Pretty sure im infected.

leaftwisted · July 22, 2016

Think i have a bitminer ,not sure. PC slows down at certain time of night, ran pretty much everything i can think of.avast,MBAM,TDSSRK,sfcscannow,defrag,ccleaner,etc etc,
All whilst monitoring procmon,procexplorer,gpu cores threads blah blah blah.you know the drill. Lmk what to post or run, been through the task scheduler and the event viewer so many times i dont understand .

any help would be appreciated.

will post whats need ,as asked.

Regards, Tyler. :3

kevinf80 · July 22, 2016

Hello Tyler and welcome to Malwarebytes,

My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please:

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Change the download folder setting in the default Browser so all tools we may use are saved to the Desktop:

user posted image

Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. user posted image

Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

user posted image

Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. user posted image

Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.

user posted image

Internet Explorer - Click the Tools menu in the upper right-corner of the browser. user posted image

Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

Change default download folder location in Edge -Boot to a user account with admin status, select start > file explorer > right click on "Downloads" folder and select "Properties"

In the new window select "Location" tab > clear the text field box and type in or copy/paste %userprofile%\Desktop > select "Apply" then "OK"

Be aware you are not changing the Browser download folder location, you are changing the user’s download directory location.....

Next,

Follow the instructions in the following link to show hidden files:

http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/

Next,

Download RKill from here: http://www.bleepingcomputer.com/download/rkill/

There are three buttons to choose from with different names on, select the first one and save it to your desktop.

Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7/8/10, right-click on it and Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this in your next reply.
If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time.
If the tool does not run from any of the links provided, please let me know.

Next,

Please open Malwarebytes Anti-Malware.

On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete Apply Actions to any found entries.
Wait for the prompt to restart the computer to appear (if applicable), then click on Yes.
After the restart once you are back at your desktop, open MBAM once more.

To get the log from Malwarebytes do the following:

Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click Export > From export you have three options:
Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
XML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…

If Malwarebytes is not installed follow these instructions first:

Download Malwarebytes Anti-Malware to your desktop.

Double-click mbam-setup and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
Launch Malwarebytes Anti-Malware
A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish. Follow the instructions above....

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
Make sure Addition.txt is checkmarked under "Optional scans"
Press Scan button to run the tool....
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The tool will also make a log named (Addition.txt) Please attach those logs to your reply.

Let me see those logs in your reply...

Thank you,

Kevin...

leaftwisted · July 22, 2016

Rkill 2.8.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 07/22/2016 04:21:03 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* WMPNetworkSvc [Missing Service]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 07/22/2016 04:23:48 PM
Execution time: 0 hours(s), 2 minute(s), and 45 seconds(s)

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-07-2016
Ran by BeanDip (administrator) on BEANDIP-PC (22-07-2016 16:55:46)
Running from C:\Users\BeanDip\Desktop
Loaded Profiles: BeanDip (Available Profiles: BeanDip)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\RogueKiller\RogueKiller64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10821224 2010-07-06] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [8900328 2016-07-11] (AVAST Software)
HKU\S-1-5-21-524116036-2823710718-2030037802-1127\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8722136 2016-06-01] (Piriform Ltd)
HKU\S-1-5-21-524116036-2823710718-2030037802-1127\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\SysWOW64\lol.scr [3721216 2016-05-02] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-06-22] (AVAST Software)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{167C17DC-D419-4CB1-8708-C2B99676E031}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-524116036-2823710718-2030037802-1127\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-524116036-2823710718-2030037802-1127\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-3511f006&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-3511f006&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {31420DBA-D7E3-4AC3-A1C7-F38F92678DF1} URL =
SearchScopes: HKU\S-1-5-21-524116036-2823710718-2030037802-1127 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-3511f006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-524116036-2823710718-2030037802-1127 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-3511f006&q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-06-22] (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-06-22] (AVAST Software)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)

FireFox:
========
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-19] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-07-10] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-07-10] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-22] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-22] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-07-09]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-07-09]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF

