Jump to content

Repeating PUP.Optional.Delta


drool

Recommended Posts

Get these over and over.  Removed with adware remover, malware bytes premium and Hitman.  Then it comes back every time.

 

image.thumb.png.76741d280df5f7102d9aa7daa4bffd48.png

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2017 03
Ran by Aurora R4 (administrator) on AURORAR4-PC (12-11-2017 12:34:14)
Running from \\192.168.0.3\home\drool\tools
Loaded Profiles: Aurora R4 (Available Profiles: Aurora R4)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topimalwarelog.txtc/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Motorola Solutions, Inc.) C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Paessler AG) C:\Program Files (x86)\PRTG Network Monitor\PRTG Probe.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.3.225\WsAppService.exe
(Motorola Solutions, Inc.) C:\Program Files\Motorola\Bluetooth\obexsrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Paessler AG) C:\Program Files (x86)\PRTG Network Monitor\64 bit\PRTG Server.exe
(Motorola Solutions, Inc.) C:\Program Files\Motorola\Bluetooth\audiosrv.exe
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
(Corsair Components, Inc.) C:\Program Files (x86)\Corsair\Corsair Utility Engine\CUE.exe
(Motorola Solutions, Inc.) C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Alienware) C:\Program Files\Alienware\Command Center\ThermalController.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionController.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Extras\thunderbird\thunderbird.exe
() C:\Everquest\RoF2\eqgame.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) \\192.168.0.3\home\drool\tools\FRST64.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212560 2012-06-13] (Realtek Semiconductor)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [35216 2014-11-03] (Alienware)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files\Motorola\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-10-20] (Apple Inc.)
HKLM-x32\...\Run: [RUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Corsair Utility Engine] => C:\Program Files (x86)\Corsair\Corsair Utility Engine\CUE.exe [18848976 2017-08-04] (Corsair Components, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKU\S-1-5-21-825747656-2858291992-3786029302-1000\...\Run: [Google Update] => C:\Users\Aurora R4\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-09-11] (Google Inc.)
HKU\S-1-5-21-825747656-2858291992-3786029302-1000\...\Run: [GoogleChromeAutoLaunch_0607A5E45D9AA4D89CF541010F04F65F] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1451352 2017-09-21] (Google Inc.)
HKU\S-1-5-21-825747656-2858291992-3786029302-1000\...\MountPoints2: F - F:\LaunchU3.exe -a
HKU\S-1-5-21-825747656-2858291992-3786029302-1000\...\MountPoints2: G - Installer_Windows.exe
HKU\S-1-5-21-825747656-2858291992-3786029302-1000\...\MountPoints2: I - I:\Installer_Windows.exe
HKU\S-1-5-21-825747656-2858291992-3786029302-1000\...\MountPoints2: J - Installer_Windows.exe
HKU\S-1-5-21-825747656-2858291992-3786029302-1000\...\MountPoints2: {dd62b1de-152a-11e4-9a69-d1a2783d85d2} - H:\LaunchU3.exe -a

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{3DCD7308-1C02-4132-8FF7-409DFF844962}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{C29F2502-2C94-41A3-93AB-EAAEB76F0974}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2017-10-21] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-21] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: xnu5ivq4.default
FF ProfilePath: C:\Users\Aurora R4\AppData\Roaming\Mozilla\Firefox\Profiles\xnu5ivq4.default [2017-11-12]
FF Plugin: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-21] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-07-13] (Adobe Systems)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-14] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-14] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-07-18] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-07-18] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-26] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-26] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-07-13] (Adobe Systems)
FF Plugin HKU\S-1-5-21-825747656-2858291992-3786029302-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Aurora R4\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-09-11] (Google Inc.)
FF Plugin HKU\S-1-5-21-825747656-2858291992-3786029302-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Aurora R4\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-09-11] (Google Inc.)

