Jump to content

Mailruhomesearch on startup and popups on Chrome


Jaka92

Recommended Posts

Hello!

I have recently downloaded a zip file that contained the mail.ru virus and it's clogging my PC completely, specifically my Chrome browser. I've used Adware Cleaner and Malwarebytes, as well as Zemana Antimalware and it cleaned it up almost completely. Yet it is still in my startup applications when I open Task Manager (I have attached a picture where the application is underlined.). And the popups in Chrome persist, yet unregularly. Any help would be greatly appreciated!

mailruhomesearchpic.png

Link to post
Share on other sites

@Jaka92

:welcome:  Malware Removal for Windows Forum.  

My name is Phil and I would like to address you by your first name, if that is alright with you since we will be working together.

I will be assisting you with your computer issues.  I will endeavor to respond within a reasonable time, normally 48 hours after your last post.

Please run follow the instructions in this post and run a FRST scan for me.  Please copy and past the contents of the two logs (FRST.txt and Addition.txt) into your next reply.  If your logs are large, you might need to paste one log in one reply, and the other, in another reply.  This makes it much faster for me to analyze your logs.

Once I receive the logs, I will need some time to review your FRST logs.  That could take a day or two.

PLEASE DO NOT RUN ANY ADDITIONAL SCANS OR ANTI-MALWARE REMOVAL TOOLS UNTIL YOU HAVE RECEIVED A RESPONSE FROM ME.
Doing so would complicate the situation and it would cause further delays in resolving your issues.  It could also potentially result in harm to your computer because my "fix" will be based on the FRST scan logs you will submit.

Thank you and have a great day.

Regards,
-Phil

Link to post
Share on other sites

@Jaka92

I am unable to download your attached FRST scan files.  Please copy and paste them into your next reply, or replies, as I initially requested.  Depending on the size of the logs, you might need to split them between two replies, one log in each reply.

Thank you and have a great day.

Regards,
-Phil

Link to post
Share on other sites

Jaka:

Great!  I just reported to the Administrators that I could not download the attachments.  I do still prefer that you copy and paste all logs since it makes it much faster for me to analyze the logs.

Please permit a day or two to analyze your logs.  Thank you for your understanding and patience.

Have a great day.

Regards,
-Phil

Link to post
Share on other sites

Jaka:

I received your personal message.  It is the nature of these Forums that information should be shared openly for the benefit of others, who come here to view the topics.

In light of the information that you did provide, privately, I am going to disregard all of the FRST scan logs that you have submitted to date.

After you have removed any programs/utilities that might contravene the Piracy policy here at Malwarebytes, and deleted any other files that you do not want recorded in the FRST scan, please run a fresh set of FRST logs.  DO NOT delete any lines from the new FRST scan logs.

Please COPY and PASTE the content of those logs into your next reply, or replies.  DO NOT attach the FRST scan logs.

Thank you for your anticipated cooperation.  Have a great day.

Regards,
-Phil

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-02-2017
Ran by jackiepc (administrator) on LAPTOP-P2CLMHUC (26-02-2017 20:10:13)
Running from C:\Users\jackiepc\Desktop\FRST
Loaded Profiles: jackiepc (Available Profiles: jackiepc)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\Windows\System32\IntelSSTAPO\ParameterService\ParameterService.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Windows (R) Win 7 DDK provider) C:\Windows\System32\AdminService.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\IntelCpHDCPSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\IntelCpHeciSvc.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\igfxEM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALockHandler.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAdminAgent.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\igfxext.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Flux Software LLC) C:\Users\jackiepc\AppData\Local\FluxSoftware\Flux\flux.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Razer Inc) C:\Program Files (x86)\Razer\Razer_Kraken0502_Driver\Drivers\SysAudio\Kraken0502Helper.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.1\Lightshot.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\jackiepc\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\rzcefrenderprocess.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\ePowerButton_NB.exe
() C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16475392 2016-06-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_TrueHarmony] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1454336 2016-06-03] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320584 2016-06-01] (Intel Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-11-02] (Microsoft Corporation)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14416624 2017-02-02] (Copyright 2017.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2017-01-16] (Razer Inc.)
HKLM-x32\...\Run: [Kraken0502Launcher] => C:\Program Files (x86)\Razer\Razer_Kraken0502_Driver\Drivers\SysAudio\Kraken0502Helper.exe [1599808 2015-08-14] (Razer Inc)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKU\S-1-5-21-1060474256-2957550051-2093060766-1001\...\Run: [AcerPortal] => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2418392 2016-09-09] (Acer)
HKU\S-1-5-21-1060474256-2957550051-2093060766-1001\...\Run: [Discord] => C:\Users\jackiepc\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-1060474256-2957550051-2093060766-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-19] (Valve Corporation)
HKU\S-1-5-21-1060474256-2957550051-2093060766-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27219928 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-1060474256-2957550051-2093060766-1001\...\Run: [f.lux] => C:\Users\jackiepc\AppData\Local\FluxSoftware\Flux\flux.exe [1024240 2016-12-06] (Flux Software LLC)
HKU\S-1-5-21-1060474256-2957550051-2093060766-1001\...\Run: [mailruhomesearch] => "C:\Users\jackiepc\AppData\Local\Mail.Ru\Sputnik\ptls\mailruhomesearch.exe" --pr_deferred
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-09] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-09] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-09] (Acer Incorporated)
ShellIconOverlayIdentifiers-x32: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\Win32\shellext_win.dll [2016-09-09] (Acer Incorporated)
ShellIconOverlayIdentifiers-x32: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\Win32\shellext_win.dll [2016-09-09] (Acer Incorporated)
ShellIconOverlayIdentifiers-x32: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\Win32\shellext_win.dll [2016-09-09] (Acer Incorporated)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{074736DC-B704-4D61-9FA8-3EE2F3ECF5B2}: [NameServer] 5.8.8.85,8.8.8.8
Tcpip\..\Interfaces\{0b962709-521b-4d02-8698-4e37304df409}: [NameServer] 5.8.8.85,8.8.8.8
Tcpip\..\Interfaces\{2cb4a07e-a0d2-11e6-a6ab-806e6f6e6963}: [NameServer] 5.8.8.85,8.8.8.8
Tcpip\..\Interfaces\{66ea1f37-e54d-47d4-aee9-53a38063ba7b}: [NameServer] 5.8.8.85,8.8.8.8
Tcpip\..\Interfaces\{66ea1f37-e54d-47d4-aee9-53a38063ba7b}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{a730ed7c-1375-45bf-8943-f9e390a5af44}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{C98D7C10-4F8E-4406-A030-2B36EF862254}: [NameServer] 5.8.8.85,8.8.8.8

