Jump to content

Trojan.StolenData & Trojan.Agent.Trace


Recommended Posts

Hey Malwarebytes,

About a month ago I was infected with a Trojan via a pen-testing tool download. I usually am not careless with computers as I know a lot about how viruses function, have meddled with some etc. and study IT as well. I opened the .exe file and the program worked normally as the virus was most likely an embedded payload. I left the computer unattended for about 30-45 minutes and someone had remote access to my computer and managed to harvest some info from it. I never save passwords etc. on my computer (Due to how laughably "secured" autofill passwords are by modern browsers such as Chrome) but my father had used my computer a long time ago and left some leftover autofills. The hacker managed to post a couple pastebins with the autofill info (password not included, he most likely got the password on his computer himself). I am unsure how he managed to conduct a paypal transaction (Which we easily reversed) since there was no mention of it in the browser history although I am pretty sure he selectively left a couple of mocking entries. When I realized what happened I initiated a root-kit scan with NPE (Norton Power Eraser) and also scanned the filesystem with ASC. I had used Malwarebytes in the past but my computer is frequently formatted so the program was lost and I thought a daily NPE scan would cover me (Which was a big mistake). Since I cleaned my system back then no incidents have occured apart from a malware that was a minor inconvenience on my browser (A redirect to snapdo). My PC a couple of hours ago went into CPU overload (100% constantly) although what bugged me is that Task Manager showed 3-5% usage, ASC Tray was showing 100% usage and the computer's fan was going haywire. I rebooted the system and everything appears normal (And an NPE scan showed nothing). I then downloaded Malwarebytes to remove the Snapdo malware and it found a lot of PUP but what striked out was the Trojan.StolenData and Trojan.Agent.Trace hits. There were 2 StolenData hits and 1 Agent.Trace hit. I just want to know if I should conduct any further scans for this issue or if they are leftovers from the attack.

TL;DR: I was attacked a month ago, removed the Trojan virus that remotely controlled my computer and now after 1 month Malwarebytes got 2 hits for Trojan.StolenData and 1 hit for Trojan.Agent.Trace. Should I run any further scans or are they leftovers?

Thanks in advance.

Link to post
Share on other sites

Hello alekakoc and welcome to Malwarebytes...

My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please:

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Change the download folder setting in the Default Browser only. so all of the tools we may use are saved to the Desktop:

user posted imageGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. user posted image
Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

user posted imageMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. user posted image Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.

user posted imageInternet Explorer - Click the Tools menu in the upper right-corner of the browser. user posted image Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

user posted imageChange default download folder location in Edge -Boot to a user account with admin status, select start > file explorer > right click on "Downloads" folder and select "Properties"

In the new window select "Location" tab > clear the text field box and type in or copy/paste %userprofile%\Desktop > select "Apply" then "OK"

Be aware you are not changing the Browser download folder location, you are changing the user’s download directory location.....

Next,

Follow the instructions in the following link to show hidden files:

http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs...

Thank you,

Kevin..
Link to post
Share on other sites

I already had show-hidden-folders on. I am sorry for not mentioning this earlier but I am running Windows 8.1. I am seeing a lot of things that shouldn't be on the log such as the mail.ru things:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-05-2017
Ran by alexandros (administrator) on PAPATHEGREAT (10-05-2017 22:42:29)
Running from C:\Users\alexandros\Desktop
Loaded Profiles: alexandros (Available Profiles: alexandros)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\SET626B.tmp
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
() C:\altera\13.0sp1\quartus\bin64\jtagserver.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
() C:\Users\alexandros\Desktop\Wallpaper.Engine.Build.1.0.619\bin\wallpaperservice32_c.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\SET5EA7.tmp
(Intel Corporation) C:\Windows\System32\SET62EE.tmp
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.SmartMonitor.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(IObit) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(BitTorrent Inc.) C:\Users\alexandros\AppData\Roaming\uTorrent\uTorrent.exe
(BitTorrent Inc.) C:\Users\alexandros\AppData\Roaming\uTorrent\updates\3.5.0_43580\utorrentie.exe
(BitTorrent Inc.) C:\Users\alexandros\AppData\Roaming\uTorrent\updates\3.5.0_43580\utorrentie.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [919768 2014-11-20] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM\...\Run: [RtsFT] => C:\windows\RTFTrack.exe [4060376 2014-10-22] (Realtek semiconductor)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKU\S-1-5-21-4037906310-476860322-3803903097-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4289728 2016-04-04] (Disc Soft Ltd)
HKU\S-1-5-21-4037906310-476860322-3803903097-1001\...\Run: [f.lux] => C:\Users\alexandros\AppData\Local\FluxSoftware\Flux\flux.exe [1629424 2017-05-07] (f.lux Software LLC)
HKU\S-1-5-21-4037906310-476860322-3803903097-1001\...\Run: [uTorrent] => C:\Users\alexandros\AppData\Roaming\uTorrent\uTorrent.exe [2144448 2017-04-12] (BitTorrent Inc.)
HKU\S-1-5-21-4037906310-476860322-3803903097-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-4037906310-476860322-3803903097-1001\...\MountPoints2: {00653d97-4763-11e6-828a-68f7287e718c} - "H:\Lenovo_Suite.exe" 
HKU\S-1-5-21-4037906310-476860322-3803903097-1001\...\MountPoints2: {2107c36b-403d-11e6-8288-d0534959075c} - "G:\autorun.exe" 
HKU\S-1-5-21-4037906310-476860322-3803903097-1001\...\MountPoints2: {4728413d-eb3e-11e6-82b9-68f7287e718c} - "F:\setup.exe" 
HKU\S-1-5-21-4037906310-476860322-3803903097-1001\...\MountPoints2: {51ac05c9-8486-11e5-826b-d0534959075c} - "F:\Autorun.exe" 
HKU\S-1-5-21-4037906310-476860322-3803903097-1001\...\MountPoints2: {6f0038e7-0891-11e6-8283-d0534959075c} - "F:\setup.exe" 
HKU\S-1-5-21-4037906310-476860322-3803903097-1001\...\MountPoints2: {6f0038f9-0891-11e6-8283-d0534959075c} - "I:\Setup.exe" 
HKU\S-1-5-21-4037906310-476860322-3803903097-1001\...\MountPoints2: {b87633bf-6614-11e6-828c-68f7287e718c} - "G:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-4037906310-476860322-3803903097-1001\...\Winlogon: [Shell] C:\windows\Explorer.exe [2501368 2015-10-23] (Microsoft Corporation) <==== ATTENTION
IFEO\TeamViewer_Note.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\alexandros\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\alexandros\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\alexandros\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\alexandros\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\alexandros\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\alexandros\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{917AA2C4-E3F8-4FBA-B71D-2305F861CA81}: [NameServer] 5.133.8.187
Tcpip\..\Interfaces\{917AA2C4-E3F8-4FBA-B71D-2305F861CA81}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D0E7821D-F2E6-4B96-B7A0-E019A5475372}: [DhcpNameServer] 5.133.8.187
Tcpip\..\Interfaces\{F16BA4C4-E172-4455-9D55-7C610471D757}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{F16BA4C4-E172-4455-9D55-7C610471D757}: [DhcpNameServer] 192.168.2.1
ManualProxies: 

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-4037906310-476860322-3803903097-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/?pc=LCJB
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-04-26] (Intel Security)
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2016-05-23] (IObit)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-04-19] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-19] (Oracle Corporation)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-04-26] (Intel Security)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-05-10] (Oracle Corporation)
BHO-x32: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\PROGRA~2\IObit\SURFIN~1\BROWER~1\ASCPlugin_Protection.dll => No File
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-10] (Oracle Corporation)
Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-04-26] (Intel Security)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-04-26] (Intel Security)