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Aurora R4\AppData\Local\Google\Chrome\User Data\Default [2017-11-12]
CHR Extension: (Slides) - C:\Users\Aurora R4\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Docs) - C:\Users\Aurora R4\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\Aurora R4\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-26]
CHR Extension: (YouTube) - C:\Users\Aurora R4\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-26]
CHR Extension: (Listen Video - Youtube™ Music Player) - C:\Users\Aurora R4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbiapabbjlfcbfoedilflhnifandagoh [2017-08-26]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\Aurora R4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2017-09-26]
CHR Extension: (Google Play Music) - C:\Users\Aurora R4\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2017-10-14]
CHR Extension: (Sheets) - C:\Users\Aurora R4\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Google Docs Offline) - C:\Users\Aurora R4\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-26]
CHR Extension: (Google Hangouts) - C:\Users\Aurora R4\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2017-11-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Aurora R4\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-26]
CHR Extension: (Gmail) - C:\Users\Aurora R4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-26]
CHR Extension: (Chrome Media Router) - C:\Users\Aurora R4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-17]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [814688 2017-07-13] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-10-11] (Apple Inc.)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [647680 2017-05-14] (Macrovision Europe Ltd.) [File not signed]
R3 FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [1028096 2017-05-14] (Macrovision Europe Ltd.) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
S3 ioloEnergyBooster; C:\Program Files\Alienware\Command Center\ioloEnergyBooster.exe [6145872 2012-11-01] (iolo technologies, LLC)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-14] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-08-17] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-08-17] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-07-18] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-08-17] (NVIDIA Corporation)
R2 PRTGCoreService; C:\Program Files (x86)\PRTG Network Monitor\64 bit\PRTG Server.exe [11028568 2017-09-07] (Paessler AG)
R2 PRTGProbeService; C:\Program Files (x86)\PRTG Network Monitor\PRTG Probe.exe [11090520 2017-09-07] (Paessler AG)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.225\WsAppService.exe [473824 2017-05-05] (Wondershare)
S3 rpcapd; "%ProgramFiles(x86)%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles(x86)%\WinPcap\rpcapd.ini" [X]
S2 WsDrvInst; C:\Program Files (x86)\Wondershare\dr.fone toolkit for iOS\Library\DriverInstaller\DriverInstall.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 CorsairVBusDriver; C:\Windows\System32\DRIVERS\CorsairVBusDriver.sys [45528 2017-06-21] (Corsair)
R3 CorsairVHidDriver; C:\Windows\System32\DRIVERS\CorsairVHidDriver.sys [21968 2017-06-21] (Corsair)
R3 dcdbas; C:\Windows\System32\DRIVERS\dcdbas64.sys [48464 2015-06-18] (Dell Inc.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77432 2017-11-01] ()
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193464 2017-11-05] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [110016 2017-11-12] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [46008 2017-11-12] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2017-11-12] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [84256 2017-11-12] (Malwarebytes)
R3 mio; C:\Windows\System32\DRIVERS\mio.sys [7680 2011-05-04] (Dell/Alienware)
R2 npf; C:\Windows\System32\drivers\npf.sys [36600 2014-08-18] (Riverbed Technology, Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-08-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [48064 2017-08-17] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57976 2017-05-03] (NVIDIA Corporation)
R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [100352 2011-09-15] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [216064 2011-09-15] (Renesas Electronics Corporation)
S3 SaiK075C; C:\Windows\System32\DRIVERS\SaiK075C.sys [181920 2016-02-02] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [23968 2016-02-02] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [51616 2016-02-02] (Saitek)
S3 NTIOLib_Flash; \??\C:\Users\AURORA~1\AppData\Local\Temp\2WSX3EDC\NTIOLib_X64.sys [X] <==== ATTENTION

