Jump to content
tokis

Outbound - chrome.exe and svchost.exe

Recommended Posts

Hi, today I started receiving multiple outbound warnings from Malwarebytes specifically about Chrome.exe and svchost.exe

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-03-2017
Ran by Maxos (administrator) on MAXOS-PC (02-03-2017 14:38:29)
Running from C:\Users\Maxos\Downloads
Loaded Profiles: Maxos (Available Profiles: Maxos)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Windows\SysWOW64\ASGT.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files\Iomega\Iomega Encryption\Iomega Encryption.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Sling Media Inc.) C:\Program Files (x86)\Sling Media\SlingplayerForWeb\SlingplayerForWeb.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(ASUS) C:\Program Files (x86)\ASUS\GPU Tweak\GPUTweak.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Sling Media Inc.) C:\Program Files (x86)\Sling Media\SlingplayerForWeb\SlingplayerForWeb.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ASUS) C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\SnippingTool.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_24_0_0_221.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_24_0_0_221.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13671792 2014-03-14] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-04-11] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2017-01-02] (AVAST Software)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Corsair Utility Engine] => C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe [14885552 2016-03-23] (Corsair Components, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-4116968489-4274080014-3101340352-1000\...\Run: [GarenaPlus] => "C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe" -autolaunch
HKU\S-1-5-21-4116968489-4274080014-3101340352-1000\...\Run: [IomegaEncryption] => C:\Program Files\Iomega\Iomega Encryption\Iomega Encryption.exe [463208 2010-09-15] ()
HKU\S-1-5-21-4116968489-4274080014-3101340352-1000\...\Run: [GoogleChromeAutoLaunch_0DD63D9EC28B9E69AF7F6271968BA5BC] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [945496 2017-02-01] (Google Inc.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [181280 2017-01-04] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [158208 2017-01-04] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-01-02] (AVAST Software)
Startup: C:\Users\Maxos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SlingplayerForWebShortcut.lnk [2017-02-04]
ShortcutTarget: SlingplayerForWebShortcut.lnk -> C:\Program Files (x86)\Sling Media\SlingplayerForWeb\SlingplayerForWeb.exe (Sling Media Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{3254ED58-2C27-437C-9AEE-1AA543EB7950}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-4116968489-4274080014-3101340352-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com.cy/?gfe_rd=cr&ei=AZ07V_m1E6is8webuoP4Bg&gws_rd=ssl#q=%CF%80%CE%B1%CE%BD%CE%B1%CE%B3%CE%B9%CE%B1+
