Jump to content

Recommended Posts

Hello,

 

i would like to get some help with my problem.

my computer recently got infected with a malware that caused all files on USB storage to be hidden and and turned them to shortcuts ....(got infected from a USB stick).

after being infected, i am unable to run Malwarebytes, nor MBAM CLEAN

i tried uninstalling Malwarebytes from the control panel then reinstalling it, but it still doesn't run.

also,i trried using rkill before running malwarebytes but that didn't yeild any results.

also tried using malwarebytes chameleon, but with no resluts.

i  can't run Farbar Recovery Scan Tool.

tried running other anti malware programs, but non of them runs.


What should i do?

 

Link to post
Share on other sites

Can you install McShield on your PC... http://mcshield.net/ That will protect USB drives on your system and any that are plugged in...

Next,

Plug in your USB stick, now do the following:

Click on "Start" type cmd.exe into the search box. cmd.exe will show, Right click on that entry and select "Run as Administrator" and click on OK.

Here I assume your USB stick as X:

Enter this command. Highlight the command then Right click - Copy. At the cmd prompt Right click - Paste

attrib -h -r -s /s /d x:\*.* hit the enter key...

Note : Replace the letter X with your flash drive letter....

Do the files now show OK on USB stick...? If so lets see if we can run FRST from the Recovery Environment...

Please download Farbar Recovery Scan Tool from here:

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

save it to a USB flash drive. Ensure to get the correct version for your system, 32 bit or 64 bit

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

System Recovery Options.

Plug the flashdrive into the infected PC.

Enter System Recovery Options I give two methods, use whichever is convenient for you.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select Your Country as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.


To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select Your Country as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.


On the System Recovery Options menu you may get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

 
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64 or e:\frst depending on your version. Press Enter Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
Link to post
Share on other sites

Hello kevinf80,

Thank you for your follow up...

 

-i can't install McShield, when i try to run the installer without admin permission this message appears: Application has generated an exception that could not be handled

MCShield.jpg

when i try running it with admin permission i see the MCShield symbol for a second then it quickly disappears (similar to what happens when trying to run antimalware programs)

- after using the  attrib -h -r -s /s /d x:\*.* command, a folder called .Trashes appears in the USB drive then quickly disappears. i figured it's a hidden file, so i went to the control panel and clicked show hidden files and folders. The .trashes file appears, and the files the were supposed to be on the USB drive are in it. when i copy  FRST it automatically goes to the .trashes folder

-i was able to run FRST from the recovery envoirnment, here is the log :

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-02-2017
Ran by SYSTEM on MININT-T02LDS3 (08-02-2017 22:27:46)
Running from E:\.Trashes
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8
Boot Mode: Recovery
Default: ControlSet001
[b]ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.[/b]

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13636824 2013-07-25] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-27] (Intel Corporation)
HKLM\...\Run: [ISCT Tray] => C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe [5860656 2014-08-25] (Intel Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-05-11] (Apple Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [2780112 2017-01-19] (Malwarebytes)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe [1087960 2014-03-20] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-20] (Intel Corporation)
HKLM-x32\...\Run: [UIExec] => C:\Program Files (x86)\Etisalat USB Modem\UIExec.exe [157440 2013-03-07] ()
Startup: C:\Users\Ugex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\atajo.lnk [2017-02-08]
ShortcutTarget: atajo.lnk -> C:\Users\Ugex\AppData\Roaming\ibkbuw\ygegbffp64.exe (Microsoft Corporation)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1362464 2016-05-25] ()
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [245544 2016-01-06] (EasyAntiCheat Ltd)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-27] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-03-20] (Intel Corporation)
S2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [209712 2014-08-25] ()
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-01-16] ()
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-19] (Malwarebytes)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3916368 2016-01-09] (INCA Internet Co., Ltd.)
S2 PinnacleUpdateSvc; C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe [438272 2015-06-21] (PowerUp Software, LLC)
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
S2 UI Assistant Service; C:\Program Files (x86)\Etisalat USB Modem\AssistantServices.exe [276224 2013-03-07] ()
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [488216 2014-02-03] (Intel Corporation)
S0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-05-27] (Intel Corporation)
S3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [22216 2014-05-27] ()
S3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [22728 2014-05-27] ()
S3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [25800 2014-05-27] ()
S3 ISCT; C:\Windows\System32\DRIVERS\ISCTD.sys [44744 2014-05-27] ()
S3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-09-25] (Marvell Semiconductor, Inc.)
S2 npf; C:\Windows\SysWOW64\Drivers\npf.sys [35088 2012-11-19] (CACE Technologies, Inc.)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-08-11] (NVIDIA Corporation)
S3 USBZTECCID; C:\Windows\System32\DRIVERS\ZTEusbccid.sys [18432 2012-03-13] (ZTE)
S2 WtfEngineDrv; C:\Windows\System32\DRIVERS\WtfEngineDrv.sys [27392 2015-10-27] (AAA Internet Publishing, Inc.)
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-08 22:27 - 2017-02-08 22:27 - 00000000 ____D C:\FRST
2017-02-08 12:03 - 2017-02-08 12:04 - 02421248 _____ (Farbar) C:\Users\Ugex\Downloads\FRST64.exe
2017-02-08 11:58 - 2017-02-08 11:59 - 02856736 _____ (MyCity) C:\Users\Ugex\Downloads\MCShield-Setup.exe
2017-02-08 08:42 - 2017-02-08 08:42 - 02421248 _____ (Farbar) C:\Users\Ugex\Desktop\FRST64.exe
2017-02-08 08:09 - 2017-02-08 08:09 - 00566128 _____ (Malwarebytes) C:\Users\Ugex\Downloads\mbam-clean-2.3.0.1001.exe
2017-02-08 08:07 - 2017-02-08 08:07 - 00004498 _____ C:\Users\Ugex\Desktop\Rkill.txt
2017-02-08 08:06 - 2017-02-08 08:06 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Ugex\Downloads\rkill.com
2017-02-08 08:06 - 2017-02-08 08:06 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Ugex\Desktop\rkill.com
2017-02-08 08:04 - 2017-02-08 08:04 - 00912452 _____ C:\Users\Ugex\Downloads\rkill.zip
2017-02-08 08:02 - 2017-02-08 08:02 - 00001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-08 08:02 - 2017-02-08 08:02 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-08 08:02 - 2017-01-19 21:47 - 00077416 _____ C:\Windows\System32\Drivers\mbae64.sys
2017-02-08 07:59 - 2017-02-08 08:02 - 55566792 _____ (Malwarebytes ) C:\Users\Ugex\Downloads\mb3-setup-consumer-3.0.6.1469.exe
2017-02-07 07:16 - 2017-02-07 07:16 - 00000000 ____D C:\Users\Ugex\Downloads\doctor-strange-2016_arabic-1489516
2017-02-07 06:27 - 2017-02-07 07:08 - 735015173 ____R C:\Users\Ugex\Downloads\Doctor.Strange.2016.DVDSCR.700MB.MkvCage.mkv
2017-02-07 06:27 - 2017-02-07 06:27 - 00242927 _____ C:\Users\Ugex\Downloads\doctor-strange-2016_arabic-1489516.zip
2017-02-07 06:26 - 2017-02-07 06:27 - 00014901 _____ C:\Users\Ugex\Downloads\55FBBA72A58B69CD46570B61537A771148413E4E.torrent
2017-02-06 14:14 - 2017-02-07 06:28 - 00000000 ____D C:\Users\Ugex\Downloads\[CorePack] Battlefield 1 - Digital Deluxe Edition
2017-02-06 14:09 - 2017-02-06 14:09 - 00096811 _____ C:\Users\Ugex\Downloads\BA8CD0ED312B4626780116DB5E33D9F1CF1DA4CF.torrent
2017-02-04 00:17 - 2017-02-04 00:17 - 00000982 _____ C:\Users\Ugex\Desktop\mafia3.exe - Shortcut.lnk
2017-02-02 14:31 - 2017-02-02 14:31 - 00001557 _____ C:\Users\Public\Desktop\Far Cry - Primal.lnk
2017-02-01 23:54 - 2017-02-01 23:54 - 00000000 ____D C:\Users\Ugex\Downloads\MAFIA.3.V1.05.PLUS16TRN.FLING
2017-02-01 23:53 - 2017-02-01 23:53 - 00797244 _____ C:\Users\Ugex\Downloads\MAFIA.3.V1.05.PLUS16TRN.FLING.ZIP
2017-02-01 08:02 - 2017-02-01 08:04 - 34356750 _____ C:\Users\Ugex\Downloads\Playboy_USA_July_August_2016.zip
2017-01-31 07:35 - 2017-02-01 22:02 - 00000000 ____D C:\Users\Ugex\Downloads\Far Cry - Primal [FitGirl Repack]
2017-01-30 22:53 - 2014-10-10 07:50 - 00000000 ____D C:\Users\Ugex\Desktop\Guru3D.com
2017-01-30 12:21 - 2017-01-30 12:21 - 00000000 ____D C:\Users\Ugex\AppData\Local\2K Games
2017-01-28 04:59 - 2017-01-28 05:00 - 02159477 _____ C:\Users\Ugex\Downloads\DEUS.EX.MD.V1.1.B524.17.X64.PLUS20TRN.LINGON.ZIP
2017-01-28 04:59 - 2017-01-28 04:59 - 00795684 _____ C:\Users\Ugex\Downloads\DEUS.EX.MD.PLUS18TRN.FLING.ZIP
2017-01-27 13:17 - 2017-01-27 13:18 - 04154750 _____ C:\Users\Ugex\Downloads\DEUS.EX.MD.X64.V1.11.PLUS16TRN.BARACUDA.ZIP
2017-01-27 13:14 - 2017-01-27 13:16 - 03200978 _____ C:\Users\Ugex\Downloads\DEUS.EX.MD.V1.11.PLUS19TRN.FUTUREX.ZIP
2017-01-27 01:23 - 2017-01-30 04:13 - 00000000 ____D C:\Users\Ugex\Documents\Deus Ex -  Mankind Divided
2017-01-27 01:23 - 2017-01-27 01:23 - 00000000 ____D C:\Users\Ugex\AppData\Roaming\Eidos Montreal
2017-01-27 00:13 - 2017-01-27 00:13 - 00001637 _____ C:\Users\Public\Desktop\Deus Ex - Mankind Divided.lnk
2017-01-26 15:55 - 2017-01-28 22:29 - 00000000 ____D C:\Users\Ugex\Downloads\Mafia 3 [FitGirl Repack]
2017-01-24 00:24 - 2017-01-28 16:11 - 00000228 _____ C:\Users\Ugex\Desktop\hwmonitorw.ini
2017-01-23 20:02 - 2016-10-17 06:55 - 02201304 _____ (CPUID) C:\Users\Ugex\Desktop\HWMonitor_x64.exe
2017-01-23 20:02 - 2016-10-17 06:54 - 01723608 _____ (CPUID) C:\Users\Ugex\Desktop\HWMonitor_x32.exe
2017-01-23 20:02 - 2016-10-12 04:58 - 00002047 _____ C:\Users\Ugex\Desktop\hwm_readme.txt
2017-01-23 18:57 - 2017-01-23 18:57 - 00000045 _____ C:\Windows\SysWOW64\initdebug.nfo
2017-01-21 12:58 - 2017-01-21 12:59 - 00351962 _____ C:\Users\Ugex\Downloads\70044FDA85324BB3A1D8D0CA9B99FD2166587E70.torrent