FireFox:
========
FF ProfilePath: C:\Users\alexandros\AppData\Roaming\Mozilla\Firefox\Profiles\5ufOO4tj.default [2017-05-10]
FF user.js: detected! => C:\Users\alexandros\AppData\Roaming\Mozilla\Firefox\Profiles\5ufOO4tj.default\user.js [2017-02-05]
FF Homepage: Mozilla\Firefox\Profiles\5ufOO4tj.default -> hxxps://www.malwarebytes.org/restorebrowser/
FF Extension: (Avira Browser Safety) - C:\Users\alexandros\AppData\Roaming\Mozilla\Firefox\Profiles\5ufOO4tj.default\Extensions\abs@avira.com [2016-08-28]
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-19] (Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-25] (Adobe Systems)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-10] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-25] (Adobe Systems)
FF Plugin HKU\S-1-5-21-4037906310-476860322-3803903097-1001: @citrixonline.com/appdetectorplugin -> C:\Users\alexandros\AppData\Local\Citrix\Plugins\104\npappdetector.dll [No File]

Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> mail.ru/cnt/11956636?rciguc__PARAM__
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\alexandros\AppData\Local\Google\Chrome\User Data\Default [2017-05-10]
CHR Extension: (JSON Formatter) - C:\Users\alexandros\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjindcccaagfpapjjmafapmmgkkhgoa [2017-04-12]
CHR Extension: (Tampermonkey) - C:\Users\alexandros\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-03-24]
CHR Extension: (Fontface Ninja) - C:\Users\alexandros\AppData\Local\Google\Chrome\User Data\Default\Extensions\eljapbgkmlngdpckoiiibecpemleclhh [2017-04-06]
CHR Extension: (Kick Ass!) - C:\Users\alexandros\AppData\Local\Google\Chrome\User Data\Default\Extensions\iofmogjkgfbkdgahbecbgmemeeeieikc [2017-05-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\alexandros\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-23]
CHR Extension: (WebRTC Network Limiter) - C:\Users\alexandros\AppData\Local\Google\Chrome\User Data\Default\Extensions\npeicpdbkakmehahjeeohfdhnlpdklia [2017-03-06]
CHR Extension: (Chrome Media Router) - C:\Users\alexandros\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-10]
CHR Profile: C:\Users\alexandros\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-05-10]
CHR Extension: (Google Slides) - C:\Users\alexandros\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-02-24]
CHR Extension: (Google Docs) - C:\Users\alexandros\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-24]
CHR Extension: (Google Drive) - C:\Users\alexandros\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-24]
CHR Extension: (YouTube) - C:\Users\alexandros\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-24]
CHR Extension: (Домашняя страница Mail.Ru) - C:\Users\alexandros\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ccfifbojenkenpkmnbnndeadpfdiffof [2017-02-24]
CHR Extension: (Google Sheets) - C:\Users\alexandros\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-02-24]
CHR Extension: (Google Docs Offline) - C:\Users\alexandros\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\alexandros\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-24]
CHR Extension: (Визуальные Закладки Mail.Ru) - C:\Users\alexandros\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\oelpkepjlgmehajehfeicfbjdiobdkfj [2017-02-24]
CHR Extension: (Mail.Ru) - C:\Users\alexandros\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ojlcebdkbpjdpiligkdbbkdkfjmchbfd [2017-02-24]
CHR Extension: (Gmail) - C:\Users\alexandros\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-24]
CHR Extension: (Chrome Media Router) - C:\Users\alexandros\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-24]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-4037906310-476860322-3803903097-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ccfifbojenkenpkmnbnndeadpfdiffof] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-4037906310-476860322-3803903097-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [oelpkepjlgmehajehfeicfbjdiobdkfj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-4037906310-476860322-3803903097-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ojlcebdkbpjdpiligkdbbkdkfjmchbfd] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 0148141490949983mcinstcleanup; C:\windows\TEMP\0148141490949983mcinst.exe [1027864 2016-11-28] (McAfee, Inc.)
S4 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-25] (Adobe Systems Incorporated)
S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated)
S4 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [592880 2014-07-10] ()
S4 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1443520 2016-04-04] (Disc Soft Ltd)
S4 ETDService; C:\Program Files\Elantech\ETDService.exe [99632 2013-10-09] (ELAN Microelectronics Corp.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135488 2017-04-21] (SurfRight B.V.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-02-26] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\windows\system32\igfxCUIService.exe [344184 2017-05-10] (Intel Corporation)
S4 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [882464 2015-11-04] (IObit)
S4 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-28] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-28] (Intel(R) Corporation)
R2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [360736 2016-10-28] (IObit)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 JTAGServer; C:\altera\13.0sp1\quartus\bin64\jtagserver.exe [268800 2013-06-13] () [File not signed]
S4 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [561408 2014-09-23] (Lenovo)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 pla; C:\windows\SysWOW64\pla.dll [1534464 2014-10-29] (Microsoft Corporation) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S4 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-25] ()
S4 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [133376 2016-09-28] (Razer Inc.)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
R3 TermService; C:\windows\rdpwrap.dll [116736 2017-02-23] (Stas'M Corp.) [File not signed]
S4 TlntSvr; C:\windows\System32\tlntsvr.exe [146944 2016-09-16] (Microsoft Corporation)
S4 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [996736 2017-04-18] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16160 2017-04-18] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86776 2017-04-18] (McAfee, Inc.)
R2 Wallpaper Engine Service; C:\Users\alexandros\Desktop\Wallpaper.Engine.Build.1.0.619\bin\wallpaperservice32_c.exe [25600 2017-03-07] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S3 Ds3Service; "C:\Users\alexandros\Desktop\lol\ScpServer\bin\ScpService.exe" [X]
S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe [X]
S4 LMIGuardianSvc; "C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\windows\system32\DRIVERS\athwbx.sys [4307192 2017-01-15] (Qualcomm Atheros Communications, Inc.)
S3 cpuz137; no ImagePath
R3 dtlitescsibus; C:\windows\System32\drivers\dtlitescsibus.sys [30264 2016-04-26] (Disc Soft Ltd)