Chrome:
=======
CHR StartupUrls: Profile 1 -> "hxxps://www.google.ca/"
CHR DefaultSearchURL: Profile 1 -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Profile 1 -> hxxp://srch.bar/?s={searchTerms}
CHR Profile: C:\Users\BeanDip\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (BetterTTV) - C:\Users\BeanDip\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2016-06-17]
CHR Extension: (Google Drive) - C:\Users\BeanDip\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-25]
CHR Extension: (YouTube) - C:\Users\BeanDip\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-25]
CHR Extension: (uBlock Origin) - C:\Users\BeanDip\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-06-25]
CHR Extension: (Avast Online Security) - C:\Users\BeanDip\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-06-22]
CHR Extension: (F.B. Purity For Facebook) - C:\Users\BeanDip\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ncdlagniojmheiklojdcpdaeepochckl [2016-07-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\BeanDip\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-25]
CHR Extension: (Gmail) - C:\Users\BeanDip\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-25]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-06-22] (AVAST Software)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-14] (NVIDIA Corporation)
S4 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-02-02] (Hi-Rez Studios) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation)
S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-06-22] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-06-22] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108304 2016-06-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-06-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-06-22] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-06-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [473592 2016-07-13] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [162904 2016-06-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [290088 2016-06-22] (AVAST Software)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [52832 2014-12-18] (hxxp://libusb-win32.sourceforge.net)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-10] (ManyCam LLC)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC)
S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2005-01-02] (INCA Internet Co., Ltd.) [File not signed]
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-08-12] (Anchorfree Inc.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-11-05] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 FoxAwdWINFLASH64; \??\C:\Program Files (x86)\Foxconn\FOX LiveUpdate\FoxAwdWINFLASH64.SYS [X]
S3 HWHandSet; system32\DRIVERS\hw_quusbmdm.sys [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
S3 X6va022; \??\C:\Windows\SysWOW64\Drivers\X6va022 [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-22 16:55 - 2016-07-22 16:56 - 00013417 _____ C:\Users\BeanDip\Desktop\FRST.txt
2016-07-22 16:55 - 2016-07-22 16:55 - 00000000 ____D C:\FRST
2016-07-22 16:53 - 2016-07-22 16:53 - 00001058 _____ C:\Users\BeanDip\Desktop\Mbam log.txt
2016-07-22 16:52 - 2016-07-22 16:52 - 02393600 _____ (Farbar) C:\Users\BeanDip\Desktop\FRST64.exe
2016-07-22 16:21 - 2016-07-22 16:23 - 00002152 _____ C:\Users\BeanDip\Desktop\Rkill.txt
2016-07-22 16:20 - 2016-07-22 16:20 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\BeanDip\Desktop\rkill.exe
2016-07-22 08:05 - 2016-07-22 08:06 - 00173632 _____ C:\Windows\ntbtlog.txt
2016-07-22 07:53 - 2016-07-22 07:53 - 00000000 ____D C:\Users\BeanDip\AppData\Local\BlueStacks
2016-07-22 07:11 - 2016-07-22 07:11 - 06759552 _____ (ESET spol. s r.o.) C:\Users\BeanDip\Downloads\esetonlinescanner_enu.exe
2016-07-22 07:11 - 2016-07-22 07:11 - 00000000 ____D C:\Users\BeanDip\AppData\Local\ESET
2016-07-22 05:52 - 2016-07-22 05:52 - 00028741 _____ C:\ComboFix.txt
2016-07-22 05:36 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe
2016-07-22 05:36 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe
2016-07-22 05:36 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-07-22 05:36 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-07-22 05:36 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-07-22 05:36 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe
2016-07-22 05:36 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe
2016-07-22 05:36 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe
2016-07-22 05:34 - 2016-07-22 05:52 - 00000000 ____D C:\Qoobox
2016-07-22 05:34 - 2016-07-22 05:51 - 00000000 ____D C:\Windows\erdnt
2016-07-22 05:31 - 2016-07-22 05:31 - 05659291 ____R (Swearware) C:\Users\BeanDip\Downloads\ComboFix.exe
2016-07-22 00:57 - 2016-07-22 05:57 - 00000000 ____D C:\AdwCleaner
2016-07-22 00:56 - 2016-07-22 00:56 - 03712064 _____ C:\Users\BeanDip\Downloads\adwcleaner_5.201.exe
2016-07-21 02:49 - 2016-07-10 22:13 - 01887800 _____ (NVIDIA Corporation) C:\Windows\system32\NvCamera64.dll
2016-07-21 02:49 - 2016-07-10 22:13 - 01595840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvCamera32.dll
2016-07-21 02:49 - 2016-07-10 18:36 - 00127424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2016-07-21 02:48 - 2016-07-21 02:48 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-07-21 02:48 - 2016-05-03 22:23 - 00129824 _____ C:\Windows\SysWOW64\vulkan-1.dll
2016-07-21 02:48 - 2016-05-03 22:22 - 00130848 _____ C:\Windows\system32\vulkan-1.dll
2016-07-21 02:48 - 2016-05-03 22:22 - 00045344 _____ C:\Windows\system32\vulkaninfo.exe
2016-07-21 02:48 - 2016-05-03 22:22 - 00040224 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2016-07-21 02:45 - 2016-07-15 14:15 - 00214592 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2016-07-21 02:45 - 2016-07-15 14:15 - 00046016 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2016-07-21 02:45 - 2016-07-10 22:13 - 39977920 _____ C:\Windows\system32\nvcompiler.dll
2016-07-21 02:45 - 2016-07-10 22:13 - 35115968 _____ C:\Windows\SysWOW64\nvcompiler.dll
2016-07-21 02:45 - 2016-07-10 22:13 - 31640512 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2016-07-21 02:45 - 2016-07-10 22:13 - 25414080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2016-07-21 02:45 - 2016-07-10 22:13 - 16790552 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2016-07-21 02:45 - 2016-07-10 22:13 - 13581880 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-07-21 02:45 - 2016-07-10 22:13 - 10691632 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-07-21 02:45 - 2016-07-10 22:13 - 10656112 _____ C:\Windows\system32\nvptxJitCompiler.dll
2016-07-21 02:45 - 2016-07-10 22:13 - 10234336 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-07-21 02:45 - 2016-07-10 22:13 - 09020656 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2016-07-21 02:45 - 2016-07-10 22:13 - 08742360 _____ C:\Windows\SysWOW64\nvptxJitCompiler.dll
2016-07-21 02:45 - 2016-07-10 22:13 - 08615336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2016-07-21 02:45 - 2016-07-10 22:13 - 03542072 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-07-21 02:45 - 2016-07-10 22:13 - 03099072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-07-21 02:45 - 2016-07-10 22:13 - 01939000 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6436881.dll
2016-07-21 02:45 - 2016-07-10 22:13 - 01571776 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6436881.dll
2016-07-21 02:45 - 2016-07-10 22:13 - 01001016 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2016-07-21 02:45 - 2016-07-10 22:13 - 00930360 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2016-07-21 02:45 - 2016-07-10 22:13 - 00909880 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2016-07-21 02:45 - 2016-07-10 22:13 - 00852024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2016-07-21 02:45 - 2016-07-10 22:13 - 00694672 _____ C:\Windows\system32\nvfatbinaryLoader.dll
2016-07-21 02:45 - 2016-07-10 22:13 - 00583736 _____ C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2016-07-21 02:45 - 2016-07-10 22:13 - 00490744 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2016-07-21 02:45 - 2016-07-10 22:13 - 00406064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2016-07-21 02:45 - 2016-07-10 22:13 - 00177952 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2016-07-21 02:45 - 2016-07-10 22:13 - 00155768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2016-07-21 02:45 - 2016-07-10 22:13 - 00153416 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2016-07-21 02:45 - 2016-07-10 22:13 - 00131584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2016-07-15 20:42 - 2016-07-15 20:42 - 00269462 _____ C:\Users\BeanDip\Downloads\video-1468629666.mp4
2016-07-11 06:18 - 2016-07-11 06:23 - 243015208 _____ C:\Users\BeanDip\Downloads\EmsisoftEmergencyKit.exe
2016-07-11 05:17 - 2016-07-11 05:18 - 29003664 _____ (Adlice Software ) C:\Users\BeanDip\Downloads\setup (1).exe
2016-07-09 22:10 - 2016-07-21 02:01 - 00000000 ____D C:\Users\BeanDip\AppData\Roaming\NVIDIA
2016-07-09 21:58 - 2016-07-22 08:07 - 00000000 ____D C:\ProgramData\NVIDIA
2016-07-09 21:57 - 2016-07-10 19:17 - 06384064 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2016-07-09 21:57 - 2016-07-10 19:17 - 02465848 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2016-07-09 21:57 - 2016-07-10 19:17 - 01762752 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2016-07-09 21:57 - 2016-07-10 19:17 - 01364536 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2016-07-09 21:57 - 2016-07-10 19:17 - 00547896 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2016-07-09 21:57 - 2016-07-10 19:17 - 00392128 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2016-07-09 21:57 - 2016-07-10 19:17 - 00081856 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2016-07-09 21:57 - 2016-07-10 19:17 - 00071224 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2016-07-09 21:57 - 2016-07-07 13:03 - 07211925 _____ C:\Windows\system32\nvcoproc.bin
2016-07-09 21:55 - 2016-07-15 14:15 - 01579976 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2016-07-09 21:55 - 2016-07-10 22:13 - 19220352 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2016-07-09 21:55 - 2016-07-10 22:13 - 17321352 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2016-07-09 21:55 - 2016-07-10 22:13 - 14371384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2016-07-09 21:55 - 2016-07-10 22:13 - 03840096 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2016-07-09 21:55 - 2016-07-10 22:13 - 03393576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2016-07-09 21:55 - 2016-07-10 22:13 - 00039124 _____ C:\Windows\system32\nvinfo.pb
2016-07-09 21:55 - 2016-06-29 18:44 - 01922616 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6436869.dll
2016-07-09 21:55 - 2016-06-29 18:44 - 01571776 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6436869.dll
2016-07-09 21:55 - 2016-06-29 18:44 - 00000594 _____ C:\Windows\SysWOW64\nv-vk32.json
2016-07-09 21:55 - 2016-06-29 18:44 - 00000594 _____ C:\Windows\system32\nv-vk64.json
2016-07-09 13:48 - 2016-07-09 13:48 - 00001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-07-09 13:48 - 2016-07-09 13:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-07-09 13:47 - 2016-06-22 03:41 - 00390984 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-07-08 05:19 - 2016-07-08 05:19 - 00000967 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2016-07-08 05:19 - 2016-07-08 05:19 - 00000929 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk
2016-07-08 05:17 - 2016-07-08 05:18 - 31587672 _____ (TeamSpeak Systems GmbH) C:\Users\BeanDip\Downloads\TeamSpeak3-Client-win64-3.0.19.3.exe
2016-07-06 01:40 - 2016-07-06 01:41 - 00000000 ____D C:\Program Files (x86)\StarCraft II
2016-07-06 01:40 - 2016-07-06 01:40 - 00000000 ____D C:\Users\BeanDip\Documents\StarCraft II
2016-07-06 01:33 - 2016-07-06 01:34 - 03012080 _____ (Blizzard Entertainment) C:\Users\BeanDip\Downloads\Battle.net-Setup.exe
2016-07-05 14:16 - 2016-07-05 14:16 - 00000000 ____D C:\Users\BeanDip\AppData\Local\DunDefLauncher
2016-06-29 16:30 - 2016-06-29 16:30 - 00000000 ____D C:\LiveUpdate_Temp
2016-06-29 16:28 - 2016-06-29 16:28 - 02824506 _____ C:\Users\BeanDip\Downloads\CSD_SW-FOX LiveUpdate-1.8.2.9.zip
2016-06-29 16:28 - 2010-08-05 09:38 - 00000000 ____D C:\Users\BeanDip\Downloads\FOX LiveUpdate
2016-06-29 16:25 - 2016-06-29 16:25 - 01097204 _____ C:\Users\BeanDip\Downloads\A76ML-K 3.0-Manual-En-V1.0.zip
2016-06-29 16:25 - 2010-08-10 15:59 - 01246024 ____N C:\Users\BeanDip\Downloads\A76ML-K 3.0-Manual-En-V1.0.pdf
2016-06-27 02:21 - 2016-07-21 02:07 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-06-27 02:15 - 2016-06-27 02:19 - 170473288 _____ (Apple Inc.) C:\Users\BeanDip\Downloads\iTunes6464Setup.exe
2016-06-26 19:49 - 2016-07-22 07:53 - 00000000 ____D C:\ProgramData\BlueStacks
2016-06-26 19:35 - 2016-06-26 19:44 - 312530592 _____ (BlueStack Systems Inc.) C:\Users\BeanDip\Downloads\BlueStacks2_native_09d3351306b9f331ed918f9c73f4db93.exe
2016-06-26 00:10 - 2016-06-26 00:10 - 04211112 _____ C:\Users\BeanDip\Downloads\npp.6.9.2.Installer.exe
2016-06-22 18:39 - 2016-07-22 06:45 - 00000000 ____D C:\Users\BeanDip\.oracle_jre_usage
2016-06-22 18:39 - 2016-06-22 18:39 - 00000000 ____D C:\Users\BeanDip\AppData\Roaming\Sun
2016-06-22 18:39 - 2016-06-22 18:39 - 00000000 ____D C:\Users\BeanDip\AppData\LocalLow\Oracle
2016-06-22 04:00 - 2016-06-22 04:00 - 00006140 _____ C:\Windows\system32\.crusader
2016-06-22 03:40 - 2016-06-22 03:40 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-06-22 03:39 - 2016-06-22 03:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2016-06-22 03:36 - 2016-06-22 04:01 - 00000000 ____D C:\ProgramData\HitmanPro
2016-06-22 03:36 - 2016-06-22 03:39 - 00000000 ____D C:\Program Files\HitmanPro
2016-06-22 02:39 - 2016-06-22 02:41 - 11438608 _____ (SurfRight B.V.) C:\Users\BeanDip\Downloads\hitmanpro_x64.exe
2016-06-22 02:34 - 2016-07-22 00:42 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-06-22 02:33 - 2016-07-19 00:51 - 00000858 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2016-06-22 02:33 - 2016-07-19 00:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-06-22 02:33 - 2016-07-19 00:51 - 00000000 ____D C:\Program Files\RogueKiller
2016-06-22 02:31 - 2016-06-22 03:07 - 00000000 ____D C:\ProgramData\RogueKiller
2016-06-22 02:29 - 2016-06-22 02:30 - 29004424 _____ (Adlice Software ) C:\Users\BeanDip\Downloads\setup.exe
2016-06-22 01:18 - 2016-06-22 01:18 - 00002267 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-22 01:18 - 2016-06-22 01:18 - 00002255 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-22 01:13 - 2016-07-22 16:24 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-22 01:13 - 2016-07-22 08:07 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-22 01:13 - 2016-06-22 02:19 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-06-22 01:13 - 2016-06-22 02:19 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-22 16:51 - 2016-06-19 01:52 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-07-22 16:50 - 2013-08-07 17:04 - 00000000 ____D C:\Users\BeanDip\AppData\Local\Apps\2.0
2016-07-22 16:26 - 2016-06-17 03:14 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-22 08:17 - 2009-07-14 00:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-22 08:17 - 2009-07-14 00:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-22 08:07 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-22 07:53 - 2009-07-13 23:20 - 00000000 __RHD C:\Users\Public\Libraries
2016-07-22 07:05 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-07-22 06:50 - 2013-08-07 14:52 - 00000000 ____D C:\Users\BeanDip
2016-07-22 06:48 - 2013-08-12 00:19 - 00000000 ____D C:\Users\BeanDip\Documents\My Games
2016-07-22 06:46 - 2013-08-07 20:48 - 00000000 ____D C:\Users\BeanDip\Documents\Installers, PDF's,Programs
2016-07-22 06:45 - 2015-12-05 07:45 - 00000000 ____D C:\Users\BeanDip\.jagex_cache_32
2016-07-22 06:33 - 2013-09-05 05:25 - 00000000 ____D C:\Games
2016-07-22 05:49 - 2009-07-13 22:34 - 00000243 _____ C:\Windows\system.ini
2016-07-22 04:56 - 2014-10-03 21:27 - 00000000 ____D C:\Users\BeanDip\Documents\zsnesw151-402
2016-07-22 04:40 - 2016-06-17 02:40 - 00000000 ____D C:\Windows\System32\Tasks\Event Viewer Tasks
2016-07-22 04:01 - 2016-04-25 04:39 - 00000000 ____D C:\Users\BeanDip\AppData\Local\Jagex
2016-07-22 04:01 - 2016-04-25 04:38 - 00000000 ____D C:\ProgramData\Jagex
2016-07-22 03:37 - 2015-09-29 21:13 - 00000000 ____D C:\Users\BeanDip\AppData\Local\NCSOFT
2016-07-22 03:33 - 2013-07-26 12:46 - 00000000 ____D C:\Program Files (x86)\Java
2016-07-22 02:10 - 2016-05-13 20:43 - 00000000 ____D C:\Users\BeanDip\AppData\Local\CrashDumps
2016-07-22 02:10 - 2015-02-27 00:14 - 00000000 ____D C:\Users\BeanDip\AppData\Roaming\TS3Client
2016-07-22 02:10 - 2013-12-08 00:08 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-07-22 02:10 - 2013-07-26 12:46 - 00000000 ____D C:\Program Files (x86)\Steam
2016-07-22 00:37 - 2014-06-01 15:18 - 00000000 ____D C:\ProgramData\Origin
2016-07-21 23:27 - 2013-08-07 18:49 - 00000000 ____D C:\Users\BeanDip\AppData\Roaming\Skype
2016-07-21 02:49 - 2013-08-07 15:31 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-07-21 02:49 - 2013-07-26 14:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-07-21 02:49 - 2013-07-26 13:21 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-07-21 02:18 - 2009-07-14 01:08 - 00032590 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-07-16 09:10 - 2013-07-26 12:47 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-07-13 13:47 - 2016-06-19 01:38 - 00473592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2016-07-12 13:11 - 2013-08-07 17:38 - 00000000 ____D C:\Users\BeanDip\AppData\Roaming\vlc
2016-07-09 21:57 - 2013-07-26 13:49 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-07-09 21:57 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Help
2016-07-09 13:48 - 2016-06-19 01:44 - 00003894 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1466315045
2016-07-09 13:47 - 2016-06-19 01:39 - 00003922 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-07-07 01:07 - 2015-02-26 16:29 - 00000000 ____D C:\Users\BeanDip\Documents\ppsspp
2016-07-06 01:40 - 2013-12-20 19:05 - 00000000 ____D C:\Users\BeanDip\AppData\Local\Battle.net
2016-07-06 01:39 - 2013-12-20 19:05 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-07-06 01:39 - 2013-08-07 18:38 - 00000000 ____D C:\Program Files (x86)\Diablo III
2016-07-02 04:40 - 2013-08-07 18:49 - 00000000 ____D C:\ProgramData\Skype
2016-06-30 22:09 - 2013-12-07 23:56 - 00000000 ____D C:\ProgramData\Apple
2016-06-29 16:39 - 2013-07-26 14:40 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-06-29 09:52 - 2013-08-15 01:56 - 00000000 ____D C:\Users\BeanDip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-06-25 23:19 - 2013-08-10 08:36 - 00000036 _____ C:\Users\BeanDip\Documents\debt.txt
2016-06-22 18:41 - 2014-07-27 08:50 - 00000000 ____D C:\ProgramData\Oracle
2016-06-22 18:39 - 2014-07-27 08:50 - 00267840 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2016-06-22 14:14 - 2013-08-07 18:38 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2016-06-22 05:58 - 2014-08-25 16:13 - 00000000 ____D C:\Windows\pss
2016-06-22 03:41 - 2016-06-19 01:38 - 00290088 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-06-22 03:41 - 2016-06-19 01:38 - 00162904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-06-22 03:41 - 2016-06-19 01:38 - 00108304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-06-22 03:41 - 2016-06-19 01:38 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-06-22 03:41 - 2016-06-19 01:38 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-06-22 03:41 - 2016-06-19 01:38 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-06-22 03:40 - 2016-06-19 01:43 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-06-22 03:40 - 2016-06-19 01:38 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-06-22 01:23 - 2015-07-12 12:28 - 00000000 ____D C:\Users\BeanDip\Desktop\DESKTOP STUFF
2016-06-22 01:23 - 2013-11-20 12:26 - 00000000 ____D C:\Program Files\OBS
2016-06-22 01:18 - 2013-08-07 17:04 - 00000000 ____D C:\Program Files (x86)\Google
2016-06-22 01:13 - 2013-08-07 17:04 - 00000000 ____D C:\Users\BeanDip\AppData\Local\Deployment
2016-06-22 00:36 - 2009-07-14 00:45 - 00351336 _____ C:\Windows\system32\FNTCACHE.DAT