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-08 12:20 - 2016-01-06 04:04 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2017-02-08 12:20 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-08 12:19 - 2015-11-19 15:02 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-08 12:17 - 2016-01-01 19:49 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-02-08 12:15 - 2016-12-11 11:54 - 00000000 ___HD C:\Users\Ugex\AppData\Roaming\ibkbuw
2017-02-08 12:13 - 2016-08-13 03:03 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-08 12:04 - 2009-07-13 20:45 - 00020640 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-08 12:04 - 2009-07-13 20:45 - 00020640 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-08 11:25 - 2016-01-06 18:40 - 00000000 ____D C:\Users\Ugex\AppData\Local\Warframe
2017-02-08 11:10 - 2016-01-15 22:38 - 00119296 _____ C:\Windows\SysWOW64\zlib.dll
2017-02-08 11:09 - 2015-11-23 11:53 - 00000000 ____D C:\Users\Ugex\AppData\Roaming\DMCache
2017-02-08 08:10 - 2015-11-19 16:10 - 00000000 ____D C:\Users\Ugex\AppData\Roaming\uTorrent
2017-02-08 08:02 - 2016-07-30 07:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-08 07:54 - 2009-07-13 21:13 - 00783114 _____ C:\Windows\System32\PerfStringBackup.INI
2017-02-08 07:54 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2017-02-06 23:27 - 2015-11-19 14:47 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-02 21:04 - 2015-11-19 23:53 - 00000000 ____D C:\Users\Ugex\Documents\My Games
2017-02-02 14:31 - 2015-11-19 22:59 - 00000000 ____D C:\Games
2017-02-01 13:54 - 2015-11-23 11:53 - 00000000 ____D C:\Users\Ugex\Downloads\Video
2017-01-30 22:53 - 2015-11-23 11:53 - 00000000 ____D C:\Users\Ugex\Downloads\Compressed
2017-01-30 12:11 - 2015-11-19 23:32 - 00000000 ____D C:\Windows\SysWOW64\directx
2017-01-30 12:10 - 2015-11-19 23:32 - 00000000 ___HD C:\Windows\msdownld.tmp
2017-01-23 18:57 - 2015-11-23 11:53 - 00000000 ____D C:\Users\Ugex\AppData\Roaming\IDM
2017-01-23 03:32 - 2016-08-10 04:51 - 00000000 ____D C:\Program Files (x86)\Rise of the Tomb Raider
2017-01-23 03:29 - 2016-07-20 23:13 - 00000000 ____D C:\Program Files (x86)\by Decepticon
2017-01-21 12:32 - 2016-01-01 19:49 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-01-21 12:31 - 2015-12-17 21:10 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-01-21 12:31 - 2015-12-17 21:10 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-21 12:31 - 2015-12-17 21:10 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-01-21 12:31 - 2015-12-17 21:10 - 00000000 ____D C:\Windows\System32\Macromed
2017-01-21 12:23 - 2016-05-17 08:52 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task

Some files in TEMP:
====================
2016-01-15 22:16 - 2016-01-15 22:16 - 0011264 _____ ( ) C:\Users\Ugex\AppData\Local\Temp\1nbey5no.dll
2015-11-20 02:56 - 2015-11-20 02:56 - 0223744 _____ (Un4seen Developments) C:\Users\Ugex\AppData\Local\Temp\Bass.dll
2015-11-20 02:56 - 2015-11-20 02:56 - 0647168 _____ (radio42) C:\Users\Ugex\AppData\Local\Temp\Bass.Net.dll
2016-01-15 22:30 - 2016-01-15 22:30 - 0011264 _____ ( ) C:\Users\Ugex\AppData\Local\Temp\cr4swdce.dll
2016-01-06 22:53 - 2016-08-30 10:08 - 0037376 _____ (Microsoft) C:\Users\Ugex\AppData\Local\Temp\HiPatchSelfUpdateWindow.exe
2016-01-06 22:53 - 2016-08-30 08:39 - 0020992 _____ (Microsoft) C:\Users\Ugex\AppData\Local\Temp\HiRezLauncherControls.dll
2016-04-03 07:50 - 2016-04-06 03:39 - 12041704 _____ () C:\Users\Ugex\AppData\Local\Temp\hss_update.exe
2016-10-07 09:11 - 2016-10-07 09:11 - 0035680 _____ () C:\Users\Ugex\AppData\Local\Temp\i4jdel0.exe
2015-11-19 15:02 - 2016-08-11 03:23 - 0745904 _____ (NVIDIA Corporation) C:\Users\Ugex\AppData\Local\Temp\nvSCPAPI.dll
2016-08-18 02:01 - 2016-08-11 03:22 - 0347192 _____ (NVIDIA Corporation) C:\Users\Ugex\AppData\Local\Temp\nvStInst.exe
2016-10-07 09:11 - 2016-10-07 09:11 - 0040448 ____N () C:\Users\Ugex\AppData\Local\Temp\proxy_vole2549501430170752959.dll
2016-10-07 09:06 - 2016-10-07 09:06 - 0040448 ____N () C:\Users\Ugex\AppData\Local\Temp\proxy_vole7510844281826192397.dll
2017-01-23 18:57 - 2017-01-23 19:24 - 0192512 _____ () C:\Users\Ugex\AppData\Local\Temp\sfamcc00001.dll
2015-02-10 09:56 - 2015-02-10 09:56 - 0105984 _____ () C:\Users\Ugex\AppData\Local\Temp\sfextra.dll
2015-12-07 10:34 - 2012-09-26 16:28 - 0608160 ____R (HP) C:\Users\Ugex\AppData\Local\Temp\siinst.exe
2015-12-07 10:34 - 2012-09-25 21:57 - 0270336 ____R (HP) C:\Users\Ugex\AppData\Local\Temp\strings.dll
2016-05-25 11:14 - 2012-02-13 12:41 - 0314784 _____ () C:\Users\Ugex\AppData\Local\Temp\Uninstaller-3416.exe
2017-01-27 00:08 - 2012-02-13 12:41 - 0314784 _____ () C:\Users\Ugex\AppData\Local\Temp\Uninstaller-5304.exe
2017-01-23 03:31 - 2012-02-13 12:41 - 0314784 _____ () C:\Users\Ugex\AppData\Local\Temp\Uninstaller-6240.exe
2017-01-23 03:31 - 2012-02-13 12:41 - 0314784 _____ () C:\Users\Ugex\AppData\Local\Temp\Uninstaller-6620.exe
2015-08-02 15:58 - 2015-08-02 15:58 - 0118784 _____ () C:\Users\Ugex\AppData\Local\Temp\xmlUpdater.exe
2015-06-28 05:15 - 2015-06-28 05:15 - 0032629 _____ () C:\Users\Ugex\AppData\Local\Temp\{905A3F63-DC39-413A-8975-48C8497F1F88}-51.0.2704.103_51.0.2704.84_chrome_updater.exe