R3 dtliteusbbus; C:\windows\System32\drivers\dtliteusbbus.sys [47672 2016-04-26] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\windows\system32\drivers\mbae64.sys [77440 2017-03-22] ()
S4 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2015-03-25] (IObit)
S3 Hamachi; C:\windows\system32\DRIVERS\Hamdrv.sys [45680 2016-07-20] (LogMeIn Inc.)
R1 HWiNFO32; C:\windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-10-23] (REALiX(tm))
R2 IntelHaxm; C:\windows\system32\DRIVERS\IntelHaxm.sys [96776 2015-11-16] (Intel  Corporation)
R2 MBAMChameleon; C:\windows\system32\drivers\MBAMChameleon.sys [186304 2017-05-10] (Malwarebytes)
R3 MBAMFarflt; C:\windows\system32\drivers\farflt.sys [111544 2017-05-10] (Malwarebytes)
R3 MBAMProtection; C:\windows\system32\drivers\mbam.sys [43968 2017-05-10] (Malwarebytes)
R0 MBAMSwissArmy; C:\windows\System32\drivers\MBAMSwissArmy.sys [251832 2017-05-10] (Malwarebytes)
R3 MBAMWebProtection; C:\windows\system32\drivers\mwac.sys [92096 2017-05-10] (Malwarebytes)
S3 NETwNe64; C:\windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 RTSUER; C:\windows\system32\Drivers\RtsUer.sys [418784 2017-01-15] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\windows\system32\DRIVERS\rtsuvc.sys [2584280 2014-10-22] (Realtek Semiconductor Corp.)
S3 rzendpt; C:\windows\System32\drivers\rzendpt.sys [50392 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\windows\system32\drivers\rzpmgrk.sys [44144 2016-09-17] (Razer, Inc.)
R2 rzpnk; C:\windows\system32\drivers\rzpnk.sys [130880 2015-12-15] (Razer, Inc.)
R3 ScpVBus; C:\windows\System32\drivers\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions)
S3 SmbDrvI; C:\windows\system32\DRIVERS\Smb_driver_Intel.sys [33960 2017-01-15] (Synaptics Incorporated)
S3 UHSfiltv; C:\windows\system32\drivers\UHSfiltv.sys [23552 2014-12-22] (Creative Technology Ltd.)
S3 USBAAPL64; C:\windows\System32\Drivers\usbaapl64.sys [54784 2015-11-05] (Apple, Inc.) [File not signed]
S1 VBoxNetAdp; C:\windows\system32\DRIVERS\VBoxNetAdp6.sys [121248 2016-08-16] (Oracle Corporation)
R1 VBoxNetLwf; C:\windows\system32\DRIVERS\VBoxNetLwf.sys [195936 2016-08-16] (Oracle Corporation)
S3 WdBoot; C:\windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 wsvd; C:\windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
U0 aswVmm; no ImagePath
S3 AthBTPort; \SystemRoot\system32\DRIVERS\btath_flt.sys [X]
S3 BTATH_A2DP; \SystemRoot\system32\drivers\btath_a2dp.sys [X]
S3 btath_avdt; \SystemRoot\system32\drivers\btath_avdt.sys [X]
S3 BTATH_BUS; \SystemRoot\System32\drivers\btath_bus.sys [X]
S3 BTATH_HCRP; \SystemRoot\System32\drivers\btath_hcrp.sys [X]
S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X]
S3 BTATH_RCP; \SystemRoot\System32\drivers\btath_rcp.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-10 22:41 - 2017-05-10 22:42 - 00000000 ____D C:\FRST
2017-05-10 22:33 - 2017-05-10 22:33 - 00000000 ____D C:\Users\alexandros\Downloads\Assassins.Creed.2016.720p.BRRip.x264.AAC-ETRG
2017-05-10 22:33 - 2017-05-10 22:33 - 00000000 ____D C:\Users\alexandros\AppData\LocalLow\uTorrent
2017-05-10 22:31 - 2014-10-22 20:07 - 04060376 _____ (Realtek semiconductor) C:\windows\RTFTrack.exe
2017-05-10 22:31 - 2014-10-22 20:07 - 02628312 _____ (Realtek Semiconductor Corp.) C:\windows\RtCamU64.exe
2017-05-10 22:31 - 2014-10-22 20:07 - 02584280 _____ (Realtek Semiconductor Corp.) C:\windows\system32\Drivers\rtsuvc.sys
2017-05-10 22:31 - 2014-10-22 20:07 - 00507096 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtCamX64.dll
2017-05-10 22:31 - 2014-10-22 20:07 - 00448728 _____ (Realtek Semiconductor Corp.) C:\windows\SysWOW64\RtCamX.dll
2017-05-10 22:02 - 2017-05-10 22:02 - 00097856 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2017-05-10 22:02 - 2017-04-19 01:02 - 00110144 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-64.dll
2017-05-10 21:58 - 2017-05-10 21:58 - 00957440 _____ (Realtek ) C:\windows\system32\Drivers\Rt630x64.sys
2017-05-10 21:58 - 2017-05-10 21:58 - 00082536 _____ (Realtek Semiconductor Corporation) C:\windows\system32\RtNicProp64.dll
2017-05-10 21:57 - 2017-05-10 21:57 - 25148608 _____ (Intel Corporation) C:\windows\system32\igdumdim64.dll
2017-05-10 21:57 - 2017-05-10 21:57 - 24344392 _____ (Intel Corporation) C:\windows\SysWOW64\igdumdim32.dll
2017-05-10 21:57 - 2017-05-10 21:57 - 18046520 _____ C:\windows\system32\igd11dxva64.dll
2017-05-10 21:57 - 2017-05-10 21:57 - 17566528 _____ C:\windows\SysWOW64\igd11dxva32.dll
2017-05-10 21:57 - 2017-05-10 21:57 - 15993848 _____ (Intel Corporation) C:\windows\system32\igdfcl64.dll
2017-05-10 21:57 - 2017-05-10 21:57 - 10863608 _____ (Intel Corporation) C:\windows\SysWOW64\igdfcl32.dll
2017-05-10 21:57 - 2017-05-10 21:57 - 09626904 _____ (Intel Corporation) C:\windows\system32\igd10iumd64.dll
2017-05-10 21:57 - 2017-05-10 21:57 - 09548280 _____ (Intel Corporation) C:\windows\system32\ig75icd64.dll
2017-05-10 21:57 - 2017-05-10 21:57 - 08819616 _____ (Intel Corporation) C:\windows\SysWOW64\igd10iumd32.dll
2017-05-10 21:57 - 2017-05-10 21:57 - 07523320 _____ (Intel Corporation) C:\windows\SysWOW64\ig75icd32.dll
2017-05-10 21:57 - 2017-05-10 21:57 - 06725162 _____ C:\windows\system32\igdclbif.bin
2017-05-10 21:57 - 2017-05-10 21:57 - 06257512 _____ (Intel Corporation) C:\windows\system32\igdusc64.dll
2017-05-10 21:57 - 2017-05-10 21:57 - 04935152 _____ (Intel Corporation) C:\windows\system32\Drivers\igdkmd64.sys
2017-05-10 21:57 - 2017-05-10 21:57 - 04931744 _____ (Intel Corporation) C:\windows\SysWOW64\igdusc32.dll
2017-05-10 21:57 - 2017-05-10 21:57 - 03606520 _____ (Intel Corporation) C:\windows\system32\igdrcl64.dll
2017-05-10 21:57 - 2017-05-10 21:57 - 03339256 _____ (Intel Corporation) C:\windows\SysWOW64\igdrcl32.dll
2017-05-10 21:57 - 2017-05-10 21:57 - 02982624 _____ (Intel Corporation) C:\windows\system32\IntelWiDiVAD64.exe
2017-05-10 21:57 - 2017-05-10 21:57 - 02801640 _____ (Intel Corporation) C:\windows\system32\IntelWiDiAAC64.dll
2017-05-10 21:57 - 2017-05-10 21:57 - 02048504 _____ (Intel Corporation) C:\windows\system32\igfxLHM.dll
2017-05-10 21:57 - 2017-05-10 21:57 - 01547240 _____ (Intel Corporation) C:\windows\system32\IntelWiDiSecureSourceFilter64.dll
2017-05-10 21:57 - 2017-05-10 21:57 - 01502016 _____ (Intel Corporation) C:\windows\system32\igdmd64.dll
2017-05-10 21:57 - 2017-05-10 21:57 - 01423504 _____ (Intel Corporation) C:\windows\system32\iglhsip64.dll
2017-05-10 21:57 - 2017-05-10 21:57 - 01420376 _____ (Intel Corporation) C:\windows\SysWOW64\iglhsip32.dll
2017-05-10 21:57 - 2017-05-10 21:57 - 01381368 _____ (Intel Corporation) C:\windows\system32\igfxcmjit64.dll
2017-05-10 21:57 - 2017-05-10 21:57 - 01154392 _____ (Intel Corporation) C:\windows\SysWOW64\igdmd32.dll
2017-05-10 21:57 - 2017-05-10 21:57 - 01139704 _____ (Intel Corporation) C:\windows\system32\GfxResources.dll
2017-05-10 21:57 - 2017-05-10 21:57 - 01074680 _____ (Intel Corporation) C:\windows\SysWOW64\igfxcmjit32.dll
