Jump to content

Can't click anything in Malwarebyte/some other programs are messing up


Recommended Posts

I've tried running it as admin etc, no result.

It originally started as VLC/AceStream not functioning properly. (It will be locked to the volume slider, so no matter what I click on within it and depending on what side of the volume slider I click it will just adjust the volume and not let me click play/pause/skip forward) so I just dl'ed malwarebytes after reinstalling everything and it is still not working to which I came across the problem of not being able to click anything in malwarebytes either so I can't run a scan. Any help, please? 

Link to post
Share on other sites

Hello jmh1994 and welcome to Malwarebytes,

My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please:

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Change the download folder setting in the Default Browser only. so all of the tools we may use are saved to the Desktop:

user posted imageGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. user posted image
Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

user posted imageMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. user posted image Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.

user posted imageInternet Explorer - Click the Tools menu in the upper right-corner of the browser. user posted image Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

user posted imageChange default download folder location in Edge -Boot to a user account with admin status, select start > file explorer > right click on "Downloads" folder and select "Properties"

In the new window select "Location" tab > clear the text field box and type in or copy/paste %userprofile%\Desktop > select "Apply" then "OK"

Be aware you are not changing the Browser download folder location, you are changing the user’s download directory location.....

Next,

Follow the instructions in the following link to show hidden files:

http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs...

Thank you,

Kevin..
Link to post
Share on other sites

Hey Kevin, thanks for your help!

This is the FRST.txt log that is to be copied and pasted like you said:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-03-2017 01
Ran by Jordan (administrator) on JORDAN-PC (11-03-2017 18:08:13)
Running from C:\Users\Jordan\Desktop
Loaded Profiles: Jordan (Available Profiles: Jordan & DefaultAppPool)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(The Within Network, LLC) C:\Windows\UnsignedThemesSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.7\ToolbarUpdater.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Spotify Ltd) C:\Users\Jordan\AppData\Roaming\Spotify\SpotifyWebHelper.exe
() C:\Program Files (x86)\EBLUE MOUSE\ebluemon.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-Agent.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Valve Corporation) C:\Program Files (x86)\Steam\steamerrorreporter.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-Service.exe
(BlueStack Systems) C:\Program Files (x86)\Bluestacks\HD-Network.exe
(BlueStack Systems) C:\Program Files (x86)\Bluestacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files (x86)\Bluestacks\HD-SharedFolder.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Spotify Ltd) C:\Users\Jordan\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Jordan\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Jordan\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Jordan\AppData\Roaming\Spotify\Spotify.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8521968 2015-08-05] (Realtek Semiconductor)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Pixart Imaging Inc)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [8029576 2016-11-03] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2183752 2017-02-16] ()
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1870928 2016-12-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-902883531-370755522-233234464-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3019552 2017-03-09] (Valve Corporation)
HKU\S-1-5-21-902883531-370755522-233234464-1000\...\Run: [Spotify Web Helper] => C:\Users\Jordan\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-03-09] (Spotify Ltd)
HKU\S-1-5-21-902883531-370755522-233234464-1000\...\Run: [eblueMouseRun] => C:\Program Files (x86)\EBLUE MOUSE\ebluemon.exe [3637248 2013-11-15] ()
HKU\S-1-5-21-902883531-370755522-233234464-1000\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe [970264 2016-06-09] (BlueStack Systems, Inc.)
HKU\S-1-5-21-902883531-370755522-233234464-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4295360 2016-06-08] (Disc Soft Ltd)
HKU\S-1-5-21-902883531-370755522-233234464-1000\...\MountPoints2: {3f514674-30d0-11e6-a9cb-9c5c8ec069fb} - H:\Autoplay.exe -auto
HKU\S-1-5-21-902883531-370755522-233234464-1000\...\MountPoints2: {a3db1e88-06c1-11e6-9479-806e6f6e6963} - D:\Launch.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{73E344C9-CFD2-47EF-B48C-0684360062EE}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{F1BE0AC0-EDA7-4B68-BED2-F81B361C4E00}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-902883531-370755522-233234464-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={93C7C40C-11A0-4168-9281-9DAA30A02C30}&mid=b7159a8438ff47cc92b14d15c8248008-05d2f3241b6cbc189aedeb122fc32f209eec214f&lang=en&ds=AVG&coid=avgtbavg&cmpid=0217tb&pr=fr&d=2016-04-20 11:51:09&v=4.3.7.452&pid=wtu&sg=&sap=hp
SearchScopes: HKU\S-1-5-21-902883531-370755522-233234464-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={93C7C40C-11A0-4168-9281-9DAA30A02C30}&mid=b7159a8438ff47cc92b14d15c8248008-05d2f3241b6cbc189aedeb122fc32f209eec214f&lang=en&ds=AVG&coid=avgtbavg&cmpid=0217tb&pr=fr&d=2016-04-20 11:51:09&v=4.3.7.452&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-902883531-370755522-233234464-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={93C7C40C-11A0-4168-9281-9DAA30A02C30}&mid=b7159a8438ff47cc92b14d15c8248008-05d2f3241b6cbc189aedeb122fc32f209eec214f&lang=en&ds=AVG&coid=avgtbavg&cmpid=0217tb&pr=fr&d=2016-04-20 11:51:09&v=4.3.7.452&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-05-31] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-09-30] (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-31] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-09-30] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-05-31] (Oracle Corporation)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.3.7.452\AVG Web TuneUp.dll [2017-02-16] (AVG)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-09-30] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-31] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-09-30] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-09-30] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-09-30] (Adobe Systems Incorporated)

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2017-01-13]
FF HKU\S-1-5-21-902883531-370755522-233234464-1000\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\Jordan\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi
FF Extension: (Ace Stream Web Extension) - C:\Users\Jordan\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi [2017-01-31]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-14] ()
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-31] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-31] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-14] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.7\\npsitesafety.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-31] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)
FF Plugin HKU\S-1-5-21-902883531-370755522-233234464-1000: @acestream.net/acestreamplugin,version=3.1.16 -> C:\Users\Jordan\AppData\Roaming\ACEStream\player\npace_plugin.dll [2017-01-13] (Innovative Digital Technologies)
FF Plugin HKU\S-1-5-21-902883531-370755522-233234464-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Jordan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-28] (Unity Technologies ApS)