==================== Known DLLs (Whitelisted) =========================


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2010-11-20 19:24] - [2015-11-19 13:54] - 1008640 ____A (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79

C:\Windows\SysWOW64\User32.dll
[2010-11-20 19:24] - [2015-11-19 13:54] - 0833024 ____A (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Association (Whitelisted) =============


==================== Restore Points =========================

Restore point date: 2017-02-08 07:59

==================== Memory info =========================== 

Percentage of memory in use: 9%
Total physical RAM: 8126.95 MB
Available physical RAM: 7319.05 MB
Total Virtual: 8125.15 MB
Available Virtual: 7318.46 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:35.51 GB) NTFS
Drive e: (UDISK) (Removable) (Total:3.81 GB) (Free:3.81 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: BD26BC5C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 3.8 GB) (Disk ID: 04030201)
Partition 1: (Not Active) - (Size=3.8 GB) - (Type=0B)

LastRegBack: 2017-02-01 15:55

==================== End of FRST.txt ============================

Thank you again for your Follow up,

Ugex

 

Edited by Ugex
typo
Link to post
Share on other sites

Save the attached file fixlist.txt to your flash drive, same place as FRST.
Now please enter System Recovery Options as you did to get the log.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Re-boot your system to Normal mode, lets see if FRST will run ok now:

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.

fixlist.txt

Link to post
Share on other sites

Hello,

Fixlog.txt

Fix result of Farbar Recovery Scan Tool (x64) Version: 05-02-2017
Ran by SYSTEM (08-02-2017 23:26:24) Run:1
Running from E:\.trashes
Boot Mode: Recovery
==============================================

fixlist content:
*****************
Start
Startup: C:\Users\Ugex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\atajo.lnk [2017-02-08]
ShortcutTarget: atajo.lnk -> C:\Users\Ugex\AppData\Roaming\ibkbuw\ygegbffp64.exe (Microsoft Corporation)
C:\Users\Ugex\AppData\Roaming\ibkbuw\ygegbffp64.exe
C:\Users\Ugex\AppData\Roaming\ibkbuw
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Windows\msdownld.tmp
C:\Users\Ugex\AppData\Local\Temp\1nbey5no.dll
C:\Users\Ugex\AppData\Local\Temp\cr4swdce.dll
C:\Users\Ugex\AppData\Local\Temp\hss_update.exe
C:\Users\Ugex\AppData\Local\Temp\i4jdel0.exe
C:\Users\Ugex\AppData\Local\Temp\proxy_vole2549501430170752959.dll
C:\Users\Ugex\AppData\Local\Temp\proxy_vole7510844281826192397.dll
C:\Users\Ugex\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Ugex\AppData\Local\Temp\sfextra.dll
End




*****************

C:\Users\Ugex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\atajo.lnk => moved successfully
C:\Users\Ugex\AppData\Roaming\ibkbuw\ygegbffp64.exe => moved successfully
"C:\Users\Ugex\AppData\Roaming\ibkbuw\ygegbffp64.exe" => not found.
C:\Users\Ugex\AppData\Roaming\ibkbuw => moved successfully
HKLM\System\ControlSet001\Services\taphss6 => key removed successfully
taphss6 => service removed successfully
HKLM\System\ControlSet001\Services\VGPU => key removed successfully
VGPU => service removed successfully
C:\Windows\msdownld.tmp => moved successfully
C:\Users\Ugex\AppData\Local\Temp\1nbey5no.dll => moved successfully
C:\Users\Ugex\AppData\Local\Temp\cr4swdce.dll => moved successfully
C:\Users\Ugex\AppData\Local\Temp\hss_update.exe => moved successfully
C:\Users\Ugex\AppData\Local\Temp\i4jdel0.exe => moved successfully
C:\Users\Ugex\AppData\Local\Temp\proxy_vole2549501430170752959.dll => moved successfully
C:\Users\Ugex\AppData\Local\Temp\proxy_vole7510844281826192397.dll => moved successfully
C:\Users\Ugex\AppData\Local\Temp\sfamcc00001.dll => moved successfully
C:\Users\Ugex\AppData\Local\Temp\sfextra.dll => moved successfully

==== End of Fixlog 23:26:25 ====

 

FRST.text:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-02-2017
Ran by Ugex (administrator) on UGEX-PC (08-02-2017 23:34:31)
Running from C:\Users\Ugex\Desktop
Loaded Profiles: Ugex (Available Profiles: Ugex)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
() C:\Program Files (x86)\Etisalat USB Modem\AssistantServices.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Program Files (x86)\Etisalat USB Modem\UIExec.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13636824 2013-07-26] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation)
HKLM\...\Run: [ISCT Tray] => C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe [5860656 2014-08-25] (Intel Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-05-11] (Apple Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe [1087960 2014-03-20] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)
HKLM-x32\...\Run: [UIExec] => C:\Program Files (x86)\Etisalat USB Modem\UIExec.exe [157440 2013-03-07] ()
HKU\S-1-5-21-1654153258-3872260005-2313332407-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3911248 2015-11-09] (Tonec Inc.)
HKU\S-1-5-21-1654153258-3872260005-2313332407-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-19] (Valve Corporation)
HKU\S-1-5-21-1654153258-3872260005-2313332407-1000\...\MountPoints2: {1835a20e-3443-11e6-ba9a-d050995dd129} - D:\Windows\AutoRun.exe
HKU\S-1-5-21-1654153258-3872260005-2313332407-1000\...\MountPoints2: {38ab8547-8f62-11e5-a24a-806e6f6e6963} - D:\ASRSetup.exe
HKU\S-1-5-21-1654153258-3872260005-2313332407-1000\...\MountPoints2: {9e1fa5fc-9cc6-11e5-923a-d050995dd129} - E:\SISetup.exe
HKU\S-1-5-21-1654153258-3872260005-2313332407-1000\...\MountPoints2: {d2a235fd-4e43-11e6-a386-d050995dd129} - D:\Windows\AutoRun.exe
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{B6C4564F-44D5-413E-8DA3-85417B66D78A}: [DhcpNameServer] 192.168.1.1 0.0.0.0
ManualProxies: 

Internet Explorer:
==================
HKU\S-1-5-21-1654153258-3872260005-2313332407-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://login.gulfeconnection.com/
HKU\S-1-5-21-1654153258-3872260005-2313332407-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://login.gulfeconnection.com/
HKU\S-1-5-21-1654153258-3872260005-2313332407-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/ar-sa/?ocid=iehp
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-09-28] (Internet Download Manager, Tonec Inc.)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-09-28] (Internet Download Manager, Tonec Inc.)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)

FireFox:
========
FF HKU\S-1-5-21-1654153258-3872260005-2313332407-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Ugex\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Ugex\AppData\Roaming\IDM\idmmzcc5 [2017-02-08] [not signed]
FF HKU\S-1-5-21-1654153258-3872260005-2313332407-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2015-11-09]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-21] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-21] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-08-25] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-08-25] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-30] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-01-18] (Adobe Systems Inc.)