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1060474256-2957550051-2093060766-1001\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKU\S-1-5-21-1060474256-2957550051-2093060766-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.acer15.msn.com/?pc=ACTE
SearchScopes: HKU\S-1-5-21-1060474256-2957550051-2093060766-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\OFFICE16\GROOVEEX.DLL [2016-11-16] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2016-11-16] (Microsoft Corporation)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 8jy78ori.default
FF ProfilePath: C:\Users\jackiepc\AppData\Roaming\Mozilla\Firefox\Profiles\8jy78ori.default [2017-02-25]
FF Extension: (Dashlane) - C:\Users\jackiepc\AppData\Roaming\Mozilla\Firefox\Profiles\8jy78ori.default\Extensions\jetpack-extension@dashlane.com.xpi [2016-10-18]
FF Extension: (English (US) Language Pack) - C:\Users\jackiepc\AppData\Roaming\Mozilla\Firefox\Profiles\8jy78ori.default\Extensions\langpack-en-US@firefox.mozilla.org [2016-10-29]
FF Extension: (Mozilla Partner Defaults) - C:\Users\jackiepc\AppData\Roaming\Mozilla\Firefox\Profiles\8jy78ori.default\Extensions\partnerdefaults@mozilla.com [2016-10-29]
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [not found]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR HomePage: Profile 1 -> hxxp://www.google.com/
CHR StartupUrls: Profile 1 -> "hxxp://www.google.com/"
CHR Session Restore: Profile 1 -> is enabled.
CHR Profile: C:\Users\jackiepc\AppData\Local\Google\Chrome\User Data\Default [2017-02-25]
CHR Profile: C:\Users\jackiepc\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-02-26]
CHR Extension: (Google Slides) - C:\Users\jackiepc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-29]
CHR Extension: (Dr.Web Anti-Virus Link Checker) - C:\Users\jackiepc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aleggpabliehgbeagmfhnodcijcmbonb [2017-02-25]
CHR Extension: (Google Docs) - C:\Users\jackiepc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-29]
CHR Extension: (Google Drive) - C:\Users\jackiepc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-29]
CHR Extension: (YouTube) - C:\Users\jackiepc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-29]
CHR Extension: (Google Sheets) - C:\Users\jackiepc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-29]
CHR Extension: (Google Docs Offline) - C:\Users\jackiepc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-29]
CHR Extension: (AdBlock) - C:\Users\jackiepc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jackiepc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Browsec VPN - Privacy and Security Online) - C:\Users\jackiepc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\omghfjlpggmjjaagoclmmobgdodcjboh [2016-12-25]
CHR Extension: (Gmail) - C:\Users\jackiepc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-29]
CHR Extension: (Chrome Media Router) - C:\Users\jackiepc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\WINDOWS\system32\AdminService.exe [355760 2016-06-26] (Windows (R) Win 7 DDK provider)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2267352 2016-08-30] (Acer Incorporated)
R3 cphs; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\IntelCpHeciSvc.exe [310256 2017-02-07] (Intel Corporation)
R2 cplspcon; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\IntelCpHDCPSvc.exe [488944 2017-02-07] (Intel Corporation)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [395536 2017-01-07] (EasyAntiCheat Ltd)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-12-09] (Hi-Rez Studios) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [17992 2016-06-01] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\igfxCUIService.exe [350704 2017-02-07] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [974632 2016-02-19] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2016-03-02] (Intel Corporation) [File not signed]
R2 IntelSSTSvc; C:\WINDOWS\system32\IntelSSTAPO\ParameterService\ParameterService.exe [26592 2016-03-04] (Intel Corporation)
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [8704 2016-03-02] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [215328 2016-05-17] (Intel Corporation)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-02-10] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-01-20] (NVIDIA Corporation)
R3 QALSvc; C:\Program Files\Acer\Acer Quick Access\QALSvc.exe [440224 2016-07-29] (Acer Incorporated)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [481696 2016-07-29] (Acer Incorporated)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-25] ()
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [291232 2016-02-01] (acer)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14416624 2017-02-02] (Copyright 2017.)
S2 NVIDIA Wireless Controller Service; "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 ETDI2C; C:\WINDOWS\system32\DRIVERS\ETDI2C.sys [183896 2016-03-24] (ELAN Microelectronic Corp.)
R3 iaLPSS2_I2C; C:\WINDOWS\System32\drivers\iaLPSS2_I2C.sys [185144 2016-05-16] (Intel Corporation)
R3 igfx; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\igdkmd64.sys [11041776 2017-02-07] (Intel Corporation)
R3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [21344 2016-05-23] (Acer Incorporated)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvaci.inf_amd64_3e579304559cf551\nvlddmkm.sys [14516664 2017-02-10] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-01-20] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [46016 2017-01-20] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-01-20] (NVIDIA Corporation)
R3 Qcamain10x64; C:\WINDOWS\system32\DRIVERS\Qcamain10x64.sys [2381112 2016-03-24] (Qualcomm Atheros, Inc.)
R3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [14688 2016-05-23] (Acer Incorporated)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [935168 2015-11-19] (Realtek                                            )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [769752 2015-12-18] (Realsil Semiconductor Corporation)
S3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [52240 2016-10-30] (Razer Inc)
S3 rzmpos; C:\WINDOWS\System32\drivers\rzmpos.sys [48144 2016-10-30] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [44144 2016-09-17] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [137840 2016-09-07] (Razer, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [36808 2016-12-21] (Wellbia.com Co., Ltd.)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-02-25] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-02-25] (Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-26 18:53 - 2017-02-26 20:10 - 00000000 ____D C:\Users\jackiepc\Desktop\FRST
2017-02-26 17:09 - 2017-02-26 17:09 - 00239670 _____ C:\Users\jackiepc\Downloads\Predmet_81409.pdf
2017-02-26 16:14 - 2017-02-26 16:14 - 00002245 _____ C:\Users\Public\Desktop\Popcorn Time Community.lnk
2017-02-26 16:13 - 2017-02-26 16:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Popcorn Time Community
2017-02-26 15:13 - 2017-02-26 15:17 - 00000000 ____D C:\Users\jackiepc\AppData\Local\Chronicon
2017-02-26 15:03 - 2017-02-26 15:03 - 00000222 _____ C:\Users\jackiepc\Desktop\Chronicon.url
2017-02-25 18:20 - 2017-02-25 18:20 - 00041471 _____ C:\Users\jackiepc\Downloads\prodajna_pogodba_osnutek.pdf
2017-02-25 17:55 - 2017-02-25 17:55 - 00121117 _____ C:\Users\jackiepc\Downloads\Prodajna_pogodba (2).pdf
2017-02-25 17:33 - 2017-02-25 17:33 - 00000000 ____D C:\ProgramData\Sophos
2017-02-25 17:31 - 2017-02-25 17:31 - 00121117 _____ C:\Users\jackiepc\Downloads\Prodajna_pogodba (1).pdf
2017-02-25 17:30 - 2017-02-25 17:31 - 162426608 _____ (Sophos Limited) C:\Users\jackiepc\Downloads\Sophos Virus Removal Tool.exe
2017-02-25 17:29 - 2017-02-25 17:29 - 00003245 _____ C:\Users\jackiepc\Desktop\JRT.txt
2017-02-25 17:28 - 2017-02-25 17:28 - 01663040 _____ (Malwarebytes) C:\Users\jackiepc\Downloads\JRT (1).exe
2017-02-25 17:20 - 2017-02-26 20:10 - 00201140 _____ C:\WINDOWS\ZAM.krnl.trace
2017-02-25 17:20 - 2017-02-26 20:10 - 00165991 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-02-25 17:20 - 2017-02-25 17:20 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-02-25 17:20 - 2017-02-25 17:20 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2017-02-25 17:20 - 2017-02-25 17:20 - 00001185 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2017-02-25 17:20 - 2017-02-25 17:20 - 00000000 ____D C:\Users\jackiepc\AppData\Local\Zemana
2017-02-25 17:20 - 2017-02-25 17:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-02-25 17:20 - 2017-02-25 17:20 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-02-25 17:16 - 2017-02-25 17:19 - 05677776 _____ (Zemana Ltd. ) C:\Users\jackiepc\Downloads\Zemana.AntiMalware.Setup.exe
2017-02-25 17:12 - 2017-02-25 17:12 - 04015056 _____ C:\Users\jackiepc\Downloads\AdwCleaner (3).exe
2017-02-25 17:09 - 2017-02-25 17:09 - 04015056 _____ C:\Users\jackiepc\Downloads\AdwCleaner (2).exe
2017-02-25 16:58 - 2017-02-26 20:10 - 00000000 ____D C:\FRST
2017-02-25 16:55 - 2017-02-25 16:56 - 01663040 _____ (Malwarebytes) C:\Users\jackiepc\Downloads\JRT.exe
2017-02-25 16:55 - 2017-02-25 16:55 - 04015056 _____ C:\Users\jackiepc\Downloads\AdwCleaner (1).exe
2017-02-25 01:25 - 2017-02-25 16:33 - 00000000 ____D C:\ProgramData\Auto Keyboard
2017-02-25 01:00 - 2017-02-25 01:00 - 00000548 _____ C:\Users\jackiepc\Desktop\stuff.ahk
2017-02-25 01:00 - 2017-02-25 01:00 - 00000000 _____ C:\Users\jackiepc\Desktop\space.txt
2017-02-24 23:51 - 2017-02-25 16:33 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-24 23:51 - 2017-02-24 23:51 - 00001916 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-24 23:51 - 2017-02-24 23:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-24 23:51 - 2017-02-24 23:51 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-24 23:51 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-02-24 16:07 - 2017-02-25 17:19 - 00000000 ____D C:\Users\jackiepc\AppData\LocalLow\Unity
2017-02-24 16:07 - 2017-02-25 17:19 - 00000000 ____D C:\Users\jackiepc\AppData\Local\Unity
2017-02-24 16:06 - 2017-02-24 16:06 - 04015056 _____ C:\Users\jackiepc\Downloads\adwcleaner_6.043.exe
2017-02-23 17:11 - 2017-02-23 17:11 - 00000222 _____ C:\Users\jackiepc\Desktop\Pixel Privateers.url
2017-02-23 15:16 - 2017-02-23 08:46 - 00045017 _____ C:\Users\jackiepc\Desktop\The.Expanse.S02E05.HDTV.x264-SVA.srt
2017-02-23 15:09 - 2017-02-23 15:09 - 00000000 ____D C:\Users\jackiepc\Downloads\The.Expanse.S02E05.720p.HDTV.x264-SVA
2017-02-22 21:50 - 2017-02-22 21:50 - 00121117 _____ C:\Users\jackiepc\Downloads\Prodajna_pogodba.pdf
2017-02-22 19:34 - 2017-02-22 19:34 - 00276415 _____ C:\Users\jackiepc\Downloads\Predmet_80871.pdf
2017-02-22 19:34 - 2017-02-22 19:34 - 00099098 _____ C:\Users\jackiepc\Downloads\Predmet_80869.pdf
2017-02-22 19:34 - 2017-02-22 19:34 - 00073875 _____ C:\Users\jackiepc\Downloads\Predmet_80872.pdf
2017-02-21 18:28 - 2017-02-21 21:21 - 00000000 ____D C:\Users\jackiepc\Downloads\The.Expanse.S02E04.720p.HDTV.x264-SVA
2017-02-21 14:59 - 2017-02-21 14:59 - 00416396 _____ C:\Users\jackiepc\Downloads\TMO_ESEJI_OCENE.pdf
2017-02-18 19:30 - 2017-02-18 19:30 - 00000972 _____ C:\Users\jackiepc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\osu!.lnk
2017-02-18 19:30 - 2017-02-18 19:30 - 00000942 _____ C:\Users\jackiepc\Desktop\osu!.lnk
2017-02-18 19:29 - 2017-02-18 20:32 - 00000000 ____D C:\Program Files (x86)\osu!
2017-02-18 19:28 - 2017-02-18 19:28 - 04470976 _____ (ppy) C:\Users\jackiepc\Downloads\osu!install.exe
2017-02-17 22:44 - 2017-02-17 22:44 - 00000000 ____D C:\Users\jackiepc\AppData\Local\Return_of_Reckoning
2017-02-17 22:19 - 2017-02-17 22:44 - 00000000 ____D C:\Users\jackiepc\Downloads\Warhammer Online - Age of Reckoning
2017-02-17 09:10 - 2017-02-17 09:11 - 00000000 ____D C:\Users\jackiepc\Desktop\SSs
2017-02-16 21:01 - 2017-02-16 21:01 - 00000000 ____D C:\Users\jackiepc\AppData\LocalLow\Strange Fire
2017-02-16 20:58 - 2017-02-16 20:58 - 00000222 _____ C:\Users\jackiepc\Desktop\Shoppe Keep.url
2017-02-16 19:39 - 2017-02-16 19:39 - 00000000 ____D C:\Users\jackiepc\AppData\Roaming\NVIDIA
2017-02-16 14:50 - 2017-02-16 14:50 - 00000000 ____D C:\Users\jackiepc\Downloads\Legion.S01E02.720p.HDTV.x264-AVS
2017-02-16 10:16 - 2017-02-16 10:16 - 00000000 ____D C:\Users\jackiepc\ansel
2017-02-15 19:37 - 2017-02-15 19:37 - 00000219 _____ C:\Users\jackiepc\Desktop\Counter-Strike Global Offensive.url
2017-02-15 15:20 - 2017-02-15 15:20 - 00341842 _____ C:\Users\jackiepc\Downloads\izvedbeni načrt PMP 2017.pdf
2017-02-15 14:49 - 2017-02-15 14:49 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-15 14:49 - 2017-02-10 00:13 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-02-15 14:49 - 2017-02-09 23:57 - 07791217 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-02-15 14:49 - 2017-02-09 23:57 - 06403640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-02-15 14:49 - 2017-02-09 23:57 - 02477504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-02-15 14:49 - 2017-02-09 23:57 - 01764408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-02-15 14:49 - 2017-02-09 23:57 - 00548288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-02-15 14:49 - 2017-02-09 23:57 - 00393784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-02-15 14:49 - 2017-02-09 23:57 - 00083512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-02-15 14:49 - 2017-02-09 23:57 - 00071224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-02-15 14:49 - 2017-01-26 01:13 - 00103936 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-02-15 14:49 - 2017-01-26 01:12 - 00326656 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-02-15 14:49 - 2017-01-26 01:09 - 00322560 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-02-15 14:49 - 2017-01-26 01:09 - 00118272 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-02-15 14:47 - 2017-02-10 03:33 - 40192056 _____ C:\WINDOWS\system32\nvcompiler.dll