Chrome: 
=======
CHR DefaultProfile: Profile 2
CHR HomePage: Profile 2 -> mysearch.avg.com/?rvt=1
CHR StartupUrls: Profile 2 -> "hxxp://google.co.uk/"
CHR DefaultSearchURL: Profile 2 -> hxxps://mysearch.avg.com/search?rvt=1&sap=dsp&q={searchTerms}
CHR DefaultSearchKeyword: Profile 2 -> https://mysearch.avg.com
CHR DefaultSuggestURL: Profile 2 -> hxxps://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR Profile: C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Profile 1 [2016-04-20]
CHR Profile: C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Profile 2 [2017-03-11]
CHR Extension: (Google Slides) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-20]
CHR Extension: (BetterTTV) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2016-08-15]
CHR Extension: (Google Docs) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-20]
CHR Extension: (Google Drive) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-20]
CHR Extension: (YouTube) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-20]
CHR Extension: (AVG Secure Search) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2016-04-20]
CHR Extension: (uBlock Origin) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-03-09]
CHR Extension: (Google Sheets) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-20]
CHR Extension: (Slither.io Mod Play with friends Without LAGS) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\foocpcikeakahdlplgpgfoilanoajijf [2016-06-03]
CHR Extension: (Google Docs Offline) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-20]
CHR Extension: (Emoji Input by EmojiStuff.com) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\immhpnclomdloikkpcefncmfgjbkojmh [2017-01-09]
CHR Extension: (Imagus) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\immpkjjlgappgfkkfieppnmlhakdmaab [2017-02-17]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2017-02-16]
CHR Extension: (Flamite) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\kgobopgcnapcnblkpelgjjblnjjpgejk [2017-03-05]
CHR Extension: (Ace Stream Web Extension) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo [2017-03-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Page Monitor) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ogeebjpdeabhncjpfhgdibjajcajepgg [2016-04-28]
CHR Extension: (4chan X) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ohnjgmpcibpbafdlkimncjhflgedgpam [2017-02-21]
CHR Extension: (Gmail) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-20]
CHR Extension: (Chrome Media Router) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]
CHR HKU\S-1-5-21-902883531-370755522-233234464-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [chfdnecihphmhljaaejmgoiahnihplgn] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-902883531-370755522-233234464-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-902883531-370755522-233234464-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated)
R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2016-11-03] (Advanced Micro Devices) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [971160 2017-01-09] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5337600 2017-01-09] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1146128 2016-12-06] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [725976 2017-01-09] (AVG Technologies CZ, s.r.o.)
R3 BstHdAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Service.exe [441880 2016-06-09] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [421400 2016-06-09] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [458264 2016-06-09] (BlueStack Systems, Inc.)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1458368 2016-06-08] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [243984 2016-04-21] (EasyAntiCheat Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2122248 2016-08-31] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2016-04-20] ()
R2 UnsignedThemes; C:\Windows\UnsignedThemesSvc.exe [24168 2009-07-13] (The Within Network, LLC)
R2 vToolbarUpdater40.3.7; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.7\ToolbarUpdater.exe [1354312 2017-02-16] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [981576 2017-02-16] ()