2017-05-10 21:57 - 2017-05-10 21:57 - 01052136 _____ (Intel Corporation) C:\windows\system32\IntelWiDiWinNextAgent64.dll
2017-05-10 21:57 - 2017-05-10 21:57 - 01039992 _____ (Intel Corporation) C:\windows\system32\Gfxv4_0.exe
2017-05-10 21:57 - 2017-05-10 21:57 - 01036408 _____ (Intel Corporation) C:\windows\system32\Gfxv2_0.exe
2017-05-10 21:57 - 2017-05-10 21:57 - 00707064 _____ (Intel Corporation) C:\windows\system32\igfxDH.dll
2017-05-10 21:57 - 2017-05-10 21:57 - 00705512 _____ (Intel Corporation) C:\windows\system32\IntelWiDiAudioFilter64.dll
2017-05-10 21:57 - 2017-05-10 21:57 - 00641530 _____ C:\windows\system32\FilmModeDetection.wmv
2017-05-10 21:57 - 2017-05-10 21:57 - 00641000 _____ (Intel Corporation) C:\windows\system32\IntelWiDiMux64.dll
2017-05-10 21:57 - 2017-05-10 21:57 - 00617968 _____ (Intel Corporation) C:\windows\system32\MetroIntelGenericUIFramework.dll
2017-05-10 21:57 - 2017-05-10 21:57 - 00489080 _____ (Intel Corporation) C:\windows\system32\IntelWiDiUMS64.exe
2017-05-10 21:57 - 2017-05-10 21:57 - 00448120 _____ (Intel Corporation) C:\windows\system32\GfxUIEx.exe
2017-05-10 21:57 - 2017-05-10 21:57 - 00434168 _____ (Intel Corporation) C:\windows\system32\igdbcl64.dll
2017-05-10 21:57 - 2017-05-10 21:57 - 00403671 _____ C:\windows\system32\ImageStabilization.wmv
2017-05-10 21:57 - 2017-05-10 21:57 - 00384504 _____ (Intel Corporation) C:\windows\SysWOW64\igdbcl32.dll
2017-05-10 21:57 - 2017-05-10 21:57 - 00384488 _____ (Intel Corporation) C:\windows\system32\IntelWiDiSilenceFilter64.dll
2017-05-10 21:57 - 2017-05-10 21:57 - 00382072 _____ C:\windows\system32\igfxTray.exe
2017-05-10 21:57 - 2017-05-10 21:57 - 00381944 _____ (Intel Corporation) C:\windows\system32\IntelOpenCL64.dll
2017-05-10 21:57 - 2017-05-10 21:57 - 00380408 _____ (Intel Corporation) C:\windows\system32\igfxOSP.dll
2017-05-10 21:57 - 2017-05-10 21:57 - 00375173 _____ C:\windows\system32\ColorImageEnhancement.wmv
2017-05-10 21:57 - 2017-05-10 21:57 - 00344184 _____ (Intel Corporation) C:\windows\system32\igfxCUIService.exe
2017-05-10 21:57 - 2017-05-10 21:57 - 00339064 _____ (Intel Corporation) C:\windows\system32\DPTopologyApp.exe
2017-05-10 21:57 - 2017-05-10 21:57 - 00338552 _____ (Intel Corporation) C:\windows\system32\DPTopologyAppv2_0.exe
2017-05-10 21:57 - 2017-05-10 21:57 - 00313848 _____ (Intel Corporation) C:\windows\SysWOW64\IntelOpenCL32.dll
2017-05-10 21:57 - 2017-05-10 21:57 - 00313464 _____ (Intel Corporation) C:\windows\system32\igfxEM.exe
2017-05-10 21:57 - 2017-05-10 21:57 - 00296952 _____ (Intel Corporation) C:\windows\system32\igfxDI.dll
2017-05-10 21:57 - 2017-05-10 21:57 - 00294040 _____ (Intel Corporation) C:\windows\system32\igd10idpp64.dll
2017-05-10 21:57 - 2017-05-10 21:57 - 00293864 _____ (Intel Corporation) C:\windows\system32\IntelWiDiUtils64.dll
2017-05-10 21:57 - 2017-05-10 21:57 - 00279160 _____ (Intel Corporation) C:\windows\SysWOW64\IntelCpHeciSvc.exe
2017-05-10 21:57 - 2017-05-10 21:57 - 00273768 _____ (Intel Corporation) C:\windows\SysWOW64\igd10idpp32.dll
2017-05-10 21:57 - 2017-05-10 21:57 - 00264696 _____ C:\windows\system32\igfxCPL.cpl
2017-05-10 21:57 - 2017-05-10 21:57 - 00248440 _____ (Intel Corporation) C:\windows\system32\igfxHK.exe
2017-05-10 21:57 - 2017-05-10 21:57 - 00231304 _____ (Intel Corporation) C:\windows\system32\iglhcp64.dll
2017-05-10 21:57 - 2017-05-10 21:57 - 00228344 _____ (Intel Corporation) C:\windows\system32\igfxDTCM.dll
2017-05-10 21:57 - 2017-05-10 21:57 - 00222696 _____ (Intel Corporation) C:\windows\system32\IntelWiDiDDEAgent64.dll
2017-05-10 21:57 - 2017-05-10 21:57 - 00219288 _____ (Intel Corporation) C:\windows\system32\igfxcmrt64.dll
2017-05-10 21:57 - 2017-05-10 21:57 - 00218744 _____ (Intel Corporation) C:\windows\system32\igfxext.exe
2017-05-10 21:57 - 2017-05-10 21:57 - 00218104 _____ (Intel Corporation) C:\windows\system32\igfx11cmrt64.dll
2017-05-10 21:57 - 2017-05-10 21:57 - 00211448 _____ (Intel Corporation) C:\windows\system32\igfxCoIn_v4578.dll
2017-05-10 21:57 - 2017-05-10 21:57 - 00197624 _____ C:\windows\system32\igdde64.dll
2017-05-10 21:57 - 2017-05-10 21:57 - 00194864 _____ (Intel Corporation) C:\windows\SysWOW64\iglhcp32.dll
2017-05-10 21:57 - 2017-05-10 21:57 - 00185984 _____ (Intel Corporation) C:\windows\SysWOW64\igfxcmrt32.dll
2017-05-10 21:57 - 2017-05-10 21:57 - 00184824 _____ (Intel Corporation) C:\windows\SysWOW64\igfx11cmrt32.dll
2017-05-10 21:57 - 2017-05-10 21:57 - 00182776 _____ (Intel Corporation) C:\windows\system32\igdail64.dll
2017-05-10 21:57 - 2017-05-10 21:57 - 00163832 _____ (Intel Corporation) C:\windows\SysWOW64\igdail32.dll
2017-05-10 21:57 - 2017-05-10 21:57 - 00160744 _____ (Intel Corporation) C:\windows\system32\IntelWiDiMCUMD64.dll
2017-05-10 21:57 - 2017-05-10 21:57 - 00158200 _____ C:\windows\SysWOW64\igdde32.dll
2017-05-10 21:57 - 2017-05-10 21:57 - 00156280 _____ (Intel Corporation) C:\windows\system32\difx64.exe
2017-05-10 21:57 - 2017-05-10 21:57 - 00152552 _____ (Intel Corporation) C:\windows\system32\IntelWiDiLogServer64.dll
2017-05-10 21:57 - 2017-05-10 21:57 - 00102904 _____ C:\windows\system32\IccLibDll_x64.dll
2017-05-10 21:57 - 2017-05-10 21:57 - 00095224 _____ C:\windows\system32\igfxCUIServicePS.dll
2017-05-10 21:57 - 2017-05-10 21:57 - 00095224 _____ (Khronos Group) C:\windows\SysWOW64\Intel_OpenCL_ICD32.dll
2017-05-10 21:57 - 2017-05-10 21:57 - 00091128 _____ (Khronos Group) C:\windows\system32\Intel_OpenCL_ICD64.dll
2017-05-10 21:57 - 2017-05-10 21:57 - 00082424 _____ ( ) C:\windows\system32\igfxDHLibv2_0.dll
2017-05-10 21:57 - 2017-05-10 21:57 - 00069624 _____ ( ) C:\windows\system32\igfxDHLib.dll
2017-05-10 21:57 - 2017-05-10 21:57 - 00045944 _____ (Intel Corporation) C:\windows\system32\igfxexps.dll
2017-05-10 21:57 - 2017-05-10 21:57 - 00044024 _____ (Intel Corporation) C:\windows\SysWOW64\igfxexps32.dll
2017-05-10 21:57 - 2017-05-10 21:57 - 00019960 _____ ( ) C:\windows\system32\igfxDILib.dll
2017-05-10 21:57 - 2017-05-10 21:57 - 00019448 _____ ( ) C:\windows\system32\igfxDILibv2_0.dll
2017-05-10 21:57 - 2017-05-10 21:57 - 00018936 _____ ( ) C:\windows\system32\igfxEMLibv2_0.dll
2017-05-10 21:57 - 2017-05-10 21:57 - 00018936 _____ ( ) C:\windows\system32\igfxEMLib.dll
2017-05-10 21:57 - 2017-05-10 21:57 - 00013816 _____ ( ) C:\windows\system32\igfxLHMLibv2_0.dll
2017-05-10 21:57 - 2017-05-10 21:57 - 00013816 _____ ( ) C:\windows\system32\igfxLHMLib.dll
2017-05-10 21:57 - 2017-05-10 21:57 - 00004052 _____ C:\windows\system32\iglhxs64.vp
2017-05-10 21:57 - 2017-05-10 21:57 - 00000935 _____ C:\windows\system32\Gfxv4_0.exe.config
2017-05-10 21:57 - 2017-05-10 21:57 - 00000935 _____ C:\windows\system32\DPTopologyApp.exe.config
2017-05-10 21:56 - 2017-05-10 21:56 - 00481768 _____ (Intel(R) Corporation) C:\windows\system32\Drivers\IntcDAud.sys
2017-05-10 21:55 - 2017-05-10 21:55 - 00204920 _____ (Intel Corporation) C:\windows\system32\Drivers\TeeDriverW8x64.sys
2017-05-10 21:50 - 2017-05-10 21:50 - 00002892 _____ C:\windows\System32\Tasks\Driver Booster SkipUAC (alexandros)