2017-02-15 14:47 - 2017-02-10 03:33 - 35272760 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-02-15 14:47 - 2017-02-10 03:33 - 34979384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-02-15 14:47 - 2017-02-10 03:33 - 28242488 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-02-15 14:47 - 2017-02-10 03:33 - 19007016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-02-15 14:47 - 2017-02-10 03:33 - 14674896 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-02-15 14:47 - 2017-02-10 03:33 - 11122728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-02-15 14:47 - 2017-02-10 03:33 - 11019704 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-02-15 14:47 - 2017-02-10 03:33 - 09305984 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-02-15 14:47 - 2017-02-10 03:33 - 08990072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-02-15 14:47 - 2017-02-10 03:33 - 04078008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2017-02-15 14:47 - 2017-02-10 03:33 - 03597128 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2017-02-15 14:47 - 2017-02-10 03:33 - 03168192 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-02-15 14:47 - 2017-02-10 03:33 - 02717752 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-02-15 14:47 - 2017-02-10 03:33 - 01983424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437866.dll
2017-02-15 14:47 - 2017-02-10 03:33 - 01589696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437866.dll
2017-02-15 14:47 - 2017-02-10 03:33 - 01052096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-02-15 14:47 - 2017-02-10 03:33 - 00991288 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-02-15 14:47 - 2017-02-10 03:33 - 00959424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-02-15 14:47 - 2017-02-10 03:33 - 00946456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-02-15 14:47 - 2017-02-10 03:33 - 00910784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-02-15 14:47 - 2017-02-10 03:33 - 00721952 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-02-15 14:47 - 2017-02-10 03:33 - 00687224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-02-15 14:47 - 2017-02-10 03:33 - 00609728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-02-15 14:47 - 2017-02-10 03:33 - 00576192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-02-15 14:47 - 2017-02-10 03:33 - 00573448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-02-15 14:47 - 2017-02-10 03:33 - 00499136 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-02-15 14:47 - 2017-02-10 03:33 - 00447984 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-02-15 14:47 - 2017-02-10 03:33 - 00043556 _____ C:\WINDOWS\system32\nvinfo.pb
2017-02-15 14:47 - 2017-02-10 03:33 - 00000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2017-02-15 14:47 - 2017-02-10 03:33 - 00000669 _____ C:\WINDOWS\system32\nv-vk64.json
2017-02-14 20:35 - 2017-02-14 20:36 - 00443746 _____ C:\Users\jackiepc\Downloads\10155095174540712-0.htm
2017-02-13 17:15 - 2017-02-13 17:15 - 00207216 _____ C:\Users\jackiepc\Downloads\PPOS - Vprašanja.pdf
2017-02-12 19:11 - 2017-02-12 19:11 - 00000222 _____ C:\Users\jackiepc\Desktop\Unepic.url
2017-02-10 23:02 - 2017-02-10 23:09 - 00000000 ____D C:\Users\jackiepc\Downloads\Legion.S01E01.SLOSubs.PROPER.720p.HDTV.x264-KILLERS
2017-02-10 14:18 - 2017-02-10 14:20 - 00000000 ____D C:\Users\jackiepc\Downloads\The.Expanse.S02E03.720p.HDTV.x264-AVS
2017-02-08 20:18 - 2017-02-08 20:18 - 00000000 ____D C:\Users\jackiepc\AppData\Roaming\Citra
2017-02-07 23:26 - 2017-02-07 23:27 - 00000000 ____D C:\Users\jackiepc\Desktop\a101-prevodi
2017-02-07 19:32 - 2017-02-07 19:54 - 00000000 ____D C:\Users\jackiepc\Downloads\The.Walking.Dead.S07E03.720p.HDTV.x264-AVS
2017-02-07 19:32 - 2017-02-07 19:32 - 00000000 ____D C:\Users\jackiepc\Downloads\The.Walking.Dead.S07E04.XviD-AFG
2017-02-01 14:53 - 2017-02-01 14:53 - 00001055 _____ C:\Users\jackiepc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optional Features.lnk
2017-02-01 14:53 - 2016-07-15 19:29 - 12039168 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsLexicons0007.dll
2017-02-01 14:53 - 2016-07-15 19:29 - 11602432 _____ (Microsoft Corporation) C:\WINDOWS\system32\prm0007.dll
2017-02-01 14:53 - 2016-07-15 19:17 - 02083328 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsData0007.dll
2017-02-01 14:53 - 2016-07-15 18:45 - 12039168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsLexicons0007.dll
2017-02-01 14:53 - 2016-07-15 18:31 - 01997312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsData0007.dll
2017-01-29 14:13 - 2017-01-29 23:25 - 00000000 ____D C:\Users\jackiepc\Documents\embergarde
2017-01-29 14:09 - 2017-01-29 23:23 - 00000000 ____D C:\ProgramData\RuPlatform
2017-01-29 14:09 - 2017-01-29 14:09 - 00000000 ____D C:\ProgramData\Gamewaker
2017-01-29 00:03 - 2017-01-29 00:03 - 00000222 _____ C:\Users\jackiepc\Desktop\Guardians of Ember.url
2017-01-27 22:13 - 2017-01-20 19:39 - 00156608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2017-01-27 22:13 - 2017-01-20 19:39 - 00124352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2017-01-27 22:13 - 2017-01-20 19:39 - 00057792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2017-01-27 22:13 - 2017-01-20 14:36 - 00001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-26 19:26 - 2016-10-29 23:15 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-26 19:24 - 2016-10-29 23:12 - 00000000 ____D C:\Users\jackiepc\AppData\Local\Popcorn-Time-CE
2017-02-26 19:10 - 2016-11-09 03:24 - 00004174 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{0CC60AB7-29B1-4C01-98ED-E99DD4C9DE09}
2017-02-26 17:26 - 2016-10-30 10:59 - 00000000 ____D C:\Users\jackiepc\AppData\Local\Packages
2017-02-26 16:14 - 2016-10-29 23:11 - 00000000 ____D C:\Users\jackiepc\AppData\Local\Popcorn Time Community
2017-02-26 16:08 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-26 15:03 - 2016-10-30 12:00 - 00000000 ____D C:\Users\jackiepc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-02-25 18:48 - 2016-11-02 08:59 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-25 17:54 - 2016-05-05 17:19 - 03931538 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-25 17:48 - 2016-11-02 09:00 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-25 17:48 - 2016-10-30 10:59 - 00000000 __SHD C:\Users\jackiepc\IntelGraphicsProfiles
2017-02-25 17:47 - 2016-11-10 22:08 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2017-02-25 17:47 - 2016-11-02 09:06 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-25 17:47 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-02-25 17:47 - 2016-07-16 07:04 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2017-02-25 17:47 - 2015-10-30 08:24 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-02-25 17:11 - 2016-11-19 12:08 - 00000000 ____D C:\AdwCleaner
2017-02-25 10:41 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-24 23:51 - 2016-11-22 12:20 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-24 23:49 - 2016-11-02 09:06 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-02-24 23:49 - 2016-11-02 09:06 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-02-24 23:49 - 2016-10-29 20:19 - 00000000 ____D C:\Users\jackiepc\AppData\Local\Google
2017-02-24 17:44 - 2016-10-29 23:12 - 00000000 ____D C:\Users\jackiepc\AppData\Local\CrashDumps
2017-02-23 19:17 - 2016-10-31 18:27 - 00000000 ____D C:\Users\jackiepc\AppData\Roaming\uTorrent
2017-02-23 18:21 - 2016-10-30 11:53 - 00000000 ____D C:\Users\jackiepc\AppData\Roaming\vlc
2017-02-23 17:12 - 2016-11-03 12:37 - 00000000 ____D C:\Users\jackiepc\Documents\My Games
2017-02-23 15:15 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-23 15:14 - 2016-10-31 18:03 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-23 15:13 - 2016-10-31 18:03 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-20 01:22 - 2016-11-02 09:01 - 00000000 ____D C:\Users\jackiepc
2017-02-17 09:11 - 2017-01-16 21:14 - 00000000 ____D C:\Users\jackiepc\Desktop\Faksić
2017-02-16 18:13 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\rescache
2017-02-15 14:49 - 2016-11-02 08:59 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-15 14:49 - 2016-11-02 08:59 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-15 14:49 - 2016-09-03 22:23 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-15 14:49 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\Help
2017-02-15 14:49 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-15 14:01 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-02-11 17:24 - 2017-01-07 16:44 - 00566312 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
2017-02-09 17:35 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-08 22:21 - 2016-07-16 12:43 - 00471040 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2017-02-08 22:21 - 2016-07-16 12:43 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2017-02-08 22:21 - 2016-07-16 12:43 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2017-02-08 22:21 - 2016-07-16 12:43 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2017-02-08 22:21 - 2016-07-16 12:43 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2017-02-08 22:21 - 2016-07-16 12:43 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2017-02-08 22:21 - 2016-07-16 12:43 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2017-02-08 22:21 - 2016-07-16 12:43 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2017-02-08 22:21 - 2016-07-16 12:43 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2017-02-08 22:21 - 2016-07-16 12:43 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2017-02-08 22:21 - 2016-07-16 12:43 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2017-02-08 22:21 - 2016-07-16 12:43 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2017-02-08 22:21 - 2016-07-16 12:43 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2017-02-08 22:21 - 2016-07-16 12:43 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2017-02-08 22:21 - 2016-07-16 12:43 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnlobby.dll
2017-02-08 22:21 - 2016-07-16 12:43 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnaddr.dll
2017-02-08 22:21 - 2016-07-16 12:43 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnlobby.dll
2017-02-08 22:21 - 2016-07-16 12:43 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnaddr.dll
2017-02-07 21:47 - 2016-11-02 08:59 - 00122384 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2017-02-07 21:47 - 2016-11-02 08:59 - 00113176 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2017-02-07 21:47 - 2016-09-01 22:49 - 00150040 _____ C:\WINDOWS\SysWOW64\libEGL.dll
2017-02-07 21:47 - 2016-09-01 22:49 - 00122384 _____ (Khronos Group) C:\WINDOWS\system32\Intel_OpenCL_ICD64.dll
2017-02-07 21:47 - 2016-09-01 22:49 - 00120856 _____ C:\WINDOWS\SysWOW64\libGLESv2.dll
2017-02-07 21:47 - 2016-09-01 22:49 - 00113176 _____ (Khronos Group) C:\WINDOWS\SysWOW64\Intel_OpenCL_ICD32.dll
2017-02-07 21:47 - 2016-09-01 22:49 - 00110096 _____ C:\WINDOWS\SysWOW64\libGLESv1_CM.dll
2017-02-07 21:47 - 2016-09-01 22:48 - 00280088 _____ C:\WINDOWS\system32\igfxCPL.cpl
2017-02-07 10:42 - 2016-10-29 23:06 - 00000000 ____D C:\Users\jackiepc\AppData\Roaming\discord
2017-02-06 21:34 - 2016-10-29 20:19 - 00002236 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-06 21:34 - 2016-10-29 20:19 - 00002224 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-06 20:48 - 2016-07-16 12:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-02-06 20:48 - 2016-07-16 12:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-01 14:53 - 2016-07-16 15:15 - 00000000 ____D C:\WINDOWS\OCR
2017-01-27 22:13 - 2016-11-10 16:02 - 00003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-27 22:13 - 2016-11-10 16:02 - 00003884 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-27 22:13 - 2016-11-10 16:02 - 00003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-27 22:13 - 2016-11-10 16:02 - 00003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-27 22:13 - 2016-11-10 16:02 - 00003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-27 22:13 - 2016-11-10 16:02 - 00003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-27 22:13 - 2016-11-10 16:02 - 00001453 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-01-27 22:13 - 2016-10-30 10:59 - 00000000 ____D C:\Users\jackiepc\AppData\Local\NVIDIA Corporation
2017-01-27 22:13 - 2016-10-30 10:59 - 00000000 ____D C:\Users\jackiepc\AppData\Local\NVIDIA
2017-01-27 17:52 - 2017-01-22 12:43 - 00000000 ____D C:\Users\jackiepc\AppData\Roaming\Victor Vran