Chrome: 
=======
CHR HomePage: Default -> hxxp://sa.hao123.com/?tn=bbl_pay_hp_02_hao123_sa
CHR StartupUrls: Default -> "hxxp://www.google.com","hxxp://www.google.com/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.885\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\PepperFlash\pepflashplayer.dll => No File
CHR Profile: C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default [2017-02-08]
CHR Extension: (Google Slides) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-20]
CHR Extension: (Theme Creator) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpelnjfckgfiplcikojhomllgombffc [2015-11-20]
CHR Extension: (Google Docs) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-20]
CHR Extension: (Google Drive) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-20]
CHR Extension: (Flick & Share) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\bacfadidbmokocppcbhdnkoljdfaiinj [2015-11-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-11-20]
CHR Extension: (YouTube) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-20]
CHR Extension: (Google Search) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-20]
CHR Extension: (Tampermonkey) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-01-23]
CHR Extension: (Stardoll) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkaepijclibocpmckgabmkoglbgmlk [2015-11-20]
CHR Extension: (Adobe Acrobat) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-30]
CHR Extension: (EffectyGram) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbeahpjkbdfilaomikdffcambkgfgkoe [2015-11-20]
CHR Extension: (Google Sheets) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-20]
CHR Extension: (ButtonBass Dubstep Piano) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\fiejnmbkpbdancllfaneekiijkgapeac [2015-11-20]
CHR Extension: (Fashionista Diaries) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\flknknnahiobcoanhfgmgkfiiahpfifl [2015-11-20]
CHR Extension: (Google Docs Offline) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-01-31]
CHR Extension: (Betternet Unlimited Free VPN Proxy) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjknjjomckknofjidppipffbpoekiipm [2017-02-07]
CHR Extension: (FabCam) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\hejilffmihldhlfocnabcgndjjpgadfl [2015-11-20]
CHR Extension: (The Elementals) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfhfehlnocjpbnbcabcjjnemkkkghaak [2015-11-20]
CHR Extension: (Coloring Pages) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijhcehgkaccjiljllpejjekibagmonki [2015-11-20]
CHR Extension: (Pixect) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgdeoagndhabdnoenpdcagbkkmjeibmh [2015-11-20]
CHR Extension: (Hide YouTube Comments) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\kehdmnjmaakacofbgmjgjapbbibhafoh [2016-07-13]
CHR Extension: (Sand 2) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\klicmgamjpclmbhppmdeamffedflmkcn [2015-11-20]
CHR Extension: (DotVPN — a better way to VPN) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpiecbcckbofpmkkkdibbllpinceiihk [2017-02-01]
CHR Extension: (Webcam Toy) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade [2015-11-20]
CHR Extension: (Premiumize.me) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\lojbjecfjcnaledoelddkcjlifhhfebm [2015-11-20]
CHR Extension: (IDM Integration Module) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-12-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-23]
CHR Extension: (Netstagram) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojclphfkljfgdbggobfllbnochlnlhei [2015-11-20]
CHR Extension: (Browsec VPN - Privacy and Security Online) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\omghfjlpggmjjaagoclmmobgdodcjboh [2016-12-31]
CHR Extension: (Rollip - Photo Effects) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooikhmcdpofogemaldinihdhidaokcmp [2015-11-20]
CHR Extension: (cronsync) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbngjmgfclegmldmnjbfbgpphbaakjnk [2015-11-20]
CHR Extension: (Janvas - The Online Vector Graphics Editor) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pihdjhjonjklikinhbobeogngllgcmoh [2015-11-20]
CHR Extension: (Gmail) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-20]
CHR Extension: (Chrome Media Router) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-11-09]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-11-09]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1362464 2016-05-25] ()
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [245544 2016-01-06] (EasyAntiCheat Ltd)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-11-15] (Hi-Rez Studios) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-03-20] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [209712 2014-08-25] ()
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-01-17] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3916368 2016-01-09] (INCA Internet Co., Ltd.)
S2 PinnacleUpdateSvc; C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe [438272 2015-06-22] (PowerUp Software, LLC) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2015-11-20] (Microsoft Corporation) [File not signed]
R2 UI Assistant Service; C:\Program Files (x86)\Etisalat USB Modem\AssistantServices.exe [276224 2013-03-07] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [488216 2014-02-03] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-05-28] (Intel Corporation)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [22216 2014-05-27] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [22728 2014-05-27] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [25800 2014-05-27] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD.sys [44744 2014-05-27] ()
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-09-26] (Marvell Semiconductor, Inc.)
S2 npf; C:\Windows\SysWOW64\Drivers\npf.sys [35088 2012-11-19] (CACE Technologies, Inc.)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-08-11] (NVIDIA Corporation)
S3 USBZTECCID; C:\Windows\System32\DRIVERS\ZTEusbccid.sys [18432 2012-03-13] (ZTE)
R2 WtfEngineDrv; C:\Windows\System32\DRIVERS\WtfEngineDrv.sys [27392 2015-10-28] (AAA Internet Publishing, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-09 08:27 - 2017-02-08 23:34 - 00000000 ____D C:\FRST
2017-02-08 23:34 - 2017-02-08 23:34 - 00020146 _____ C:\Users\Ugex\Desktop\FRST.txt
2017-02-08 23:21 - 2017-02-08 23:21 - 00001720 _____ C:\Users\Ugex\Downloads\fixlist.txt
2017-02-08 22:03 - 2017-02-08 22:04 - 02421248 _____ (Farbar) C:\Users\Ugex\Downloads\FRST64.exe
2017-02-08 21:58 - 2017-02-08 21:59 - 02856736 _____ (MyCity) C:\Users\Ugex\Downloads\MCShield-Setup.exe
2017-02-08 18:42 - 2017-02-08 18:42 - 02421248 _____ (Farbar) C:\Users\Ugex\Desktop\FRST64.exe
2017-02-08 18:09 - 2017-02-08 18:09 - 00566128 _____ (Malwarebytes) C:\Users\Ugex\Downloads\mbam-clean-2.3.0.1001.exe
2017-02-08 18:07 - 2017-02-08 18:07 - 00004498 _____ C:\Users\Ugex\Desktop\Rkill.txt
2017-02-08 18:06 - 2017-02-08 18:06 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Ugex\Downloads\rkill.com
2017-02-08 18:06 - 2017-02-08 18:06 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Ugex\Desktop\rkill.com
2017-02-08 18:04 - 2017-02-08 18:04 - 00912452 _____ C:\Users\Ugex\Downloads\rkill.zip
2017-02-08 18:02 - 2017-02-08 18:02 - 00001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-08 18:02 - 2017-02-08 18:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-08 18:02 - 2017-02-08 18:02 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-08 18:02 - 2017-01-20 07:47 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-02-08 17:59 - 2017-02-08 18:02 - 55566792 _____ (Malwarebytes ) C:\Users\Ugex\Downloads\mb3-setup-consumer-3.0.6.1469.exe
2017-02-07 17:16 - 2017-02-07 17:16 - 00000000 ____D C:\Users\Ugex\Downloads\doctor-strange-2016_arabic-1489516
2017-02-07 16:27 - 2017-02-07 17:08 - 735015173 ____R C:\Users\Ugex\Downloads\Doctor.Strange.2016.DVDSCR.700MB.MkvCage.mkv
2017-02-07 16:27 - 2017-02-07 16:27 - 00242927 _____ C:\Users\Ugex\Downloads\doctor-strange-2016_arabic-1489516.zip
2017-02-07 16:26 - 2017-02-07 16:27 - 00014901 _____ C:\Users\Ugex\Downloads\55FBBA72A58B69CD46570B61537A771148413E4E.torrent
2017-02-07 00:14 - 2017-02-07 16:28 - 00000000 ____D C:\Users\Ugex\Downloads\[CorePack] Battlefield 1 - Digital Deluxe Edition
2017-02-07 00:09 - 2017-02-07 00:09 - 00096811 _____ C:\Users\Ugex\Downloads\BA8CD0ED312B4626780116DB5E33D9F1CF1DA4CF.torrent
2017-02-04 10:17 - 2017-02-04 10:17 - 00000982 _____ C:\Users\Ugex\Desktop\mafia3.exe - Shortcut.lnk
2017-02-03 00:31 - 2017-02-03 00:31 - 00001557 _____ C:\Users\Public\Desktop\Far Cry - Primal.lnk
2017-02-02 09:54 - 2017-02-02 09:54 - 00000000 ____D C:\Users\Ugex\Downloads\MAFIA.3.V1.05.PLUS16TRN.FLING
2017-02-02 09:53 - 2017-02-02 09:53 - 00797244 _____ C:\Users\Ugex\Downloads\MAFIA.3.V1.05.PLUS16TRN.FLING.ZIP
2017-02-01 18:02 - 2017-02-01 18:04 - 34356750 _____ C:\Users\Ugex\Downloads\Playboy_USA_July_August_2016.zip
2017-01-31 17:35 - 2017-02-02 08:02 - 00000000 ____D C:\Users\Ugex\Downloads\Far Cry - Primal [FitGirl Repack]
2017-01-31 08:53 - 2014-10-10 17:50 - 00000000 ____D C:\Users\Ugex\Desktop\Guru3D.com
2017-01-30 22:21 - 2017-01-30 22:21 - 00000000 ____D C:\Users\Ugex\AppData\Local\2K Games
2017-01-28 14:59 - 2017-01-28 15:00 - 02159477 _____ C:\Users\Ugex\Downloads\DEUS.EX.MD.V1.1.B524.17.X64.PLUS20TRN.LINGON.ZIP
2017-01-28 14:59 - 2017-01-28 14:59 - 00795684 _____ C:\Users\Ugex\Downloads\DEUS.EX.MD.PLUS18TRN.FLING.ZIP
2017-01-27 23:17 - 2017-01-27 23:18 - 04154750 _____ C:\Users\Ugex\Downloads\DEUS.EX.MD.X64.V1.11.PLUS16TRN.BARACUDA.ZIP
2017-01-27 23:14 - 2017-01-27 23:16 - 03200978 _____ C:\Users\Ugex\Downloads\DEUS.EX.MD.V1.11.PLUS19TRN.FUTUREX.ZIP
2017-01-27 11:23 - 2017-01-30 14:13 - 00000000 ____D C:\Users\Ugex\Documents\Deus Ex -  Mankind Divided
2017-01-27 11:23 - 2017-01-27 11:23 - 00000000 ____D C:\Users\Ugex\AppData\Roaming\Eidos Montreal
2017-01-27 10:13 - 2017-01-27 10:13 - 00001637 _____ C:\Users\Public\Desktop\Deus Ex - Mankind Divided.lnk
2017-01-27 01:55 - 2017-01-29 08:29 - 00000000 ____D C:\Users\Ugex\Downloads\Mafia 3 [FitGirl Repack]
2017-01-24 10:24 - 2017-01-29 02:11 - 00000228 _____ C:\Users\Ugex\Desktop\hwmonitorw.ini
2017-01-24 06:02 - 2016-10-17 16:55 - 02201304 _____ (CPUID) C:\Users\Ugex\Desktop\HWMonitor_x64.exe
2017-01-24 06:02 - 2016-10-17 16:54 - 01723608 _____ (CPUID) C:\Users\Ugex\Desktop\HWMonitor_x32.exe
2017-01-24 06:02 - 2016-10-12 14:58 - 00002047 _____ C:\Users\Ugex\Desktop\hwm_readme.txt
2017-01-24 04:57 - 2017-01-24 04:57 - 00000045 _____ C:\Windows\SysWOW64\initdebug.nfo
2017-01-21 22:58 - 2017-01-21 22:59 - 00351962 _____ C:\Users\Ugex\Downloads\70044FDA85324BB3A1D8D0CA9B99FD2166587E70.torrent