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-01-21] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2017-01-21] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-01-21] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-01-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-25] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-01-02] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2017-01-21] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-01-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-25] (Oracle Corporation)
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1452683863213
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-21] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-21] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-21] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-21] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: u8k060us.default
FF ProfilePath: C:\Users\Maxos\AppData\Roaming\Mozilla\Firefox\Profiles\u8k060us.default [2017-03-02]
FF Homepage: Mozilla\Firefox\Profiles\u8k060us.default -> hxxps://www.google.com.cy/
FF Extension: (Firebug) - C:\Users\Maxos\AppData\Roaming\Mozilla\Firefox\Profiles\u8k060us.default\Extensions\firebug@software.joehewitt.com.xpi [2017-03-01]
FF Extension: (MEGA) - C:\Users\Maxos\AppData\Roaming\Mozilla\Firefox\Profiles\u8k060us.default\Extensions\firefox@mega.co.nz.xpi [2017-03-02]
FF Extension: (FoxyProxy Standard) - C:\Users\Maxos\AppData\Roaming\Mozilla\Firefox\Profiles\u8k060us.default\Extensions\foxyproxy@eric.h.jung [2017-01-29]
FF Extension: (HDS Link Detector) - C:\Users\Maxos\AppData\Roaming\Mozilla\Firefox\Profiles\u8k060us.default\Extensions\jid0-HFFmJoceGjTSKDBEWPpzfX9By7I@jetpack.xpi [2016-01-18]
FF Extension: (Reload Plus) - C:\Users\Maxos\AppData\Roaming\Mozilla\Firefox\Profiles\u8k060us.default\Extensions\reloadplus@blackwind.xpi [2017-01-31]
FF Extension: (WebSlingPlayer) - C:\Users\Maxos\AppData\Roaming\Mozilla\Firefox\Profiles\u8k060us.default\Extensions\{9EB34849-81D3-4841-939D-666D522B889A} [2016-01-08]
FF Extension: (Video DownloadHelper) - C:\Users\Maxos\AppData\Roaming\Mozilla\Firefox\Profiles\u8k060us.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-12-30]
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\Maxos\AppData\Roaming\Mozilla\Firefox\Profiles\u8k060us.default\features\{05a510cc-ec25-469f-8581-8450c6e0047f}\disableSHA1rollout@mozilla.org.xpi [2017-02-25]
FF ProfilePath: C:\Users\Maxos\AppData\Roaming\Mozilla\Firefox\Profiles\kewyvpun.dev-edition-default [2017-01-22]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2017-01-21]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2017-01-21]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-15] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-01-21] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-01-21] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-01-18] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [No File]
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Firefox Developer Edition\firefox.exe