==================== Files in the root of some directories =======

2016-11-02 22:25 - 2016-11-02 22:25 - 0000003 _____ () C:\Users\jackiepc\AppData\Local\updater.log
2016-11-02 22:25 - 2016-11-02 22:25 - 0000424 _____ () C:\Users\jackiepc\AppData\Local\UserProducts.xml
2016-11-02 09:00 - 2016-11-02 09:00 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
2017-02-25 17:48 - 2017-02-25 17:48 - 0619840 _____ () C:\Users\jackiepc\AppData\Local\Temp\0Kraken0502DevProps.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-20 12:22

==================== End of FRST.txt ============================

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-02-2017
Ran by jackiepc (26-02-2017 20:10:48)
Running from C:\Users\jackiepc\Desktop\FRST
Windows 10 Home Version 1607 (X64) (2016-11-02 08:07:14)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1060474256-2957550051-2093060766-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1060474256-2957550051-2093060766-503 - Limited - Disabled)
Guest (S-1-5-21-1060474256-2957550051-2093060766-501 - Limited - Disabled)
jackiepc (S-1-5-21-1060474256-2957550051-2093060766-1001 - Administrator - Enabled) => C:\Users\jackiepc

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1060474256-2957550051-2093060766-1001\...\uTorrent) (Version: 3.4.9.43295 - BitTorrent Inc.)
abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.03.2003 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.08.2003.3 - Acer Incorporated)
Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3024 - Acer Incorporated)
Acer Configuration Manager (HKLM-x32\...\{414D554E-4453-454E-0201-000000016258}) (Version: 2.1.16258 - Acer)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.12.2004 - Acer Incorporated)
Acer Quick Access (HKLM\...\{8BBF04F1-C68A-441C-B5EF-446EE9960EAF}) (Version: 2.01.3007 - Acer Incorporated)
Acer UEIP Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 3.01.3001 - Acer Incorporated)
Alati za jezičnu provjeru u sustavu Microsoft Office 2016 - hrvatski (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Ansel (Version: 378.66 - NVIDIA Corporation) Hidden
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.22.2001.0 - Acer Incorporated)
AutoHotkey 1.1.24.04 (HKLM\...\AutoHotkey) (Version: 1.1.24.04 - Lexikos)
Chronicon (HKLM\...\Steam App 375480) (Version:  - Subworld)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5917.02 - CyberLink Corp.)
Discord (HKU\S-1-5-21-1060474256-2957550051-2093060766-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
ELAN HIDI2C Filter Driver X64 13.6.5.2_WHQL (HKLM\...\Elantech) (Version: 13.6.5.2 - ELAN Microelectronic Corp.)
f.lux (HKU\S-1-5-21-1060474256-2957550051-2093060766-1001\...\Flux) (Version:  - )
Factorio (HKLM\...\Steam App 427520) (Version:  - Wube Software LTD.)
Freedome VPN (source) (HKLM-x32\...\{83A4BF20-6745-437C-98D8-3C4B94D174EB}) (Version: 1.16.0612 - Acer)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Guardians of Ember (HKLM\...\Steam App 463680) (Version:  - Runewaker)
HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.0.8.3 - Hi-Rez Studios)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Intel(R) Chipset Device Software (x32 Version: 10.1.1.27 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.5.0.1015 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4534 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.0.0.1039 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.63.1620.3 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{8B08DDA1-FDE7-4897-8EB6-E0B048A6D88B}) (Version: 1.0.1.618 - Intel Corporation)
Katawa Shoujo (HKLM-x32\...\Katawa Shoujo) (Version:  - )
Keep Talking and Nobody Explodes (HKLM\...\Steam App 341800) (Version:  - Steel Crate Games)
Lightshot-5.4.0.1 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.1 - Skillbrains)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1060474256-2957550051-2093060766-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 45.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0 (x86 en-US)) (Version: 45.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0 - Mozilla)
NVIDIA GeForce Experience 3.3.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.3.0.95 - NVIDIA Corporation)
NVIDIA Graphics Driver 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.66 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.3.5.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Orodja za preverjanje za Microsoft Office 2016 – angleščina (HKLM\...\{90160000-001F-0424-1000-0000000FF1CE}) (Version: 16.0.4393.1001 - Microsoft Corporation)
osu! (HKLM-x32\...\{b643e87b-a621-453d-979d-3623ee617ec0}) (Version: latest - ppy Pty Ltd)
Paladins (HKLM\...\Steam App 444090) (Version:  - Hi-Rez Studios)
Path of Exile (HKLM\...\Steam App 238960) (Version:  - Grinding Gear Games)
Pit People (HKLM\...\Steam App 291860) (Version:  - The Behemoth)
Pixel Privateers (HKLM\...\Steam App 342640) (Version:  - Quadro Delta)
Popcorn Time Community (HKLM-x32\...\{F9BC7890-4FE5-4391-8C59-CD0C556EF115}) (Version: 0.4.0 - yify.is) <==== ATTENTION
Qualcomm Atheros 11ac Wireless LAN Installer (HKLM-x32\...\{20CA507E-24AA-4741-87CF-CC1B250790B7}) (Version: 11.0.10299 - Qualcomm Atheros)
Qualcomm Atheros Bluetooth Installer (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 10.0.0.191 - Qualcomm Atheros)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.17.116 - Razer Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.21287 - Realtek Semiconduct Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.6.1001.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7836 - Realtek Semiconductor Corp.)
RimWorld (HKLM\...\Steam App 294100) (Version:  - Ludeon Studios)
SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
Shoppe Keep (HKLM\...\Steam App 381120) (Version:  - Arvydas Žemaitis)
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
SMITE (HKLM\...\Steam App 386360) (Version:  - Hi-Rez Studios)
STAR WARS - Galactic Battlegrounds Saga (HKLM\...\{9f3d9623-1935-43fa-9756-e90f3134f675}.sdb) (Version:  - )
Stardew Valley (HKLM\...\Steam App 413150) (Version:  - ConcernedApe)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Strumenti di correzione di Microsoft Office 2016 - Italiano (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
To the Moon (HKLM\...\Steam App 206440) (Version:  - Freebird Games)
Unepic (HKLM\...\Steam App 233980) (Version:  - @unepic_fran)
Update for Skype for Business 2016 (KB3127980) 64-Bit Edition (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{63487652-EA1D-4817-B4EB-B3D29A441B8F}) (Version:  - Microsoft)
Update for Skype for Business 2016 (KB3127980) 64-Bit Edition (HKLM\...\{90160000-012B-0424-1000-0000000FF1CE}_Office16.PROPLUS_{63487652-EA1D-4817-B4EB-B3D29A441B8F}) (Version:  - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
Warframe (HKLM\...\Steam App 230410) (Version:  - Digital Extremes)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
World of Goo (HKLM\...\Steam App 22000) (Version:  - 2D BOY)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.72.101 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1F791EA6-C1A2-4637-85FB-ECE3AA3B79F6} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\jackiepc\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe 
Task: {22EDE11E-E4E3-436C-A4D3-6DFD8923560B} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-01-20] (NVIDIA Corporation)
Task: {28711F01-4CFE-47FE-BCD5-4A270099CE0A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {31C8A9F1-02F9-402C-8F51-7F19492C29DB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-29] (Google Inc.)
Task: {355F852A-7001-4393-A65A-7457F7E17AF9} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [2016-01-20] ()
Task: {39F8824B-3DF6-4497-A97F-6EE930677F78} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-20] (NVIDIA Corporation)
Task: {44AA4739-2D48-41A7-A7E2-28FEB114540E} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-20] (NVIDIA Corporation)
Task: {4E5BF458-7A36-4DFE-A438-56FEBBD361C6} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-01-20] (NVIDIA Corporation)
Task: {5A8C5CDE-3D27-4211-A3B4-D4A8D5FBB8DA} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2016-08-30] (Acer Incorporated)
Task: {6776B195-4688-493C-807C-3E8E9EA87EFF} - System32\Tasks\AcerCMUpdateTask2.1.16258 => C:\Program Files (x86)\Acer\Amundsen\2.1.16258\AWC.exe [2016-09-20] ()
Task: {79BD31B3-7319-4743-B797-6C0093BF7E4B} - System32\Tasks\FUBTrackingByPLD => C:\OEM\Preload\FubTracking\FubTracking.exe [2015-05-14] ()
Task: {7AF9BB53-36BA-48BB-AB15-72F76A36550B} - System32\Tasks\InstallShield Update Service => C:\Users\jackiepc\AppData\Roaming\Dashlane\ISSCH\issch.exe 
Task: {823F0BBF-11C0-4284-9792-6931ED81722E} - \advancednewsnetjustsm -> No File <==== ATTENTION
Task: {982E8A31-B494-42FC-8CFE-1062953DD965} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2016-09-09] (Acer)
Task: {9B6DCA68-4DE2-4D55-93CD-8E16FC56107D} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2016-07-29] (Acer Incorporated)
Task: {A1EB707B-5463-418E-B8BF-7C353D0FBE5A} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-20] (NVIDIA Corporation)
Task: {B0A1AD74-05A7-4252-8130-70601E0180A2} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-03-13] (TODO: <Company name>)
Task: {B3116CAA-3D17-4E5C-B9D7-68DCC1CF68CD} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)
Task: {B86C25A1-C47D-4DD3-BEF5-6AA487AC9491} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {BCBE3526-C71C-45A8-9222-9925EB14DDC1} - System32\Tasks\Power Button => C:\Program Files\Acer\Acer Quick Access\ePowerButton_NB.exe [2016-07-29] (Acer Incorporated)
Task: {C900E524-2E77-4897-9D0E-818F32230F46} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {E0B90F3E-D2E6-4BE5-9BD6-90FE3BD44655} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-20] (NVIDIA Corporation)
Task: {E28D7D70-5F9A-4819-90B5-C2819368534A} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [2016-01-20] ()
Task: {F25F9D86-3843-4A7F-B675-1CC054A7FF80} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-29] (Google Inc.)
Task: {F8A8EDF4-DB6F-43CF-A5BC-EE09BF1E7930} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-02-19] (Intel(R) Corporation)
Task: {FB2F94D3-E06C-4C25-BB2A-0C685ABDF75A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\jackiepc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-14 17:33 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-02-15 14:49 - 2017-02-09 23:57 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-03-04 20:26 - 2016-03-04 20:26 - 05570728 _____ () C:\WINDOWS\system32\IntelSSTAPO\ParameterService\libxml2-2.dll
2016-09-25 00:20 - 2016-09-25 00:21 - 00189264 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2016-11-10 16:02 - 2017-01-20 19:39 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-11-10 16:02 - 2017-01-20 19:39 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-12-14 17:33 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-05-05 17:14 - 2015-05-08 18:41 - 00111872 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2017-02-25 17:20 - 2017-02-25 17:20 - 00154480 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2016-11-02 17:55 - 2016-11-02 17:55 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-12 12:45 - 2016-12-21 08:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-09 07:06 - 2017-01-09 07:06 - 00298448 _____ () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
2017-02-22 10:05 - 2017-02-22 10:05 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-02-22 10:05 - 2017-02-22 10:05 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-22 10:05 - 2017-02-22 10:05 - 42895360 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-02-06 10:02 - 2017-02-06 10:02 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\roottools.dll
2016-01-20 19:50 - 2016-01-20 19:50 - 04644256 _____ () C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
2016-11-02 17:55 - 2016-11-02 17:55 - 03388256 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll
2016-11-02 17:55 - 2016-11-02 17:55 - 02263904 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll
2017-01-12 12:45 - 2016-12-21 07:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-12 12:45 - 2016-12-21 07:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-12 12:45 - 2016-12-21 07:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-12 12:45 - 2016-12-21 07:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-12 12:45 - 2016-12-21 07:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-11-23 14:41 - 2016-11-23 14:42 - 00019456 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-11-23 14:41 - 2016-11-23 14:42 - 20433408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-10-30 13:49 - 2016-10-30 13:52 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2016-11-23 14:41 - 2016-11-23 14:42 - 01046528 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
2016-11-23 14:41 - 2016-11-23 14:42 - 00353792 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Photos.Inking.dll
2016-09-03 21:55 - 2016-09-03 21:55 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2017-02-06 21:34 - 2017-02-01 10:47 - 02459992 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-06 21:34 - 2017-02-01 10:47 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
2016-09-03 22:23 - 2017-01-20 19:39 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-11-10 16:02 - 2017-01-20 19:39 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-11-10 16:02 - 2017-01-20 19:39 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-02-25 17:48 - 2017-02-25 17:48 - 00619840 _____ () C:\Users\jackiepc\AppData\Local\Temp\0Kraken0502DevProps.dll
2016-11-10 16:02 - 2017-01-20 19:38 - 64245184 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2016-11-10 16:02 - 2017-01-20 14:36 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-11-10 16:02 - 2017-01-20 14:36 - 00254008 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-11-10 16:02 - 2017-01-20 14:36 - 02808888 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-11-10 16:02 - 2017-01-20 14:36 - 00384568 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-11-10 16:02 - 2017-01-20 14:36 - 00537656 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-11-10 16:02 - 2017-01-20 14:36 - 00468024 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-11-10 16:02 - 2017-01-20 14:36 - 01066552 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2017-01-27 22:13 - 2017-01-20 14:36 - 01014840 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSDKAPINode.node
2016-09-09 09:51 - 2016-09-09 09:51 - 00202456 _____ () C:\Program Files (x86)\Acer\Acer Portal\curllib.dll
2016-09-09 09:51 - 2016-09-09 09:51 - 00119000 _____ () C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll
2016-10-29 23:15 - 2016-12-23 19:28 - 00657184 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-10-29 23:15 - 2016-09-01 02:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-10-29 23:15 - 2017-01-19 02:30 - 02327840 _____ () C:\Program Files (x86)\Steam\video.dll
2016-10-29 23:15 - 2016-01-27 08:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-10-29 23:15 - 2016-01-27 08:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-10-29 23:15 - 2016-01-27 08:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-10-29 23:15 - 2016-01-27 08:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-10-29 23:15 - 2016-01-27 08:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-10-29 23:15 - 2016-09-01 02:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-10-29 23:15 - 2016-09-01 02:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-10-29 23:15 - 2017-01-19 02:30 - 00838432 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-10-29 23:15 - 2016-07-04 23:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2017-01-16 12:40 - 2017-01-16 12:40 - 00143824 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2016-12-13 00:42 - 2017-01-05 04:12 - 68813088 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2016-10-29 23:15 - 2017-01-19 02:30 - 00383776 _____ () C:\Program Files (x86)\Steam\steam.dll
2017-01-05 10:15 - 2016-10-08 08:13 - 50656768 _____ () C:\Users\jackiepc\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll
2017-01-05 10:15 - 2016-10-08 08:13 - 01874944 _____ () C:\Users\jackiepc\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libglesv2.dll
2017-01-05 10:15 - 2016-10-08 08:13 - 00075264 _____ () C:\Users\jackiepc\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libegl.dll