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-08 23:34 - 2015-11-20 02:16 - 00007639 _____ C:\Users\Ugex\AppData\Local\Resmon.ResmonCfg
2017-02-08 23:29 - 2016-08-13 13:03 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-08 23:27 - 2016-01-06 14:04 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2017-02-08 23:27 - 2015-11-20 01:02 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-08 23:27 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-08 23:17 - 2016-01-02 05:49 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-02-08 22:04 - 2009-07-14 06:45 - 00020640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-08 22:04 - 2009-07-14 06:45 - 00020640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-08 21:25 - 2016-01-07 04:40 - 00000000 ____D C:\Users\Ugex\AppData\Local\Warframe
2017-02-08 21:10 - 2016-01-16 08:38 - 00119296 _____ C:\Windows\SysWOW64\zlib.dll
2017-02-08 21:09 - 2015-11-23 21:53 - 00000000 ____D C:\Users\Ugex\AppData\Roaming\DMCache
2017-02-08 18:10 - 2015-11-20 02:10 - 00000000 ____D C:\Users\Ugex\AppData\Roaming\uTorrent
2017-02-08 18:02 - 2016-07-30 17:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-08 17:54 - 2009-07-14 07:13 - 00783114 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-08 17:54 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2017-02-07 09:27 - 2015-11-20 00:47 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-07 09:27 - 2015-11-20 00:47 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-03 07:04 - 2015-11-20 09:53 - 00000000 ____D C:\Users\Ugex\Documents\My Games
2017-02-03 00:31 - 2015-11-20 08:59 - 00000000 ____D C:\Games
2017-02-01 23:54 - 2015-11-23 21:53 - 00000000 ____D C:\Users\Ugex\Downloads\Video
2017-01-31 08:53 - 2015-11-23 21:53 - 00000000 ____D C:\Users\Ugex\Downloads\Compressed
2017-01-30 22:11 - 2015-11-20 09:32 - 00000000 ____D C:\Windows\SysWOW64\directx
2017-01-24 04:57 - 2015-11-23 21:53 - 00000000 ____D C:\Users\Ugex\AppData\Roaming\IDM
2017-01-23 13:32 - 2016-08-10 14:51 - 00000000 ____D C:\Program Files (x86)\Rise of the Tomb Raider
2017-01-23 13:29 - 2016-07-21 09:13 - 00000000 ____D C:\Program Files (x86)\by Decepticon
2017-01-21 23:37 - 2016-05-17 18:52 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-21 22:32 - 2016-01-02 05:49 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-01-21 22:31 - 2015-12-18 07:10 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-01-21 22:31 - 2015-12-18 07:10 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-21 22:31 - 2015-12-18 07:10 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-01-21 22:31 - 2015-12-18 07:10 - 00000000 ____D C:\Windows\system32\Macromed
2017-01-21 22:23 - 2016-05-17 18:52 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task

==================== Files in the root of some directories =======

2016-12-11 23:17 - 2016-12-11 23:44 - 0136764 _____ () C:\Users\Ugex\AppData\Roaming\ICARE.LOG
2015-11-20 02:16 - 2017-02-08 23:34 - 0007639 _____ () C:\Users\Ugex\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
2015-11-20 12:56 - 2015-11-20 12:56 - 0223744 _____ (Un4seen Developments) C:\Users\Ugex\AppData\Local\Temp\Bass.dll
2015-11-20 12:56 - 2015-11-20 12:56 - 0647168 _____ (radio42) C:\Users\Ugex\AppData\Local\Temp\Bass.Net.dll
2016-01-07 08:53 - 2016-08-30 20:08 - 0037376 _____ (Microsoft) C:\Users\Ugex\AppData\Local\Temp\HiPatchSelfUpdateWindow.exe
2016-01-07 08:53 - 2016-08-30 18:39 - 0020992 _____ (Microsoft) C:\Users\Ugex\AppData\Local\Temp\HiRezLauncherControls.dll
2015-11-20 01:02 - 2016-08-11 13:23 - 0745904 _____ (NVIDIA Corporation) C:\Users\Ugex\AppData\Local\Temp\nvSCPAPI.dll
2016-08-18 12:01 - 2016-08-11 13:22 - 0347192 _____ (NVIDIA Corporation) C:\Users\Ugex\AppData\Local\Temp\nvStInst.exe
2015-12-07 20:34 - 2012-09-27 02:28 - 0608160 ____R (HP) C:\Users\Ugex\AppData\Local\Temp\siinst.exe
2015-12-07 20:34 - 2012-09-26 07:57 - 0270336 ____R (HP) C:\Users\Ugex\AppData\Local\Temp\strings.dll
2016-05-25 21:14 - 2012-02-13 22:41 - 0314784 _____ () C:\Users\Ugex\AppData\Local\Temp\Uninstaller-3416.exe
2017-01-27 10:08 - 2012-02-13 22:41 - 0314784 _____ () C:\Users\Ugex\AppData\Local\Temp\Uninstaller-5304.exe
2017-01-23 13:31 - 2012-02-13 22:41 - 0314784 _____ () C:\Users\Ugex\AppData\Local\Temp\Uninstaller-6240.exe
2017-01-23 13:31 - 2012-02-13 22:41 - 0314784 _____ () C:\Users\Ugex\AppData\Local\Temp\Uninstaller-6620.exe
2015-08-03 01:58 - 2015-08-03 01:58 - 0118784 _____ () C:\Users\Ugex\AppData\Local\Temp\xmlUpdater.exe
2015-06-28 15:15 - 2015-06-28 15:15 - 0032629 _____ () C:\Users\Ugex\AppData\Local\Temp\{905A3F63-DC39-413A-8975-48C8497F1F88}-51.0.2704.103_51.0.2704.84_chrome_updater.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll
[2010-11-21 05:24] - [2015-11-19 23:54] - 1008640 ____A (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79

C:\Windows\SysWOW64\User32.dll
[2010-11-21 05:24] - [2015-11-19 23:54] - 0833024 ____A (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE

C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-02 01:55

==================== End of FRST.txt ============================

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-02-2017
Ran by Ugex (08-02-2017 23:35:02)
Running from C:\Users\Ugex\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2015-11-19 21:54:46)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1654153258-3872260005-2313332407-500 - Administrator - Disabled)
Guest (S-1-5-21-1654153258-3872260005-2313332407-501 - Limited - Disabled)
Ugex (S-1-5-21-1654153258-3872260005-2313332407-1000 - Administrator - Enabled) => C:\Users\Ugex