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [305544 2016-11-04] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-09-09] ()
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [312576 2016-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [267008 2016-10-05] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [298240 2016-11-30] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [254208 2016-09-26] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [299264 2016-07-27] (AVG Technologies CZ, s.r.o.)
R0 avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o.)
R3 BstHdDrv; C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [152672 2016-06-09] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\Bluestacks\BstkDrv.sys [270904 2016-05-30] (Bluestack System Inc. )
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-06-13] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-06-13] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77408 2017-02-24] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [31144 2015-06-22] (Intel Corporation)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [186304 2017-03-11] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [111544 2017-03-11] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-03-11] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251840 2017-03-11] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [82208 2017-03-11] (Malwarebytes)
R3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] ()
R2 uxpatch; C:\Windows\system32\drivers\uxpatch.sys [30568 2009-07-13] ()
R3 voxaldriver; C:\Windows\System32\DRIVERS\voxaldriverx64.sys [43472 2016-04-25] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-11 18:08 - 2017-03-11 18:08 - 00025283 _____ C:\Users\Jordan\Desktop\FRST.txt
2017-03-11 18:07 - 2017-03-11 18:08 - 00000000 ____D C:\FRST
2017-03-11 18:07 - 2017-03-11 18:07 - 02424320 _____ (Farbar) C:\Users\Jordan\Desktop\FRST64.exe
2017-03-11 13:56 - 2017-03-11 14:00 - 00251840 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-03-11 13:56 - 2017-03-11 14:00 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-03-11 13:56 - 2017-03-11 14:00 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-03-11 13:56 - 2017-03-11 14:00 - 00082208 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-03-11 13:56 - 2017-03-11 14:00 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-03-11 13:56 - 2017-03-11 13:56 - 00001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-03-11 13:56 - 2017-03-11 13:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-03-11 13:56 - 2017-03-11 13:56 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-11 13:56 - 2017-03-11 13:56 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-11 13:56 - 2017-02-24 06:23 - 00077408 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-03-11 13:55 - 2017-03-11 13:55 - 57131432 _____ (Malwarebytes ) C:\Users\Jordan\Downloads\mb3-setup-consumer-3.0.6.1469-1075.exe
2017-03-11 13:45 - 2017-03-11 13:53 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\vlc
2017-03-11 13:19 - 2017-03-11 13:19 - 00002025 _____ C:\Users\Jordan\Desktop\Ace Stream Media Center.lnk
2017-03-11 13:19 - 2017-03-11 13:19 - 00001921 _____ C:\Users\Jordan\Desktop\Ace Player.lnk
2017-03-11 13:19 - 2017-03-11 13:19 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Stream Media
2017-03-11 13:18 - 2017-03-11 13:24 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\ACEStream
2017-03-11 13:13 - 2017-03-11 13:13 - 00001062 _____ C:\Users\Public\Desktop\VLC media player.lnk
2017-03-11 13:13 - 2017-03-11 13:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2017-03-11 13:09 - 2017-03-11 13:10 - 83379152 _____ C:\Users\Jordan\Downloads\Ace_Stream_Media_3.1.16.exe
2017-03-11 13:09 - 2017-03-11 13:09 - 30533688 _____ C:\Users\Jordan\Downloads\vlc-2.2.4-win32.exe
2017-03-11 04:17 - 2017-03-11 04:17 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-03-11 04:17 - 2017-03-11 04:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-03-11 04:17 - 2017-03-11 04:17 - 00000000 ____D C:\Program Files\iTunes
2017-03-11 04:17 - 2017-03-11 04:17 - 00000000 ____D C:\Program Files\iPod
2017-03-11 04:11 - 2017-03-11 04:11 - 177092424 _____ (Apple Inc.) C:\Users\Jordan\Downloads\iTunes6464Setup.exe
2017-03-09 14:48 - 2017-03-09 14:48 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\Equalify
2017-03-09 14:47 - 2017-03-09 14:47 - 09459568 _____ (Leonardsen Software) C:\Users\Jordan\Downloads\Equalify-1.1.7-installer.exe
2017-03-09 11:04 - 2017-03-09 11:04 - 00113696 _____ (Eugene V. Muzychenko) C:\Windows\system32\Drivers\vrtaucbl.sys
2017-03-09 11:04 - 2017-03-09 11:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Audio Cable
2017-03-09 11:04 - 2017-03-09 11:04 - 00000000 ____D C:\Program Files\Virtual Audio Cable
2017-03-08 16:14 - 2017-03-11 04:34 - 00000000 ____D C:\Users\Jordan\Desktop\jordan
2017-03-06 16:03 - 2017-03-06 16:03 - 00083232 _____ C:\Users\Jordan\Documents\bookmarks_3_6_17.html
2017-03-04 22:23 - 2017-03-04 22:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-02-27 16:51 - 2017-02-27 16:57 - 00000000 ____D C:\Users\Jordan\Downloads\Prisoners (2013) [1080p]
2017-02-14 14:23 - 2017-02-14 14:23 - 20359768 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-11 18:05 - 2016-04-20 02:09 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\Spotify
2017-03-11 18:00 - 2016-04-20 02:09 - 00000000 ____D C:\Users\Jordan\AppData\Local\Spotify
2017-03-11 17:38 - 2016-04-20 10:44 - 00000000 ____D C:\ProgramData\MFAData
2017-03-11 17:23 - 2016-04-20 00:54 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-03-11 14:43 - 2017-01-19 18:42 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\obs-studio
2017-03-11 14:36 - 2016-04-20 00:57 - 00000000 ____D C:\Program Files (x86)\Steam
2017-03-11 14:08 - 2009-07-14 04:45 - 00021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-11 14:08 - 2009-07-14 04:45 - 00021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-11 14:00 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-11 13:59 - 2016-04-20 00:15 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2017-03-11 13:58 - 2016-04-20 10:26 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\uTorrent
2017-03-11 13:43 - 2016-04-20 10:46 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\.ACEStream
2017-03-11 13:36 - 2017-02-04 22:49 - 00000000 ____D C:\Users\Jordan\AppData\LocalLow\uTorrent
2017-03-11 13:12 - 2016-04-20 10:44 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2017-03-11 12:43 - 2017-02-08 19:11 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\TS3Client
2017-03-11 04:36 - 2016-07-21 23:27 - 00000000 ____D C:\Users\Jordan\Downloads\4788 - Pokemon - SoulSilver Version (U)
2017-03-11 04:17 - 2016-04-29 03:06 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-03-11 02:00 - 2016-04-20 00:54 - 00000000 ____D C:\Users\Jordan\AppData\Local\Adobe
2017-03-10 22:23 - 2016-09-20 13:58 - 00003590 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2017-03-10 20:22 - 2016-06-12 19:36 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2017-03-09 11:04 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\inf
2017-03-08 16:14 - 2017-01-25 00:08 - 00068096 ___SH C:\Users\Jordan\Thumbs.db
2017-03-07 14:37 - 2016-04-19 23:41 - 00000000 ____D C:\Users\Jordan
2017-03-05 01:21 - 2016-04-24 02:11 - 00000000 ___HD C:\_acestream_cache_
2017-03-04 23:35 - 2016-04-20 00:59 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\Skype
2017-03-04 22:23 - 2016-04-20 00:59 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-03-04 22:23 - 2016-04-20 00:59 - 00000000 ____D C:\ProgramData\Skype
2017-03-02 14:12 - 2016-04-19 23:51 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-27 16:23 - 2016-12-15 17:37 - 00000000 ____D C:\Users\Jordan\Desktop\__MACOSX
2017-02-24 03:02 - 2016-04-20 10:32 - 00000000 ____D C:\Windows\system32\MRT
2017-02-24 03:00 - 2016-04-20 10:32 - 138020592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-02-22 06:49 - 2016-11-28 10:38 - 00002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2017-02-20 01:22 - 2016-04-22 00:18 - 00000000 ____D C:\Users\Jordan\AppData\Local\UnrealEngine
2017-02-16 00:31 - 2016-04-20 10:51 - 00000000 ____D C:\ProgramData\AVG Web TuneUp
2017-02-16 00:31 - 2016-04-20 10:50 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp
2017-02-14 14:23 - 2016-04-20 00:54 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-02-14 14:23 - 2016-04-20 00:54 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-14 14:23 - 2016-04-20 00:54 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-02-14 14:23 - 2016-04-20 00:54 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-02-14 14:23 - 2016-04-20 00:54 - 00000000 ____D C:\Windows\system32\Macromed

==================== Files in the root of some directories =======

2016-04-25 23:46 - 2016-04-25 23:46 - 0001181 _____ () C:\Users\Jordan\AppData\Roaming\trace_FilterInstaller.txt
2016-04-25 23:46 - 2016-04-25 23:46 - 0000000 _____ () C:\Users\Jordan\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2016-04-19 23:52 - 2016-04-19 23:52 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
2016-08-22 18:57 - 2016-07-20 13:01 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Jordan\AppData\Local\Temp\avguirn_081632253704.exe
2016-05-13 21:16 - 2016-04-14 16:29 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Jordan\AppData\Local\Temp\avguirn_081688820498.exe
2016-06-01 16:21 - 2016-04-22 09:01 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Jordan\AppData\Local\Temp\avguirn_081720001349.exe
2016-06-23 11:18 - 2016-05-18 12:03 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Jordan\AppData\Local\Temp\avguirn_08178953194.exe
2016-07-27 22:40 - 2016-06-21 17:49 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Jordan\AppData\Local\Temp\avguirn_082032573307.exe
2016-06-13 14:10 - 2016-06-13 14:10 - 0102912 _____ () C:\Users\Jordan\AppData\Local\Temp\bitool.dll
2017-01-18 01:29 - 2017-01-18 01:29 - 0739904 _____ (Oracle Corporation) C:\Users\Jordan\AppData\Local\Temp\jre-8u121-windows-au.exe
2016-08-31 12:08 - 2016-08-31 12:08 - 13125000 _____ (AMD Inc.) C:\Users\Jordan\AppData\Local\Temp\radeon-crimson-16.7.3-minimalsetup-160728.exe
2016-11-04 00:39 - 2016-11-04 00:39 - 13195000 _____ (AMD Inc.) C:\Users\Jordan\AppData\Local\Temp\radeon-crimson-16.9.2-minimalsetup-161003.exe
2016-05-20 17:23 - 2017-03-04 22:21 - 56756184 _____ (Skype Technologies S.A.) C:\Users\Jordan\AppData\Local\Temp\SkypeSetup.exe
2017-03-04 22:22 - 2017-03-04 22:22 - 14456872 _____ (Microsoft Corporation) C:\Users\Jordan\AppData\Local\Temp\vc_redist.x86.exe
2016-08-10 09:29 - 2016-08-10 09:29 - 30533688 _____ () C:\Users\Jordan\AppData\Local\Temp\vlc-2.2.4-win32.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 