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://www.google.com.cy/search?q=list+of+saints&rlz=1C1GIWA_enCY645CY645&espv=2&biw=1920&bih=955&source=lnms&tbm=isch&sa=X&ved=0ahUKEwjuiJKZ1o7NAhVCRhQKHXI5C2UQ_AUIBigB#tbm=isch&q=list+of+saints+orthodox+church
CHR StartupUrls: Default -> "hxxps://www.google.com.cy/search?q=list+of+saints&rlz=1C1GIWA_enCY645CY645&espv=2&biw=1920&bih=955&source=lnms&tbm=isch&sa=X&ved=0ahUKEwjuiJKZ1o7NAhVCRhQKHXI5C2UQ_AUIBigB#tbm=isch&q=list+of+saints+orthodox+church"
CHR Plugin: (Widevine Content Decryption Module) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\WidevineCdm\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Users\Maxos\AppData\Local\Google\Chrome\User Data\PepperFlash\24.0.0.194\pepflashplayer.dll => No File
CHR Profile: C:\Users\Maxos\AppData\Local\Google\Chrome\User Data\Default [2017-03-02]
CHR Extension: (Social Blade) - C:\Users\Maxos\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfidkbgamfhdgmedldkagjopnbobdmdn [2017-02-12]
CHR Extension: (Avast SafePrice) - C:\Users\Maxos\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-11-15]
CHR Extension: (Full Page Screen Capture) - C:\Users\Maxos\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2016-09-02]
CHR Extension: (TubeBuddy for YouTube) - C:\Users\Maxos\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkhmbddkmdggbhaaaodilponhnccicb [2017-03-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Maxos\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-21]
CHR Extension: (vidIQ Vision for YouTube) - C:\Users\Maxos\AppData\Local\Google\Chrome\User Data\Default\Extensions\pachckjkecffpdphbpmfolblodfkgbhl [2017-02-25]
CHR Extension: (Chrome Media Router) - C:\Users\Maxos\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-08]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2017-01-02] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2946304 2016-12-09] (Microsoft Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-04-11] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 wampapache64; C:\wamp64\bin\apache\apache2.4.17\bin\httpd.exe [29184 2015-10-11] (Apache Software Foundation) [File not signed]
S3 wampmysqld64; C:\wamp64\bin\mysql\mysql5.7.9\bin\mysqld.exe [38587904 2015-10-12] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 ZAMSvc; "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /service [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2017-01-02] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2017-01-02] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2017-01-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2017-01-02] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2017-01-02] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2017-01-02] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2017-01-02] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2017-01-02] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2017-01-02] (AVAST Software)
R3 CorsairVBusDriver; C:\Windows\System32\DRIVERS\CorsairVBusDriver.sys [47840 2015-10-30] (Corsair)
R3 CorsairVHidDriver; C:\Windows\System32\DRIVERS\CorsairVHidDriver.sys [21728 2015-10-30] (Corsair)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [494864 2013-08-29] (Intel Corporation)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2015-06-22] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-04-11] (Intel Corporation)