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1654153258-3872260005-2313332407-1000\...\uTorrent) (Version: 3.4.9.43295 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Ansel (Version: 372.70 - NVIDIA Corporation) Hidden
APP Shop v1.0.13 (HKLM-x32\...\{90242E9B-BC60-46E3-8EE7-8E953F702280}_is1) (Version: 1.0.13 - ASRock Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ARK: Survival Evolved (HKLM\...\Steam App 346110) (Version:  - Studio Wildcard)
ASRock App Charger v1.0.6 (HKLM\...\ASRock App Charger_is1) (Version: 1.0.6 - ASRock Inc.)
AutoHotkey 1.1.23.01 (HKLM\...\AutoHotkey) (Version: 1.1.23.01 - Lexikos)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Blade & Soul (HKLM-x32\...\InstallShield_{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.63.237 - NC Interactive, LLC)
Blade & Soul (x32 Version: 1.0.63.237 - NC Interactive, LLC) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
Dark Souls III (HKLM-x32\...\Dark Souls III_is1) (Version:  - )
Deus Ex: Mankind Divided (HKLM-x32\...\Deus Ex: Mankind Divided_is1) (Version:  - )
Etisalat USB Modem (HKLM-x32\...\{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}) (Version: 1.0.0.1 - ZTE)
Far Cry: Primal (HKLM-x32\...\Far Cry: Primal_is1) (Version:  - )
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.0.5.1 - Hi-Rez Studios)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )
Inside (HKLM-x32\...\{9BD4503F-F711-491D-984A-AB4ABD66B8C2}_is1) (Version:  - Playdead)
Intel(R) Chipset Device Software (x32 Version: 10.0.13 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation)
Intel(R) Network Connections 19.0.27.0 (HKLM\...\PROSetDX) (Version: 19.0.27.0 - Intel)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.1.0.1058 - Intel Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{3CC1CC76-AB3A-4360-AB6F-1355D05A2A17}) (Version: 5.0.10.2907 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{AD6B46F2-FE21-496F-BE90-BE19AABE353C}) (Version: 2.2.12 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.16 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
iTunes (HKLM\...\{58D7E5F7-BAD1-49C5-93C8-B655736EDA00}) (Version: 12.4.0.119 - Apple Inc.)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
K-Lite Mega Codec Pack 11.7.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.7.0 - )
Mafia 3 (HKLM-x32\...\Mafia 3_is1) (Version:  - )
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Mass Effect 3.Deluxe Edition.v 1.5.5427.124 + 14 DLC (HKLM-x32\...\Mass Effect 3.Deluxe Edition.v 1.5.5427.124 + 14 DLC_is1) (Version: Mass Effect 3.Deluxe Edition.v 1.5.5427.124 + 14 DLC - Repack by Fenixx (09.03.2013))
Microsoft .NET Framework 4.6 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mirror's Edge (HKLM-x32\...\Mirror's Edge_is1) (Version:  - )
Mirror's Edge: Catalyst (HKLM-x32\...\Mirror's Edge: Catalyst_is1) (Version:  - )
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.61.5 - Black Tree Gaming)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.2 - Notepad++ Team)
NovaBench 3.0.4 (HKLM-x32\...\{88603FC0-6B3C-442D-981E-E3D49F083548}_is1) (Version:  - Novawave Inc.)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 372.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 372.70 - NVIDIA Corporation)
NVIDIA Graphics Driver 372.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 372.70 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Pinnacle Game Profiler (HKLM-x32\...\{49BF48CC-ABB6-4795-9B35-B5DE005D8612}) (Version: 5.0.0 - PowerUp Software)
Plague Inc Evolved version Plague Inc Evolved (HKLM-x32\...\Plague Inc Evolved_is1) (Version: Plague Inc Evolved - )
PlanetSide 2 (HKU\S-1-5-21-1654153258-3872260005-2313332407-1000\...\DG0-PlanetSide 2) (Version:  - Sony Online Entertainment)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7004 - Realtek Semiconductor Corp.)
Recursion Tracker (HKLM-x32\...\{95174990-38D2-4997-9E6E-C229769D4754}) (Version: 0.11.0.8 - Recursion)
Reload Icons Cache 1.00 (HKLM-x32\...\Reload Icons Cache 1.00) (Version: 1.00 - Mr Blade Design's)
Robocraft (HKLM-x32\...\Steam App 301520) (Version:  - Freejam)
SMITE (HKLM\...\Steam App 386360) (Version:  - Hi-Rez Studios)
SMITE (HKLM-x32\...\Steam App 386360) (Version:  - Hi-Rez Studios)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synthesia (HKLM-x32\...\Synthesia) (Version: 10.2 - Synthesia LLC)
The Witcher 3: Wild Hunt (HKLM\...\Steam App 292030) (Version:  - CD PROJEKT RED)
The Witcher 3: Wild Hunt (HKLM-x32\...\Steam App 292030) (Version:  - CD PROJEKT RED)
UltraUXThemePatcher (HKLM-x32\...\UltraUXThemePatcher) (Version: 3.0.4.0 - Manuel Hoefs (Zottel))
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
Warframe (HKLM\...\Steam App 230410) (Version:  - Digital Extremes)
Warframe (HKLM-x32\...\Steam App 230410) (Version:  - Digital Extremes)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WTFast 3.5 (HKLM-x32\...\{12B4121D-5221-4AFC-9EDC-63B0CA139856}_is1) (Version: 3.5.9.511 - Initex & AAA Internet Publishing)
WTFast Beta 4.0 (HKLM-x32\...\{162DC956-6167-407C-8265-4CC3B8E61B96}_is1) (Version: 4.0.5.616 - Initex & AAA Internet Publishing)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {363B7D3B-A070-45E4-8B3F-ABC2D03DE97B} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-01-17] ()
Task: {565FCD6D-E0D0-4B82-B62F-AFED5C06617F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {5B6A55D1-6C42-4B48-A317-73A5AE5ECED8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {657F5E66-2946-43CD-BE28-168A432682A0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-20] (Google Inc.)
Task: {66602BE5-6486-4417-8E68-BDF9D1DB9340} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-21] (Adobe Systems Incorporated)
Task: {8109AE80-72DA-45E2-8F6C-393CC8F1AEE7} - System32\Tasks\InstallShield Update Service => C:\Users\Ugex\AppData\Local\SUPERHOT_Sp_z_o.o\ISSCH\issch.exe [2016-08-12] (InstallShield Software)
Task: {94B629A1-6DE0-4296-A152-00BC8B34741D} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-01-17] ()
Task: {9FB2995F-6F61-4098-A9D3-49AA6429DFA0} - System32\Tasks\ReviverSoft Start Menu Reviver Run once task => C:\SkinPack\StartMenu\StartMenuReviver.exe
Task: {A363F815-6264-486E-8561-69E00BF95A96} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-20] (Google Inc.)
Task: {FFE0B269-1DDE-4E21-A5C5-86CBC1D4BD6D} - System32\Tasks\{EF1178D9-776B-4958-9DF8-6C4F400D2A9A} => C:\Program Files (x86)\Steam\Steam.exe [2017-01-19] (Valve Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-11-20 01:01 - 2016-08-25 23:10 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-12-07 20:34 - 2012-08-31 14:03 - 00288768 _____ () C:\Windows\System32\HP1100LM.DLL
2015-12-07 20:35 - 2012-08-31 14:02 - 00074240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2016-04-22 00:07 - 2016-04-22 00:07 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-22 00:07 - 2016-04-22 00:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-25 15:01 - 2014-08-25 15:01 - 00209712 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2014-08-25 15:01 - 2014-08-25 15:01 - 00057648 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2014-08-25 15:01 - 2014-08-25 15:01 - 00037168 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
2014-08-25 15:01 - 2014-08-25 15:01 - 00057648 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTEncryptionCheck.dll
2016-07-21 20:36 - 2013-03-07 11:38 - 00276224 _____ () C:\Program Files (x86)\Etisalat USB Modem\AssistantServices.exe
2016-07-21 20:36 - 2013-03-07 11:39 - 00157440 _____ () C:\Program Files (x86)\Etisalat USB Modem\UIExec.exe
2017-02-07 09:27 - 2017-02-01 11:01 - 01870168 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-07 09:27 - 2017-02-01 11:01 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
2014-03-20 10:43 - 2014-03-20 10:43 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformation [63]
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformation [63]
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1654153258-3872260005-2313332407-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: ShadowPlay => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: uTorrent => "C:\Users\Ugex\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{EA34A528-3FD7-4659-BA8C-4B40E32C45BC}] => C:\Users\Ugex\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{994100C4-7D40-4A4A-B9DA-0CE93552250B}] => C:\Users\Ugex\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{950B299A-CC22-40DA-A559-695D3729D882}] => C:\Users\Ugex\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B613BD39-ADA2-4910-AE3E-725B50A202D2}] => C:\Users\Ugex\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{DB746C14-48F7-46FC-B6D0-B4904C450BCC}] => C:\Users\Ugex\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4D4834DC-5560-4AE4-A8AF-478FF607B315}] => C:\Users\Ugex\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E36C6E89-5EF8-4824-B51F-8B320971E118}] => C:\Users\Ugex\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3A5331AF-EAEE-4725-8333-E9B3C5A72E5B}] => C:\Users\Ugex\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1F5B4503-0AE8-438F-AC0A-C33C0D680195}] => C:\Users\Ugex\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3FF79AF8-95C1-42EE-84CE-2B924D37879B}] => C:\Users\Ugex\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{785B1144-9321-4731-BBE1-0F63CD7C7077}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{24305F2F-3963-4491-94A5-D2AD4D725373}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{BE501163-DA78-4237-BD42-39476FD04217}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{51512A6A-7447-4F65-9156-849BB33E6327}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{92C03DEA-07B8-442A-9F68-99ED7C5FF033}] => C:\Users\Ugex\AppData\Local\Warframe\Downloaded\Public\Warframe.exe
FirewallRules: [{3A4DED3A-939A-4FA6-8D4F-B885401D99D8}] => C:\Users\Ugex\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{B6167F3C-A704-4A9C-A0D8-6DD9A3D35D8C}] => C:\Users\Ugex\AppData\Local\Warframe\Downloaded\Public\Warframe.exe
FirewallRules: [{41D282C8-7F15-4F66-BCB6-5C81727B31F8}] => C:\Users\Ugex\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{BA895272-538E-4C4B-B1A2-86FD6DD5DF15}] => C:\Users\Ugex\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe
FirewallRules: [{58BEE24B-138A-4E9B-8A84-18F0F9E4EB75}] => C:\Users\Ugex\AppData\Local\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe
FirewallRules: [{489402B2-8F33-40BE-A568-6B7920A75A9C}] => C:\Users\Ugex\AppData\Local\Warframe\Downloaded\Public\Warframe.exe