Addition.txt

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-03-2017 01
Ran by Jordan (administrator) on JORDAN-PC (11-03-2017 18:58:10)
Running from C:\Users\Jordan\Desktop
Loaded Profiles: Jordan (Available Profiles: Jordan & DefaultAppPool)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(The Within Network, LLC) C:\Windows\UnsignedThemesSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.7\ToolbarUpdater.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Spotify Ltd) C:\Users\Jordan\AppData\Roaming\Spotify\SpotifyWebHelper.exe
() C:\Program Files (x86)\EBLUE MOUSE\ebluemon.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-Agent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8521968 2015-08-05] (Realtek Semiconductor)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Pixart Imaging Inc)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [8029576 2016-11-03] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2183752 2017-02-16] ()
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1870928 2016-12-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-902883531-370755522-233234464-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3019552 2017-03-09] (Valve Corporation)
HKU\S-1-5-21-902883531-370755522-233234464-1000\...\Run: [Spotify Web Helper] => C:\Users\Jordan\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-03-09] (Spotify Ltd)
HKU\S-1-5-21-902883531-370755522-233234464-1000\...\Run: [eblueMouseRun] => C:\Program Files (x86)\EBLUE MOUSE\ebluemon.exe [3637248 2013-11-15] ()
HKU\S-1-5-21-902883531-370755522-233234464-1000\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe [970264 2016-06-09] (BlueStack Systems, Inc.)
HKU\S-1-5-21-902883531-370755522-233234464-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4295360 2016-06-08] (Disc Soft Ltd)
HKU\S-1-5-21-902883531-370755522-233234464-1000\...\MountPoints2: {3f514674-30d0-11e6-a9cb-9c5c8ec069fb} - H:\Autoplay.exe -auto
HKU\S-1-5-21-902883531-370755522-233234464-1000\...\MountPoints2: {a3db1e88-06c1-11e6-9479-806e6f6e6963} - D:\Launch.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{73E344C9-CFD2-47EF-B48C-0684360062EE}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{F1BE0AC0-EDA7-4B68-BED2-F81B361C4E00}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-902883531-370755522-233234464-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={93C7C40C-11A0-4168-9281-9DAA30A02C30}&mid=b7159a8438ff47cc92b14d15c8248008-05d2f3241b6cbc189aedeb122fc32f209eec214f&lang=en&ds=AVG&coid=avgtbavg&cmpid=0217tb&pr=fr&d=2016-04-20 11:51:09&v=4.3.7.452&pid=wtu&sg=&sap=hp
SearchScopes: HKU\S-1-5-21-902883531-370755522-233234464-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={93C7C40C-11A0-4168-9281-9DAA30A02C30}&mid=b7159a8438ff47cc92b14d15c8248008-05d2f3241b6cbc189aedeb122fc32f209eec214f&lang=en&ds=AVG&coid=avgtbavg&cmpid=0217tb&pr=fr&d=2016-04-20 11:51:09&v=4.3.7.452&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-902883531-370755522-233234464-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={93C7C40C-11A0-4168-9281-9DAA30A02C30}&mid=b7159a8438ff47cc92b14d15c8248008-05d2f3241b6cbc189aedeb122fc32f209eec214f&lang=en&ds=AVG&coid=avgtbavg&cmpid=0217tb&pr=fr&d=2016-04-20 11:51:09&v=4.3.7.452&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-05-31] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-09-30] (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-31] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-09-30] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-05-31] (Oracle Corporation)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.3.7.452\AVG Web TuneUp.dll [2017-02-16] (AVG)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-09-30] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-31] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-09-30] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-09-30] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-09-30] (Adobe Systems Incorporated)

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2017-01-13]
FF HKU\S-1-5-21-902883531-370755522-233234464-1000\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\Jordan\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi
FF Extension: (Ace Stream Web Extension) - C:\Users\Jordan\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi [2017-01-31]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-14] ()
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-31] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-31] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-14] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.7\\npsitesafety.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-31] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)
FF Plugin HKU\S-1-5-21-902883531-370755522-233234464-1000: @acestream.net/acestreamplugin,version=3.1.16 -> C:\Users\Jordan\AppData\Roaming\ACEStream\player\npace_plugin.dll [2017-01-13] (Innovative Digital Technologies)
FF Plugin HKU\S-1-5-21-902883531-370755522-233234464-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Jordan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-28] (Unity Technologies ApS)

Chrome: 
=======
CHR DefaultProfile: Profile 2
CHR HomePage: Profile 2 -> mysearch.avg.com/?rvt=1
CHR StartupUrls: Profile 2 -> "hxxp://google.co.uk/"
CHR DefaultSearchURL: Profile 2 -> hxxps://mysearch.avg.com/search?rvt=1&sap=dsp&q={searchTerms}
CHR DefaultSearchKeyword: Profile 2 -> https://mysearch.avg.com
CHR DefaultSuggestURL: Profile 2 -> hxxps://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR Profile: C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Profile 1 [2016-04-20]
CHR Profile: C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Profile 2 [2017-03-11]
CHR Extension: (Google Slides) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-20]
CHR Extension: (BetterTTV) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2016-08-15]
CHR Extension: (Google Docs) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-20]
CHR Extension: (Google Drive) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-20]
CHR Extension: (YouTube) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-20]
CHR Extension: (AVG Secure Search) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2016-04-20]
CHR Extension: (uBlock Origin) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-03-09]
CHR Extension: (Google Sheets) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-20]
CHR Extension: (Slither.io Mod Play with friends Without LAGS) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\foocpcikeakahdlplgpgfoilanoajijf [2016-06-03]
CHR Extension: (Google Docs Offline) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-20]
CHR Extension: (Emoji Input by EmojiStuff.com) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\immhpnclomdloikkpcefncmfgjbkojmh [2017-01-09]
CHR Extension: (Imagus) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\immpkjjlgappgfkkfieppnmlhakdmaab [2017-02-17]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2017-02-16]
CHR Extension: (Flamite) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\kgobopgcnapcnblkpelgjjblnjjpgejk [2017-03-05]
CHR Extension: (Ace Stream Web Extension) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo [2017-03-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Page Monitor) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ogeebjpdeabhncjpfhgdibjajcajepgg [2016-04-28]
CHR Extension: (4chan X) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ohnjgmpcibpbafdlkimncjhflgedgpam [2017-02-21]
CHR Extension: (Gmail) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-20]
CHR Extension: (Chrome Media Router) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]
CHR HKU\S-1-5-21-902883531-370755522-233234464-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [chfdnecihphmhljaaejmgoiahnihplgn] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-902883531-370755522-233234464-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-902883531-370755522-233234464-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated)
R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2016-11-03] (Advanced Micro Devices) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [971160 2017-01-09] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5337600 2017-01-09] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1146128 2016-12-06] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [725976 2017-01-09] (AVG Technologies CZ, s.r.o.)
S3 BstHdAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Service.exe [441880 2016-06-09] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [421400 2016-06-09] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [458264 2016-06-09] (BlueStack Systems, Inc.)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1458368 2016-06-08] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [243984 2016-04-21] (EasyAntiCheat Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2122248 2016-08-31] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2016-04-20] ()
R2 UnsignedThemes; C:\Windows\UnsignedThemesSvc.exe [24168 2009-07-13] (The Within Network, LLC)
R2 vToolbarUpdater40.3.7; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.7\ToolbarUpdater.exe [1354312 2017-02-16] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [981576 2017-02-16] ()