2017-05-10 20:07 - 2017-05-10 20:07 - 00000000 ____D C:\Program Files (x86)\BaDoink
2017-05-10 20:02 - 2017-05-10 20:02 - 00000000 ____D C:\Users\alexandros\AppData\Local\Apple
2017-05-10 19:59 - 2017-05-10 19:59 - 00000000 ____D C:\Users\alexandros\jagexcache
2017-05-10 19:51 - 2017-05-10 21:46 - 00251832 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2017-05-10 19:51 - 2017-05-10 21:46 - 00111544 _____ (Malwarebytes) C:\windows\system32\Drivers\farflt.sys
2017-05-10 19:51 - 2017-05-10 21:46 - 00092096 _____ (Malwarebytes) C:\windows\system32\Drivers\mwac.sys
2017-05-10 19:51 - 2017-05-10 21:46 - 00043968 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2017-05-10 19:51 - 2017-05-10 19:51 - 00186304 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMChameleon.sys
2017-05-10 19:51 - 2017-05-10 19:51 - 00001902 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-05-10 19:51 - 2017-05-10 19:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-05-10 19:51 - 2017-05-10 19:51 - 00000000 ____D C:\Program Files\Malwarebytes
2017-05-10 19:51 - 2017-03-22 11:02 - 00077440 _____ C:\windows\system32\Drivers\mbae64.sys
2017-05-10 17:13 - 2017-05-10 22:34 - 00077214 _____ C:\windows\ntbtlog.txt
2017-05-10 17:08 - 2017-05-10 17:08 - 00000000 ____D C:\ProgramData\SMR501
2017-05-06 11:13 - 2017-05-07 00:29 - 00000000 ____D C:\Users\alexandros\Downloads\The.Magnificent.Seven.2016.720p.BRRip.x264.AAC-ETRG
2017-05-06 00:22 - 2017-05-06 11:36 - 00000000 ____D C:\Users\alexandros\Downloads\Jack.Reacher.Never.Go.Back.2016.720p.BRRip.x264.AAC-ETRG
2017-05-05 23:27 - 2017-05-06 00:22 - 00000000 ____D C:\Users\alexandros\Downloads\XXx Return Of Xander Cage (2017) [YTS.AG]
2017-05-04 20:10 - 2017-05-08 12:34 - 00002174 _____ C:\Users\alexandros\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\f.lux.lnk
2017-05-04 20:09 - 2017-05-04 20:10 - 00744744 _____ C:\Users\alexandros\Downloads\flux-setup4.exe
2017-05-04 20:09 - 2017-05-04 20:09 - 00496896 _____ C:\Users\alexandros\Downloads\flux-setup.exe
2017-05-04 00:20 - 2017-05-04 00:59 - 535238010 _____ C:\Users\alexandros\Downloads\IGG-HalMinutHerThSecoComiIncl.DLC.rar
2017-05-03 19:41 - 2017-05-10 16:43 - 00000000 ____D C:\Users\alexandros\AppData\Local\PeaceDeath
2017-05-03 19:40 - 2017-05-03 19:40 - 00000000 ____D C:\Users\alexandros\Downloads\Peace.Death.v23.04.2017
2017-05-03 19:28 - 2017-05-03 19:35 - 48303445 ____R C:\Users\alexandros\Downloads\Peace.Death.v23.04.2017.rar
2017-05-03 19:09 - 2017-05-03 20:40 - 476255967 ____R C:\Users\alexandros\Downloads\Party.Hard.v1.4.5.Inclu.DLC.rar
2017-05-03 19:07 - 2017-05-03 19:10 - 00000000 ____D C:\Users\alexandros\Downloads\Owlboy
2017-05-03 19:04 - 2017-05-03 19:42 - 189395684 ____R C:\Users\alexandros\Downloads\CrossCode.v0.9.1-1.rar
2017-05-03 13:10 - 2017-05-08 20:33 - 00000000 ____D C:\Users\alexandros\Desktop\JavaUni
2017-05-03 12:48 - 2017-05-03 19:27 - 00000000 ____D C:\Users\alexandros\Desktop\UKMailExtract
2017-05-01 23:25 - 2017-05-01 23:25 - 00000000 ____D C:\Users\alexandros\AppData\Local\Tempzxpsign419d545c3291855c
2017-05-01 23:25 - 2017-05-01 23:25 - 00000000 ____D C:\Users\alexandros\AppData\Local\Tempzxpsign3222b575aed60aea
2017-05-01 23:24 - 2017-05-01 23:24 - 00000000 ____D C:\Users\alexandros\AppData\Local\Tempzxpsign6d79ab18fceb25b4
2017-05-01 23:24 - 2017-05-01 23:24 - 00000000 ____D C:\Users\alexandros\AppData\Local\Tempzxpsign232a8b25d7977ea7
2017-04-30 23:06 - 2017-04-30 23:06 - 00000015 _____ C:\Users\alexandros\.node_repl_history
2017-04-29 20:55 - 2017-04-29 20:55 - 00000000 ____D C:\Users\alexandros\AppData\LocalLow\Steel Crate Games
2017-04-29 20:54 - 2017-04-29 20:54 - 00000000 ____D C:\Users\alexandros\Downloads\Keep.Talking.and.Nobody.Explodes.Update.27.01.2017
2017-04-29 20:29 - 2017-04-29 20:34 - 278258646 ____R C:\Users\alexandros\Downloads\Keep.Talking.and.Nobody.Explodes.Update.27.01.2017.rar
2017-04-29 15:14 - 2017-04-29 15:14 - 00000000 ____D C:\Users\alexandros\AppData\LocalLow\TotalMayhemGames
2017-04-29 04:24 - 2017-04-29 04:24 - 00000000 ____D C:\Users\alexandros\AppData\Local\YouTubeToMP3
2017-04-29 04:24 - 2017-04-29 04:24 - 00000000 ____D C:\Users\alexandros\AppData\Local\MediaHuman
2017-04-28 23:13 - 2017-04-28 23:13 - 00000000 ____D C:\Users\alexandros\Downloads\Kindergarten.v0.9
2017-04-28 23:13 - 2017-04-28 23:13 - 00000000 ____D C:\Users\alexandros\AppData\LocalLow\SmashGames
2017-04-28 23:11 - 2017-04-28 23:13 - 26564771 ____R C:\Users\alexandros\Downloads\Kindergarten.v0.9.rar
2017-04-28 13:24 - 2017-04-28 13:24 - 00088376 _____ C:\Users\alexandros\Desktop\3160128-3160044-3160045.zip
2017-04-28 13:23 - 2017-04-28 13:23 - 00052689 _____ C:\Users\alexandros\Desktop\3160128.zip
2017-04-25 17:07 - 2017-04-25 17:32 - 00000000 ____D C:\Users\alexandros\Downloads\Logan.2017.1080p.HC.HDRip.X264.AC3-EVO[EtHD]
2017-04-23 19:01 - 2017-04-23 19:01 - 00000000 ____H C:\windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2017-04-23 19:00 - 2017-05-10 19:54 - 00000000 ____D C:\Users\alexandros\AppData\Roaming\Samsung
2017-04-23 19:00 - 2017-04-23 19:00 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log
2017-04-23 19:00 - 2017-04-23 19:00 - 00000000 ____D C:\Users\alexandros\Documents\samsung
2017-04-23 19:00 - 2017-04-23 19:00 - 00000000 ____D C:\Users\alexandros\AppData\Local\Samsung
2017-04-23 18:59 - 2016-05-18 14:49 - 04659712 _____ (Dmitry Streblechenko) C:\windows\SysWOW64\Redemption.dll
2017-04-23 18:59 - 2016-05-18 14:49 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\windows\SysWOW64\secman.dll
2017-04-23 18:58 - 2017-05-10 19:53 - 00000000 ____D C:\Program Files (x86)\Samsung
2017-04-23 18:55 - 2017-04-23 18:55 - 00000000 ____D C:\Users\alexandros\AppData\Local\Downloaded Installations
2017-04-23 18:39 - 2017-05-10 19:54 - 00000000 ____D C:\ProgramData\Samsung
2017-04-23 18:39 - 2017-04-23 18:39 - 00000000 ____D C:\Program Files\SAMSUNG
2017-04-22 23:31 - 2017-04-22 23:33 - 00000000 ____D C:\Users\alexandros\Downloads\John.Wick.2014.720p.BluRay.x264-NeZu
2017-04-20 16:42 - 2017-04-20 16:42 - 00050456 _____ C:\Users\alexandros\qms-bmh3.bmp
2017-04-20 16:42 - 2017-04-20 16:42 - 00050456 _____ C:\Users\alexandros\qms-bmh2.bmp
2017-04-20 16:42 - 2017-04-20 16:42 - 00050456 _____ C:\Users\alexandros\qms-bmh1.bmp
2017-04-19 23:19 - 2017-05-02 02:45 - 00001868 _____ C:\Users\alexandros\Desktop\Receipt American Eagle.txt
2017-04-19 01:02 - 2017-04-19 01:02 - 00110144 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2017-04-15 21:31 - 2017-04-16 00:16 - 00000000 ____D C:\Users\alexandros\Downloads\Boyka.Undisputed.IV.2016.HDRip.XViD-ETRG
2017-04-14 20:14 - 2017-04-14 20:14 - 00000017 _____ C:\Users\alexandros\AppData\Local\resmon.resmoncfg
2017-04-12 22:04 - 2017-04-12 22:04 - 00000000 ____D C:\Users\alexandros\AppData\Local\Mozilla
2017-04-12 15:13 - 2017-04-06 13:16 - 03105268 _____ C:\Users\alexandros\Desktop\Quartus Assignment PDF.pdf
2017-04-10 03:35 - 2017-04-10 04:11 - 00000000 ____D C:\Users\alexandros\Downloads\Breaking Bad Season 5 Complete 720p.BRrip.Sujaidr