==================== Files in the root of some directories =======

2015-05-20 16:06 - 2015-05-20 16:57 - 0000024 _____ () C:\Users\BeanDip\AppData\Roaming\appdataFr25.bin
2015-04-27 23:18 - 2015-05-14 05:31 - 0000020 _____ () C:\Users\BeanDip\AppData\Roaming\appdataFr3.bin
2016-02-20 09:36 - 2016-06-20 00:10 - 0007604 _____ () C:\Users\BeanDip\AppData\Local\Resmon.ResmonCfg
2015-04-28 14:04 - 2015-05-06 21:27 - 0000804 _____ () C:\Users\BeanDip\AppData\Local\Temp-log.txt
2015-05-26 22:31 - 2015-05-26 22:31 - 0000000 _____ () C:\Users\BeanDip\AppData\Local\Temp.dat

Some files in TEMP:
====================
C:\Users\BeanDip\AppData\Local\Temp\dllnt_dump.dll
C:\Users\BeanDip\AppData\Local\Temp\HD-Logger-Native.dll
C:\Users\BeanDip\AppData\Local\Temp\HD-ShortcutHandler.dll
C:\Users\BeanDip\AppData\Local\Temp\uninstall.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-05-24 06:12

==================== End of FRST.txt ============================

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 22/07/2016
Scan Time: 4:27 PM
Logfile: Mbam log.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.07.22.13
Rootkit Database: v2016.05.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: BeanDip