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-12 12:33 - 2017-11-12 12:34 - 000000000 ____D C:\FRST
2017-11-12 12:32 - 2017-11-12 12:32 - 002392576 _____ (Farbar) C:\Users\Aurora R4\Downloads\FRST64.exe
2017-11-12 12:24 - 2017-11-12 12:24 - 000001788 _____ C:\Users\Aurora R4\AppData\LocalLow\86abd04e.0
2017-11-12 11:57 - 2017-11-12 11:57 - 011584088 _____ (SurfRight B.V.) C:\Users\Aurora R4\Downloads\hitmanpro_x64.exe
2017-11-12 11:56 - 2017-11-12 11:56 - 008261584 _____ (Malwarebytes) C:\Users\Aurora R4\Downloads\adwcleaner_7.0.4.0.exe
2017-11-12 11:25 - 2017-11-12 12:08 - 000000000 ____D C:\ProgramData\HitmanPro
2017-11-12 11:20 - 2017-11-12 11:20 - 000004696 _____ C:\Users\Aurora R4\Desktop\JRT.txt
2017-11-12 11:09 - 2017-11-12 12:00 - 000000000 ____D C:\AdwCleaner
2017-11-10 19:41 - 2017-11-12 12:24 - 000001813 _____ C:\Users\Aurora R4\AppData\LocalLow\c8d68ad2.0
2017-11-06 10:05 - 2017-11-06 10:05 - 000001747 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-11-06 10:05 - 2017-11-06 10:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-11-06 10:05 - 2017-11-06 10:05 - 000000000 ____D C:\Program Files\iPod
2017-11-06 10:04 - 2017-11-06 10:05 - 000000000 ____D C:\Program Files\iTunes
2017-11-05 18:33 - 2017-11-12 12:24 - 000001366 _____ C:\Users\Aurora R4\AppData\LocalLow\81b9768f.1
2017-11-05 18:33 - 2017-11-12 12:24 - 000001260 _____ C:\Users\Aurora R4\AppData\LocalLow\3ad48a91.1
2017-11-05 13:14 - 2017-11-12 12:02 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-11-05 13:14 - 2017-11-12 11:34 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2017-11-05 13:14 - 2017-11-12 11:34 - 000110016 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-11-05 13:14 - 2017-11-12 11:34 - 000046008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-11-05 13:14 - 2017-11-05 13:14 - 000193464 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2017-11-05 13:14 - 2017-11-05 13:14 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-11-05 13:14 - 2017-11-05 13:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-11-05 13:13 - 2017-11-05 13:13 - 000000000 ____D C:\ProgramData\MB3CoreBackup
2017-11-05 12:28 - 2017-11-05 12:28 - 000000000 ____D C:\Users\Aurora R4\AppData\Local\Chris_Dziemborowicz
2017-11-05 12:28 - 2017-11-05 12:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hourglass
2017-11-05 12:28 - 2017-11-05 12:28 - 000000000 ____D C:\Program Files (x86)\Hourglass
2017-11-05 12:27 - 2017-11-05 12:27 - 001651816 _____ (Chris Dziemborowicz) C:\Users\Aurora R4\Downloads\HourglassInstaller.exe
2017-11-04 10:06 - 2017-11-12 12:24 - 000001483 _____ C:\Users\Aurora R4\AppData\LocalLow\7d453d8f.0
2017-10-29 18:22 - 2017-10-29 18:22 - 000000017 _____ C:\Users\Aurora R4\AppData\Local\resmon.resmoncfg
2017-10-27 12:47 - 2017-10-27 13:02 - 000000000 ____D C:\Users\Aurora R4\AppData\Roaming\obs-studio
2017-10-22 12:27 - 2017-10-22 12:27 - 000000000 ____D C:\Windows\pss
2017-10-22 12:03 - 2017-10-22 12:03 - 013930782 _____ C:\Users\Aurora R4\Downloads\rolath (4).zip
2017-10-22 11:45 - 2017-10-22 11:45 - 000000000 ____D C:\Users\Aurora R4\AppData\Local\Eff2EmtGUI