R2 IntelHaxm; C:\Windows\System32\DRIVERS\IntelHaxm.sys [93192 2016-11-11] (Intel  Corporation)
R3 IOMap; C:\Windows\system32\drivers\IOMap64.sys [24824 2013-07-02] (ASUSTeK Computer Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2017-03-02] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 NVFLASH; C:\Windows\system32\drivers\nvflash.sys [15648 2013-04-19] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R3 OXSDIDRV_x64; C:\Windows\System32\DRIVERS\OXSDIDRV_x64.sys [52384 2011-08-23] ()
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-05-19] ()
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
S3 xb1usb; C:\Windows\System32\DRIVERS\xb1usb.sys [42760 2016-02-21] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\Windows\System32\DRIVERS\XtuAcpiDriver.sys [54344 2016-11-22] (Intel Corporation)
S3 gkernel; \??\C:\Users\Maxos\AppData\Local\Temp\gkernel.sys [X] <==== ATTENTION
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-02 14:38 - 2017-03-02 14:38 - 02423808 _____ (Farbar) C:\Users\Maxos\Downloads\FRST64.exe
2017-03-02 14:38 - 2017-03-02 14:38 - 00024294 _____ C:\Users\Maxos\Downloads\FRST.txt
2017-03-02 14:38 - 2017-03-02 14:38 - 00000000 ____D C:\FRST
2017-03-01 00:39 - 2017-03-01 00:40 - 00000000 ____D C:\Users\Maxos\Downloads\Beyond
2017-02-28 23:44 - 2017-02-28 23:46 - 93025309 _____ C:\Users\Maxos\Documents\juvnap.mp4
2017-02-26 19:41 - 2017-02-26 19:46 - 285438514 _____ C:\Users\Maxos\Documents\bartli.mp4
2017-02-23 16:32 - 2017-02-23 16:32 - 00000000 ____D C:\Users\Maxos\Desktop\MyApp2
2017-02-23 15:47 - 2017-02-23 16:09 - 00000000 ____D C:\Users\Maxos\Desktop\MyAppl2
2017-02-23 15:34 - 2017-02-23 15:41 - 00000000 ____D C:\Users\Maxos\Desktop\MyApp
2017-02-23 15:31 - 2017-02-23 15:33 - 00000000 ____D C:\Users\Maxos\Desktop\Test1234
2017-02-23 15:16 - 2017-02-23 16:39 - 00000000 ____D C:\Users\Maxos\Desktop\Microsoft JDBC Driver 6.0 for SQL Server
2017-02-23 15:13 - 2017-02-23 15:22 - 00000000 ____D C:\Users\Maxos\Desktop\Test123
2017-02-22 23:57 - 2017-02-22 23:58 - 242586771 _____ C:\Users\Maxos\Documents\sevlei.mp4
2017-02-22 21:33 - 2017-02-22 21:51 - 293017015 _____ C:\Users\Maxos\Documents\valrmav.mp4
2017-02-22 00:40 - 2017-02-22 00:42 - 218525168 _____ C:\Users\Maxos\Documents\citmon.mp4
2017-02-21 13:34 - 2017-02-21 13:36 - 192713424 _____ (Igor Pavlov) C:\Users\Maxos\Desktop\miktex-portable-2.9.6236.exe
2017-02-21 13:05 - 2017-02-22 17:36 - 00000000 ____D C:\Users\Maxos\CSC135
2017-02-21 12:58 - 2017-02-21 12:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiKTeX 2.9
2017-02-21 12:57 - 2017-02-21 12:57 - 00000000 ____D C:\Users\Maxos\AppData\Local\MiKTeX
2017-02-21 12:57 - 2017-02-21 12:57 - 00000000 ____D C:\ProgramData\MiKTeX
2017-02-21 12:53 - 2017-02-21 12:58 - 00000000 ____D C:\CSC135
2017-02-18 00:32 - 2017-02-18 00:32 - 16628727 _____ C:\Users\Maxos\Desktop\4b15f49f-9664-39ba-9617-ed7fac2ba1f6_2096.mp4
2017-02-18 00:22 - 2017-02-21 23:44 - 99738546 _____ C:\Users\Maxos\Documents\auglev.mp4
2017-02-16 00:25 - 2017-02-16 00:27 - 234042898 _____ C:\Users\Maxos\Documents\rmanap.mp4
2017-02-16 00:07 - 2017-02-16 00:07 - 04862152 _____ C:\Users\Maxos\Downloads\201702151.mp4
2017-02-15 23:50 - 2017-02-15 23:52 - 200185308 _____ C:\Users\Maxos\Documents\bayaa2.mp4
2017-02-15 23:42 - 2017-02-15 23:50 - 372228900 _____ C:\Users\Maxos\Documents\bayaa.mp4
2017-02-15 00:15 - 2017-02-15 00:15 - 05956048 _____ C:\Users\Maxos\Documents\benbvb.mp4
