Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Got virus

Started by Seeci , Dec 27 2015 09:28 AM

  • This topic is locked This topic is locked

#1
Seeci
Posted 27 December 2015 - 09:28 AM

Seeci

    New Member

  • Member
  • Pip
  • 5 posts

I've run Hitman (free version) and it quarantined over 60 items. Recently I made the mistake of downloading games from IGG-Games. 

Hacktool:win32/keygen may be the culprit; I am not sure

Any and all help will be appreciated 

 

Edit: So I restarted my computer and all of my desktop icons are array - I even placed them back in order, but while I was running cmdprompt

they moved on their own. Chrome is taking 5 minutes or longer to start up and my folder files won't always respond.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-12-2015
Ran by See c (administrator) on SEECI (27-12-2015 09:20:08)
Running from C:\Users\See c\Desktop
Loaded Profiles: See c (Available Profiles: See c)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.15.458\AsusWSWinService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Video DSP\DriverMFTService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS GIFTBOX Desktop\ASUSGiftBoxDesktop.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6515.64021.0_x64__8wekyb3d8bbwe\HxMail.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6515.64021.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\FIRSTRUN.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Opera Software) C:\Program Files (x86)\Opera\32.0.1948.44\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\32.0.1948.44\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\32.0.1948.44\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\32.0.1948.44\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\32.0.1948.44\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\32.0.1948.44\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\32.0.1948.44\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\32.0.1948.44\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\32.0.1948.44\opera.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-12] (NVIDIA Corporation)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.15.458\ASUSWSLoader.exe [63272 2014-12-04] ()
HKLM-x32\...\Run: [ROGNB] => C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe [463872 2013-05-15] ()
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1679360 2012-02-28] (Wondershare)
HKU\S-1-5-21-2057217230-2044250391-2885226823-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3013712 2015-12-14] (Valve Corporation)
HKU\S-1-5-21-2057217230-2044250391-2885226823-1001\...\Run: [f.lux] => C:\Users\See c\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-2057217230-2044250391-2885226823-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22790776 2015-11-04] (Google)
HKU\S-1-5-21-2057217230-2044250391-2885226823-1001\...\Run: [Spotify Web Helper] => C:\Users\See c\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2030912 2015-10-21] (Spotify Ltd)
HKU\S-1-5-21-2057217230-2044250391-2885226823-1001\...\Run: [Spotify] => C:\Users\See c\AppData\Roaming\Spotify\Spotify.exe [7736128 2015-10-21] (Spotify Ltd)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.15.458\ASUSWSShellExt64.dll [2014-11-18] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.15.458\ASUSWSShellExt64.dll [2014-11-18] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.15.458\ASUSWSShellExt64.dll [2014-11-18] (ASUS Cloud Corporation.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{51ca7af0-cfff-4036-9798-362994dee931}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-2057217230-2044250391-2885226823-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com/?pc=ASJB
HKU\S-1-5-21-2057217230-2044250391-2885226823-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
SearchScopes: HKU\S-1-5-21-2057217230-2044250391-2885226823-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2057217230-2044250391-2885226823-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
 
FireFox:
========
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-09-03] (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
 