FirewallRules: [{302CF3B2-4099-4C75-962B-4D8664BA376E}] => C:\Users\Ugex\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{94F49156-146E-48D2-8608-0BFACDF003D1}] => C:\Users\Ugex\AppData\Local\Warframe\Downloaded\Public\Warframe.exe
FirewallRules: [{09A35AAB-7199-4007-942E-7D0848D4AD1C}] => C:\Users\Ugex\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{9D3A8A68-A5BE-4969-8CF6-08D78BD470EB}] => C:\Users\Ugex\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe
FirewallRules: [{B3F81C12-4BDB-45AD-9D0C-7D7E1DBB76B2}] => C:\Users\Ugex\AppData\Local\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe
FirewallRules: [TCP Query User{CBF9D53C-15E1-44B0-AA23-8A7FDC68688C}C:\program files\call of duty black ops iii\blackops3.exe] => C:\program files\call of duty black ops iii\blackops3.exe
FirewallRules: [UDP Query User{1751F79B-52AA-467B-B2E7-9863675845A5}C:\program files\call of duty black ops iii\blackops3.exe] => C:\program files\call of duty black ops iii\blackops3.exe
FirewallRules: [{EBA40EB0-F273-4DFF-A159-8A06419B6B17}] => C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{D5B4A6D5-D566-44FC-9413-AD6AFC57F922}] => C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{72150FDE-1939-449B-963E-54A1CDD35867}] => C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe
FirewallRules: [{BC9323E9-08F3-441B-BD68-0C8DA62416AC}] => C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe
FirewallRules: [{ADB38C2B-1885-4F7B-A649-88CE7048C761}] => C:\Program Files (x86)\Steam\steamapps\common\Robocraft\Robocraft.exe
FirewallRules: [{80C65EE9-5315-4013-BA55-45841389ACC5}] => C:\Program Files (x86)\Steam\steamapps\common\Robocraft\Robocraft.exe
FirewallRules: [{BE294FC3-628F-4E0B-90EF-1F0B9863CABB}] => C:\Program Files (x86)\Steam\steamapps\common\SMITE\Binaries\Win32\HirezBridge.exe
FirewallRules: [{1213030A-C3C3-4594-8009-2D0D7F36FF01}] => C:\Program Files (x86)\Steam\steamapps\common\SMITE\Binaries\Win32\HirezBridge.exe
FirewallRules: [TCP Query User{02897A65-0CE8-4B59-901C-8F14BAE5D67B}C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe] => C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{AD498825-2187-4003-9A1A-27875E7A36C5}C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe] => C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [TCP Query User{6611D1B0-03D5-40C6-B71D-48E83D07D9D7}C:\program files (x86)\mass effect 3.deluxe edition.v 1.5.5427.124 + 14 dlc\binaries\win32\masseffect3.exe] => C:\program files (x86)\mass effect 3.deluxe edition.v 1.5.5427.124 + 14 dlc\binaries\win32\masseffect3.exe
FirewallRules: [UDP Query User{8B56AE37-B7B1-4BEF-BF62-7709FDB47440}C:\program files (x86)\mass effect 3.deluxe edition.v 1.5.5427.124 + 14 dlc\binaries\win32\masseffect3.exe] => C:\program files (x86)\mass effect 3.deluxe edition.v 1.5.5427.124 + 14 dlc\binaries\win32\masseffect3.exe
FirewallRules: [TCP Query User{FDDFA67E-9567-4200-83D0-33AFF25F8517}C:\program files (x86)\wtfast beta\wtfast.exe] => C:\program files (x86)\wtfast beta\wtfast.exe
FirewallRules: [UDP Query User{3996420F-5257-431F-A6C9-795B33F81288}C:\program files (x86)\wtfast beta\wtfast.exe] => C:\program files (x86)\wtfast beta\wtfast.exe
FirewallRules: [TCP Query User{EBFA0285-9319-496B-B5FE-97E12F6E44AA}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe] => C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe
FirewallRules: [UDP Query User{7D74E6CF-9C52-442B-B55B-33EA0C95006B}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe] => C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe
FirewallRules: [TCP Query User{692FEF31-E63E-4572-AE7E-0F8C08EE6240}C:\program files (x86)\hi-rez studios\hirezgames\smite pt\binaries\win32\smite.exe] => C:\program files (x86)\hi-rez studios\hirezgames\smite pt\binaries\win32\smite.exe
FirewallRules: [UDP Query User{774AF990-2EB7-48B2-A213-38261D325D0A}C:\program files (x86)\hi-rez studios\hirezgames\smite pt\binaries\win32\smite.exe] => C:\program files (x86)\hi-rez studios\hirezgames\smite pt\binaries\win32\smite.exe
FirewallRules: [{68979C07-7679-441E-8E11-05893BA53D48}] => C:\Program Files (x86)\Steam\steamapps\common\PlanetSide 2\LaunchPad.exe
FirewallRules: [{B12455ED-FBEC-43F2-9376-73E46D2D7969}] => C:\Program Files (x86)\Steam\steamapps\common\PlanetSide 2\LaunchPad.exe
FirewallRules: [{93FB125D-B1BD-4B86-8DC8-BFC903F7B7C2}] => C:\Program Files (x86)\Life Is Strange\steam_api64.exe
FirewallRules: [{106DC599-831E-45DE-8656-CB20D7784497}] => C:\Program Files (x86)\Life Is Strange\steam_api64.exe
FirewallRules: [{CBEAF560-7215-4213-8318-7B47AC02B7CC}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6700BBFB-7206-42C0-8152-93D6F90AFCEF}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F68DF430-4282-4191-8373-90DF51C5CE9E}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{90304E73-BC0C-4401-9976-B582D1BA8C92}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0774AC82-8BFA-46F5-80FA-D1018960CBA8}] => C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{E80A1789-DFB0-48BD-8016-42D0FF02511E}] => C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{7F9E46CF-B20C-405F-8AE1-8CAADFC9576A}] => C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{C335FDA3-021C-4D1F-91BE-60459D78E253}] => C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{6E3AC332-6ABD-4FAA-A795-E85F72BD19F1}] => C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [TCP Query User{589DE7BA-4964-4E12-919F-651B56A474CE}C:\program files (x86)\mr dj\mass effect 2 digital deluxe edition\binaries\masseffect2.exe] => C:\program files (x86)\mr dj\mass effect 2 digital deluxe edition\binaries\masseffect2.exe
FirewallRules: [UDP Query User{FE3B618C-EAEA-46F6-8537-786CA51F44EF}C:\program files (x86)\mr dj\mass effect 2 digital deluxe edition\binaries\masseffect2.exe] => C:\program files (x86)\mr dj\mass effect 2 digital deluxe edition\binaries\masseffect2.exe
FirewallRules: [TCP Query User{14C6A79C-7305-4089-9848-1FBD18919F8F}C:\program files (x86)\brothers - a tale of two sons\binaries\win32\brothers.exe] => C:\program files (x86)\brothers - a tale of two sons\binaries\win32\brothers.exe
FirewallRules: [UDP Query User{D3F92F18-E033-425D-A3F6-04F88EC97DAE}C:\program files (x86)\brothers - a tale of two sons\binaries\win32\brothers.exe] => C:\program files (x86)\brothers - a tale of two sons\binaries\win32\brothers.exe
FirewallRules: [TCP Query User{15F8FD82-24D7-495E-83D0-A320CCA7E395}C:\program files (x86)\borderlands 2 goty\binaries\win32\borderlands2.exe] => C:\program files (x86)\borderlands 2 goty\binaries\win32\borderlands2.exe
FirewallRules: [UDP Query User{B8605C5F-7245-4DC9-90FC-5DEE12F0FE9B}C:\program files (x86)\borderlands 2 goty\binaries\win32\borderlands2.exe] => C:\program files (x86)\borderlands 2 goty\binaries\win32\borderlands2.exe
FirewallRules: [TCP Query User{6F6B23E6-D8A7-4D6E-8F9E-888AC987627A}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe] => C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe
FirewallRules: [UDP Query User{56D59BFF-8239-4A5D-A4E3-FF77EB8EDAFB}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe] => C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe
FirewallRules: [TCP Query User{F2AFEA1B-F402-4E13-9859-0536EA3BA10F}C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe] => C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{0FA35E9C-331C-4CC4-A010-68ABD558D603}C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe] => C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [TCP Query User{DB0B4C1D-B437-409A-80B8-0ED57B8B0E03}C:\program files (x86)\overwatch\overwatch.exe] => C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{81CA303A-AF4D-49E2-9826-5FCE0D6E4F74}C:\program files (x86)\overwatch\overwatch.exe] => C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{67DED03F-9090-4279-8069-9304000A16D5}] => C:\Program Files (x86)\Just Cause 3\Steam\Steam.exe
FirewallRules: [{A629B7A9-340B-4BDB-9967-9F0B3F57A04E}] => C:\Program Files (x86)\Just Cause 3\Steam\Steam.exe
FirewallRules: [{BA708901-0854-432B-BDCE-6D95A76695DE}] => C:\Program Files (x86)\Just Cause 3\Steam\bin\steamwebhelper.exe
FirewallRules: [{B7CC2050-99EF-459B-9CD1-FAD5B85F871E}] => C:\Program Files (x86)\Just Cause 3\Steam\bin\steamwebhelper.exe
FirewallRules: [{7DA66CAD-7D6F-43A4-B025-05A9B0C2CDDE}] => C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{4FBB9B49-06BC-4DC2-B9B4-7058BC9B5634}] => C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{312A409D-6658-48C1-A4BA-0E4CA371EAD7}] => C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{9E78A2C7-FCE2-42A6-ABFA-A88C86486E14}] => C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{57D24D49-0099-459D-BD83-F0D0700E08D2}] => C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{3DD9288A-CC65-4D93-BEDF-3775091C1B49}] => C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{A057ECA3-DF76-40BC-BD45-746D0FE814E5}] => C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{6640A5AA-C730-41FE-B061-89174DEDFCCE}] => C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{62288F98-52F5-4223-BDE9-CFBFF0A2A126}] => C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{DE20FA0F-345D-4878-B81A-917CDD94F370}] => C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{39FAF500-1198-4A81-B5E8-3218764E4AF6}] => C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{882E4D35-76D7-4532-B5C5-E5437AEBB715}] => C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [TCP Query User{676E6AFE-E4E5-4A1C-8B73-D60526441E0E}C:\program files (x86)\wtfast beta\wtfast.exe] => C:\program files (x86)\wtfast beta\wtfast.exe
FirewallRules: [UDP Query User{EF345271-314C-44B9-8009-55C5E18597EE}C:\program files (x86)\wtfast beta\wtfast.exe] => C:\program files (x86)\wtfast beta\wtfast.exe
FirewallRules: [TCP Query User{77D336A6-AC7A-4325-836D-7E8B48B76C80}C:\games\doom\doomx64vk.exe] => C:\games\doom\doomx64vk.exe
FirewallRules: [UDP Query User{65457A1F-5557-4BD7-AB40-AD2C48F4EA21}C:\games\doom\doomx64vk.exe] => C:\games\doom\doomx64vk.exe
FirewallRules: [{F4249A2C-BD68-4528-87E4-E24F4DE36AE5}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{EA9DE9C0-DC9A-4769-B336-4E6EA243BFEC}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{BADBDA1B-3900-44D7-8B24-AB1A92F5994B}C:\games\far cry - primal\bin\fcprimal.exe] => C:\games\far cry - primal\bin\fcprimal.exe
FirewallRules: [UDP Query User{212193EE-8D30-4F43-B99B-481BA3BDF601}C:\games\far cry - primal\bin\fcprimal.exe] => C:\games\far cry - primal\bin\fcprimal.exe
FirewallRules: [{E9B3097F-7BAE-4E7D-8DAA-D73913F62E4B}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