2017-02-14 17:50 - 2017-01-01 13:03 - 00000000 ____D C:\Users\Maxos\Downloads\Tory Lanez - The New Toronto 2
2017-02-14 17:50 - 2017-01-01 13:03 - 00000000 ____D C:\Users\Maxos\Downloads\Tory Lanez - Chixtape 4
2017-02-13 15:26 - 2017-02-13 15:26 - 00000000 ____D C:\RoadWorks
2017-02-13 14:59 - 2017-02-13 15:13 - 00000000 ____D C:\Users\Maxos\Documents\Visual Studio 2015
2017-02-13 14:59 - 2017-02-13 14:59 - 00000000 ____D C:\Users\Maxos\Documents\SQL Server Management Studio
2017-02-13 14:58 - 2017-02-13 14:58 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2017-02-13 14:56 - 2017-02-13 14:56 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 10.0
2017-02-13 14:56 - 2017-02-13 14:56 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2017-02-13 14:53 - 2017-02-13 14:53 - 00000000 ____D C:\Program Files (x86)\Microsoft Help Viewer
2017-02-13 14:52 - 2017-02-13 14:52 - 00000000 ____D C:\Program Files (x86)\Windows Kits
2017-02-13 14:52 - 2017-02-13 14:52 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2017-02-13 14:48 - 2017-02-13 14:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2016
2017-02-13 14:48 - 2017-02-13 14:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 14.0
2017-02-13 14:48 - 2017-02-13 14:54 - 00000000 ____D C:\Windows\SysWOW64\1033
2017-02-13 14:48 - 2017-02-13 14:53 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2017-02-13 14:48 - 2017-02-13 14:52 - 00000000 ____D C:\Windows\system32\1033
2017-02-13 14:48 - 2017-02-13 14:48 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2017-02-13 14:47 - 2017-02-13 14:47 - 00000000 ____D C:\ProgramData\VsTelemetry
2017-02-12 15:26 - 2017-02-12 15:26 - 00091021 _____ C:\Users\Maxos\Desktop\dhl_1486905986_9869_dc547f9024.pdf
2017-02-12 15:19 - 2017-02-12 15:19 - 00336974 _____ C:\Users\Maxos\Documents\Amazon.xps
2017-02-11 02:39 - 2017-02-11 02:40 - 00000000 ____D C:\Program Files (x86)\URLSnooper2
2017-02-11 02:39 - 2017-02-11 02:39 - 02979296 _____ (DonationCoder.com ) C:\Users\Maxos\Downloads\URLSnooperSetup.exe
2017-02-11 02:39 - 2017-02-11 02:39 - 00000046 _____ C:\Windows\SysWOW64\DonationCoder_urlsnooper_InstallInfo.dat
2017-02-11 02:39 - 2017-02-11 02:39 - 00000000 ____D C:\Users\Maxos\Documents\DonationCoder
2017-02-11 02:39 - 2017-02-11 02:39 - 00000000 ____D C:\Users\Maxos\AppData\Roaming\DonationCoder
2017-02-08 16:35 - 2017-02-08 16:35 - 06975096 _____ (Tim Kosse) C:\Users\Maxos\Downloads\FileZilla_3.24.0_win64-setup.exe
2017-02-08 16:35 - 2017-02-08 16:35 - 06668096 _____ (Tim Kosse) C:\Users\Maxos\Downloads\FileZilla_3.22.2.2_win64-setup.exe
2017-02-06 20:42 - 2017-02-06 20:46 - 222529499 _____ C:\Users\Maxos\Documents\gotjan.mp4
2017-02-06 20:23 - 2017-02-06 20:24 - 00312872 _____ C:\Users\Maxos\Downloads\KUURO - Savage [Monstercat Release].mp3.sfk
2017-02-06 20:00 - 2017-02-06 20:42 - 00126792 _____ C:\Users\Maxos\Desktop\gotjan.veg
2017-02-06 20:00 - 2017-02-06 20:35 - 00126792 _____ C:\Users\Maxos\Desktop\gotjan.veg.bak
2017-02-06 01:48 - 2017-02-06 01:48 - 00000067 _____ C:\Users\Maxos\Desktop\1pr.txt
2017-02-04 16:33 - 2017-02-04 16:33 - 00000000 ____D C:\Program Files (x86)\Sling Media
2017-02-04 16:32 - 2017-02-04 16:32 - 37717016 _____ (Sling Media) C:\Users\Maxos\Desktop\SlingplayerForWebInstaller.exe
2017-02-04 01:57 - 2017-02-13 21:31 - 01139387 _____ C:\Users\Maxos\Desktop\tv_channels_m.hadjik@gmail.com_plus.m3u