Chrome: 
=======
CHR StartupUrls: Profile 1 -> "hxxp://xckd.com/","hxxp://npr.com/"
CHR Profile: C:\Users\See c\AppData\Local\Google\Chrome\User Data\Default
CHR Profile: C:\Users\See c\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\See c\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-26]
CHR Extension: (Google Docs) - C:\Users\See c\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-26]
CHR Extension: (Google Drive) - C:\Users\See c\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-27]
CHR Extension: (YouTube) - C:\Users\See c\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Adblock Plus) - C:\Users\See c\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-12-08]
CHR Extension: (Google Search) - C:\Users\See c\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Wikiwand: Wikipedia Modernized) - C:\Users\See c\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\emffkefkbkpkgpdeeooapgaicgmcbolj [2015-09-26]
CHR Extension: (Google Sheets) - C:\Users\See c\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-26]
CHR Extension: (Google Docs Offline) - C:\Users\See c\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-14]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\See c\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2015-09-26]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\See c\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-09-27]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\See c\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2015-09-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\See c\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-26]
CHR Extension: (Gmail) - C:\Users\See c\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-26]
CHR HKU\S-1-5-21-2057217230-2044250391-2885226823-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\SEEC~1\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-09-27]
CHR HKU\S-1-5-21-2057217230-2044250391-2885226823-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.15.458\AsusWSWinService.exe [71168 2014-12-04] (ASUS Cloud Corporation) [File not signed]
R2 ASUSGiftBoxDekstop; C:\Program Files (x86)\ASUS\ASUS GIFTBOX Desktop\ASUSGIFTBOXDesktop.exe [304408 2015-03-05] (ASUS)
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2015-09-27] (BitRaider, LLC)
R2 DriverMFTService; C:\Program Files (x86)\Asus\ASUS Video DSP\DriverMFTService.exe [9728 2014-10-29] (ASUSTek Computer Inc.) [File not signed]
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [124520 2014-10-21] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [351120 2015-07-17] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-09-03] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-12] (NVIDIA Corporation)
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1045376 2015-12-23] (Enigma Software Group USA, LLC.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-09] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-09] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [101368 2015-09-23] (ASUS Corporation)
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2015-09-27] (BitRaider)
S3 dc1-controller; C:\Windows\System32\drivers\dc1-controller.sys [50688 2015-07-09] (Microsoft Corp.)
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2015-12-23] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-12-23] ()
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [263952 2015-07-14] (Intel Corporation)
R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [79528 2014-10-15] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-05] ( )
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [126976 2014-09-03] (Intel Corporation)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80920 2015-07-02] (McAfee, Inc.)
S3 mt7612US; C:\Windows\System32\drivers\mt7612US.sys [377864 2015-12-18] (MediaTek Inc.)
R3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3496216 2015-06-17] (Intel Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [895256 2015-07-07] (Realtek                                            )
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [751632 2015-05-14] (Realsil Semiconductor Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-09] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-17] (Apple, Inc.) [File not signed]
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-09] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-09] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-09] (Microsoft Corporation)