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 306917
Time Elapsed: 20 min, 0 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-07-2016
Ran by BeanDip (2016-07-22 16:56:20)
Running from C:\Users\BeanDip\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2013-08-07 18:52:33)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-524116036-2823710718-2030037802-500 - Administrator - Disabled)
BeanDip (S-1-5-21-524116036-2823710718-2030037802-1127 - Administrator - Enabled) => C:\Users\BeanDip
Guest (S-1-5-21-524116036-2823710718-2030037802-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.02 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1602-000001000000}) (Version: 16.02.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 22.0.0.153 - Adobe Systems Incorporated)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.17) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.17 - Adobe Systems Incorporated)
Ansel (Version: 368.81 - NVIDIA Corporation) Hidden
ATI Catalyst Install Manager (HKLM\...\{7A23D2C6-6FF9-EBAD-73E2-4717BB08983F}) (Version: 3.0.769.0 - ATI Technologies, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.1.2272 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
CCleaner (HKLM\...\CCleaner) (Version: 5.18 - Piriform)
CPUID CPU-Z 1.75 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
CPUID HWMonitor 1.28 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Diablo III Beta (HKLM-x32\...\Diablo III Beta) (Version: - Blizzard Entertainment)
Dungeon Defenders (HKLM-x32\...\Steam App 65800) (Version: - Trendy Entertainment)
Dungeon Defenders II (HKLM-x32\...\Steam App 236110) (Version: - Trendy Entertainment)
FINAL FANTASY XIV - A Realm Reborn (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Gyazo 3.2.2 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Nota Inc.)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.14.265 - SurfRight B.V.)
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
League Screensaver (HKLM-x32\...\LolScreenSaver) (Version: W0.1.22-0.11.17-beta - Riot Games)
LibreOffice 4.1.0.4 (HKLM-x32\...\{F8478020-D98E-49FB-BA14-07A534AED99C}) (Version: 4.1.0.4 - The Document Foundation)
Logitech Gaming Software 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.)
LSI - LoL Summoner Information (HKLM-x32\...\{62B332E9-239D-4692-BDE2-0CC1CF2833DA}_is1) (Version: v4.15.0 - Aequus Gaming Ltd.)
Magic Duels (HKLM-x32\...\Steam App 316010) (Version: - Stainless Games Ltd.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Mumble 1.2.9 (HKLM-x32\...\{49FF1E6E-E0F9-4CB3-8B3C-D4E8E1D32C1F}) (Version: 1.2.9 - Thorvald Natvig)
NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 368.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 368.81 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA Graphics Driver 368.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 368.81 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
osu! (HKLM-x32\...\{61af798f-5d7f-402d-84b9-634ccf44405f}) (Version: latest - ppy Pty Ltd)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version: - )
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.5 - Power Software Ltd)
PPSSPP version 0.9.8 (HKLM-x32\...\PPSSPP_is1) (Version: 0.9.8 - )
Project 64 version 2.1.0.1 (HKLM-x32\...\Project 64_is1) (Version: 2.1.0.1 - )
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.18.322.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6128 - Realtek Semiconductor Corp.)
RogueKiller version 12 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12 - Adlice Software)
RuneScape Launcher 2.2.2 (HKLM\...\RuneScape Launcher_is1) (Version: 2.2.2 - Jagex Ltd)
SafeZone Stable 1.48.2066.114 (x32 Version: 1.48.2066.114 - Avast Software) Hidden
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Skype™ 7.25 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.25.106 - Skype Technologies S.A.)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 3.2.3247.1 - Hi-Rez Studios)
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
StepMania 5 (HKLM-x32\...\StepMania 5) (Version: 5.0.9 - StepMania)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
Terraria (HKLM\...\Steam App 105600) (Version: - Re-Logic)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
WBFS Manager 3.0 (HKLM-x32\...\WBFS Manager 3.0) (Version: 3.0 - AlexDP)
WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
ZOTAC FireStorm (HKLM-x32\...\ZOTAC FireStorm) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0E6D8A7F-F281-47DA-99C3-D4EE9AA6903C} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {2FAA83E8-E448-4670-936D-90F25FE7D1A7} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2016-06-02] ()
Task: {3507684F-58CE-4941-9C01-2BAB042BB3DC} - System32\Tasks\SafeZone scheduled Autoupdate 1466315045 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-06-17] (Avast Software)
Task: {35615E68-BFB5-4F66-9BD5-4D78BCCF372D} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-19] (AVAST Software)
Task: {4D64F574-1E76-4CBF-A894-61D2F8137F03} - System32\Tasks\Games\UpdateCheck_S-1-5-21-524116036-2823710718-2030037802-1127
Task: {85C73472-181C-4647-8FD8-D401C2AA29CB} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-06-22] (AVAST Software)
Task: {917F1E7D-2C3B-4DAB-90C2-532E0C0EB529} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2016-06-02] ()
Task: {A3D0AAA5-6007-4A8B-8F9B-4C0079E396A3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-19] (Adobe Systems Incorporated)
Task: {B1202067-7940-4509-B6E9-464BB33B6134} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-22] (Google Inc.)
Task: {BBACB88F-7837-48ED-8856-83012996EE21} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-22] (Google Inc.)
Task: {C9F04AF0-4982-4227-8A10-6AF5B02A2354} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-06-01] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\BeanDip\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) ==============