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-02 14:22 - 2015-12-02 11:44 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-03-02 14:20 - 2015-06-21 23:00 - 00000000 ____D C:\Users\Maxos\AppData\Roaming\SimpleTV V03
2017-03-02 14:01 - 2015-06-19 22:43 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-03-02 13:44 - 2009-07-14 06:45 - 00021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-02 13:44 - 2009-07-14 06:45 - 00021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-02 13:42 - 2009-07-14 07:13 - 00783606 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-02 13:42 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2017-03-02 13:37 - 2016-11-16 12:46 - 00000000 ____D C:\Users\Maxos\AppData\LocalLow\Mozilla
2017-03-02 13:36 - 2015-06-19 19:52 - 00000000 __SHD C:\Users\Maxos\IntelGraphicsProfiles
2017-03-02 13:36 - 2015-06-19 19:04 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-02 13:36 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-02 01:06 - 2017-01-21 23:50 - 00000000 ____D C:\zap
2017-03-02 01:02 - 2015-06-20 00:52 - 00001456 _____ C:\Users\Maxos\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-03-02 01:01 - 2015-06-19 18:13 - 00000000 ____D C:\Users\Maxos
2017-03-02 00:55 - 2015-06-19 22:45 - 00000000 ____D C:\Users\Maxos\Desktop\Sopcast
2017-03-02 00:45 - 2015-07-01 01:47 - 10664448 ___SH C:\Users\Maxos\Thumbs.db
2017-03-02 00:36 - 2017-01-25 20:24 - 00000000 ____D C:\Users\Maxos\AppData\Roaming\vlc
2017-03-01 14:22 - 2015-06-20 00:07 - 00000000 ____D C:\Users\Maxos\AppData\Local\Adobe
2017-02-28 23:44 - 2016-07-28 00:29 - 00000000 ____D C:\Users\Maxos\AppData\Roaming\HandBrake
2017-02-27 16:33 - 2015-07-23 23:11 - 00000000 ____D C:\Users\Maxos\AppData\Local\ElevatedDiagnostics
2017-02-27 00:39 - 2016-12-31 00:13 - 00000035 _____ C:\Users\Maxos\Desktop\playwire.txt
2017-02-27 00:29 - 2016-09-25 00:53 - 00000000 ____D C:\Users\Maxos\Downloads\TheBlackList
2017-02-23 17:42 - 2015-08-08 19:08 - 00000000 ____D C:\Users\Maxos\AppData\Roaming\Skype
2017-02-23 17:12 - 2016-12-16 00:04 - 00000000 ____D C:\Users\Maxos\.android
2017-02-23 01:03 - 2015-08-08 19:08 - 00000000 ____D C:\ProgramData\Skype
2017-02-22 23:38 - 2016-12-31 00:27 - 00000000 ____D C:\Users\Maxos\Downloads\Timeless
2017-02-21 22:01 - 2016-03-27 16:08 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-15 01:01 - 2015-06-19 22:43 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-02-15 01:01 - 2015-06-19 22:43 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-15 01:01 - 2015-06-19 22:43 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-02-15 01:01 - 2015-06-19 22:43 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-02-15 01:01 - 2015-06-19 22:43 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-13 14:56 - 2016-05-19 00:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-02-13 14:56 - 2015-06-19 18:18 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-13 14:56 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-02-13 14:52 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-02-13 00:04 - 2015-07-03 15:36 - 00000132 _____ C:\Users\Maxos\AppData\Roaming\Adobe PNG Format CS6 Prefs
2017-02-08 16:48 - 2015-06-28 13:51 - 00000000 ____D C:\Users\Maxos\AppData\Roaming\FileZilla
2017-02-08 10:48 - 2015-06-19 20:11 - 00000000 ____D C:\Users\Maxos\AppData\Local\NVIDIA Corporation
2017-02-08 10:48 - 2015-06-19 19:52 - 00000000 ____D C:\Users\Maxos\AppData\Local\NVIDIA
2017-02-07 20:00 - 2015-07-29 11:00 - 00000000 ____D C:\Users\Maxos\AppData\Local\CrashDumps
2017-02-07 19:59 - 2015-06-19 19:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-02-07 19:59 - 2015-06-19 19:04 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-07 19:59 - 2015-06-19 19:04 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-07 19:59 - 2015-06-19 19:04 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-06 21:18 - 2015-06-19 18:16 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-04 16:33 - 2015-12-19 16:32 - 00000000 ____D C:\Users\Maxos\AppData\Roaming\SlingMedia
2017-02-02 22:03 - 2016-04-25 18:11 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-02-01 23:20 - 2016-02-17 01:18 - 00000000 ____D C:\Users\Maxos\Downloads\Gotham