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [305544 2016-11-04] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-09-09] ()
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [312576 2016-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [267008 2016-10-05] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [298240 2016-11-30] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [254208 2016-09-26] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [299264 2016-07-27] (AVG Technologies CZ, s.r.o.)
R0 avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o.)
S3 BstHdDrv; C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [152672 2016-06-09] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\Bluestacks\BstkDrv.sys [270904 2016-05-30] (Bluestack System Inc. )
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-06-13] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-06-13] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77408 2017-02-24] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [31144 2015-06-22] (Intel Corporation)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [186304 2017-03-11] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [111544 2017-03-11] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-03-11] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251840 2017-03-11] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [82208 2017-03-11] (Malwarebytes)
R3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] ()
R2 uxpatch; C:\Windows\system32\drivers\uxpatch.sys [30568 2009-07-13] ()
R3 voxaldriver; C:\Windows\System32\DRIVERS\voxaldriverx64.sys [43472 2016-04-25] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-11 18:57 - 2017-03-11 18:57 - 02424320 _____ (Farbar) C:\Users\Jordan\Desktop\FRST64.exe
2017-03-11 18:43 - 2017-03-11 18:43 - 00007629 _____ C:\Users\Jordan\AppData\Local\Resmon.ResmonCfg
2017-03-11 18:08 - 2017-03-11 18:58 - 00024234 _____ C:\Users\Jordan\Desktop\FRST.txt
2017-03-11 18:07 - 2017-03-11 18:08 - 00000000 ____D C:\FRST
2017-03-11 13:56 - 2017-03-11 18:49 - 00251840 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-03-11 13:56 - 2017-03-11 18:49 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-03-11 13:56 - 2017-03-11 18:49 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-03-11 13:56 - 2017-03-11 18:49 - 00082208 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-03-11 13:56 - 2017-03-11 18:49 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-03-11 13:56 - 2017-03-11 13:56 - 00001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-03-11 13:56 - 2017-03-11 13:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-03-11 13:56 - 2017-03-11 13:56 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-11 13:56 - 2017-03-11 13:56 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-11 13:56 - 2017-02-24 06:23 - 00077408 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-03-11 13:55 - 2017-03-11 13:55 - 57131432 _____ (Malwarebytes ) C:\Users\Jordan\Downloads\mb3-setup-consumer-3.0.6.1469-1075.exe
2017-03-11 13:45 - 2017-03-11 13:53 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\vlc
2017-03-11 13:19 - 2017-03-11 13:19 - 00002025 _____ C:\Users\Jordan\Desktop\Ace Stream Media Center.lnk
2017-03-11 13:19 - 2017-03-11 13:19 - 00001921 _____ C:\Users\Jordan\Desktop\Ace Player.lnk
2017-03-11 13:19 - 2017-03-11 13:19 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Stream Media
2017-03-11 13:18 - 2017-03-11 13:24 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\ACEStream
2017-03-11 13:13 - 2017-03-11 13:13 - 00001062 _____ C:\Users\Public\Desktop\VLC media player.lnk
2017-03-11 13:13 - 2017-03-11 13:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2017-03-11 13:09 - 2017-03-11 13:10 - 83379152 _____ C:\Users\Jordan\Downloads\Ace_Stream_Media_3.1.16.exe
2017-03-11 13:09 - 2017-03-11 13:09 - 30533688 _____ C:\Users\Jordan\Downloads\vlc-2.2.4-win32.exe
2017-03-11 04:17 - 2017-03-11 04:17 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-03-11 04:17 - 2017-03-11 04:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-03-11 04:17 - 2017-03-11 04:17 - 00000000 ____D C:\Program Files\iTunes
2017-03-11 04:17 - 2017-03-11 04:17 - 00000000 ____D C:\Program Files\iPod
2017-03-11 04:11 - 2017-03-11 04:11 - 177092424 _____ (Apple Inc.) C:\Users\Jordan\Downloads\iTunes6464Setup.exe
2017-03-09 14:48 - 2017-03-09 14:48 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\Equalify
2017-03-09 14:47 - 2017-03-09 14:47 - 09459568 _____ (Leonardsen Software) C:\Users\Jordan\Downloads\Equalify-1.1.7-installer.exe
2017-03-09 11:04 - 2017-03-09 11:04 - 00113696 _____ (Eugene V. Muzychenko) C:\Windows\system32\Drivers\vrtaucbl.sys
2017-03-09 11:04 - 2017-03-09 11:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Audio Cable
2017-03-09 11:04 - 2017-03-09 11:04 - 00000000 ____D C:\Program Files\Virtual Audio Cable
2017-03-08 16:14 - 2017-03-11 04:34 - 00000000 ____D C:\Users\Jordan\Desktop\jordan
2017-03-06 16:03 - 2017-03-06 16:03 - 00083232 _____ C:\Users\Jordan\Documents\bookmarks_3_6_17.html
2017-03-04 22:23 - 2017-03-04 22:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-02-27 16:51 - 2017-02-27 16:57 - 00000000 ____D C:\Users\Jordan\Downloads\Prisoners (2013) [1080p]
2017-02-14 14:23 - 2017-02-14 14:23 - 20359768 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-11 18:57 - 2009-07-14 04:45 - 00021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-11 18:57 - 2009-07-14 04:45 - 00021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-11 18:55 - 2016-04-20 00:57 - 00000000 ____D C:\Program Files (x86)\Steam
2017-03-11 18:49 - 2016-04-20 10:44 - 00000000 ____D C:\ProgramData\MFAData
2017-03-11 18:49 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-11 18:48 - 2016-04-20 00:15 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2017-03-11 18:44 - 2016-04-20 02:09 - 00000000 ____D C:\Users\Jordan\AppData\Local\Spotify
2017-03-11 18:23 - 2016-04-20 00:54 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-03-11 18:05 - 2016-04-20 02:09 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\Spotify
2017-03-11 14:43 - 2017-01-19 18:42 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\obs-studio
2017-03-11 13:58 - 2016-04-20 10:26 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\uTorrent
2017-03-11 13:43 - 2016-04-20 10:46 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\.ACEStream
2017-03-11 13:36 - 2017-02-04 22:49 - 00000000 ____D C:\Users\Jordan\AppData\LocalLow\uTorrent
2017-03-11 13:12 - 2016-04-20 10:44 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2017-03-11 12:43 - 2017-02-08 19:11 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\TS3Client
2017-03-11 04:36 - 2016-07-21 23:27 - 00000000 ____D C:\Users\Jordan\Downloads\4788 - Pokemon - SoulSilver Version (U)
2017-03-11 04:17 - 2016-04-29 03:06 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-03-11 02:00 - 2016-04-20 00:54 - 00000000 ____D C:\Users\Jordan\AppData\Local\Adobe
2017-03-10 22:23 - 2016-09-20 13:58 - 00003590 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2017-03-10 20:22 - 2016-06-12 19:36 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2017-03-09 11:04 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\inf
2017-03-08 16:14 - 2017-01-25 00:08 - 00068096 ___SH C:\Users\Jordan\Thumbs.db
2017-03-07 14:37 - 2016-04-19 23:41 - 00000000 ____D C:\Users\Jordan
2017-03-05 01:21 - 2016-04-24 02:11 - 00000000 ___HD C:\_acestream_cache_
2017-03-04 23:35 - 2016-04-20 00:59 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\Skype
2017-03-04 22:23 - 2016-04-20 00:59 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-03-04 22:23 - 2016-04-20 00:59 - 00000000 ____D C:\ProgramData\Skype
2017-03-02 14:12 - 2016-04-19 23:51 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-27 16:23 - 2016-12-15 17:37 - 00000000 ____D C:\Users\Jordan\Desktop\__MACOSX
2017-02-24 03:02 - 2016-04-20 10:32 - 00000000 ____D C:\Windows\system32\MRT
2017-02-24 03:00 - 2016-04-20 10:32 - 138020592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-02-22 06:49 - 2016-11-28 10:38 - 00002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2017-02-20 01:22 - 2016-04-22 00:18 - 00000000 ____D C:\Users\Jordan\AppData\Local\UnrealEngine
2017-02-16 00:31 - 2016-04-20 10:51 - 00000000 ____D C:\ProgramData\AVG Web TuneUp
2017-02-16 00:31 - 2016-04-20 10:50 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp
2017-02-14 14:23 - 2016-04-20 00:54 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-02-14 14:23 - 2016-04-20 00:54 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-14 14:23 - 2016-04-20 00:54 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-02-14 14:23 - 2016-04-20 00:54 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-02-14 14:23 - 2016-04-20 00:54 - 00000000 ____D C:\Windows\system32\Macromed