S3 WsAudioDevice_383; C:\Windows\system32\drivers\VirtualAudio.sys [31080 2015-02-02] (Wondershare)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-27 09:20 - 2015-12-27 09:20 - 00018211 _____ C:\Users\See c\Desktop\FRST.txt
2015-12-27 09:12 - 2015-12-27 09:12 - 00016148 _____ C:\WINDOWS\system32\SEECI_See c_HistoryPrediction.bin
2015-12-24 10:44 - 2015-12-27 09:20 - 00000000 ____D C:\FRST
2015-12-24 10:43 - 2015-12-24 10:43 - 02370560 _____ (Farbar) C:\Users\See c\Desktop\FRST64.exe
2015-12-23 16:43 - 2015-12-23 16:43 - 00003402 _____ C:\WINDOWS\System32\Tasks\SpyHunter4Startup
2015-12-23 16:43 - 2015-12-23 16:43 - 00001134 _____ C:\Users\See c\Desktop\SpyHunter.lnk
2015-12-23 16:43 - 2015-12-23 16:43 - 00000000 ____D C:\Users\See c\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2015-12-23 16:43 - 2015-12-23 16:43 - 00000000 ____D C:\Users\See c\AppData\Roaming\Enigma Software Group
2015-12-23 16:43 - 2015-12-23 16:43 - 00000000 _____ C:\autoexec.bat
2015-12-23 16:42 - 2015-12-23 16:43 - 00000000 ____D C:\sh4ldr
2015-12-23 16:41 - 2015-12-23 16:41 - 00022704 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys
2015-12-23 16:40 - 2015-12-23 16:40 - 00000000 ____D C:\Program Files\Enigma Software Group
2015-12-23 16:33 - 2015-12-23 16:33 - 00000000 ____D C:\$SysReset
2015-12-19 20:14 - 2015-12-20 12:01 - 00000000 ____D C:\Users\See c\Documents\The Witcher 3
2015-12-19 15:22 - 2015-12-19 15:22 - 00000222 _____ C:\Users\See c\Desktop\The Witcher 3 Wild Hunt.url
2015-12-18 23:14 - 2015-12-18 23:14 - 00377864 _____ (MediaTek Inc.) C:\WINDOWS\system32\Drivers\mt7612US.sys
2015-12-18 23:14 - 2015-12-18 23:14 - 00070008 _____ C:\WINDOWS\system32\Drivers\FW_ACC_00U.bin
2015-12-18 13:40 - 2015-12-18 13:40 - 00000000 ____D C:\Program Files\Samsung
2015-12-18 13:33 - 2015-12-18 13:40 - 00000000 ____D C:\ProgramData\Samsung
2015-12-18 13:29 - 2015-12-23 15:58 - 00000000 ____D C:\Users\See c\AppData\Roaming\Samsung
2015-12-18 13:29 - 2015-12-23 15:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-12-18 13:29 - 2015-12-18 13:33 - 00000000 ____D C:\Users\See c\Documents\samsung
2015-12-18 13:29 - 2015-12-18 13:29 - 00000000 ____D C:\Users\See c\Documents\SelfMV
2015-12-18 13:29 - 2015-12-18 13:29 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log
2015-12-18 13:29 - 2014-05-07 17:42 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\WINDOWS\SysWOW64\secman.dll
2015-12-17 22:15 - 2015-12-17 22:15 - 00320184 _____ C:\WINDOWS\Minidump\121715-32890-01.dmp
2015-12-17 14:44 - 2015-12-17 15:32 - 00000000 ____D C:\Users\See c\Documents\My Games
2015-12-17 14:44 - 2015-12-17 15:32 - 00000000 ____D C:\Users\See c\AppData\Local\My Games
2015-12-17 14:44 - 2015-12-17 14:44 - 00000000 ____D C:\ProgramData\Steam
2015-12-17 11:40 - 2015-12-17 11:42 - 00000000 ____D C:\Users\See c\AppData\Roaming\Apple Computer
2015-12-17 11:40 - 2015-12-17 11:40 - 00000000 ____D C:\Users\See c\AppData\Local\Apple Computer
2015-12-17 11:39 - 2015-12-17 11:39 - 00000000 ____D C:\Users\See c\AppData\Local\Apple
2015-12-17 11:39 - 2015-12-17 11:39 - 00000000 ____D C:\ProgramData\Apple Computer
2015-12-17 11:38 - 2015-12-17 15:24 - 00000000 ____D C:\ProgramData\Apple
2015-12-13 11:46 - 2015-12-19 15:46 - 00000000 ____D C:\Users\See c\Desktop\IGG games
2015-12-08 12:11 - 2015-12-01 01:01 - 02115936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2015-12-08 12:11 - 2015-12-01 00:03 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\gpuenergydrv.sys
2015-12-08 12:11 - 2015-11-30 23:54 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2015-12-08 12:11 - 2015-11-30 23:51 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-12-08 12:11 - 2015-11-30 23:49 - 04792320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-12-08 12:11 - 2015-11-30 23:02 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-12-08 12:11 - 2015-11-30 22:59 - 05455360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-12-08 12:11 - 2015-11-24 23:42 - 04532304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-12-08 12:11 - 2015-11-24 23:42 - 00168288 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.exe
2015-12-08 12:11 - 2015-11-24 23:41 - 01822280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-12-08 12:11 - 2015-11-24 23:40 - 00516448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-12-08 12:11 - 2015-11-24 23:33 - 03622272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-08 12:11 - 2015-11-24 23:32 - 00113184 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll
2015-12-08 12:11 - 2015-11-24 23:27 - 01366680 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-12-08 12:11 - 2015-11-24 23:12 - 04047288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-12-08 12:11 - 2015-11-24 23:11 - 01532984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-12-08 12:11 - 2015-11-24 23:09 - 01310880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2015-12-08 12:11 - 2015-11-24 23:01 - 02879024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-12-08 12:11 - 2015-11-24 22:59 - 00092992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll
2015-12-08 12:11 - 2015-11-24 22:49 - 01569280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-12-08 12:11 - 2015-11-24 22:49 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2015-12-08 12:11 - 2015-11-24 22:49 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-12-08 12:11 - 2015-11-24 22:49 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2015-12-08 12:11 - 2015-11-24 22:48 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EthernetMediaManager.dll
2015-12-08 12:11 - 2015-11-24 22:48 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMediaManager.dll
2015-12-08 12:11 - 2015-11-24 22:44 - 21872640 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-12-08 12:11 - 2015-11-24 22:42 - 24592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-08 12:11 - 2015-11-24 22:37 - 02350592 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-12-08 12:11 - 2015-11-24 22:36 - 01710592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2015-12-08 12:11 - 2015-11-24 22:36 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys
2015-12-08 12:11 - 2015-11-24 22:35 - 00929792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-12-08 12:11 - 2015-11-24 22:35 - 00845824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Magnify.exe
2015-12-08 12:11 - 2015-11-24 22:34 - 12504576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-12-08 12:11 - 2015-11-24 22:31 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMM.dll
2015-12-08 12:11 - 2015-11-24 22:30 - 00171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3mm.dll
2015-12-08 12:11 - 2015-11-24 22:30 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2015-12-08 12:11 - 2015-11-24 22:30 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2015-12-08 12:11 - 2015-11-24 22:29 - 01649152 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2015-12-08 12:11 - 2015-11-24 22:29 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ninput.dll
2015-12-08 12:11 - 2015-11-24 22:28 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-12-08 12:11 - 2015-11-24 22:28 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2015-12-08 12:11 - 2015-11-24 22:27 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-12-08 12:11 - 2015-11-24 22:26 - 00849408 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2015-12-08 12:11 - 2015-11-24 22:26 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2015-12-08 12:11 - 2015-11-24 22:25 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-12-08 12:11 - 2015-11-24 22:25 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2015-12-08 12:11 - 2015-11-24 22:23 - 19323392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-12-08 12:11 - 2015-11-24 22:23 - 03588096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-12-08 12:11 - 2015-11-24 22:23 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-12-08 12:11 - 2015-11-24 22:22 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2015-12-08 12:11 - 2015-11-24 22:22 - 01383424 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-12-08 12:11 - 2015-11-24 22:22 - 00603648 _____ (Microsoft Corporation) C:\WINDOWS\system32\duser.dll
2015-12-08 12:11 - 2015-11-24 22:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdgeoqw.dll
2015-12-08 12:11 - 2015-11-24 22:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZST.DLL
2015-12-08 12:11 - 2015-11-24 22:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZEL.DLL
2015-12-08 12:11 - 2015-11-24 22:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZE.DLL
2015-12-08 12:11 - 2015-11-24 22:19 - 01795584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-12-08 12:11 - 2015-11-24 22:19 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2015-12-08 12:11 - 2015-11-24 22:18 - 01233920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-12-08 12:11 - 2015-11-24 22:17 - 00774656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-12-08 12:11 - 2015-11-24 22:16 - 01442816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2015-12-08 12:11 - 2015-11-24 22:16 - 00786432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Magnify.exe