2017-10-22 11:43 - 2017-10-22 11:43 - 000000000 ____D C:\Users\Aurora R4\Downloads\Eff2EmtGUI
2017-10-22 11:42 - 2017-10-22 11:42 - 000011149 _____ C:\Users\Aurora R4\Downloads\Eff2EmtGUI.zip
2017-10-19 18:30 - 2017-10-19 18:30 - 013930104 _____ C:\Users\Aurora R4\Downloads\rolath (3).zip
2017-10-19 18:11 - 2017-10-19 18:11 - 000871952 _____ C:\Users\Aurora R4\Downloads\blackburrow2_set.zip
2017-10-16 19:04 - 2017-10-16 19:04 - 000906771 _____ C:\Users\Aurora R4\Downloads\setup-x86_64 (2).exe
2017-10-16 19:00 - 2017-10-16 19:00 - 000906771 _____ C:\Users\Aurora R4\Downloads\setup-x86_64 (1).exe
2017-10-16 19:00 - 2017-10-16 19:00 - 000871955 _____ C:\Users\Aurora R4\Downloads\setup-x86.exe
2017-10-16 18:51 - 2017-10-16 18:51 - 000053166 _____ C:\Users\Aurora R4\Downloads\processactivityview.zip
2017-10-16 18:50 - 2017-10-16 18:50 - 000068741 _____ C:\Users\Aurora R4\Downloads\processactivityview-x64.zip
2017-10-16 18:28 - 2017-10-16 18:32 - 000000000 ____D C:\Users\Aurora R4\temp
2017-10-16 18:21 - 2017-10-16 18:21 - 000000331 _____ C:\Users\Aurora R4\Downloads\Silent.7z
2017-10-13 13:29 - 2017-10-13 13:29 - 000001024 _____ C:\.rnd
2017-10-13 13:29 - 2017-10-13 13:29 - 000000000 ____D C:\ProgramData\Paessler
2017-10-13 13:29 - 2017-10-13 13:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PRTG Network Monitor
2017-10-13 13:29 - 2017-10-13 13:29 - 000000000 ____D C:\Program Files\WinPcap
2017-10-13 13:28 - 2017-11-12 11:34 - 000000000 ____D C:\Program Files (x86)\PRTG Network Monitor
2017-10-13 13:27 - 2017-10-13 13:27 - 000000000 ____D C:\ProgramData\TEMP
2017-10-13 13:26 - 2017-10-13 13:27 - 000000000 ____D C:\Users\Aurora R4\Downloads\prtg
2017-10-13 13:25 - 2017-10-13 13:26 - 170667303 _____ C:\Users\Aurora R4\Downloads\prtg.zip
2017-10-13 10:18 - 2017-10-13 10:18 - 008682270 _____ C:\Users\Aurora R4\Downloads\usb_driver.zip
2017-10-13 10:18 - 2017-10-13 10:18 - 000000000 ____D C:\Users\Aurora R4\Downloads\usb_driver
2017-10-13 09:44 - 2017-10-13 09:44 - 013732079 _____ C:\Users\Aurora R4\Downloads\rolath (2).zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-12 12:25 - 2017-05-13 20:36 - 000000000 ____D C:\ProgramData\NVIDIA
2017-11-12 12:24 - 2017-10-08 19:30 - 000001853 _____ C:\Users\Aurora R4\AppData\LocalLow\1d9c1e76.0
2017-11-12 12:24 - 2017-09-23 13:13 - 000002154 _____ C:\Users\Aurora R4\AppData\LocalLow\ccc9c6fe.0
2017-11-12 12:24 - 2017-09-23 13:13 - 000002085 _____ C:\Users\Aurora R4\AppData\LocalLow\d4c339cb.1
2017-11-12 12:24 - 2017-09-23 13:13 - 000001914 _____ C:\Users\Aurora R4\AppData\LocalLow\5f463884.0
2017-11-12 12:24 - 2017-09-11 13:13 - 000001504 _____ C:\Users\Aurora R4\AppData\LocalLow\3e7271e8.0
2017-11-12 12:24 - 2017-09-05 17:25 - 000001496 _____ C:\Users\Aurora R4\AppData\LocalLow\7c842986.0
2017-11-12 12:24 - 2017-09-05 17:25 - 000001353 _____ C:\Users\Aurora R4\AppData\LocalLow\111e6273.0
2017-11-12 12:24 - 2017-09-04 08:12 - 000001118 _____ C:\Users\Aurora R4\AppData\LocalLow\6e8bf996.0
2017-11-12 12:24 - 2017-09-03 12:13 - 000001553 _____ C:\Users\Aurora R4\AppData\LocalLow\b241f6a1.0