==================== Files in the root of some directories =======

2016-04-25 23:46 - 2016-04-25 23:46 - 0001181 _____ () C:\Users\Jordan\AppData\Roaming\trace_FilterInstaller.txt
2016-04-25 23:46 - 2016-04-25 23:46 - 0000000 _____ () C:\Users\Jordan\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2017-03-11 18:43 - 2017-03-11 18:43 - 0007629 _____ () C:\Users\Jordan\AppData\Local\Resmon.ResmonCfg
2016-04-19 23:52 - 2016-04-19 23:52 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
2016-08-22 18:57 - 2016-07-20 13:01 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Jordan\AppData\Local\Temp\avguirn_081632253704.exe
2016-05-13 21:16 - 2016-04-14 16:29 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Jordan\AppData\Local\Temp\avguirn_081688820498.exe
2016-06-01 16:21 - 2016-04-22 09:01 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Jordan\AppData\Local\Temp\avguirn_081720001349.exe
2016-06-23 11:18 - 2016-05-18 12:03 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Jordan\AppData\Local\Temp\avguirn_08178953194.exe
2016-07-27 22:40 - 2016-06-21 17:49 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Jordan\AppData\Local\Temp\avguirn_082032573307.exe
2016-06-13 14:10 - 2016-06-13 14:10 - 0102912 _____ () C:\Users\Jordan\AppData\Local\Temp\bitool.dll
2017-01-18 01:29 - 2017-01-18 01:29 - 0739904 _____ (Oracle Corporation) C:\Users\Jordan\AppData\Local\Temp\jre-8u121-windows-au.exe
2016-08-31 12:08 - 2016-08-31 12:08 - 13125000 _____ (AMD Inc.) C:\Users\Jordan\AppData\Local\Temp\radeon-crimson-16.7.3-minimalsetup-160728.exe
2016-11-04 00:39 - 2016-11-04 00:39 - 13195000 _____ (AMD Inc.) C:\Users\Jordan\AppData\Local\Temp\radeon-crimson-16.9.2-minimalsetup-161003.exe
2016-05-20 17:23 - 2017-03-04 22:21 - 56756184 _____ (Skype Technologies S.A.) C:\Users\Jordan\AppData\Local\Temp\SkypeSetup.exe
2017-03-04 22:22 - 2017-03-04 22:22 - 14456872 _____ (Microsoft Corporation) C:\Users\Jordan\AppData\Local\Temp\vc_redist.x86.exe
2016-08-10 09:29 - 2016-08-10 09:29 - 30533688 _____ () C:\Users\Jordan\AppData\Local\Temp\vlc-2.2.4-win32.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-05 06:34

==================== End of FRST.txt ============================

Addition.txt

Link to post
Share on other sites

Also I play Modern Warfare Remastered on Steam and it's now running and jittering at 20~ fps when I was playing it at the capped 90 FPS yesterday and the rest of the week just fine. This is after installing MalwareBytes. It's doing something wrong... I'm uninstalling it for the time being until I get more direction. 

Link to post
Share on other sites

I`d leave Malwarebytes alone for now, if you want to remove it later i`ll give a link for a removal tool that will make the removal easier. I do not see a great deal wrong with FRST logs except for Hosts file, you are obviously aware of entries added to the hosts... Most entries are blacklisted for spamming, the hosts needs to be reset for now and see if that makes any difference.