2016-05-17 05:50 - 2016-05-17 05:50 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-08-15 18:03 - 2016-08-15 18:03 - 00202456 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll
2016-08-15 18:05 - 2016-08-15 18:05 - 00654000 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll
2016-08-15 18:05 - 2016-08-15 18:05 - 00641240 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll
2016-08-15 18:04 - 2016-08-15 18:04 - 00119000 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll
2016-11-02 09:01 - 2016-11-02 09:01 - 00015064 _____ () C:\WINDOWS\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2016-08-30 14:09 - 2016-08-30 14:09 - 00013016 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2016-08-30 14:05 - 2016-08-30 14:05 - 00277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
2016-10-29 23:15 - 2015-09-25 00:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1060474256-2957550051-2093060766-1001\...\amazon.com -> hxxps://amazon.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 08:24 - 2017-02-25 17:47 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1060474256-2957550051-2093060766-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\jackiepc\Downloads\59448_warhammer_40k_emperor_of_mankind.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKU\S-1-5-21-1060474256-2957550051-2093060766-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1060474256-2957550051-2093060766-1001\...\StartupApproved\Run: => "mailruhomesearch"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{8C7E1E48-D5A0-4EB0-94DF-6BC32F463B6E}] => (Allow) C:\Users\jackiepc\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{40C0CD25-93DE-493B-8463-6062DDA06DFD}] => (Allow) C:\Users\jackiepc\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B3D86757-1D82-408B-80CA-7F10A5F41099}] => (Allow) C:\Users\jackiepc\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A32D1990-CC15-40A9-8CBC-371548C7BABC}] => (Allow) C:\Users\jackiepc\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7D1EF60C-43D3-4FD5-AC0E-C4CEE54D9544}] => (Allow) C:\Users\jackiepc\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1B6A9486-87DB-4753-B575-7162526C3CFA}] => (Allow) C:\Users\jackiepc\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{638606B3-BF4A-482E-85AB-D6D1F8513A40}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe
FirewallRules: [{F5987BAF-CD35-4AE5-BF76-EF000165071E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe
FirewallRules: [{26F8531E-50D7-46E4-AE6B-DA2D174D4C7D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{DAF04709-CAFA-4FBC-8475-CE8C8BFF0A8A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F735E2C9-2B23-4E75-9426-B674CF19018E}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{627D6DD6-B4FB-4D24-B917-3B4F89692003}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{A6BF1B6A-1F3C-42B2-95E1-AD0D701409EE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{4E5C1DA8-7424-44E2-A8B3-E5EF6CE3515D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{1DAC4E2B-D289-4CA6-A406-F86048278017}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{23881336-626C-4CB7-8379-76E541DDB0E0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{81691903-5120-4097-BCAE-5BEF830C4030}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{D42D508B-3B0F-4627-8888-6111A2DF14CF}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{78B9D49C-ECF2-4D85-B090-3E9A79E801DA}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{4FBCDDD8-C04A-4986-BD2B-DC00A2443DE1}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{A76AF19C-95BD-4659-B2FE-B5E2E23C6E3B}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{E7171E90-6D8C-47E8-9C77-E1BBE2ECB2E0}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{90F8E26B-FFAC-41AA-9EB1-FED13BC6A443}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{3C2C53B6-E8E1-4E28-9417-E9EC2D793987}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{9C35B053-0376-4B18-BE87-98ECC0964784}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5885212C-9E2A-436F-BD66-E0DBFB01798E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D7E39F3D-F9AB-48EB-8798-BF371E61D9A8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{80605C1D-4254-4135-BB86-1A2F1D44A82E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{3B9A0BC9-92BB-477B-BA56-A1C07FC44784}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SMITE\Binaries\Win32\HirezBridge.exe
FirewallRules: [{1E5DB7B1-9AD6-439A-A452-14C1B7236B98}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SMITE\Binaries\Win32\HirezBridge.exe
FirewallRules: [{97B69D83-DC78-4372-994C-CDC9034F9D64}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExile_x64Steam.exe
FirewallRules: [{343BD8D5-21DB-4C9A-91F6-08AD425A5DBF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExile_x64Steam.exe
FirewallRules: [{8416A16C-A8D8-42DF-81E4-5745CF44CA1A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{96CDB4DF-EF35-4845-93F0-A55D3D670519}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{F9156330-A8E3-49BE-A5DE-D75508B17914}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{1E87CC7B-DEF0-40DF-91CA-E457AE5BEE5E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{F95CE6E3-B240-4C05-B0D1-743F295EB320}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{74669115-8896-4F9C-AF47-2A7167D139EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{CD4F5E94-765B-4B6E-BB2B-77EC35F25F38}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{1E0DAF63-4F2A-42A4-BDB0-E72282B51C45}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{C43FC0F2-C2A3-47E8-BBAC-8F4354F59698}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{E49CB760-2AEF-4E39-86F1-3101BE8DB950}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{07DE39FD-E2CF-4FAC-BCDE-4D6217D2136F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{C6235046-A389-43EC-8351-01C76540511E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{04BD5F83-FC07-4966-AFAE-1C23B359E95D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{52358099-DD71-4E96-8714-A3AAC49E721F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{4B8F3814-C7BC-4534-B26E-6EECDBF0C504}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{74295844-3C77-4C56-9C92-775ABF213B8F}C:\users\jackiepc\appdata\local\popcorn time community\nw.exe] => (Block) C:\users\jackiepc\appdata\local\popcorn time community\nw.exe
FirewallRules: [UDP Query User{8BC08CD2-98F1-4EA5-808A-B91B02CA135F}C:\users\jackiepc\appdata\local\popcorn time community\nw.exe] => (Block) C:\users\jackiepc\appdata\local\popcorn time community\nw.exe
FirewallRules: [TCP Query User{0F961C30-D2E2-4D88-9537-4717F865C072}C:\users\jackiepc\appdata\local\popcorn time community\nw.exe] => (Allow) C:\users\jackiepc\appdata\local\popcorn time community\nw.exe
FirewallRules: [UDP Query User{5544236A-ED4E-4069-8FE8-085E3D9B7D5B}C:\users\jackiepc\appdata\local\popcorn time community\nw.exe] => (Allow) C:\users\jackiepc\appdata\local\popcorn time community\nw.exe
FirewallRules: [{3F1FC921-926A-4B32-AF43-D01CDAC27517}] => (Allow) C:\Program Files\Windows KMS Activator Ultimate 2016 v3.0\Windows KMS Activator Ultimate 2016 v3.0.exe
FirewallRules: [TCP Query User{87EB84BF-744C-4883-B83C-47182A3987A0}C:\users\jackiepc\downloads\astroneer.pre-alpha.v0.2.90.0\astro\binaries\win64\astro-win64-shipping.exe] => (Allow) C:\users\jackiepc\downloads\astroneer.pre-alpha.v0.2.90.0\astro\binaries\win64\astro-win64-shipping.exe
FirewallRules: [UDP Query User{728E441D-8783-4187-8C14-BC924A425335}C:\users\jackiepc\downloads\astroneer.pre-alpha.v0.2.90.0\astro\binaries\win64\astro-win64-shipping.exe] => (Allow) C:\users\jackiepc\downloads\astroneer.pre-alpha.v0.2.90.0\astro\binaries\win64\astro-win64-shipping.exe
FirewallRules: [{B63F8BE0-F9E4-48F8-86F4-9387FD5C38AD}] => (Allow) C:\Users\jackiepc\Downloads\bin\BlackDesert32.exe
FirewallRules: [{69B58085-E69F-4559-9439-17ED80278FAE}] => (Allow) C:\Users\jackiepc\Downloads\bin64\BlackDesert64.exe
FirewallRules: [{5005DB07-398F-4AC3-998F-CB408B8A1DB3}] => (Allow) C:\Users\jackiepc\Downloads\BlackDesert_Launcher.exe
FirewallRules: [{F3071D32-5409-486C-97BB-D119C8DB322C}] => (Allow) C:\Users\jackiepc\Downloads\BlackDesert_Downloader.exe
FirewallRules: [{408D215C-EA61-4A6B-880D-CB3BC3026360}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\World of Goo\WorldOfGoo.exe
FirewallRules: [{0559BA7F-13C8-4B65-B732-E86464E8ADA0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\World of Goo\WorldOfGoo.exe
FirewallRules: [{6FD1DDA6-CABE-4E2C-AEC7-7D53FC9AE6B5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Keep Talking and Nobody Explodes\ktane.exe
FirewallRules: [{5C6948FB-9760-4729-945E-95D72729E159}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Keep Talking and Nobody Explodes\ktane.exe
FirewallRules: [{D4D7FCA8-0265-4160-91EA-6ADD342C9F44}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\To the Moon\To the Moon\To the Moon.exe
FirewallRules: [{E5097805-10F9-4A81-BFE3-3C18D2D0968A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\To the Moon\To the Moon\To the Moon.exe
FirewallRules: [{3FBF90E3-8BAB-4FD4-B021-4801F1404226}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\To the Moon\Minisode_1\Sigmund Holiday Special 1\Siggy - Holiday Special.exe
FirewallRules: [{E1193F61-960A-4B28-AF7C-14DAC8183CD1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\To the Moon\Minisode_1\Sigmund Holiday Special 1\Siggy - Holiday Special.exe
FirewallRules: [{FAD2F7DE-FC30-49ED-9E75-E49E295B31DB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\To the Moon\Minisode_2\Sigmund Holiday Special 2\SigCorp Minisode 2.exe
FirewallRules: [{441F0A33-9F63-47D0-BD0A-0D714E58D5FE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\To the Moon\Minisode_2\Sigmund Holiday Special 2\SigCorp Minisode 2.exe
FirewallRules: [{73426AAF-2B65-4233-8BD6-66DE5A1A4077}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{DA16E774-8368-427B-A32D-158C53FD3FB3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [TCP Query User{9BE03A19-633E-463F-8752-7FB6496384BD}C:\program files (x86)\electronic arts\kingdoms of amalur - reckoning\reckoning.exe] => (Block) C:\program files (x86)\electronic arts\kingdoms of amalur - reckoning\reckoning.exe
FirewallRules: [UDP Query User{0DE0C5A5-72C2-4922-BB03-D6DBBDA7777E}C:\program files (x86)\electronic arts\kingdoms of amalur - reckoning\reckoning.exe] => (Block) C:\program files (x86)\electronic arts\kingdoms of amalur - reckoning\reckoning.exe
FirewallRules: [{F03A3EA1-0179-48B7-B276-5527700677AF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [{052CA05C-BD2E-4246-AD14-1EB206FFBE86}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [TCP Query User{8EECCB91-EE9F-421D-9EA1-0E83D8F8B82F}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [UDP Query User{D77F484C-8CBB-4BFA-A629-A09D1D77B357}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [TCP Query User{A0B4D888-23CE-4F26-B0B2-4A6411BDF0D8}C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{284BA6AC-9300-46A3-9961-52053D02BE71}C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [TCP Query User{FC57FF51-6377-4963-9302-11C076BD644A}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [UDP Query User{938F67FC-C1A2-4FCB-8C2E-B07D74C6C0D5}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [{21FB4FEF-08A8-42C7-9328-B7AB50B41134}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RimWorld\RimWorldWin.exe
FirewallRules: [{A519871B-AF48-42F6-9AB9-52AD85C49880}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RimWorld\RimWorldWin.exe
FirewallRules: [{E00FC66E-B0AA-427E-BAAB-754D08651887}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pit People\pitpeople.exe
FirewallRules: [{FA3679E0-3D74-4120-B814-690CF8680E1C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pit People\pitpeople.exe
FirewallRules: [{5FB01BAF-F8D0-4BC8-8CC6-070186C4CA97}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{8F4E1204-1B54-4918-A814-C974075DAEF6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{2A95B960-4CBE-4699-B22A-5FFB63B9A6B1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{4620E6D8-2B70-42AD-98E3-D3C6971B8A09}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{AD50F35C-A930-4C93-A674-DFFA2C31D078}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8B1F55A9-EE78-42DE-8D48-D6A4CAED2B0C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Guardians of Ember\RuLauncher.exe
FirewallRules: [{A05383D5-CD67-469D-B914-7FA2CAEA4AE8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Guardians of Ember\RuLauncher.exe
FirewallRules: [TCP Query User{16BF9DBD-F851-420A-BFCC-E5352F439589}C:\program files (x86)\steam\steamapps\common\guardians of ember\exedir\ruplatform.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\guardians of ember\exedir\ruplatform.exe
FirewallRules: [UDP Query User{C9AEAE3F-4FF8-4AC2-893B-FEE12A8178A0}C:\program files (x86)\steam\steamapps\common\guardians of ember\exedir\ruplatform.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\guardians of ember\exedir\ruplatform.exe
FirewallRules: [TCP Query User{D4CB8DBC-FDB7-43B1-8BDB-9ECC13535EA8}C:\program files (x86)\steam\steamapps\common\guardians of ember\client_x86.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\guardians of ember\client_x86.exe
FirewallRules: [UDP Query User{5B21D267-89F8-4555-9BE9-2F29CC29E9A1}C:\program files (x86)\steam\steamapps\common\guardians of ember\client_x86.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\guardians of ember\client_x86.exe
FirewallRules: [{B70600C2-C8B3-49BE-B2C2-FD03F7E646EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe
FirewallRules: [{C49098B3-AB36-451F-97A9-576305988472}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe
FirewallRules: [{7DD76D8D-3277-4125-A210-E6890AB69698}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{64A3C792-EC66-407A-8BA1-4EEE0984FB4D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\STAR WARS - Galactic Battlegrounds Saga\Game\player.exe
FirewallRules: [{70165999-9D2E-4F45-9C15-87C4959FB358}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\STAR WARS - Galactic Battlegrounds Saga\Game\player.exe
FirewallRules: [TCP Query User{D925AE4F-AA7D-4491-BD38-504116A46A3A}C:\program files (x86)\steam\steamapps\common\guardians of ember\exedir\ruplatform.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\guardians of ember\exedir\ruplatform.exe
FirewallRules: [UDP Query User{EAAAE9D3-B421-4ECB-935D-ABBA280C8B86}C:\program files (x86)\steam\steamapps\common\guardians of ember\exedir\ruplatform.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\guardians of ember\exedir\ruplatform.exe
FirewallRules: [TCP Query User{932FA0D2-D548-487B-99C4-09A0F171D8A6}C:\program files (x86)\steam\steamapps\common\guardians of ember\client_x86.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\guardians of ember\client_x86.exe
FirewallRules: [UDP Query User{33B2FF9A-6917-4095-B60D-04567D4CB491}C:\program files (x86)\steam\steamapps\common\guardians of ember\client_x86.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\guardians of ember\client_x86.exe
FirewallRules: [{DD014EBF-7F96-4D9E-9962-B57C5A38BFDD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unepic\unepic.exe
FirewallRules: [{C8DB4FC9-B91F-4CD0-B6DE-6FEC8D8117C0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unepic\unepic.exe
FirewallRules: [{12038F21-9141-4117-ACF2-095F6984BA82}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{320CEC55-FF6F-450D-9685-91D13C6FD3E6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{89BCC7F7-BC92-494F-B930-E6894AAB5787}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shoppe Keep\Shoppe Keep.exe
FirewallRules: [{35C1D85E-A103-4EA6-96D9-88F973543C63}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shoppe Keep\Shoppe Keep.exe
FirewallRules: [{A767D704-E3AC-4AE3-BF5F-CE4D39ACDD6D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pixel Privateers\privateers.exe
FirewallRules: [{575088A3-F3BF-4BAB-8DAC-D0350A266194}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pixel Privateers\privateers.exe
FirewallRules: [{74BCEE4F-05AB-40BC-9414-53CA31B643C2}] => (Allow) C:\Users\jackiepc\AppData\Local\Amigo\Application\amigo.exe
FirewallRules: [{03112972-203F-4F63-A6CE-60364F69B144}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Chronicon\Chronicon.exe
FirewallRules: [{DB9CA8B4-0823-485C-AC07-4E9AC5793A0E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Chronicon\Chronicon.exe