2017-11-12 12:24 - 2017-09-01 11:47 - 000001869 _____ C:\Users\Aurora R4\AppData\LocalLow\0f6a1bf3.0
2017-11-12 12:24 - 2017-09-01 11:47 - 000001687 _____ C:\Users\Aurora R4\AppData\LocalLow\58754cf2.0
2017-11-12 12:24 - 2017-09-01 11:47 - 000001268 _____ C:\Users\Aurora R4\AppData\LocalLow\9772ca32.0
2017-11-12 12:24 - 2017-09-01 11:47 - 000001223 _____ C:\Users\Aurora R4\AppData\LocalLow\a3896b44.0
2017-11-12 12:24 - 2017-09-01 11:47 - 000001154 _____ C:\Users\Aurora R4\AppData\LocalLow\c33a80d4.0
2017-11-12 12:24 - 2017-08-27 13:47 - 000001646 _____ C:\Users\Aurora R4\AppData\LocalLow\4bcd7fc4.0
2017-11-12 12:24 - 2017-08-27 13:47 - 000001398 _____ C:\Users\Aurora R4\AppData\LocalLow\85cde254.0
2017-11-12 12:24 - 2017-08-27 13:47 - 000001353 _____ C:\Users\Aurora R4\AppData\LocalLow\95aff9e3.0
2017-11-12 12:24 - 2017-08-26 21:56 - 000002150 _____ C:\Users\Aurora R4\AppData\LocalLow\01017373.0
2017-11-12 12:24 - 2017-08-26 21:56 - 000002113 _____ C:\Users\Aurora R4\AppData\LocalLow\c606d083.0
2017-11-12 12:24 - 2017-08-26 21:56 - 000002113 _____ C:\Users\Aurora R4\AppData\LocalLow\2816b6ee.0
2017-11-12 12:24 - 2017-08-26 21:56 - 000001999 _____ C:\Users\Aurora R4\AppData\LocalLow\f002c4f0.0
2017-11-12 12:24 - 2017-08-26 21:56 - 000001951 _____ C:\Users\Aurora R4\AppData\LocalLow\d4c339cb.0
2017-11-12 12:24 - 2017-08-26 21:56 - 000001833 _____ C:\Users\Aurora R4\AppData\LocalLow\059f258b.0
2017-11-12 12:24 - 2017-08-26 21:56 - 000001731 _____ C:\Users\Aurora R4\AppData\LocalLow\facacbc6.0
2017-11-12 12:24 - 2017-08-26 21:56 - 000001727 _____ C:\Users\Aurora R4\AppData\LocalLow\9c8cbefb.0
2017-11-12 12:24 - 2017-08-26 21:56 - 000001699 _____ C:\Users\Aurora R4\AppData\LocalLow\524d9b43.0
2017-11-12 12:24 - 2017-08-26 21:56 - 000001642 _____ C:\Users\Aurora R4\AppData\LocalLow\bf64f35b.0
2017-11-12 12:24 - 2017-08-26 21:56 - 000001618 _____ C:\Users\Aurora R4\AppData\LocalLow\34d760b2.0
2017-11-12 12:24 - 2017-08-26 21:56 - 000001585 _____ C:\Users\Aurora R4\AppData\LocalLow\ccb919f9.0
2017-11-12 12:24 - 2017-08-26 21:56 - 000001532 _____ C:\Users\Aurora R4\AppData\LocalLow\455f1b52.0
2017-11-12 12:24 - 2017-08-26 21:56 - 000001520 _____ C:\Users\Aurora R4\AppData\LocalLow\3c58f906.0
2017-11-12 12:24 - 2017-08-26 21:56 - 000001504 _____ C:\Users\Aurora R4\AppData\LocalLow\67495436.0
2017-11-12 12:24 - 2017-08-26 21:56 - 000001492 _____ C:\Users\Aurora R4\AppData\LocalLow\00673b5b.0
2017-11-12 12:24 - 2017-08-26 21:56 - 000001471 _____ C:\Users\Aurora R4\AppData\LocalLow\03e16f6c.0
2017-11-12 12:24 - 2017-08-26 21:56 - 000001467 _____ C:\Users\Aurora R4\AppData\LocalLow\23f4c490.0
2017-11-12 12:24 - 2017-08-26 21:56 - 000001447 _____ C:\Users\Aurora R4\AppData\LocalLow\219d9499.0
2017-11-12 12:24 - 2017-08-26 21:56 - 000001443 _____ C:\Users\Aurora R4\AppData\LocalLow\c7e2a638.0
2017-11-12 12:24 - 2017-08-26 21:56 - 000001366 _____ C:\Users\Aurora R4\AppData\LocalLow\bc3f2570.0
2017-11-12 12:24 - 2017-08-26 21:56 - 000001366 _____ C:\Users\Aurora R4\AppData\LocalLow\81b9768f.0