Continue with the following:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.


Next,

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes deal with any found entries... Then select "Export Summary" then "Text File (*.txt)" name that log and save , you can copy or attach that to your reply...

Next,

Download AdwCleaner by Xplode onto your Desktop.
 
  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...


Next,

user posted imageEmsisoft Emergency Kit
  • Click Here to download Emsisoft Emergency Kit. The download will automatically start after a moment.
  • Save EmsisoftEmergencyKit.exe to your Desktop.
  • Double click on EmsisoftEmergencyKit.exe (Windows Vista/7/8/10 users: Accept UAC warning if it is enabled). A screen like this will appear:
    user posted image
     
  • Leave everything as it is, then click Extract. This will unpack Emsisoft Emergency Kit to the EEK folder located in the root drive (usually C:\).
  • Once the extraction is done, an icon will appear on your Desktop. Double click it to start Emsisoft Emergency Kit.
    user posted image
     
  • Wait for Emsisoft Emergency Kit to finish loading signatures. A screen like this should appear:
    user posted image
     
  • Choose Yes, then wait for EEK to finish updating.
  • Choose Malware Scan under the Scan button. When EEK asks to activate PUP detection, choose Yes.
  • Wait for the scan to finish.
    user posted image
     
  • If EEK detects something, all detected items will be displayed. Place a checkmark before everything, then choose Quarantine Selected.
  • If Emsisoft Emergency Kit asks to reboot, please do so immediately.
  • The scan log is located in Logs -> Scan Logs. Click on the entry of the latest scan, choose Export and save the report on your Desktop.
    user posted image
     
  • Please Copy and Paste the contents of the scan log in your next reply.


Let me see those logs in your reply, also tell me if there are any remaining issues or concerns...

Thank you,

Kevin..

 

fixlist.txt

Link to post
Share on other sites

Ok, do the following:

Totally Remove Malwarebytes from your system:

Download the latest version of Malwarebytes cleanup tool from here: https://downloads.malwarebytes.com/file/mb_clean and save to your Desktop..

If applicable, backup your Malwarebytes license key information and deactivate the product.

Close all open applications and deactivate Malwarebytes <---- Very important, do not miss that step

To deactivate Malwarebytes:

Right click on tray icon, from the opened list select "Quit Malwarebytes" an UAC alert will open, select "Yes" to deactivate Malwarebytes...

If applicable, backup your license key and deactivate the product.
 
  • Double-click mb-clean.exe to run it
  • A prompt to confirm the cleanup will appear, select Yes or No
  • Yes - will proceed with the cleanup process <---- Select this option to start the tool
  • No - will exit the utility
  • The Utility will launch a Command Prompt window which will disappear once the the cleanup process completes.
  • Once completed, a log file ("mb-cleanresult.txt") will be on your desktop and you'll be prompted to reboot
  • We recommend an immediate reboot <--- Do Not miss out this step
  • Suppressing the reboot may result in an incomplete cleanup
  • Upon reboot Malwarebytes will be totally removed from your system[/list

    To re-install Malwarebytes:

    Download Malwarebytes version 3 from the following link:

    https://www.malwarebytes.com/mwb-download/thankyou/

    • Double click on the installer and follow the prompts. If necessary select the Blue Help tab for video instructions....
    • When the install completes and is updated do the following:
    • Open Malwarebytes, select > "settings" > "protection tab"
    • Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....
    • Go back to "DashBoard" select the Blue "Scan Now" tab......

      When the scan completes deal with any found entries... Then select "Export Summary" then "Text File (*.txt)" name that log and save , you can copy or attach that to your reply...

      If you have lost the activation licence key information it can be located here:
http://www.cleverbridge.com/342/?scope=cusecolp
Link to post
Share on other sites

Run this also please:

Download and save RogueKiller to your Desktop from this link:

https://www.fosshub.com/RogueKiller.html/setup.exe

Right click setup.exe and select Run as Administrator to start installing RogueKiller.

At the next window Checkmark "Install 32 and 64 bit versions, then select "Next"

user posted image

In the next window skip Licence I.D. and Licence Key, select "Next"

user posted image

In the next window make no changes and select "Next"

user posted image

In the next window leave both "Additional Shortcuts" checkmarked, then select "Next"

user posted image

In the next window make no changes and select "Install"

user posted image

RogueKiller will extract and complete installation, in the new window leave "Launch Roguekiller" checkmarked, then select finish.

user posted image

RogueKiller will launch. Accept UAC, then read and accept "User Agreements"

user posted image

In the new window the "Home" tab should already be selected, Change by selecting "Scan" tab, then select "Start Scan"

user posted image

When the scan completes select "Open Report"

user posted image

In the new Window select "Export text" name that file RK.txt, save to your Desktop and attach to your reply

user posted image
 
Thank you,
Kevin...
Link to post
Share on other sites

Thanks for that log, several entries need to deleted...

Right click on RogueKiller.exe and select "Run as Administrator" to start the tool, accept UAC..

In the new window the "Home" tab should already be selected, Change by selecting "Scan" tab, then select "Start Scan"

user posted image

When the scan completes Checkmark (tick) the following against Registry entries, ensure that all other entries are not Checkmarked

[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-902883531-370755522-233234464-1000\Software\AceStream -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-902883531-370755522-233234464-1000\Software\AceStream -> Found
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-902883531-370755522-233234464-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\AceStream -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-902883531-370755522-233234464-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\AceStream -> Found
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-902883531-370755522-233234464-1000\Software\Microsoft\Internet Explorer\Main | Start Page : https://mysearch.avg.com/?cid={93C7C40C-11A0-4168-9281-9DAA30A02C30}&mid=b7159a8438ff47cc92b14d15c8248008-05d2f3241b6cbc189aedeb122fc32f209eec214f&lang=en&ds=AVG&coid=avgtbavg&cmpid=0217tb&pr=fr&d=2016-04-20 11:51:09&v=4.3.7.452&pid=wtu&sg=&sap=hp -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-902883531-370755522-233234464-1000\Software\Microsoft\Internet Explorer\Main | Start Page : https://mysearch.avg.com/?cid={93C7C40C-11A0-4168-9281-9DAA30A02C30}&mid=b7159a8438ff47cc92b14d15c8248008-05d2f3241b6cbc189aedeb122fc32f209eec214f&lang=en&ds=AVG&coid=avgtbavg&cmpid=0217tb&pr=fr&d=2016-04-20 11:51:09&v=4.3.7.452&pid=wtu&sg=&sap=hp -> Found


Checkmark (tick) the following against File entries, ensure that all other entries are not Checkmarked

