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\TNT2\2.0.0.1928\xpi.tar.vir Win32/Toolbar.TNT2.G potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\TNT2\Common\GameConsole.exe.vir a variant of Win32/Toolbar.TNT2.E potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Local\TNT2\Profiles\11185\toolbar11185@freshy.com.xpi.vir Win32/Toolbar.TNT2.G potentially unwanted application deleted
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Roaming\BAPY6vz5giM.vir JS/Toolbar.Crossrider.C potentially unwanted application deleted
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Roaming\CPOKCZF.vir JS/Toolbar.Crossrider.C potentially unwanted application deleted
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Roaming\EHED.vir JS/Toolbar.Crossrider.C potentially unwanted application deleted
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Roaming\IM.vir JS/Toolbar.Crossrider.C potentially unwanted application deleted
C:\AdwCleaner\Quarantine\C\Users\Win7\AppData\Roaming\OPSN.vir JS/Toolbar.Crossrider.C potentially unwanted application deleted
C:\FRST\Quarantine\C\users\win7\appdata\local\hwifisvc\HWifiNetPro.sys Win32/Agent.AD potentially unsafe application cleaned by deleting
C:\FRST\Quarantine\C\users\win7\appdata\local\Temp\239757060.exe.xBAD a variant of Win32/Adware.FileTour.FFX application cleaned by deleting
C:\FRST\Quarantine\C\users\win7\appdata\Roaming\PZtT2jHEvaoFq2.xBAD JS/Toolbar.Crossrider.C potentially unwanted application deleted
C:\KM player\KMPlayer_3.9.0.124.exe Win32/OpenCandy potentially unsafe application cleaned by deleting
C:\Microsoft Office Proffesional Plus 2010 Corporate Final Full Activated -NoGRp\Microsoft Office Proffesional Plus 2010 Corporate Final (full activated).iso a variant of MSIL/HackKMS.A potentially unsafe application deleted
C:\Program Files (x86)\Cheat Engine 6.3\cheatengine-i386.exe a variant of Win32/HackTool.CheatEngine.AB potentially unsafe application cleaned by deleting
C:\Program Files (x86)\Cheat Engine 6.3\standalonephase1.dat a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application cleaned by deleting
C:\Users\Win7\AppData\Roaming\uTorrent\updates\3.4.2_38913.exe a variant of Win32/OpenCandy.A potentially unsafe application cleaned by deleting
C:\Users\Win7\Desktop\Igrice\Punch Club V1.00 Trainer +1 MrAntiFun.EXE a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application cleaned by deleting
C:\Users\Win7\Downloads\Advanced Archive Password Recovery v4.54 Full Serial.zip a variant of Win32/IStartSurf.F potentially unwanted application deleted
C:\Users\Win7\Downloads\AVG_Driver_Updater_Setup_11_4.exe a variant of Win32/Slimware.A potentially unwanted application cleaned by deleting
C:\Users\Win7\Downloads\keygen85.rar a variant of Win32/Amonetize.LT potentially unwanted application deleted
C:\Windows\System32\LavasoftTcpService64.dll a variant of Win64/Packed.Komodia.A suspicious application cleaned by deleting
C:\Windows\SysWOW64\LavasoftTcpService.dll a variant of Win32/Packed.Komodia.A suspicious application cleaned by deleting
D:\Igrice\Kanter ruski\(Crazy-Css.TK) CSS-ZOMBIE MOD\bin\steamclient.dll a variant of Win32/GameHack.ANE potentially unsafe application deleted
D:\Igrice\Saints Row IV\Saints Row IV nosTEAM\steam_api.dll a variant of Win32/HackTool.Crack.BQ potentially unsafe application cleaned by deleting
E:\Igrice\Ardamax Keylogger v4.4.2 FINAL + Crack [TechTools.NET].zip a variant of Win32/KeyLogger.Ardamax.NBV.gen application deleted
E:\Igrice\Counter-Strike warzone\steamclient.dll a variant of Win32/GameHack.ANF potentially unsafe application cleaned by deleting
E:\Igrice\Counter-Strike warzone\cstrike\models\player\admin\requiredmodel\admin_ct.mdl MSIL/Gleamaster.A trojan cleaned by deleting
E:\Igrice\Counter-Strike warzone\cstrike\models\player\admin\requiredmodel\admin_tero.mdl MSIL/Gleamaster.A trojan cleaned by deleting
E:\Igrice\CS 1.6\steamclient.dll a variant of Win32/GameHack.ANF potentially unsafe application cleaned by deleting
E:\Igrice\NARUTO SHIPPUDEN Ultimate Ninja STORM 3 Full Burst\steam_api.dll a variant of Win32/HackTool.Crack.BL potentially unsafe application cleaned by deleting
E:\Igrice\Sniper Elite 3\steam_api.dll a variant of Win32/HackTool.Crack.CS potentially unsafe application cleaned by deleting
E:\Igrice\Sniper Elite 3\steam_api64.dll a variant of Win64/HackTool.Crack.F potentially unsafe application cleaned by deleting
E:\Igrice\The Sims Medieval\Game\Bin\rld.dll Win32/HackTool.Crack.BB potentially unsafe application cleaned by deleting
E:\Igrice\The Sims Medieval\Game\Bin\TSM.exe a variant of Win32/HackTool.Crack.Q potentially unsafe application cleaned by deleting
 