2017-11-12 12:24 - 2017-08-26 21:56 - 000001349 _____ C:\Users\Aurora R4\AppData\LocalLow\cf701eeb.0
2017-11-12 12:24 - 2017-08-26 21:56 - 000001349 _____ C:\Users\Aurora R4\AppData\LocalLow\69105f4f.0
2017-11-12 12:24 - 2017-08-26 21:56 - 000001337 _____ C:\Users\Aurora R4\AppData\LocalLow\399e7759.0
2017-11-12 12:24 - 2017-08-26 21:56 - 000001260 _____ C:\Users\Aurora R4\AppData\LocalLow\b0f3e76e.0
2017-11-12 12:24 - 2017-08-26 21:56 - 000001260 _____ C:\Users\Aurora R4\AppData\LocalLow\3ad48a91.0
2017-11-12 12:24 - 2017-08-26 21:56 - 000001228 _____ C:\Users\Aurora R4\AppData\LocalLow\1e8e7201.0
2017-11-12 12:24 - 2017-08-26 21:56 - 000001215 _____ C:\Users\Aurora R4\AppData\LocalLow\7999be0d.0
2017-11-12 12:24 - 2017-08-26 21:56 - 000001199 _____ C:\Users\Aurora R4\AppData\LocalLow\12d55845.0
2017-11-12 12:24 - 2017-08-26 21:56 - 000001142 _____ C:\Users\Aurora R4\AppData\LocalLow\594f1775.0
2017-11-12 12:24 - 2017-08-26 21:56 - 000000972 _____ C:\Users\Aurora R4\AppData\LocalLow\aaa45464.0
2017-11-12 12:24 - 2017-08-26 21:56 - 000000874 _____ C:\Users\Aurora R4\AppData\LocalLow\4d654d1d.0
2017-11-12 12:24 - 2017-08-26 21:56 - 000000833 _____ C:\Users\Aurora R4\AppData\LocalLow\7651b327.0
2017-11-12 12:24 - 2017-08-26 21:56 - 000000679 _____ C:\Users\Aurora R4\AppData\LocalLow\94fd8f8f.0
2017-11-12 12:18 - 2014-07-26 20:20 - 000000000 ____D C:\Users\Aurora R4\AppData\LocalLow\Mozilla
2017-11-12 12:13 - 2017-09-11 16:55 - 000000000 ____D C:\ProgramData\Wondershare
2017-11-12 12:13 - 2017-09-11 16:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2017-11-12 12:13 - 2017-09-11 16:55 - 000000000 ____D C:\Program Files (x86)\Wondershare
2017-11-12 11:43 - 2009-07-13 23:45 - 000022336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-11-12 11:43 - 2009-07-13 23:45 - 000022336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-11-12 11:39 - 2009-07-14 00:13 - 000782470 _____ C:\Windows\system32\PerfStringBackup.INI
2017-11-12 11:39 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2017-11-12 11:34 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-11-06 09:41 - 2009-07-14 00:08 - 000032596 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-11-05 12:28 - 2014-07-26 20:13 - 000000000 ____D C:\ProgramData\Package Cache
2017-11-01 08:54 - 2017-08-27 10:23 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-10-27 12:48 - 2017-05-14 21:40 - 000000000 ____D C:\Users\Aurora R4\AppData\Roaming\NVIDIA
2017-10-22 11:43 - 2017-08-26 21:11 - 000000000 ____D C:\Everquest
2017-10-21 07:13 - 2017-05-13 20:25 - 000000000 ____D C:\ProgramData\Oracle
2017-10-21 07:11 - 2017-05-13 20:25 - 000110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2017-10-21 07:11 - 2017-05-13 20:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-10-21 07:11 - 2017-05-13 20:25 - 000000000 ____D C:\Program Files\Java
2017-10-16 18:28 - 2014-07-26 19:37 - 000000000 ____D C:\Users\Aurora R4
2017-10-16 18:17 - 2017-05-14 20:33 - 000000000 ____D C:\Users\Aurora R4\AppData\Local\CrashDumps
2017-10-15 07:31 - 2017-08-26 22:16 - 000000000 ____D C:\Extras