==================== Restore Points =========================

01-02-2017 11:10:38 Scheduled Checkpoint
08-02-2017 13:34:31 Windows Update
15-02-2017 19:52:17 Installed DirectX
23-02-2017 15:13:36 Windows Update
25-02-2017 17:28:54 JRT Pre-Junkware Removal
25-02-2017 17:32:24 Installed Sophos Virus Removal Tool.
25-02-2017 17:45:36 Removed Sophos Virus Removal Tool.
26-02-2017 16:12:07 Removed Popcorn Time Community
26-02-2017 16:13:02 Installed Popcorn Time Community

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/26/2017 04:13:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (02/26/2017 04:12:08 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (02/25/2017 05:47:21 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x8007001f, A device attached to the system is not functioning.
.


Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (02/25/2017 05:47:15 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (02/25/2017 05:45:37 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (02/25/2017 05:32:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (02/25/2017 05:28:56 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (02/25/2017 05:02:22 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x8007001f, A device attached to the system is not functioning.
.


Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (02/25/2017 05:02:16 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (02/25/2017 05:02:14 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {94761ee1-48f6-410d-b6d7-9259b8f4eaff}


System errors:
=============
Error: (02/26/2017 04:34:30 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/25/2017 06:48:18 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/25/2017 05:47:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/25/2017 05:47:26 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the NVIDIA LocalSystem Container service, but this action failed with the following error: 
An instance of the service is already running.

Error: (02/25/2017 05:47:26 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/25/2017 05:47:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Security Assist service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/25/2017 05:47:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (02/25/2017 05:47:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Quick Access Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/25/2017 05:47:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Quick Access Local Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/25/2017 05:47:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).


CodeIntegrity:
===================================
  Date: 2017-02-24 15:41:07.184
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvaci.inf_amd64_3e579304559cf551\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-24 15:41:07.120
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-23 15:13:25.846
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvaci.inf_amd64_3e579304559cf551\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-23 15:13:25.772
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-20 12:22:59.842
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvaci.inf_amd64_3e579304559cf551\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-20 12:22:59.731
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-18 20:38:08.310
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvaci.inf_amd64_3e579304559cf551\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-18 20:38:08.249
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-17 21:42:35.794
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvaci.inf_amd64_3e579304559cf551\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-17 21:42:35.746
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz
Percentage of memory in use: 44%
Total physical RAM: 8060.13 MB
Available physical RAM: 4511.09 MB
Total Virtual: 11004.13 MB
Available Virtual: 6581.29 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:237.36 GB) (Free:86.77 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: F1017A75)

Partition: GPT.

==================== End of Addition.txt ============================

Link to post
Share on other sites

Jaka:

Thank you for your FRST logs.  I will try to get an initial FRST "fix" for you by late tomorrow afternoon.  I also have clients with logs over at Bleeping Computer, so I keep busy.

Thank you for your patience and understanding.  Have a great day.

Regards,
-Phil

Link to post
Share on other sites

Jaka:

Thank you for your patience.  Unfortunately, there was a power disruption this morning that prevented me from having Internet access for some time, so that delayed my analysis of your FRST logs.

I have now analyzed over 800 lines of your logs, out out 1170 lines.  I will finish my analysis tomorrow morning and post fix instructions.  I did find the cause of the redirects to the Russian mail site and will fix those for you.

Thank you again for your understanding.  Have a great day, and please accept my apologies for the delay.

Regards,
-Phil

Link to post
Share on other sites

Jaka:

Thank you for your patience while I analyzed your FRST logs.