02-02-2017 02:02:10 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/08/2017 11:29:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/08/2017 11:28:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamtray.exe, version: 3.0.0.912, time stamp: 0x58811d74
Faulting module name: Qt5Core.dll, version: 5.6.2.0, time stamp: 0x5849a177
Exception code: 0xc0000005
Fault offset: 0x001948c7
Faulting process id: 0xcb4
Faulting application start time: 0x01d282522e2847e9
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Report Id: 78673e4c-ee45-11e6-b59c-d050995dd129

Error: (02/08/2017 11:27:30 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (02/08/2017 10:31:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/08/2017 10:30:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamtray.exe, version: 3.0.0.912, time stamp: 0x58811d74
Faulting module name: Qt5Core.dll, version: 5.6.2.0, time stamp: 0x5849a177
Exception code: 0xc0000005
Fault offset: 0x001948c7
Faulting process id: 0xc24
Faulting application start time: 0x01d2824a24bcd89c
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Report Id: 65a0ff9b-ee3d-11e6-9d61-d050995dd129

Error: (02/08/2017 10:30:00 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (02/08/2017 10:14:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/08/2017 10:13:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamtray.exe, version: 3.0.0.912, time stamp: 0x58811d74
Faulting module name: Qt5Core.dll, version: 5.6.2.0, time stamp: 0x5849a177
Exception code: 0xc0000005
Fault offset: 0x001948c7
Faulting process id: 0xc50
Faulting application start time: 0x01d28247c4763fb4
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Report Id: 04522df5-ee3b-11e6-b374-d050995dd129

Error: (02/08/2017 10:12:59 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (02/08/2017 09:12:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (02/08/2017 11:27:29 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom

Error: (02/08/2017 11:27:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The PinnacleUpdate Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/08/2017 11:27:21 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\SysWow64\Drivers\npf.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (02/08/2017 11:27:14 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:23:46 PM on ‎2/‎8/‎2017 was unexpected.

Error: (02/08/2017 10:30:06 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom

Error: (02/08/2017 10:30:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The PinnacleUpdate Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/08/2017 10:29:56 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\SysWow64\Drivers\npf.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (02/08/2017 10:29:51 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:19:59 PM on ‎2/‎8/‎2017 was unexpected.

Error: (02/08/2017 10:20:04 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\SysWow64\Drivers\npf.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (02/08/2017 10:19:59 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:18:45 PM on ‎2/‎8/‎2017 was unexpected.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 25%
Total physical RAM: 8126.95 MB
Available physical RAM: 6092.92 MB
Total Virtual: 16252.11 MB
Available Virtual: 14046.87 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:35.88 GB) NTFS
Drive d: (UDISK) (Removable) (Total:3.81 GB) (Free:3.81 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: BD26BC5C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 3.8 GB) (Disk ID: 04030201)
Partition 1: (Not Active) - (Size=3.8 GB) - (Type=0B)

==================== End of Addition.txt ============================

 

Link to post
Share on other sites

Thanks for those logs, continue:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan Scan within Archives are both on.... Leave all other settings to default..

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes deal with any found entries... Then select "Export Summary" then "Text File (*.txt)" name that log and save , you can copy or attach that to your reply...

Next,

Download AdwCleaner by Xplode onto your Desktop.
 
  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...


Next,

Download Sophos Free Virus Removal Tool and save it to your desktop.

If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete.....

Please Do Not use your PC whilst the scan is in progress....
 
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found please confirm that result....



The Virus Removal Tool scans the following areas of your computer:
  • Memory, including system memory on 32-bit (x86) versions of Windows
  • The Windows registry
  • All local hard drives, fixed and removable
  • Mapped network drives are not scanned.


Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan.

Let me see those logs in your reply, also give an update on any remaining issues or concerns....

Thank you,

Kevin...

fixlist.txt

Link to post
Share on other sites

Thanks for the reply and the updated information. Regarding USB devices... Always have McShield installed and active on your system, McShield will scan USB devices as they are plugged into your system, it is free and very simple to use...

All we need to do now is clean up....

Uninstall Sophos AV via Programs and Features.

Next,

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

 
  • Remove disinfection tools <----- this will remove tools we have used.
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
  • Reset system settings <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection


Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image

 

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.