==================== Files in the root of some directories =======

2017-10-29 18:22 - 2017-10-29 18:22 - 000000017 _____ () C:\Users\Aurora R4\AppData\Local\resmon.resmoncfg
2017-05-14 21:55 - 2017-05-14 23:03 - 000000080 _____ () C:\Users\Aurora R4\AppData\Local\X-Plane Installer.prf
2017-05-14 21:40 - 2017-05-14 21:40 - 000000040 _____ () C:\Users\Aurora R4\AppData\Local\x-plane_install_10.txt

Some files in TEMP:
====================
2011-12-05 06:18 - 2011-12-05 06:18 - 004322304 _____ () C:\Users\Aurora R4\AppData\Local\Temp\Installer_Windows.exe
2017-08-26 20:06 - 2017-08-26 20:06 - 000740416 _____ (Oracle Corporation) C:\Users\Aurora R4\AppData\Local\Temp\jre-8u144-windows-au.exe
2017-10-21 07:08 - 2017-10-21 07:08 - 001856576 _____ (Oracle Corporation) C:\Users\Aurora R4\AppData\Local\Temp\jre-8u151-windows-au.exe
2017-05-13 20:37 - 2017-06-07 18:38 - 000869016 _____ (NVIDIA Corporation) C:\Users\Aurora R4\AppData\Local\Temp\nvSCPAPI64.dll
2017-06-09 22:28 - 2017-06-07 18:38 - 000367552 _____ (NVIDIA Corporation) C:\Users\Aurora R4\AppData\Local\Temp\nvStInst.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-11-10 07:03

==================== End of FRST.txt ============================

Addition.txt

FRST.txt

image.png

Link to post
Share on other sites

Have done this multiple times.  At first I thought maybe it wasn't fixing it because Chrome has the "allow chrome to run in background" setting on.  But I got rid of that and tried twice more.  Still repeats.

Link to post
Share on other sites

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.