2016-07-09 21:57 - 2016-07-10 19:17 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-09-18 03:23 - 2014-09-18 03:23 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-10-14 14:51 - 2014-10-14 14:51 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-09-18 03:23 - 2014-09-18 03:23 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-10-14 14:51 - 2014-10-14 14:51 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2016-06-22 02:33 - 2016-07-18 10:29 - 25353288 _____ () C:\Program Files\RogueKiller\RogueKiller64.exe
2016-06-22 03:40 - 2016-06-22 03:40 - 00146232 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-06-22 03:40 - 2016-06-22 03:40 - 00479288 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-07-22 16:10 - 2016-07-22 16:10 - 03001344 _____ () C:\Program Files\AVAST Software\Avast\defs\16072201\algo.dll
2015-08-14 21:55 - 2016-06-14 16:03 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-06-22 03:40 - 2016-06-22 03:41 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-524116036-2823710718-2030037802-1127\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-524116036-2823710718-2030037802-1127\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-524116036-2823710718-2030037802-1127\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-524116036-2823710718-2030037802-1127\...\sony.com -> sony.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2016-07-22 05:49 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-524116036-2823710718-2030037802-1127\Control Panel\Desktop\\Wallpaper -> C:\Users\BeanDip\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: BstHdAndroidSvc => 3
MSCONFIG\Services: BstHdLogRotatorSvc => 2
MSCONFIG\Services: BstHdPlusAndroidSvc => 3
MSCONFIG\Services: BstHdUpdaterSvc => 2
MSCONFIG\Services: HiPatchService => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: TunngleService => 3
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Gyazo => C:\Program Files (x86)\Gyazo\GyStation.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: PWRISOVM.EXE => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{BB3386F7-A512-4BC0-B0EF-41C94BA196FD}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{95364D74-29CA-456F-A462-7FDBD37E9DD4}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8A9534D6-0CE9-488E-B0D0-13AD7B503287}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{ADA99ED6-3748-47FE-A07C-42D360F84649}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{32B264A1-7FDD-4026-B516-BFAF17D0315B}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{51651ADF-BD19-4552-B296-10CBEE504E9E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{D9BE15F5-D4C1-4F2A-B50B-7C121E5A6F15}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{EB3DD673-C8FD-47D4-98C7-2AC897EE72FE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{C386C472-ED21-4D20-937C-C9269747FFEE}D:\easysetupassistant\wr720n\easysetupassistant.exe] => (Allow) D:\easysetupassistant\wr720n\easysetupassistant.exe
FirewallRules: [UDP Query User{5F1948F1-C136-4A6E-ACFA-D30A3CCE001B}D:\easysetupassistant\wr720n\easysetupassistant.exe] => (Allow) D:\easysetupassistant\wr720n\easysetupassistant.exe
FirewallRules: [{8444773B-3BF8-47F7-8AF8-280B30A1F0C9}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{32BF8CB5-6CD2-4CAE-A40A-E9658D03DE50}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{B0D0CA5D-0300-44AC-A07F-34E545FDAAA6}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{7F960B63-5FDE-414E-8323-E3E73528E734}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{8C9DE7BB-78CB-4023-A650-B3F1572B1E7E}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{EDD2E14C-6B08-4A63-81A2-E6B7F2F096C0}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{379E5D3A-02FA-42A2-BB10-89E6F2B417D8}] => (Allow) %SystemDrive%\Riot Games\League of Legends\lol.launcher.admin.exe
FirewallRules: [TCP Query User{836A6E34-4D5B-472A-9E1B-72E8724ED733}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{7B8FC7A6-DFEC-42C3-B704-2E4A2855BE7C}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [{8C575545-4308-4990-B7C3-43B6D0A4BA3F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{A83C7BD7-09B7-44AE-8CBA-7570BEC62F17}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [TCP Query User{753B0D8D-7705-44F9-BB30-C72963CC82ED}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [UDP Query User{045095AD-7F06-4702-8A13-17131E7C0B84}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [{B71C604B-DB4E-4301-835E-941A17644829}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{BCC6C37E-34C9-4690-AC8B-C7CC88CA5B9F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{B418676D-EFD8-4007-B636-256C9B1520A3}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{1856E8B6-FE78-4914-8458-A58466051759}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{8B675BCB-E8D1-4ABE-8452-2C752D7B01B9}] => (Allow) C:\Program Files (x86)\Diablo III Beta 2013\Diablo III.exe
FirewallRules: [{ABB7B3BB-0EEB-4056-BD7E-7D5102A6A59F}] => (Allow) C:\Program Files (x86)\Diablo III Beta 2013\Diablo III.exe
FirewallRules: [{845423ED-B7EB-4CCC-A8B1-4827971C5EA6}] => (Allow) LPort=3724
FirewallRules: [{0536FF19-99E2-4C7A-99AB-1333B6B559CB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{59FC1804-CC04-4DF8-82E3-1368083AF79E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{9CCC2BC8-8E60-4393-84E7-0988794B8A27}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{DE3552C8-B0A3-435B-A9D9-702F43D4BDCE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{2118028D-AF2D-4551-8E66-84EBED4DC7CA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dungeon Defenders\Binaries\Win32\DungeonDefenders.exe
FirewallRules: [{B5E11E73-4E9A-4AAC-8967-BD38C8FCDC8D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dungeon Defenders\Binaries\Win32\DungeonDefenders.exe
FirewallRules: [TCP Query User{54DF0F6A-D7F8-4C8B-AD9C-0D6D3A4B0D13}C:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe
FirewallRules: [UDP Query User{6D503615-CE0E-4C4D-A038-613CFC76DC44}C:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe
FirewallRules: [{AAC95E3B-0E4B-4BA5-B7BA-1B27F7083502}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{61BEFBDA-50EB-4914-B19C-F7454BF164BC}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{65674274-5985-4E4D-B4E5-0D1A496A16F4}C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{48AD89D6-588A-420E-AF8E-28A135D5353C}C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [{897221FB-04E8-43BE-952D-912E1D062FFC}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{5ADDF456-8CED-42E2-8302-6385CF55D154}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [TCP Query User{DB44ECD2-5E8C-45D6-80E9-28821F857FDD}C:\users\beandip\documents\3dmgame-magic.2015.complete.bundle.incl.special.edition.content.crakced-3dm\magic 2015\dotp_d15.exe] => (Allow) C:\users\beandip\documents\3dmgame-magic.2015.complete.bundle.incl.special.edition.content.crakced-3dm\magic 2015\dotp_d15.exe
FirewallRules: [UDP Query User{8A504301-7473-4636-9E2A-CC842BA13935}C:\users\beandip\documents\3dmgame-magic.2015.complete.bundle.incl.special.edition.content.crakced-3dm\magic 2015\dotp_d15.exe] => (Allow) C:\users\beandip\documents\3dmgame-magic.2015.complete.bundle.incl.special.edition.content.crakced-3dm\magic 2015\dotp_d15.exe
FirewallRules: [TCP Query User{D93CA7DC-A959-4E07-856E-8E590B52F682}C:\games\stepmania 5\program\stepmania.exe] => (Allow) C:\games\stepmania 5\program\stepmania.exe
FirewallRules: [UDP Query User{6F965E95-FAA7-4507-8BA6-354360AB2B9F}C:\games\stepmania 5\program\stepmania.exe] => (Allow) C:\games\stepmania 5\program\stepmania.exe
FirewallRules: [{C62840D9-11E6-450C-92A8-BD4C77A0FEFE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{C5BE551B-D520-41F5-AC7B-71A8BA72F391}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{E37D016A-91AA-439C-BC09-DD903F7AA03F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{888FEDE0-2CA2-45E6-9EF2-F6C3F18FC1EB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{81160FCD-0EAA-452F-A6C4-526EED0852DA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D1887B1A-1C26-4968-91E7-6C8F57554394}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Magic Duels\MagicDuels.exe
FirewallRules: [{222F7778-7E14-4079-8B9C-3FFD7F26BACE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Magic Duels\MagicDuels.exe
FirewallRules: [TCP Query User{26056BCC-247C-4DD7-A00B-2AC17618B3C1}C:\program files (x86)\heroes of the storm\versions\base39445\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base39445\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{87036276-BC16-44CB-903F-0AE24512FE8B}C:\program files (x86)\heroes of the storm\versions\base39445\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base39445\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{C3E5B430-94F4-4F6B-B345-52A24DF4AB5E}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{AF40A6D9-280E-41F0-B681-6855BE60F5CD}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{02AE96CA-C4A1-4393-B037-08BDF604DD3D}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{C1CC1154-78CA-44C8-9F80-C063F951E30E}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{52074B23-1284-4573-AFAB-E952D2C0FD40}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [{635B64A3-39FC-4EC0-8113-C48B7EB7FFD5}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [{602AC5AD-4C9B-4E1C-BFCA-E7EC3E82C488}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{88E13E08-6612-44FF-B855-36E65DA1604E}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{E8CB0DFE-A069-47D5-906F-82FF3FAFFB16}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{61B61667-BB81-4152-915C-CFC486CA804D}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{89B4106E-FE28-4B55-B264-E74E1A59C899}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{866351C6-6EAF-4AC3-9EB6-205A1C8A9A5A}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{FA925EE1-5C52-4A95-87B6-706F91FBAD64}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{81399CF5-CC14-4EB0-AE11-0C9B8B034DEA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{1C2DEB6E-25A6-4200-8B31-C24FCD6B74E6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{954B6BCF-9BD3-45B1-B115-49B43CD5AD07}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dungeon Defenders 2\DunDefLauncher.exe
FirewallRules: [{C299917B-1FD5-4CE9-9667-A0ACE9667DD3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dungeon Defenders 2\DunDefLauncher.exe
FirewallRules: [TCP Query User{FA4B3040-DBF4-4C40-B2EA-3FA7FB04E3F4}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [UDP Query User{8BBA9D61-733A-4F58-81E6-78D7C024C954}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe

==================== Restore Points =========================

21-07-2016 02:06:47 Removed iTunes
22-07-2016 03:32:14 Removed Java 8 Update 91
22-07-2016 07:52:01 Removed BlueStacks App Player

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (07/22/2016 08:09:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/22/2016 03:56:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (07/22/2016 08:08:09 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the NVIDIA Streamer Service service to connect.

Error: (07/22/2016 08:06:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068 = The dependency service or group failed to start.

Error: (07/22/2016 08:06:05 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068 = The dependency service or group failed to start.

Error: (07/22/2016 08:06:05 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (07/22/2016 08:06:05 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068 = The dependency service or group failed to start.

CodeIntegrity:
===================================
Date: 2016-07-22 08:07:20.396
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-07-22 08:07:20.178
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-07-22 07:14:48.004
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\BeanDip\AppData\Local\Temp\ehdrv.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-07-22 07:14:46.865
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\BeanDip\AppData\Local\Temp\ehdrv.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-07-22 07:14:37.113
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\BeanDip\AppData\Local\Temp\ehdrv.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-07-22 07:12:11.703
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\BeanDip\AppData\Local\Temp\ehdrv.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-07-22 07:12:10.303
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\BeanDip\AppData\Local\Temp\ehdrv.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-07-22 06:01:33.198
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hitmanpro37.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-07-22 05:48:28.444
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-07-22 05:48:28.381
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: AMD Athlon(tm) II X3 455 Processor
Percentage of memory in use: 53%
Total physical RAM: 8191.18 MB
Available physical RAM: 3768.27 MB
Total Virtual: 16380.54 MB
Available Virtual: 11813.16 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:308.69 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 724105A5)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

kevinf80 · July 22, 2016

Thanks for those logs, continue as follows:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Go here: https://www.zemana.com/Download download and install Zemana Anti-malware. Allow a shortcut to be saved to your Desktop.. The tool will be active with a 15 day trial....

Right click on

Zemana Antimalware and select "Run as Administrator"

From the GUI select "Settings"

In the new window Select 1. Updates, when complete Select 2. Real Time Protection.

In the next window make sure 1. all boxes are checkmarked and the action is "Quarantine" and then " 2. Select the home icon.

In the new window select "Scan"

When the scan completes check each found entry (if any). For "Suspicious Browser Settings" choose REPAIR for all other entries choose QUARANTINE then select the "Next" tab

The action complete window will open, from there select the "Back" tab. That will take you back to the home screen...