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-10 22:43 - 2015-10-24 11:10 - 00000000 ____D C:\Users\alexandros\AppData\Roaming\uTorrent
2017-05-10 22:41 - 2015-10-23 17:56 - 00000000 ____D C:\Users\alexandros\AppData\Roaming\Skype
2017-05-10 22:32 - 2013-08-22 15:36 - 00000000 ____D C:\windows\Inf
2017-05-10 22:31 - 2016-11-15 00:00 - 00000000 ____D C:\windows\LastGood
2017-05-10 22:31 - 2015-02-09 12:20 - 00000000 ____D C:\Program Files (x86)\Realtek
2017-05-10 22:17 - 2017-03-31 12:29 - 00000743 _____ C:\Users\alexandros\Desktop\yey.txt
2017-05-10 22:10 - 2015-02-09 13:10 - 00000000 ____D C:\windows\System32\Tasks\Lenovo
2017-05-10 22:03 - 2015-10-24 09:05 - 00003596 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4037906310-476860322-3803903097-1001
2017-05-10 22:02 - 2016-06-23 21:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2017-05-10 22:02 - 2016-05-06 17:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-05-10 22:01 - 2016-05-06 17:00 - 00000000 ____D C:\Program Files (x86)\Java
2017-05-10 21:59 - 2014-03-18 11:53 - 00865408 _____ C:\windows\system32\PerfStringBackup.INI
2017-05-10 21:57 - 2015-02-09 12:16 - 00095224 _____ (Khronos Group) C:\windows\SysWOW64\OpenCL.DLL
2017-05-10 21:57 - 2015-02-09 12:16 - 00091128 _____ (Khronos Group) C:\windows\system32\OpenCL.DLL
2017-05-10 21:46 - 2016-06-23 22:47 - 00000147 _____ C:\HaxLogs.txt
2017-05-10 21:46 - 2015-10-24 09:04 - 00000000 __RDO C:\Users\alexandros\OneDrive
2017-05-10 21:46 - 2015-10-24 08:58 - 00000000 __SHD C:\Users\alexandros\IntelGraphicsProfiles
2017-05-10 21:46 - 2013-08-22 16:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2017-05-10 21:44 - 2016-09-14 20:26 - 00001188 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-05-10 21:44 - 2015-10-24 08:58 - 00001453 _____ C:\Users\alexandros\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-05-10 21:44 - 2015-10-23 17:28 - 00002226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-10 21:43 - 2017-02-23 18:52 - 00000000 ____D C:\Users\alexandros\AppData\Roaming\Imminent
2017-05-10 21:43 - 2015-12-12 21:18 - 00000000 ____D C:\Program Files (x86)\Cheat Engine 6.4
2017-05-10 21:10 - 2017-02-05 02:00 - 00000314 _____ C:\windows\Tasks\Uninstaller_SkipUac_alexandros.job
2017-05-10 21:05 - 2015-10-23 21:56 - 00000000 ____D C:\Program Files (x86)\Steam
2017-05-10 20:57 - 2016-12-19 23:05 - 00000000 ____D C:\Users\alexandros\AppData\Local\CrashDumps
2017-05-10 20:55 - 2016-06-09 16:55 - 00000000 ____D C:\Program Files (x86)\HP
2017-05-10 20:47 - 2015-02-09 12:20 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-05-10 20:37 - 2013-08-22 16:44 - 00653792 _____ C:\windows\system32\FNTCACHE.DAT
2017-05-10 20:36 - 2016-06-09 16:54 - 00000000 ____D C:\ProgramData\HP
2017-05-10 20:36 - 2013-08-22 15:25 - 00262144 ___SH C:\windows\system32\config\BBI
2017-05-10 20:35 - 2015-02-09 13:08 - 00000000 ____D C:\ProgramData\Package Cache
2017-05-10 20:34 - 2015-02-09 13:09 - 00000000 ____D C:\Program Files (x86)\Lenovo
2017-05-10 20:31 - 2015-12-21 14:43 - 00000000 ____D C:\Program Files (x86)\Pidgin
2017-05-10 20:24 - 2016-08-28 22:40 - 00000000 ____D C:\ProgramData\Avira
2017-05-10 20:17 - 2015-02-09 13:19 - 00000000 ____D C:\ProgramData\CyberLink
2017-05-10 20:17 - 2015-02-09 13:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2017-05-10 20:15 - 2015-02-09 13:25 - 00000000 ____D C:\ProgramData\Energy Manager
2017-05-10 20:12 - 2015-02-09 13:11 - 00000000 ____D C:\Program Files\lenovo
2017-05-10 20:08 - 2016-01-11 22:13 - 00000000 ____D C:\ProgramData\Sony
2017-05-10 20:08 - 2015-12-21 14:07 - 00000000 ____D C:\Program Files\MyPortal
2017-05-10 20:07 - 2016-07-22 19:45 - 00000000 ____D C:\ProgramData\Apple
2017-05-10 20:07 - 2016-01-11 22:13 - 00000000 ____D C:\Program Files (x86)\Sony
2017-05-10 19:59 - 2015-10-24 08:55 - 00000000 ____D C:\Users\alexandros
2017-05-10 19:51 - 2016-05-07 12:04 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-05-10 18:05 - 2016-12-14 22:54 - 00000000 ____D C:\Users\alexandros\AppData\Local\NPE
2017-05-10 17:14 - 2016-12-14 23:01 - 00000000 ____D C:\NPE
2017-05-10 17:13 - 2017-03-24 19:36 - 00000000 ____D C:\Program Files\TrueKey
2017-05-10 17:08 - 2017-02-25 05:34 - 00082992 _____ C:\windows\ntbtlog.txt.bak
2017-05-10 17:04 - 2015-10-24 10:21 - 01751040 ___SH C:\Users\alexandros\Downloads\Thumbs.db
2017-05-10 02:00 - 2015-10-23 18:38 - 00000000 ____D C:\Users\alexandros\AppData\Local\Adobe
2017-05-09 22:32 - 2016-11-23 19:01 - 00000000 ____D C:\Users\alexandros\Desktop\html5
2017-05-09 20:52 - 2015-10-23 17:35 - 00000000 ____D C:\ProgramData\ProductData
2017-05-07 19:33 - 2015-10-24 13:09 - 04835328 ___SH C:\Users\alexandros\Desktop\Thumbs.db
2017-05-07 14:54 - 2013-08-22 17:36 - 00000000 ____D C:\windows\AppReadiness
2017-05-04 14:26 - 2017-03-24 19:48 - 00001204 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk
2017-05-03 19:41 - 2016-04-11 20:01 - 00000000 ____D C:\Users\alexandros\AppData\Roaming\SmartSteamEmu
2017-05-03 11:56 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2017-05-01 23:26 - 2015-10-24 08:58 - 00000000 ____D C:\Users\alexandros\AppData\Roaming\Adobe
2017-05-01 23:23 - 2015-10-24 11:15 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-04-30 23:09 - 2016-12-19 18:20 - 00000000 ____D C:\Users\alexandros\AppData\Roaming\npm
2017-04-30 23:08 - 2016-12-19 18:26 - 00000000 ____D C:\Users\alexandros\AppData\Roaming\npm-cache
2017-04-28 21:36 - 2017-04-08 16:11 - 00000000 ____D C:\Users\alexandros\Desktop\eBayListing
2017-04-28 13:23 - 2016-11-12 10:32 - 00000000 ____D C:\Users\alexandros\Desktop\Java
2017-04-28 13:03 - 2015-10-23 17:25 - 00003330 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-28 13:03 - 2015-10-23 17:25 - 00003202 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-23 19:09 - 2013-08-22 17:36 - 00000000 ____D C:\windows\ModemLogs
2017-04-23 19:03 - 2017-03-25 18:49 - 00000000 ____D C:\Users\alexandros\Desktop\BG Videos
2017-04-22 19:03 - 2015-02-09 13:12 - 00000000 ____D C:\ProgramData\McAfee
2017-04-21 05:41 - 2017-04-04 23:27 - 00000000 ____D C:\Users\alexandros\Desktop\Quartus PDF
2017-04-21 00:54 - 2017-04-04 19:21 - 00000000 ____D C:\Users\alexandros\Desktop\Quartus Uni Assignment
2017-04-21 00:54 - 2017-03-25 18:50 - 00029651 _____ C:\Users\alexandros\quartus2.qreg
2017-04-20 16:42 - 2017-03-25 18:51 - 00009538 _____ C:\Users\alexandros\quartus_web_rules_file.txt
2017-04-20 16:15 - 2017-03-24 19:48 - 00003348 _____ C:\windows\System32\Tasks\McAfee Remediation (Prepare)
2017-04-20 03:15 - 2017-03-24 19:48 - 00000000 ____D C:\Program Files\Common Files\McAfee
2017-04-19 01:04 - 2016-05-06 17:00 - 00000000 ____D C:\ProgramData\Oracle
2017-04-19 01:01 - 2016-06-23 21:40 - 00000000 ____D C:\Program Files\Java
2017-04-13 13:55 - 2015-10-27 04:38 - 00001213 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2017-04-13 13:55 - 2015-10-27 04:38 - 00000000 ____D C:\Program Files\paint.net
2017-04-11 13:24 - 2017-04-06 23:40 - 00000000 ____D C:\Users\alexandros\Desktop\eBay Resources