[PUP.Gen1][Folder] C:\ProgramData\AVG Secure Search -> Found
[PUP.Gen1][Folder] C:\ProgramData\AVG Security Toolbar -> Found
[PUP.Gen1][File] C:\Users\Jordan\Desktop\Ace Player.lnk [LNK@] C:\Users\Jordan\AppData\Roaming\ACESTR~1\player\ACE_PL~1.EXE -> Found
[PUP.Gen1][File] C:\Users\Jordan\Desktop\Ace Stream Media Center.lnk [LNK@] C:\Users\Jordan\AppData\Roaming\ACESTR~1\engine\ACE_EN~1.EXE --onstart-webui-open-page proxy-server-main -> Found
[PUP.Gen1][Folder] C:\Users\Jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Stream Media -> Found
[PUP.Gen1][File] C:\Users\Jordan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Ace Player.lnk [LNK@] C:\Users\Jordan\AppData\Roaming\ACESTR~1\player\ACE_PL~1.EXE -> Found
[PUP.Gen1][Folder] C:\Users\Jordan\AppData\Roaming\.ACEStream -> Found
[PUP.Gen1][Folder] C:\Users\Jordan\AppData\Roaming\ACEStream -> Found
[Tr.Gen0][File] C:\Users\Jordan\AppData\Roaming\uTorrent\updates\3.4.6_42178\utorrentie.exe -> Found
[Tr.Gen0][File] C:\Users\Jordan\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe -> Found
[Tr.Gen0][File] C:\Users\Jordan\AppData\Roaming\uTorrent\updates\3.4.8_42449\utorrentie.exe -> Found
[Tr.Gen0][File] C:\Users\Jordan\AppData\Roaming\uTorrent\updates\3.4.8_42576\utorrentie.exe -> Found
[Tr.Gen0][File] C:\Users\Jordan\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe -> Found
[Tr.Gen0][File] C:\Users\Jordan\AppData\Roaming\uTorrent\updates\3.4.9_42923\utorrentie.exe -> Found
[Tr.Gen0][File] C:\Users\Jordan\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe -> Found
[Tr.Gen0][File] C:\Users\Jordan\AppData\Roaming\uTorrent\updates\3.4.9_43085\utorrentie.exe -> Found
[Tr.Gen0][File] C:\Users\Jordan\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe -> Found
[PUP.Gen1][Folder] C:\ProgramData\AVG Secure Search -> Found
[PUP.Gen1][Folder] C:\ProgramData\AVG Security Toolbar -> Found
[PUP.Gen1][File] C:\Users\Jordan\Desktop\Ace Player.lnk [LNK@] C:\Users\Jordan\AppData\Roaming\ACESTR~1\player\ACE_PL~1.EXE -> Found
[PUP.Gen1][File] C:\Users\Jordan\Desktop\Ace Stream Media Center.lnk [LNK@] C:\Users\Jordan\AppData\Roaming\ACESTR~1\engine\ACE_EN~1.EXE --onstart-webui-open-page proxy-server-main -> Found
[PUP.Gen1][Folder] C:\Users\Jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Stream Media -> Found


Hit the Delete button, when complete select "Open Report" in the next window select "Export txt" the log will open. Save to your Desktop for reference, also attach to next reply.
 
Next,
 
Totally Remove Malwarebytes from your system:

Download the latest version of Malwarebytes cleanup tool from here: https://downloads.malwarebytes.com/file/mb_clean and save to your Desktop..

If applicable, backup your Malwarebytes license key information and deactivate the product.

Close all open applications and deactivate Malwarebytes <---- Very important, do not miss that step

To deactivate Malwarebytes:

Right click on tray icon, from the opened list select "Quit Malwarebytes" an UAC alert will open, select "Yes" to deactivate Malwarebytes...

If applicable, backup your license key and deactivate the product.
 
  • Double-click mb-clean.exe to run it
  • A prompt to confirm the cleanup will appear, select Yes or No
  • Yes - will proceed with the cleanup process <---- Select this option to start the tool
  • No - will exit the utility
  • The Utility will launch a Command Prompt window which will disappear once the the cleanup process completes.
  • Once completed, a log file ("mb-cleanresult.txt") will be on your desktop and you'll be prompted to reboot
  • We recommend an immediate reboot <--- Do Not miss out this step
  • Suppressing the reboot may result in an incomplete cleanup
  • Upon reboot Malwarebytes will be totally removed from your system

Next,

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt"

Let me see those logs...

Thank you,

Kevin....

 

 
Link to post
Share on other sites

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Download Portable Windows Repair (all in one) from one of the following:

www.tweaking.com/files/setups/tweaking.com_windows_repair_aio.zip

http://www.majorgeeks.com/mg/getmirror/tweaking_com_windows_repair_portable,1.html

https://www.bleepingcomputer.com/download/windows-repair-all-in-one/

Unzip the contents into a newly created folder on your desktop.

Boot your system to Safe mode, instructions here: https://support.microsoft.com/en-gb/help/12376/windows-10-start-your-pc-in-safe-mode

Open the Tweaking.com folder, run the tool by right click on Repair_Windows (icon with red briefcase) select "Run as Administrator"

From the main GUI do the following:

Select Tab 5 to make Registry backup, use the recommended option...

user posted image

When complete select "Repairs" tab, from there select "Open Repairs" tab..

From that window select the default option and checkmarck "Select All" box. When ready select "Start Repairs" tab.... (do not be concerned with entries marked for Windows 10, those entries would be ignored if selected)

user posted image

When complete re-boot your system to Normal mode, see if there is any improvement...

Logs are saved to the Tweaking.com folder on your Desktop, the one to post is _Windows_Repair_Log.txt

Next,

Download Malwarebytes version 3 from the following link:

https://www.malwarebytes.com/mwb-download/thankyou/

Double click on the installer and follow the prompts. If necessary select the Blue Help tab for video instructions....

When the install completes and is updated do the following:

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes deal with any found entries... Then select "Export Summary" then "Text File (*.txt)" name that log and save , you can copy or attach that to your reply...

Let me see those logs in your next reply....

Thank you,

Kevin...

fixlist.txt

Link to post
Share on other sites

Still nothing has changed. In fact it got worse, I used to be able to click within chrome/steam and pretty much everything I use except Malwarebytes/VLC media player but now I can't until I do that task manager thing I mentioned.

Still unable to click within Malwarebytes so I haven't got them logs just yet.

At the end of the tweaking repair tool process it said something about not being able to use desktop widgets when it was at 42/43 tasks done but it still completed when I clicked the only button which was 'okay'. 

_Windows_Repair_Log.txt

Edited by jmh1994
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.