On that screen select the "Reports" tab. (Looks like 3 chimneys)

On that screen select and highlite the scan details line, then select "Open Report"

Copy and paste that log to your reply...

Next,

Download Sophos Free Virus Removal Tool and save it to your desktop.

Double click the icon and select Run
Click Next
Select I accept the terms in this license agreement, then click Next twice
Click Install
Click Finish to launch the program
Once the virus database has been updated click Start Scanning
If any threats are found click Details, then View log file... (bottom left hand corner)
Copy and paste the results in your reply
Close the Notepad document, close the Threat Details screen, then click Start cleanup
Click Exit to close the program
If no threats were found please confirm that result....

Let me see those logs, also give an update on any remaining issues or concerns....

Thank you,

Kevin...

Fixlist.txt

leaftwisted · July 23, 2016

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-07-2016
Ran by BeanDip (2016-07-23 11:18:54) Run:1
Running from C:\Users\BeanDip\Desktop
Loaded Profiles: BeanDip (Available Profiles: BeanDip)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-524116036-2823710718-2030037802-1127\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
CHR DefaultSearchURL: Profile 1 -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Profile 1 -> hxxp://srch.bar/?s={searchTerms}
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 FoxAwdWINFLASH64; \??\C:\Program Files (x86)\Foxconn\FOX LiveUpdate\FoxAwdWINFLASH64.SYS [X]
S3 HWHandSet; system32\DRIVERS\hw_quusbmdm.sys [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
S3 X6va022; \??\C:\Windows\SysWOW64\Drivers\X6va022 [X]
IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-524116036-2823710718-2030037802-1127\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-524116036-2823710718-2030037802-1127\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-524116036-2823710718-2030037802-1127\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-524116036-2823710718-2030037802-1127\...\sony.com -> sony.com
CMD: ipconfig /flushdns
EmptyTemp:
end

*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-524116036-2823710718-2030037802-1127\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSuggestURL => removed successfully
catchme => service removed successfully
EagleX64 => service removed successfully
FoxAwdWINFLASH64 => service removed successfully
HWHandSet => service removed successfully
RimUsb => service removed successfully
X6va022 => service removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com" => key removed successfully
"HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com" => key removed successfully
"HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com" => key removed successfully
"HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com" => key removed successfully
"HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com" => key removed successfully
"HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com" => key removed successfully
"HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com" => key removed successfully
"HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com" => key removed successfully
"HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com" => key removed successfully
"HKU\S-1-5-21-524116036-2823710718-2030037802-1127\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com" => key removed successfully
"HKU\S-1-5-21-524116036-2823710718-2030037802-1127\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com" => key removed successfully
"HKU\S-1-5-21-524116036-2823710718-2030037802-1127\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com" => key removed successfully
"HKU\S-1-5-21-524116036-2823710718-2030037802-1127\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com" => key removed successfully

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End ofCMD: =========

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 25201968 B
Java, Flash, Steam htmlcache => 314465264 B
Windows/system/drivers => 7842 B
Edge => 0 B
Chrome => 85677406 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 16802 B
systemprofile32 => 66228 B
LocalService => 0 B
NetworkService => 10922 B
UpdatusUser => 0 B
BeanDip => 9242535 B
UpdatusUser => 0 B
fbwuser => 0 B

RecycleBin => 47127383273 B
EmptyTemp: => 44.3 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 11:20:16 ====

leaftwisted · July 23, 2016

Zemana AntiMalware 2.21.2.139 (Installed)

-------------------------------------------------------
Scan Result : Completed
Scan Date : 2016/7/23
Operating System : Windows 7 64-bit
Processor : 3X AMD Athlon(tm) II X3 455 Processor
BIOS Mode : Legacy
CUID : 120246D136EDDD55B08533
Scan Type : Smart Scan
Duration : 7m 51s
Scanned Objects : 26633
Detected Objects : 0
Excluded Objects : 0
Read Level : SCSI
Auto Upload : Enabled
Detect All Extensions : Disabled
Scan Documents : Disabled
Domain Info : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

There are no detected objects

leaftwisted · July 23, 2016

Will post Sophos log once its done, might have to go out for a little bit here but i assure you i'm still around and appreciate the thread not being closed due to my partial absence.
thanks for all the help thus far Kevin. if im not infected i think its me getting throttled via my ISP. unsure at this point as ive ran a multitude of flushes and re writes and scans and all that jazz.

kevinf80 · July 23, 2016

Just post Sophos results whenever you`re ready, it is a very thorough scan so may take a few hours.... Also give an update on any remaining issues or concerns...

Thank you,

Kevin...

leaftwisted · July 23, 2016

2016-07-23 16:03:09.391 Sophos Virus Removal Tool version 2.5.5

2016-07-23 16:03:09.391 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2016-07-23 16:03:09.391 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64

2016-07-23 16:03:09.391 Checking for updates...

2016-07-23 16:03:10.062 Update progress: proxy server not available

2016-07-23 16:03:21.247 Option all = no

2016-07-23 16:03:21.247 Option recurse = yes

2016-07-23 16:03:21.247 Option archive = no

2016-07-23 16:03:21.247 Option service = yes

2016-07-23 16:03:21.247 Option confirm = yes

2016-07-23 16:03:21.247 Option sxl = yes

2016-07-23 16:03:21.247 Option max-data-age = 35

2016-07-23 16:03:21.247 Option EnableSafeClean = yes

2016-07-23 16:03:24.414 Option vdl-logging = yes

2016-07-23 16:03:24.414 Customer ID: 094260ca9b3af99f9d4a3909fc47a743

2016-07-23 16:03:24.414 Machine ID: fbd92a4afa35444d8565c86befbb5b12

2016-07-23 16:03:24.414 Component SVRTcli.exe version 2.5.5

2016-07-23 16:03:24.414 Component control.dll version 2.5.5

2016-07-23 16:03:24.414 Component SVRTservice.exe version 2.5.5

2016-07-23 16:03:24.414 Component engine\osdp.dll version 1.44.1.2250

2016-07-23 16:03:24.414 Component engine\veex.dll version 3.65.0.2250

2016-07-23 16:03:24.414 Component engine\savi.dll version 9.0.1.2250

2016-07-23 16:03:24.414 Component rkdisk.dll version 1.5.30.0

2016-07-23 16:03:24.414 Version info: Product version 2.5.5

2016-07-23 16:03:24.414 Version info: Detection engine 3.65.0

2016-07-23 16:03:24.414 Version info: Detection data 5.26

2016-07-23 16:03:24.414 Version info: Build date 05/04/2016

2016-07-23 16:03:24.414 Version info: Data files added 674

2016-07-23 16:03:24.414 Version info: Last successful update (not yet updated)

2016-07-23 16:03:49.612 Downloading updates...

2016-07-23 16:03:49.612 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0

2016-07-23 16:03:49.612 Update progress: [I49502] Found supplement SAVIW32 LATEST

2016-07-23 16:03:49.612 Update progress: [I49502] Found supplement IDE527 LATEST

2016-07-23 16:03:49.612 Update progress: [I49502] Found supplement IDE528 LATEST

2016-07-23 16:03:49.612 Update progress: [I49502] Found supplement IDE529 LATEST

2016-07-23 16:03:49.612 Update progress: [I49502] Found supplement IDE530 LATEST

2016-07-23 16:03:49.612 Update progress: [I49502] Found supplement IDE531 LATEST

2016-07-23 16:03:49.612 Update progress: [I49502] Found supplement IDE532 LATEST

2016-07-23 16:03:49.612 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1

2016-07-23 16:03:49.612 Update progress: [I19463] Syncing product SAVIW32 70

2016-07-23 16:04:08.140 Update progress: [I19463] Syncing product IDE527 142

2016-07-23 16:04:14.321 Installing updates...