==================== Files in the root of some directories =======

2016-12-24 15:59 - 2017-01-18 17:03 - 0000600 _____ () C:\Users\alexandros\AppData\Local\PUTTY.RND
2017-04-14 20:14 - 2017-04-14 20:14 - 0000017 _____ () C:\Users\alexandros\AppData\Local\resmon.resmoncfg
2015-02-09 12:22 - 2015-02-09 12:22 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-06-09 16:54 - 2017-05-10 21:06 - 0008779 _____ () C:\ProgramData\hpzinstall.log
2016-03-17 15:19 - 2016-03-17 15:19 - 0000074 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat

Files to move or delete:
====================
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat


Some files in TEMP:
====================
2016-08-28 23:00 - 2016-10-07 02:50 - 0000000 ____D () C:\Users\alexandros\AppData\Local\Temp\avgnt.exe
2017-05-10 20:05 - 2017-05-10 20:05 - 7094520 _____ () C:\Users\alexandros\AppData\Local\Temp\paint.net.4.0.16.install.exe
2017-01-31 21:11 - 2017-03-25 20:13 - 57547224 _____ (Skype Technologies S.A.) C:\Users\alexandros\AppData\Local\Temp\SkypeSetup.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-05-10 10:56

==================== End of FRST.txt ============================

 

The addition.txt can be found attached on this post. Keep in mind by DNS has manually been set to 8.8.8.8, which is Google's DNS service.

 

Addition.txt

Link to post
Share on other sites

Thanks for those logs, continue with the following:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes deal with any found entries... Then select "Export Summary" then "Text File (*.txt)" name that log and save , you can copy or attach that to your reply...

Next,

Download AdwCleaner by Xplode onto your Desktop.

Or from this Mirror
 
  • Double click on Adwcleaner.exe to run the tool
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...


Next,

user posted imageEmsisoft Emergency Kit
  • Click Here to download Emsisoft Emergency Kit. The download will automatically start after a moment.
  • Save EmsisoftEmergencyKit.exe to your Desktop.
  • Double click on EmsisoftEmergencyKit.exe (Windows Vista/7/8/10 users: Accept UAC warning if it is enabled). A screen like this will appear:
    user posted image
     
  • Leave everything as it is, then click Extract. This will unpack Emsisoft Emergency Kit to the EEK folder located in the root drive (usually C:\).
  • Once the extraction is done, an icon will appear on your Desktop. Double click it to start Emsisoft Emergency Kit.
    user posted image
     
  • Wait for Emsisoft Emergency Kit to finish loading signatures. A screen like this should appear:
    user posted image
     
  • Choose Yes, then wait for EEK to finish updating.
  • Choose Malware Scan under the Scan button. When EEK asks to activate PUP detection, choose Yes.
  • Wait for the scan to finish.
    user posted image
     
  • If EEK detects something, all detected items will be displayed. Place a checkmark before everything, then choose Quarantine Selected.
  • If Emsisoft Emergency Kit asks to reboot, please do so immediately.
  • The scan log is located in Logs -> Scan Logs. Click on the entry of the latest scan, choose Export and save the report on your Desktop.
    user posted image
     
  • Please Copy and Paste the contents of the scan log in your next reply.