==================== Files in the root of some directories =======

2015-08-19 21:34 - 2016-02-27 01:30 - 0000132 _____ () C:\Users\Maxos\AppData\Roaming\Adobe GIF Format CS6 Prefs
2015-07-03 15:36 - 2017-02-13 00:04 - 0000132 _____ () C:\Users\Maxos\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-06-20 00:52 - 2017-03-02 01:02 - 0001456 _____ () C:\Users\Maxos\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-07-26 10:16 - 2015-09-20 15:41 - 0007593 _____ () C:\Users\Maxos\AppData\Local\Resmon.ResmonCfg
2015-06-19 18:20 - 2015-06-19 18:20 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-07-10 11:36 - 2015-07-10 12:00 - 0002508 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
2017-01-25 19:12 - 2017-01-25 19:12 - 0739904 _____ (Oracle Corporation) C:\Users\Maxos\AppData\Local\Temp\jre-8u121-windows-au.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-22 13:41

==================== End of FRST.txt ============================

 

 

Addition.txt

Malwarebytes Thread Scan.txt

Share this post


Link to post
Share on other sites

Hey guys, this message started popping up for me today: 

LCGPScO.png

 

I did some google search before asking for help here and the most suggested was to disable SSDP Discovery (windows service), I did it but the message still pops up all the time for me.

I usually get similar messages when using torrent but not this same IP this one stated showing today, all the time, I'm using the same websites I use everyday while working (I've been using malwarebytes for almost a year and never had this problem)

Can someone help me?

 

edit: english is not my first language, sorry, I hope is good enough to undestand...

Edited by newsomthn

Share this post


Link to post
Share on other sites

I am also getting this, just started around 15 mins ago, keeps popping up when opening new tab or browsing on google chrome

Share this post


Link to post
Share on other sites

Like a few I have already read, just in the last half hour started getting warning.

Malicious website blocked

239.255.255.250

chrome.exe

Started simulataoeusly on 2 seperate PC's. Was using one, its started messages. 10 minutes later I tried the other PC I had not been using and same pop-ups.

Scan showed nothing, waiting on windows defender

Seems to carry on with google not open and closed from systray.

Pleas advise

Share this post


Link to post
Share on other sites

I as well am getting the same one as well as this one C/windows/system32/svchost.exe..

Is there something that should be done to stop or remove this?

Edited by quicksilver

Share this post


Link to post
Share on other sites

Same issue here with no tabs open but the malwarebytes forum. 

When I turned of chrome it started appearing from svchost as well.

Edited by coldone

Share this post


Link to post
Share on other sites

This happened to me also, I got a little bit terrified since I am that type of person to care so much about their computer.

Share this post


Link to post
Share on other sites

I am also having the Chrome outbound connection issue, and am appreciatively awaiting a reply from support or others experiencing the instance.

Share this post


Link to post
Share on other sites

Same here, starting from earlier today I had the same behaviour.
Multiple outbound connections, almost all of them from chrome.exe, few instances from svchost.exe

 

thanks

regards

Share this post


Link to post
Share on other sites

We're having the same issue.  Don't know if it's related, but we received an email (gmail) that had a warning that the email might contain "personal information stealing" content.  We did not open it and deleted it.  We shut down chrome and those alerts stopped, but still have the svchost.exe alerts.  Ran a Malwarebytes scan, a Spybot scan, and a Windows Defender scan, that found nothing.  Any updates?

Share this post


Link to post
Share on other sites

Just started getting these messages as well, every time I open a tab.  I've seen it for svchost.exe and chrome.exe.  I tried MS Edge browser (don't judge) and don't get any warnings.

 

Share this post


Link to post
Share on other sites

Its seems to be caused by chrome trying to access the UPNP ports for some reason, ive uninstalled chrome and the problem stopped, reinstalled on clean install problem came up again

Share this post


Link to post
Share on other sites

I've started getting this about an hour ago for the first time ever. Just re-booted and it started immediately that Win 10 had loaded (I have Firefox in my startup folder so might be when that ran).

Share this post


Link to post
Share on other sites

Yup, started for me about 40 mins ago. 

I would like to know what it is in laymans terms, wether its a threat, what is causing it etc and possible solutions.

Share this post


Link to post
Share on other sites

We are really sorry for the inconvenience, this FP was fixed and the update has been pushed out! :)

Share this post


Link to post
Share on other sites

I was just about to post w same problem...just updated with the new fix and waiting to see if it stops...fingers crossed

Share this post


Link to post
Share on other sites

Just updated, it's not stopped.

Certainly seems to be connected to opening new tabs though.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.