Before we start dealing with the problems you are experiencing, I would ask that you to take note of the following points:

  • I am a Malwarebytes volunteer, so I ask you to be patient.  I know it is frustrating when your computer is not working properly, but malware removal takes time.
  • Please also remember that I only dedicate a limited number of hours a day to helping people. We may live in different time zones, which may cause delays in responding.
  • If I have not responded to you within 48 hours, please send me a personal message.  Likewise, I expect you to respond within 48 hours, and sooner is better because we can fix your computer faster.
  • If I have not heard from you in three days, I will "bump" your post.  After five days of no response, I will consider that you no longer need my assistance and this thread will be closed.
  • Logs can take a while to research, so please be patient.
  • Some issues just cannot be solved so you must be prepared for this.
  • Please read and follow the instructions in the exact sequence that they are posted to avoid making a bad situation worse.
  • Please print or copy and save the instructions.
  • Back up all your data and important files on another (external) drive before starting to run malware removal tools.
  • You should try to limit your browsing with this computer until you are given the "All Clear."  Some malware applications steal passwords.
  • Please do not install or uninstall any applications, unless directed.  Don't run any scripts or tools on your own because unsupervised usage may cause more harm than good.
  • Please use only the tools you have been instructed to use.
  • If you are using CD/DVD emulation software, this should be uninstalled or disabled as it can interfere with the removal of some malware.  It can be turned off with Defogger and then turned back on when you get the "All Clear."
  • Please copy and paste the requested log files inside your post, unless otherwise instructed.
  • There are no silly questions. Ask for clarification, if you have any questions or concerns.
  • Malwarebytes does not support any piracy.  Evidence of  illegal OS, software, cracks/keygens, etc., will be revealed by scan logs, and if found, further assistance may be suspended.  Uninstall such software before proceeding!
  • Any P2P software such as uTorrent, BitTorrent, Kazaa, etc. must be uninstalled or completely disabled.  P2P software is a major security risk to your computer and may have been the route the malware used to infect your computer.
  • Failure to follow these guidelines may result in assistance being withdrawn and your thread being closed.
  • I am volunteering my time to help you, and I will need you to help me.  Together, we can, hopefully, disinfect your computer and get if functioning properly again.  That is my only aim.

OK, let's get started ...


STEP 1.

In going over your logs I noticed that you have uTorrent and Popcorn Time installed.  Please consider the following advice to reduce the possibility of being infected when surfing the web.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.


It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent andPopcorn Time, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.

 

STEP 2.

 Please run a FRST "Fix" for me.

Copy and paste the text in the code box below into Notepad and save the file as fixlist.txt to the Desktop.

Please note that this fixlist.txt will reset some of your Internet settings that have apparently been altered.

NOTE: It is important that both files, FRST64.exe and fixlist.txt are both in the same folder or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this individual computer. Running this on another computer may cause damage to your operating system.

CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-1060474256-2957550051-2093060766-1001\...\Run: [mailruhomesearch] => "C:\Users\jackiepc\AppData\Local\Mail.Ru\Sputnik\ptls\mailruhomesearch.exe" --pr_deferred
C:\Users\jackiepc\AppData\Local\Mail.Ru
Tcpip\..\Interfaces\{074736DC-B704-4D61-9FA8-3EE2F3ECF5B2}: [NameServer] 5.8.8.85,8.8.8.8
Tcpip\..\Interfaces\{0b962709-521b-4d02-8698-4e37304df409}: [NameServer] 5.8.8.85,8.8.8.8
Tcpip\..\Interfaces\{2cb4a07e-a0d2-11e6-a6ab-806e6f6e6963}: [NameServer] 5.8.8.85,8.8.8.8
Tcpip\..\Interfaces\{66ea1f37-e54d-47d4-aee9-53a38063ba7b}: [NameServer] 5.8.8.85,8.8.8.8
Tcpip\..\Interfaces\{C98D7C10-4F8E-4406-A030-2B36EF862254}: [NameServer] 5.8.8.85,8.8.8.8
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1060474256-2957550051-2093060766-1001\Software\Microsoft\Internet Explorer\Main,Start Page = 
SearchScopes: HKU\S-1-5-21-1060474256-2957550051-2093060766-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [not found]
Task: {823F0BBF-11C0-4284-9792-6931ED81722E} - \advancednewsnetjustsm -> No File <==== ATTENTION
HKU\S-1-5-21-1060474256-2957550051-2093060766-1001\...\StartupApproved\Run: => "mailruhomesearch"
File: C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
File: C:\program files (x86)\steam\steamapps\common\guardians of ember\exedir\ruplatform.exe
File: C:\program files (x86)\steam\steamapps\common\guardians of ember\client_x86.exe
FirewallRules: [{74BCEE4F-05AB-40BC-9414-53CA31B643C2}] => (Allow) C:\Users\jackiepc\AppData\Local\Amigo\Application\amigo.exe
C:\Users\jackiepc\AppData\Local\Amigo


  • Right click FRST64.exe, and select "Run as Administrator".
  • Then press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop (Fixlog.txt). Please copy and paste the contents into your reply.

.

Thank you and have a great day.

Regards,
-Phil

Link to post
Share on other sites

Fix result of Farbar Recovery Scan Tool (x64) Version: 27-02-2017 01
Ran by jackiepc (28-02-2017 14:31:03) Run:3
Running from C:\Users\jackiepc\Desktop\FRST
Loaded Profiles: jackiepc (Available Profiles: jackiepc)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-1060474256-2957550051-2093060766-1001\...\Run: [mailruhomesearch] => "C:\Users\jackiepc\AppData\Local\Mail.Ru\Sputnik\ptls\mailruhomesearch.exe" --pr_deferred
C:\Users\jackiepc\AppData\Local\Mail.Ru
Tcpip\..\Interfaces\{074736DC-B704-4D61-9FA8-3EE2F3ECF5B2}: [NameServer] 5.8.8.85,8.8.8.8
Tcpip\..\Interfaces\{0b962709-521b-4d02-8698-4e37304df409}: [NameServer] 5.8.8.85,8.8.8.8
Tcpip\..\Interfaces\{2cb4a07e-a0d2-11e6-a6ab-806e6f6e6963}: [NameServer] 5.8.8.85,8.8.8.8
Tcpip\..\Interfaces\{66ea1f37-e54d-47d4-aee9-53a38063ba7b}: [NameServer] 5.8.8.85,8.8.8.8
Tcpip\..\Interfaces\{C98D7C10-4F8E-4406-A030-2B36EF862254}: [NameServer] 5.8.8.85,8.8.8.8
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1060474256-2957550051-2093060766-1001\Software\Microsoft\Internet Explorer\Main,Start Page = 
SearchScopes: HKU\S-1-5-21-1060474256-2957550051-2093060766-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [not found]
Task: {823F0BBF-11C0-4284-9792-6931ED81722E} - \advancednewsnetjustsm -> No File <==== ATTENTION
HKU\S-1-5-21-1060474256-2957550051-2093060766-1001\...\StartupApproved\Run: => "mailruhomesearch"
File: C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
File: C:\program files (x86)\steam\steamapps\common\guardians of ember\exedir\ruplatform.exe
File: C:\program files (x86)\steam\steamapps\common\guardians of ember\client_x86.exe
FirewallRules: [{74BCEE4F-05AB-40BC-9414-53CA31B643C2}] => (Allow) C:\Users\jackiepc\AppData\Local\Amigo\Application\amigo.exe
C:\Users\jackiepc\AppData\Local\Amigo
*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-1060474256-2957550051-2093060766-1001\Software\Microsoft\Windows\CurrentVersion\Run\\mailruhomesearch => value removed successfully
"C:\Users\jackiepc\AppData\Local\Mail.Ru" => not found.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{074736DC-B704-4D61-9FA8-3EE2F3ECF5B2}\\NameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0b962709-521b-4d02-8698-4e37304df409}\\NameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2cb4a07e-a0d2-11e6-a6ab-806e6f6e6963}\\NameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{66ea1f37-e54d-47d4-aee9-53a38063ba7b}\\NameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C98D7C10-4F8E-4406-A030-2B36EF862254}\\NameServer => value removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-1060474256-2957550051-2093060766-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-1060474256-2957550051-2093060766-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi => path removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{823F0BBF-11C0-4284-9792-6931ED81722E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{823F0BBF-11C0-4284-9792-6931ED81722E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\advancednewsnetjustsm => key removed successfully
HKU\S-1-5-21-1060474256-2957550051-2093060766-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\mailruhomesearch => value removed successfully
HKU\S-1-5-21-1060474256-2957550051-2093060766-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\mailruhomesearch => value not found.

========================= File: C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe ========================

File is digitally signed
MD5: 74B9FDA336A0D323AC47894D98F3550A
Creation and modification date: 2016-08-15 18:02 - 2016-08-15 18:02
Size: 2274008
Attributes: ----A
Company Name: acer
Internal Name: WindowsU
Original Name: DLNAStackApp.exe
Product: DLNA Stack App
Description: DLNA Stack App
File Version: 1, 8, 0, 0
Product Version: 1, 8, 0, 0
Copyright: (C) All right reserved

====== End of File: ======


========================= File: C:\program files (x86)\steam\steamapps\common\guardians of ember\exedir\ruplatform.exe ========================

File not signed
MD5: 1DDB44E0B04DEF8D555FCBDC272AFF3B
Creation and modification date: 2017-01-29 14:09 - 2017-02-21 12:20
Size: 10737664
Attributes: ----A
Company Name: 
Internal Name: RENA
Original Name: 
Product: RENA Application
Description: 
File Version: 0, 1, 1, 32
Product Version: 0, 0, 0, 0
Copyright: Copyright (C) 2014

====== End of File: ======


========================= File: C:\program files (x86)\steam\steamapps\common\guardians of ember\client_x86.exe ========================

File not signed
MD5: 732B9A2735E79E3FA564E7BC2261A3D8
Creation and modification date: 2017-02-15 17:52 - 2017-02-17 08:47
Size: 19804160
Attributes: ----A
Company Name: Runewaker
Internal Name: RENA
Original Name: RENA.exe
Product: 1702161134
Description: RENA Application
File Version: 170216_00169
Product Version: 170216_00169
Copyright: Copyright (C) 2012

====== End of File: ======

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{74BCEE4F-05AB-40BC-9414-53CA31B643C2} => value removed successfully
"C:\Users\jackiepc\AppData\Local\Amigo" => not found.


The system needed a reboot.

==== End of Fixlog 14:31:15 ====

 

 

 

I have uninstalled uTorrent and Popcorn Time as requested. It seems that Mailruhomesearch is no longer in my startup when I open task manager, I will see if I get any popups now. Thanks a lot! :)

Link to post
Share on other sites

Jaka:

Thank you for the fixlog.txt file.  That is great news that we have eliminated the issue with your start-up.

Let's run a few standard scans to see if anything else turns up.  FRST does not find everything.

.

STEP 1. 

ESET Online Scanner using Internet Explorer:

Note 1: These instructions are for Internet Explorer only! If you're using Chrome or Firefox, you will need to download and install the ESET Smart Installer tool before it can scan.  See instructions here.
Note 2: You will need to disable your currently installed Anti-Virus, how to do so can be found here.

  • Download esetsmartinstaller_enu.exe and save it to your Desktop.
  • Double click the icon.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Click Advanced settings.
  • Check the following items.


Enable detection of potentially unwanted applications

Remove found threats

Scan archives

Scan for potentially unsafe applications

Enable Anti-Stealth technology

  • Click Change next to Current scan targets:
  • Place a check mark in any additional drive you wish to scan then click OK.
  • Click Start.
  • ESET will then download updates and begin scanning your computer.
  • If no threats are found simply click Uninstall application on close and hit Finish.
  • If threats are found click List of found threats.
  • Click Export to text file.
  • Save the file on your Desktop as ESET.txt.
  • Click Back.
  • Check Uninstall application on close and Delete quarantined files.
  • Click Finish.
  • Close the ESET Online Scanner window.
  • Copy and paste the contents of ESET.txt into your reply, if any threats were detected.