Let me see those logs, also tell me if there are any remaining issues or concerns...

Thank you,

Kevin

 

 

fixlist.txt

Link to post
Share on other sites

As a reply to your first point about the DNS, this google developer page says it is actually a Public Google DNS. Could this be the issue I've been having with Google requesting human verification due to suspicious Google requests?

I will thoroughly explain what happened in each step:

1. FRST required a re-boot after concluding the fix (Became unresponsive during some times, I am guessing this is normal). It also cleaned my Recycling Bin where I had a couple of go-to stuff I restore but it's okay. I opened Chrome to proceed to step 2 and the Mail.ru extension asked permission which I denied. Attached Fixlog.txt log.

2. Scan for rootkits was ticked off although I had manually initiated a full (?) scan from the Scan tab. 3 Threats were identified in the "Scan File System" step. CrackTool.Agent (From a steam_api.dll, I think I know why this one popped up), Backdoor.Bladabindi (Found on the SQLi Dumper rar file, most likely the source of the attack then.) and RiskWare.Agent.MSIL (From another rar file titled "playstationnetwork.rar" containing a supposedly leaked version of the now released Remote Play software). Requested re-boot which I did immediately. I opened Chrome to proceed to step 3 and the Mail.ru extension did not appear this time (Likely related to the denial during the first re-boot). Attached MalwarebytesLog.txt log.

3. I downloaded the AdwCleaner file (It was owned by xPlode but now is under the Malwarebytes family) and initiated the scan. A total of 76 threats were detected. For some reason it found every and any instance of ASC (Advanced System Care) as a threat. It also finally removed the Lenovo stock-webpages. I restarted the browser as requested by the program. The log file opened upon re-boot and I copied it to my clipboard just in case I couldn't find it and I actually was unable to find it on the Desktop/the folder the program was run from. Proceeding to step 4. Attached AdwLog.txt log.

4. I initiated the Emsisoft Emergency Kit download and then opened and proceeded through the installation process. I updated the program and then initiated the scan. The scan found only one hit, a very old "free youtube downloader" file (circa-2014). I quarantined the file and exported the log to my Desktop. Attached Scan_170511-011309.txt log.

As far as any remaining issues or concerns, there are a couple of questions I would like to ask you if you would like to answer them (Completely understandable if not). I can write them as a follow up reply. Please let me know if there is anything wrong with the logs and thank you very much for what you've done thus far.

AdwLog.txt

Fixlog.txt

Scan_170511-011309.txt

MalwarebytesLog.txt

Link to post
Share on other sites

Thanks for those logs, continue with the following;

Please download Zemana AntiMalware and save it to your Desktop.
 
  • Install the program and once the installation is complete it will start automatically.
  • Without changing any options, press Scan to begin.
  • After the short scan is finished, if threats are detected press Next to remove them.
    Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please re-boot your computer manually.
     
  • Open Zemana AntiMalware again.
  • Click on user posted image icon and double click the latest report.
  • Now click File > Save As and choose your Desktop before pressing Save.
  • Attach saved report in your next message.


Let me see that log, also please let me see your questions....

Also let me know if mail ru persists when you open Chrome, is it the only browser affected..

Thank you,

Kevin

 

Link to post
Share on other sites

Mail.ru stopped appearing since the first step was taken (The FRST fixlist). I downloaded the file you requested and run the Scan as per your request. Only a suspicious firefox setting was found.

Interesting to note is while speedtest.net shows a speed of 3.5Mbps, the browser feels way sluggish compared to what I am used to after conducting all the fixes and restarts. (Sluggish on initial website load, videos et. al. stream just fine).

Log:
 

Zemana AntiMalware 2.72.2.388 (Installed)

-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2017/5/11
Operating System       : Windows 8.1 64-bit
Processor              : 4X Intel(R) Core(TM) i3-4005U CPU @ 1.70GHz
BIOS Mode              : UEFI
CUID                   : 12F30E2EF9BE614D508311
Scan Type              : System Scan
Duration               : 68m 26s
Scanned Objects        : 444585
Detected Objects       : 1
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : Enabled
Detect All Extensions  : Disabled
Scan Documents         : Disabled
Domain Info            : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

Firefox Search
Status             : Scanned
Object             : findit - http://feed.sonic-search.com
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Firefox Search


Cleaning Result
-------------------------------------------------------
Cleaned               : 1
Reported as safe      : 0
Failed                : 0
 

Now my questions. You can answer whichever you like and I completely understand if you don't answer any:

1. I can see that your replies are copy-pasted segments, do you have a go-to procedure to follow? ("User has virus B so he must to the steps on procedure B")
2. Are the training facilities offering education for free?
3. Which one did you go to/learn from?
4. I am currently in my first year at an Informatics University. We have a sub-division regarding Cyber-Security. Is Cyber-Security and Virus-Removal (Anti-Virus development etc.) different things?
5. Are ASC really harmful? I had a go-to USB to clean a PC from viruses that included ASC and I have used it a lot in the past for my friends, that is why I am asking.
6. Do you know any alternative to Hiren's Boot CD? It is outdated hence why I am asking (It is a first aid USB for all computers).

Thanks in advance!

Link to post
Share on other sites

How is your PC behaving now, do you have any remaining issues or concerns....

Question 1 - Yes I use pre-made responses, known as canned responses or c/r`s for short. I do make up my own but most Malware removal sites do have libraries where pre-made responses are held for use by authorized users. We tend to share c/r`s as new ones are created for new infections...

Question 2 - Yes training facilities are offered free, full list here:

Question 3 - I started at Geeks2Go, but completed and graduated at SpywareHammer.

Question 4 - Cyber-Security also known as Computer Security and IT Security is having the knowledge to implement Security, in regard to information technology (IT), in the defense of digital information and IT assets against internal and external, malicious and accidental threats. Such defenses includes detection, prevention and response to threats through the use of security policies, security software tools known as Cyber, Computer or IT services.
The knowledge you learn with regard to Cyber security will more than likely be sufficient to work Malware Removal sites. The training facilities quoted in the answer to Question 2 are more likely for people without any basic Cyber Security Training...

Question 5 - ASC also known as IOBit, does have a somewhat checkered history. I do not go into that history on open forum.

Question 6 - I do not use Hirens boot CD, I have known about it for many years. There are many alternatives that can be found by Google search if you prefer such tools.

Thank you,

Kevin...

Link to post
Share on other sites

Thank you for answering my questions Kevin,everything seems to be working just as it should be. If you could, I would appreciate it if you answered one more question:

1. I researched iObit a bit myself and understand where you are coming from. Is there any safe alternative to Driver Booster? Because it is a really useful program.

Link to post
Share on other sites

Hello again alekakoC,

Driver Booster or any other so called helpfull software is not always to be trusted, such 3rd party software nearly always comes at a price even though it is listed as Freeware. Usually any such software comes bundled with unwanted extras, foistware, toolbars, browser hi-jacker, unwanted ads, etc etc.. Many of the infections we remove have entered a system piggy-backed to so called freeware.

  I strongly advise against any 3rd party "Driver Updater" programs. Those kind of programs are not to be trusted and are usually capable of infecting your system. If you need to download drivers for any device, go to and download them straight from either your computer manufacturer website or the device/hardware manufacturer website. That will ensure that you have legitimate and working drivers.

Continue with the following to clean up tools etc..

Delete the following folders, if still present:

C:\ProgramData\Emsisoft
C:\Users\Andrew\Desktop\start emergency kit scanner - Shortcut.lnk
C:\EEK
C:\Users\{your user name}\Desktop\EmsisoftEmergencyKit.exe

Next,

Uninstall Zemana http://www.askvg.com/how-to-completely-uninstall-remove-a-software-program-in-windows-without-using-3rd-party-software/

Next,

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

 
  • Remove disinfection tools <----- this will remove tools we have used.
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
  • Reset system settings <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection


Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image

 

 

Link to post
Share on other sites

  • 2 weeks later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.