2016-07-23 16:04:14.930 Error level 1

2016-07-23 16:04:14.945 Update progress: [I19463] Syncing product IDE528 127

2016-07-23 16:04:14.945 Update progress: [I19463] Syncing product IDE529 135

2016-07-23 16:04:14.945 Update progress: [I19463] Syncing product IDE530 214

2016-07-23 16:04:14.945 Update progress: [I19463] Syncing product IDE531 63

2016-07-23 16:04:14.945 Update progress: [I19463] Syncing product IDE532 1

2016-07-23 16:04:38.661 Update successful

2016-07-23 16:05:01.252 Option all = no

2016-07-23 16:05:01.252 Option recurse = yes

2016-07-23 16:05:01.252 Option archive = no

2016-07-23 16:05:01.252 Option service = yes

2016-07-23 16:05:01.252 Option confirm = yes

2016-07-23 16:05:01.252 Option sxl = yes

2016-07-23 16:05:01.252 Option max-data-age = 35

2016-07-23 16:05:01.252 Option EnableSafeClean = yes

2016-07-23 16:05:01.299 Option vdl-logging = yes

2016-07-23 16:05:01.299 Customer ID: 094260ca9b3af99f9d4a3909fc47a743

2016-07-23 16:05:01.299 Machine ID: fbd92a4afa35444d8565c86befbb5b12

2016-07-23 16:05:01.299 Component SVRTcli.exe version 2.5.5

2016-07-23 16:05:01.299 Component control.dll version 2.5.5

2016-07-23 16:05:01.299 Component SVRTservice.exe version 2.5.5

2016-07-23 16:05:01.299 Component engine\osdp.dll version 1.44.1.2250

2016-07-23 16:05:01.299 Component engine\veex.dll version 3.65.0.2250

2016-07-23 16:05:01.299 Component engine\savi.dll version 9.0.1.2250

2016-07-23 16:05:01.299 Component rkdisk.dll version 1.5.30.0

2016-07-23 16:05:01.299 Version info: Product version 2.5.5

2016-07-23 16:05:01.299 Version info: Detection engine 3.65.0

2016-07-23 16:05:01.299 Version info: Detection data 5.26

2016-07-23 16:05:01.299 Version info: Build date 05/04/2016

2016-07-23 16:05:01.299 Version info: Data files added 674

2016-07-23 16:05:01.299 Version info: Last successful update 23/07/2016 12:04:38 PM

2016-07-23 18:29:41.760 Could not open C:\hiberfil.sys

2016-07-23 18:29:41.811 Could not open C:\pagefile.sys

2016-07-23 19:09:20.489 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}

2016-07-23 19:09:20.489 Could not open C:\System Volume Information\{ac253321-4fe1-11e6-9676-d02788d81da6}{3808876b-c176-4e48-b7ae-04046e6cc752}

2016-07-23 19:09:20.489 Could not open C:\System Volume Information\{c0eced03-50e9-11e6-ada4-d02788d81da6}{3808876b-c176-4e48-b7ae-04046e6cc752}

2016-07-23 19:09:20.490 Could not open C:\System Volume Information\{d5062c0f-5004-11e6-a0e5-d02788d81da6}{3808876b-c176-4e48-b7ae-04046e6cc752}

2016-07-23 19:09:20.491 Could not open C:\System Volume Information\{d5e2c8c9-4e24-11e6-b733-d02788d81da6}{3808876b-c176-4e48-b7ae-04046e6cc752}

2016-07-23 19:09:20.491 Could not open C:\System Volume Information\{decd5320-4fcf-11e6-b55c-d02788d81da6}{3808876b-c176-4e48-b7ae-04046e6cc752}

2016-07-23 19:09:58.598 Could not open C:\Users\BeanDip\AppData\Local\Google\Chrome\User Data\Profile 1\Current Session

2016-07-23 19:09:58.599 Could not open C:\Users\BeanDip\AppData\Local\Google\Chrome\User Data\Profile 1\Current Tabs

2016-07-23 19:17:33.556 >>> Virus 'Mal/VMProtBad-A' found in file C:\Users\BeanDip\Documents\3DMGAME-Magic.2015.Complete.Bundle.Incl.Special.Edition.Content.Crakced-3DM\Magic 2015\steam_api.dll

2016-07-23 19:17:33.556 >>> Virus 'Mal/VMProtBad-A' found in file HKU\S-1-5-21-524116036-2823710718-2030037802-1127\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect

2016-07-23 19:17:33.556 >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect

2016-07-23 20:03:34.157 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb

2016-07-23 20:03:34.158 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb

2016-07-23 20:03:46.945 Could not open C:\Windows\System32\config\RegBack\DEFAULT

2016-07-23 20:03:46.969 Could not open C:\Windows\System32\config\RegBack\SAM

2016-07-23 20:03:46.971 Could not open C:\Windows\System32\config\RegBack\SECURITY

2016-07-23 20:03:47.009 Could not open C:\Windows\System32\config\RegBack\SOFTWARE

2016-07-23 20:03:47.010 Could not open C:\Windows\System32\config\RegBack\SYSTEM

2016-07-23 20:27:11.125 Could not open LOGICAL:0004:00000000

2016-07-23 20:27:11.152 Could not open E:\

2016-07-23 20:27:11.161 Could not open LOGICAL:0005:00000000

2016-07-23 20:27:11.178 Could not open F:\

2016-07-23 20:27:11.185 Could not open LOGICAL:0006:00000000

2016-07-23 20:27:11.198 Could not open G:\

2016-07-23 20:27:11.204 Could not open LOGICAL:0007:00000000

2016-07-23 20:27:11.217 Could not open H:\

2016-07-23 20:27:11.389 Could not open PHYSICAL:0081:0000:0000:0001

2016-07-23 20:27:11.394 Could not open PHYSICAL:0082:0000:0000:0001

2016-07-23 20:27:11.398 Could not open PHYSICAL:0083:0000:0000:0001

2016-07-23 20:27:11.404 Could not open PHYSICAL:0084:0000:0000:0001

2016-07-23 20:27:11.462 The following items will be cleaned up:

2016-07-23 20:27:11.462 Mal/VMProtBad-A

kevinf80 · July 25, 2016

What is the current status of your OS, do you have any remaining issues or concerns?

leaftwisted · July 25, 2016

i will have to run it during the time of night when the occurrence happens most and see how bad the bandwidth gets, will report back soon.

kevinf80 · July 25, 2016

Ok, thanks for the update...

leaftwisted · July 26, 2016

It's still happening, i have a constant disconnection, i feel like i'm being piggy backed.

and unsure how to determine if i am being dns hijacked,worm'd,mined etc etc

leaftwisted · July 26, 2016

could this be a possible rootkit?

kevinf80 · July 26, 2016

What exactly happens when the disconnection occurs, does your PC disconnect from the router or does the router close down...

Next,

Run the following scans:

Please download aswMBR ( 4.5MB ) to your desktop.

Double click the aswMBR.exe icon, and click Run.
There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
Click the Scan button to start the scan once the update has finished downloading
On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).

Next,

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

Quit all running programs.
For Windows XP, double-click to start.
For Vista,Windows 7/8/8.1/10, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
Read and accept the EULA (End User Licene Agreement)
Click Scan to scan the system.
When the scan completes select "Report",in the next window select "Export txt" the log will open as a text file post that log... Also save to your Desktop for reference. log will open.
Close the program > Don't Fix anything!

Let me see those logs in your reply..

thank you,

Kevin...

leaftwisted · July 26, 2016

router connection stays up net has a momentary lapse in stabilty, small hicup. i ran deep scan on "zemana", instead of running "smart scan" and this is the result in which i got

Zemana AntiMalware 2.21.2.139 (Installed)

-------------------------------------------------------
Scan Result : Completed
Scan Date : 2016/7/26
Operating System : Windows 7 64-bit
Processor : 3X AMD Athlon(tm) II X3 455 Processor
BIOS Mode : Legacy
CUID : 120246D136EDDD55B08533
Scan Type : Deep Scan
Duration : 45m 19s
Scanned Objects : 416129
Detected Objects : 4
Excluded Objects : 0
Read Level : SCSI
Auto Upload : Enabled
Detect All Extensions : Disabled
Scan Documents : Disabled
Domain Info : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

MSIAA3E.tmp
Status : Scanned
Object : %systemroot%\installer\msiaa3e.tmp
MD5 : 40F0CEC3FCE2612AC50BB830AC0370BA
Publisher : APN LLC
Size : 90576
Version : -
Detection : PUA:Win32/AskToolbar.Gen
Cleaning Action : Quarantine
Related Objects :
File - %systemroot%\installer\msiaa3e.tmp

UE3Redist.exe
Status : Scanned
Object : %programfiles%\steam\steamapps\common\dungeon defenders\binaries\redist\ue3redist.exe
MD5 : FB51FAAAA34B2AA1CE0EEB652E037745
Publisher : -
Size : 56832
Version : 0.0.0.0
Detection : Malware:Win32/Blackoat.A!Akat
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\steam\steamapps\common\dungeon defenders\binaries\redist\ue3redist.exe

RagexeRE.exe
Status : Scanned
Object : %programfiles%\install on your desktop\dreamerro\ragexere.exe
MD5 : 82781CBCC212220D9FD4B33B70D09A58
Publisher : -
Size : 3907584
Version : -
Detection : TrojanCryptor:Win32/Generic
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\install on your desktop\dreamerro\ragexere.exe

Ragexe.exe
Status : Scanned
Object : %programfiles%\install on your desktop\dreamerro\ragexe.exe
MD5 : FD5F1BF03CAB44C3C639FBDF4379F974
Publisher : -
Size : 3987454
Version : -
Detection : TrojanCryptor:Win32/Generic
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\install on your desktop\dreamerro\ragexe.exe

what do you make of this?

kevinf80 · July 26, 2016

I do not believe any of those files listed by Zemana deep scan are malicious per se. The only way to check for sure would be to upload to VirusTotal...