Don't forget to re-enable your antivirus when finished!

.

STEP 2. I see that you have Malwarebytes installed.  Please run a scan for me.
[*]Please go to "Settings", "Protection", and turn on "Scan for rootkits", if it is not "On."
[*]Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
[*]If an update of the definitions is available, it will be downloaded and installed before the scan commences.
[*]When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
[*]Restart your computer when prompted to do so.
[/list]
The Scan log is available through History ->Application logs. Please copy and paste the contents of the log into your next reply.

.

Thank you and have a great day.

Regards,
-Phil

 

Link to post
Share on other sites

ESET Online Scanner had 0 results! :)

and this is the Malwarebytes scan you requested!

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 2/28/17
Scan Time: 7:50 PM
Logfile: logmalware.txt
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.50
Update Package Version: 1.0.1384
License: Expired

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: LAPTOP-P2CLMHUC\jackiepc

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 298483
Time Elapsed: 5 min, 7 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)

 

 

I think I am clean! Thank you very much for your help Phil! :)

Link to post
Share on other sites

Jaka92:

Thank you for running those scans.  The results do indeed look good.  I would like to run just two more scans to make sure that there is nothing hiding in your computer that shouldn't be there.  Each of our anti-malware scanning tools targets different classes of malware, so it is wise to use a suite of on-demand scanners when you are in doubt about whether a computer might be potentially infected.

STEP 1. 

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and selectRun As Administrator
  • The tool will start to update the database, please wait for it to complete the update.
  • Click on I Agree button.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

STEP 2. 

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Please copy and paste the contents of JRT.txt into your next message.

Thank you and have a great day.

Regards,
-Phil

Link to post
Share on other sites

Jaka:

Are you still here?  Do you still require assistance.

If not, I will ask the Moderator to conclude your topic.  You can always reopen this Topic by asking the Moderator, @AdvancedSetup to reopen it.

Thank you and have a great day.

Regards,
-Phil

Link to post
Share on other sites

Jaka:

Thank you for your post.  Great to know that you are still with me.

Standing by for the results of the AdwCleaner and JRT scans.

Have a great day.

Regards,
-Phil

Link to post
Share on other sites

Again I would like to apologise for the delay!

Firstly the JRT scan results:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.1 (02.11.2017)
Operating System: Windows 10 Home x64 
Ran by jackiepc (Administrator) on Mon 03/06/2017 at 11:07:56.58
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


File System: 0 


Registry: 0 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 03/06/2017 at 11:08:42.55
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

And now the AdwCleaner results:

# AdwCleaner v6.044 - Logfile created 06/03/2017 at 11:10:44
# Updated on 28/02/2017 by Malwarebytes
# Database : 2017-03-02.1 [Local]
# Operating System : Windows 10 Home  (X64)
# Username : jackiepc - LAPTOP-P2CLMHUC
# Running from : C:\Users\jackiepc\Downloads\AdwCleaner (4).exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

No malicious folders found.


***** [ Files ] *****

File Found:  C:\Users\jackiepc\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_st.chatango.com_0.localstorage
File Found:  C:\Users\jackiepc\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_st.chatango.com_0.localstorage-journal


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

No malicious registry entries found.


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [6830 Bytes] - [19/11/2016 12:11:06]
C:\AdwCleaner\AdwCleaner[C2].txt - [6938 Bytes] - [24/02/2017 16:09:42]
C:\AdwCleaner\AdwCleaner[C3].txt - [1521 Bytes] - [24/02/2017 16:12:16]
C:\AdwCleaner\AdwCleaner[C4].txt - [2000 Bytes] - [25/02/2017 17:11:35]
C:\AdwCleaner\AdwCleaner[S0].txt - [6381 Bytes] - [19/11/2016 12:10:00]
C:\AdwCleaner\AdwCleaner[S1].txt - [7976 Bytes] - [24/02/2017 16:07:58]
C:\AdwCleaner\AdwCleaner[S2].txt - [6550 Bytes] - [24/02/2017 16:09:26]
C:\AdwCleaner\AdwCleaner[S3].txt - [1634 Bytes] - [24/02/2017 16:12:03]
C:\AdwCleaner\AdwCleaner[S4].txt - [1667 Bytes] - [24/02/2017 16:15:15]
C:\AdwCleaner\AdwCleaner[S5].txt - [1740 Bytes] - [24/02/2017 16:18:10]
C:\AdwCleaner\AdwCleaner[S6].txt - [1813 Bytes] - [24/02/2017 16:41:22]
C:\AdwCleaner\AdwCleaner[S7].txt - [2130 Bytes] - [25/02/2017 17:09:53]
C:\AdwCleaner\AdwCleaner[S8].txt - [2272 Bytes] - [06/03/2017 11:05:28]
C:\AdwCleaner\AdwCleaner[S9].txt - [2192 Bytes] - [06/03/2017 11:10:44]

########## EOF - C:\AdwCleaner\AdwCleaner[S9].txt - [2265 Bytes] ##########
 

I am not sure but I think AdwCleaner has found something, I didn't press clean due to given instructions.

Kind regards and another apology for the delays,

 

Jaka

Link to post
Share on other sites

Jaka:

Thank you for the AdwCleaner and JRT logs.  AdwCleaner did find a couple of minor issues.  Please run it again in "Clean" mode and remove what it detected.  Please copy and paste the contents of the "Clean" log into your next reply.

If the log from the "Clean" looks good, then I will post instructions for removing the anti-malware tools that I have used to examine and clean your computer, in my next post.

Thank you and have a great day.

Regards,
-Phil

Link to post
Share on other sites

Hello Phil!

Here is the last log file from AdwCleaner:

 

# AdwCleaner v6.044 - Logfile created 07/03/2017 at 11:16:38
# Updated on 28/02/2017 by Malwarebytes
# Database : 2017-03-07.1 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : jackiepc - LAPTOP-P2CLMHUC
# Running from : C:\Users\jackiepc\Downloads\AdwCleaner (4).exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

[-] File deleted: C:\Users\jackiepc\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_st.chatango.com_0.localstorage
[-] File deleted: C:\Users\jackiepc\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_st.chatango.com_0.localstorage-journal


***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [6830 Bytes] - [19/11/2016 12:11:06]
C:\AdwCleaner\AdwCleaner[C2].txt - [6938 Bytes] - [24/02/2017 16:09:42]
C:\AdwCleaner\AdwCleaner[C3].txt - [1521 Bytes] - [24/02/2017 16:12:16]
C:\AdwCleaner\AdwCleaner[C4].txt - [2000 Bytes] - [25/02/2017 17:11:35]
C:\AdwCleaner\AdwCleaner[C5].txt - [1333 Bytes] - [07/03/2017 11:16:38]
C:\AdwCleaner\AdwCleaner[S0].txt - [6381 Bytes] - [19/11/2016 12:10:00]
C:\AdwCleaner\AdwCleaner[S10].txt - [2420 Bytes] - [07/03/2017 11:12:47]
C:\AdwCleaner\AdwCleaner[S1].txt - [7976 Bytes] - [24/02/2017 16:07:58]
C:\AdwCleaner\AdwCleaner[S2].txt - [6550 Bytes] - [24/02/2017 16:09:26]
C:\AdwCleaner\AdwCleaner[S3].txt - [1634 Bytes] - [24/02/2017 16:12:03]
C:\AdwCleaner\AdwCleaner[S4].txt - [1667 Bytes] - [24/02/2017 16:15:15]
C:\AdwCleaner\AdwCleaner[S5].txt - [1740 Bytes] - [24/02/2017 16:18:10]
C:\AdwCleaner\AdwCleaner[S6].txt - [1813 Bytes] - [24/02/2017 16:41:22]
C:\AdwCleaner\AdwCleaner[S7].txt - [2130 Bytes] - [25/02/2017 17:09:53]
C:\AdwCleaner\AdwCleaner[S8].txt - [2272 Bytes] - [06/03/2017 11:05:28]
C:\AdwCleaner\AdwCleaner[S9].txt - [2344 Bytes] - [06/03/2017 11:10:44]

########## EOF - C:\AdwCleaner\AdwCleaner[C5].txt - [2210 Bytes] ##########
 

Link to post
Share on other sites

Jaka:

Thank you for your post and the AdwCleaner log.  It looks good.

We will now remove the tools we used during this fix using Delfix.

bwebb7v.jpgDownload Delfix from here and save it to your desktop.

  • Ensure Remove disinfection tools is checked.
  • Also place a checkmark next to:
    • Create registry backup
    • Purge system restore

    delfix.jpg
  • Click the Run button.


When the tool is finished, a log will open in notepad. Please copy and paste the log in your next reply.

.

. . . Some Final Advice . . .

The most common cause of an infected machine is the Trojan Horse, or programs which appear to be legitimate but which contain malicious payloads, or which are simply malicious in and of themselves. No antivirus, firewall, host-based intrusion prevention system (HIPS), or other security software can fully protect you against this kind of attack. The best way to project yourself is not to run email attachments from untrusted sources, and avoid software downloaded from the internet wherever possible. Remember, when you run an application, you are giving that application permission to do to your machine anything you can do to the machine, including create, modify, or destroy files or other data. In the Windows (and most other systems' such as Unix) security model, applications don't have privileges, users do.

The second most common cause of infection is out of date software. Leaving your system unpatched leaves holes through which attackers can execute code on your behalf without your consent. This goes for far more than common targets such as Windows and Internet Explorer. Most recent threats target other third party software, such as Adobe's Adobe Reader, Shockwave Player, or Flash Player, or Oracle's Java browser plugins. You can check your system for out of date software manually, or by using automated tools such as Secunia's Personal Software Inspector. This goes doubly for security applications such as antivirus and other antimalware products based on definition lists, where out-of-date lists mean no detection of newer malware.

Finally, occasionally you will be forced to run some potentially infected binary, or attackers will use a hole which is unpatched by software vendors, so a last line of defense is needed. That means turning on a firewall (Windows Firewall included with Windows Vista or later is fine) and leaving it on, and using and keeping up-to-date an antivirus solution such as Bitdefender. Antiviral solutions don't even have to cost money; for instance Microsoft Security Essentials provides perfectly acceptable protection for free. If for some reason you don't like MSE, there are other free products available as well:

  • Avira (shows nag screen to purchase full product when updating, home use only)
  • Bitdefender Free (home use only)


That should be fine for the majority of users. However, if you absolutely want additional protection, consider one or more of the following products:

If you want more information on methods malware uses to infect your computer, consider browsing the How did I get infected? topic.

.

It has been a pleasure assisting you and I hope that you will avoid any further infections in the future.  Your most important protection step is to ALWAYS HAVE MORE THAN ONE RECENT BACKUP OF YOUR ENTIRE SYSTEM on an external drive that is only connected to your computer long enough to backup or restore.  I do system images weekly.  With the free backup software out there (Easeus ToDo Backup Home, Macrium Reflect, etc.), and the very reasonable prices for external USB hard drives, there is no reason to not have a backup.

Please copy and paste the contents of the Delfix log into your reply. If that looks good, then we can conclude your topic.

On behalf of the Malwarebytes Community, thank you for choosing us to assist you with your computer issues, stay safe out there in cyberspace, and have a great day.

Regards,
-Phil

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.