4.
Result of Security Analysis by Rocket Grannie (x86) Updated: 27th December, 2017
Running from:C:\Users\Win7\AppData\Local\Temp\scoped_dir6636_14180 (15:30:49 - 12/28/2017)
***---------------------------------------------------------***
Microsoft Windows 7 Ultimate X64 Service Pack 1
UAC is Enabled
Internet Explorer 11
Default Browser: Opera
***------------Antivirus - Antispyware - Firewall-----------***
AVG Antivirus (Enabled - up to Date)
Windows Defender (Disabled - up to Date)
AVG Antivirus (Enabled - up to Date)
Windows Firewall (Enabled)
No other Firewall Installed
***-------Security Programs - Browsers - Miscellaneous------***
Adobe Flash Player NPAPI (28.0.0.126)
Google Chrome (63.0.3239.108)
HitmanPro (3.7.9.242)
Java (8.0.1440.1) ==> is out of Date
Mozilla Firefox (30.0) ==> is out of Date
Opera (49.0.2725.64)
 
***----------------Analysis Complete-------------------------***
 
5.
Did everything and uninstalled everything (deleted). Computer is running smooth. Sorry for late answer, took a looong time for eset scan, 5 hours. No more cmd popping up since the first fix. Everything seems fine now, thanks to you. 


#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,210 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:42 PM

Posted 28 December 2017 - 09:44 AM

No problem, ESET is worth the wait. It is a team effort, I can't do anything without your help. :)

I would recommend you update 2 programs.

Please do this.

===================================================

Update Java

-------------------

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

Please follow these steps to update Java and remove any existing older versions:
  • Click here to Verify Java version
  • If you are notified your Java version is out of date click Update (recommended)
  • Click Agree and Start Free Java Download
  • Save jxpiinstall.exe to your desktop
  • Double click the icon then click Install
  • Uncheck all optional offers
  • Click Next
  • Once completed you should be notified You have successfully installed Java
  • If Java notifies you older versions of the program need to be removed check each of the versions and click Uninstall
  • Verify the older version(s) was uninstalled then click Next
  • Click Close
===================================================

Firefox Update

--------------------

I recommend you consider updating Firefox to the newest version. If you desire to do so please click this link to begin the process.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Updates go well?
  • Are there any remaining issues?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 AleksaB96

AleksaB96
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:42 AM

Posted 28 December 2017 - 10:53 AM

Ok I did all that, had to verify java through mozilla, chrome and opera can't do it. Nope, none that I can directly see. I didn't know about 95% of problems that we fixed, so there is that :D Thank you a bunchhhh, is it ok to remove all the things which we used now, if we are done? :)



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,210 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:42 PM

Posted 28 December 2017 - 03:02 PM

Greetings.

Sounds good. Yes, we are all set and here are some removal instructions as well as information to consider.

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean!

--------------

Your machine appears to be clean and we will now remove the tools used and logs created during our steps. Please do this.

===================================================

Delfix by Xplode

--------------------
  • Download Delfix and save it to your Desktop
  • Double click the icon
  • Place checkmarks in:

Remove disinfection tools
Create registry backup
Purge system restore

  • Click Run
===================================================

You may delete any additional programs or logs on your computer which were not automatically removed by Delfix. Simply delete the log files or desktop icons. If we used Emsisoft Emergency Kit just delete the icon on your desktop and the C:\EEK folder.

Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. ohmy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 AleksaB96

AleksaB96
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:42 AM

Posted 28 December 2017 - 03:23 PM

Thank you my man :D For awesome work



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,210 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:42 PM

Posted 28 December 2017 - 03:25 PM

You are most welcome. Glad it worked out well.

Take care,

Gary
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,210 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:42 PM

Posted 29 December 2017 - 09:50 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users