Can you run the scans I listed and see what we get in their logs...

leaftwisted · July 26, 2016

aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2016-07-26 13:35:46
-----------------------------
13:35:46.056 OS Version: Windows x64 6.1.7601 Service Pack 1
13:35:46.056 Number of processors: 3 586 0x503
13:35:46.066 ComputerName: BEANDIP-PC UserName: BeanDip
13:35:48.826 Initialize success
13:35:48.844 VM: initialized successfully
13:35:48.845 VM: Amd CPU supported virtualized
13:35:56.363 AVAST engine defs: 16072600
13:36:47.145 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:36:47.155 Disk 0 Vendor: WDC_WD10EZEX-00RKKA0 80.00A80 Size: 953869MB BusType: 3
13:36:47.217 Disk 0 MBR read successfully
13:36:47.217 Disk 0 MBR scan
13:36:47.227 Disk 0 Windows 7 default MBR code
13:36:47.227 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
13:36:47.237 Disk 0 default boot code
13:36:47.237 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
13:36:47.287 Disk 0 scanning C:\Windows\system32\drivers
13:36:55.748 Service scanning
13:37:09.875 Modules scanning
13:37:10.207 Disk 0 trace - called modules:
13:37:10.220 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
13:37:10.223 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80076a5730]
13:37:10.227 3 CLASSPNP.SYS[fffff8800197543f] -> nt!IofCallDriver -> [0xfffffa80075d7440]
13:37:10.232 5 ACPI.sys[fffff88000f0d7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80075da060]
13:37:11.916 AVAST engine scan C:\Windows
13:37:17.762 AVAST engine scan C:\Windows\system32
13:44:13.735 AVAST engine scan C:\Windows\system32\drivers
13:45:10.547 AVAST engine scan C:\Users\BeanDip
14:21:41.928 AVAST engine scan C:\ProgramData
14:29:10.813 Disk 0 statistics 5389254/0/0 @ 0.97 MB/s
14:29:10.815 Scan finished successfully
14:36:26.804 Disk 0 MBR has been saved successfully to "C:\Users\BeanDip\Desktop\MBR.dat"
14:36:26.808 The log file has been saved successfully to "C:\Users\BeanDip\Desktop\aswMBR.txt"

leaftwisted · July 26, 2016

RogueKiller V12.4.0.0 (x64) [Jul 18 2016] (Premium) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : BeanDip [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 07/26/2016 15:13:34

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 2 ¤¤¤
[Suspicious.Path|Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aswMBR (\??\C:\Users\BeanDip\AppData\Local\Temp\aswMBR.sys) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aswMBR (\??\C:\Users\BeanDip\AppData\Local\Temp\aswMBR.sys) -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10EZEX-00RKKA0 ATA Device +++++
--- User ---
[MBR] 610225a0c2739d5499fde7eac7086378
[BSP] 63acbcd176ff84db07c7fd2ee62a6bc3 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

kevinf80 · July 26, 2016

Those logs are clean, continue and do the following...

Reset your router, instructons available at the following link:

http://setuprouter.com/networking/how-to-reset-your-router/

Follow those instructions very carefully.

Next,

Download and unzip DNSJumper to your Desktop, the tool is portable no installation necessary.

Tool can be downloaded here: http://www.sordum.org/downloads/?dns-jumper

Right click on Dnsjumper.exe and select "Run as Administrator" to start the tool, For XP just double click to run.
From the left hand pane select "Flush DNS"
From the main interface select the dropdown under "Choose a DNS Server"
From the list select either "Google Public DNS" or "Open DNS"
From the left hand pane select "Apply DNS"
When done re-boot your system....

Lets see if that makes any difference...

Thank you,

Kevin....

leaftwisted · July 27, 2016

It's happening again, pc works fine, net speed drops hard.

leaftwisted · July 27, 2016

as you can see i have few to many svc's running. this currently sets red falgs. it might be nothing but thats what seems to throttle my pc the hardest durring these times of elevated ram use/network use / network hicups .

kevinf80 · July 27, 2016

Having many svchost entries running is not really unusual, just to check what services are being hosted run the following from cmd.exe with Administrator status:

From an elevated command prompt or select Windows key and X key from the list select command prompt (admin)

copy and paste or type the following

tasklist /svc > 0 & notepad 0

Select enter, Notepad will open, let me see that list.

Next,

Try and run Auto runs when your connection is failing..

Scan with Autoruns

Please download Autoruns by Sysinternals and save the file to your desktop.

Right-click on icon and select Run as Administrator to start the tool.
It is important that you do not use your machine while the tool is running.
Wait patiently until the tool finishes its scanning. You will be notified with the Ready message in the lower left corner upon completion.
Go to File menu and select Save.
Make sure that the Save as type option is set to Text Files (*.txt) and the place to save will be your desktop. Name it so you'll be able to identify it.

Please attach the file to your next post.

To attach it:

After typing in your message, click More reply options instead of Post.
below the post preview and the post editor, you should be able to see Attach files option - please click Choose file.
in the pop-up window navigate to the desktop. Choose the one previously mentioned and attach it.

If the file is too big to attach it (it may happen), then please host it on a Dropbox account or a site like mediafire.com, providing me the link to the uploaded file.

Let me see those logs, also maybe a good idea to check with your ISP, ask if the connections are being throttled at specific times due to high activity...

Thank you,

Kevin.

Edited July 27, 2016 by kevinf80

leaftwisted · July 27, 2016

Image Name PID Services
========================= ======== ============================================
System Idle Process 0 N/A
System 4 N/A
smss.exe 452 N/A
csrss.exe 596 N/A
wininit.exe 636 N/A
csrss.exe 660 N/A
services.exe 704 N/A
winlogon.exe 732 N/A
lsass.exe 748 KeyIso, SamSs
lsm.exe 760 N/A
svchost.exe 880 DcomLaunch, PlugPlay, Power
svchost.exe 112 RpcEptMapper, RpcSs
svchost.exe 648 AudioSrv, Dhcp, eventlog,
HomeGroupProvider, lmhosts, wscsvc
svchost.exe 752 AudioEndpointBuilder, hidserv, Netman,
PcaSvc, SysMain, TrkWks, UxSms, WPDBusEnum,
wudfsvc
svchost.exe 1036 EventSystem, fdPHost, FontCache, netprofm,
nsi, SstpSvc, WdiServiceHost
svchost.exe 1060 AeLookupSvc, Appinfo, BITS, Browser,
IKEEXT, iphlpsvc, LanmanServer, MMCSS,
ProfSvc, RasMan, Schedule, seclogon, SENS,
ShellHWDetection, Themes, Winmgmt, wuauserv
svchost.exe 1152 gpsvc
svchost.exe 1304 CryptSvc, Dnscache, LanmanWorkstation,
NlaSvc, TapiSrv
AvastSvc.exe 1384 avast! Antivirus
spoolsv.exe 1664 Spooler
svchost.exe 1704 BFE, DPS, MpsSvc
GfExperienceService.exe 1800 GfExperienceService
NvNetworkService.exe 1896 NvNetworkService
NvStreamService.exe 1948 NvStreamSvc
taskhost.exe 1092 N/A
dwm.exe 1600 N/A
explorer.exe 1812 N/A
svchost.exe 2312 stisvc
svchost.exe 2356 WinDefend
ZAM.exe 2396 ZAMSvc
RAVCpl64.exe 3036 N/A
NvBackend.exe 1548 N/A
SearchIndexer.exe 2012 WSearch
WUDFHost.exe 3120 N/A
avastui.exe 3452 N/A
NvStreamNetworkService.ex 3928 NvStreamNetworkSvc
svchost.exe 4052 PolicyAgent
svchost.exe 3596 FDResPub, SSDPSRV, wcncsvc
WmiPrvSE.exe 3504 N/A
unsecapp.exe 3988 N/A
svchost.exe 3280 SDRSVC
LULnchr.exe 4844 N/A
LogitechUpdate.exe 4176 N/A
NvStreamUserAgent.exe 1424 N/A
conhost.exe 4716 N/A
nvvsvc.exe 4132 nvsvc
nvxdsync.exe 2284 N/A
nvvsvc.exe 4688 N/A
nvtray.exe 4508 N/A
nvSCPAPISvr.exe 5092 Stereo Service
audiodg.exe 2272 N/A
Downloader_Diablo2_Lord_o 5336 N/A
chrome.exe 2000 N/A
chrome.exe 5592 N/A
chrome.exe 5616 N/A
chrome.exe 3216 N/A
chrome.exe 5236 N/A
cmd.exe 5544 N/A
conhost.exe 4644 N/A
tasklist.exe 4468 N/A

gunna run the scan now once my windows is done its auto updates. as u recommended i not use or have anything running whilst using the AutoRuns.exe. Will report back once again .with more info when available.

kevinf80 · July 27, 2016

Thanks for the update...

Pretty sure im infected.

Recommended Posts

Link to post

Share on other sites

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information