2015-12-08 12:11 - 2015-11-24 22:13 - 02153984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-12-08 12:11 - 2015-11-24 22:11 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ninput.dll
2015-12-08 12:11 - 2015-11-24 22:10 - 18801664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-12-08 12:11 - 2015-11-24 22:10 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2015-12-08 12:11 - 2015-11-24 22:10 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-12-08 12:11 - 2015-11-24 22:10 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2015-12-08 12:11 - 2015-11-24 22:08 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2015-12-08 12:11 - 2015-11-24 22:07 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2015-12-08 12:11 - 2015-11-24 22:05 - 11263488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-12-08 12:11 - 2015-11-24 22:04 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2015-12-08 12:11 - 2015-11-24 22:04 - 00480768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\duser.dll
2015-12-08 12:11 - 2015-11-24 22:04 - 00474624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-12-08 12:11 - 2015-11-24 22:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdgeoqw.dll
2015-12-08 12:11 - 2015-11-24 22:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZST.DLL
2015-12-08 12:11 - 2015-11-24 22:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZEL.DLL
2015-12-08 12:11 - 2015-11-24 22:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZE.DLL
2015-12-08 12:11 - 2015-11-24 20:52 - 00775312 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-12-08 12:11 - 2015-11-24 20:52 - 00775312 _____ C:\WINDOWS\system32\locale.nls
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-27 09:13 - 2015-09-26 20:27 - 00001654 _____ C:\Users\See c\Desktop\Chrome.lnk
2015-12-27 09:03 - 2015-09-26 19:30 - 00000000 ____D C:\Program Files (x86)\Steam
2015-12-27 09:00 - 2015-10-04 20:07 - 00004148 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E4478CDC-49DC-43E8-8A12-30CF966E81EF}
2015-12-27 08:57 - 2015-09-26 15:42 - 00000165 _____ C:\Users\See c\AppData\Roaming\sp_data.sys
2015-12-26 02:36 - 2015-09-26 18:26 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-25 22:43 - 2015-07-30 16:42 - 00000000 ____D C:\WINDOWS\rescache
2015-12-25 07:48 - 2015-07-30 16:42 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-24 10:45 - 2015-07-10 03:47 - 00000000 ____D C:\Windows
2015-12-24 10:41 - 2015-07-30 16:42 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-23 16:25 - 2015-10-07 16:13 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
2015-12-23 16:25 - 2015-09-26 18:26 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-23 16:24 - 2015-09-26 17:43 - 00000000 ____D C:\Users\See c
2015-12-23 16:24 - 2015-09-26 17:41 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-12-23 16:24 - 2015-09-26 15:40 - 00000000 __SHD C:\Users\See c\IntelGraphicsProfiles
2015-12-23 16:24 - 2015-07-30 15:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-23 16:23 - 2015-07-30 15:49 - 00201912 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-23 16:23 - 2015-07-10 03:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-12-23 15:58 - 2015-07-31 15:22 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-12-23 15:56 - 2015-07-30 16:40 - 00000000 ____D C:\WINDOWS\INF
2015-12-23 11:39 - 2015-09-26 17:58 - 00000000 ____D C:\Users\See c\AppData\Local\Comms
2015-12-18 23:35 - 2015-10-25 21:10 - 00000000 ____D C:\Users\See c\Documents\Witcher 2
2015-12-18 13:37 - 2015-07-30 16:42 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-12-17 22:23 - 2015-09-26 17:55 - 00875126 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-17 22:17 - 2015-07-30 16:42 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-12-17 22:15 - 2015-10-10 11:18 - 994225611 _____ C:\WINDOWS\MEMORY.DMP
2015-12-17 22:15 - 2015-10-10 11:18 - 00000000 ____D C:\WINDOWS\Minidump
2015-12-17 15:27 - 2015-10-03 20:08 - 00000000 ____D C:\Users\See c\Documents\My Digital Editions
2015-12-16 03:17 - 2015-10-16 19:33 - 00000000 ____D C:\Users\See c\AppData\Local\ElevatedDiagnostics
2015-12-15 19:50 - 2015-09-26 20:31 - 00000000 ___DC C:\WINDOWS\Panther
2015-12-15 19:48 - 2015-10-30 03:42 - 00000000 ___HD C:\$WINDOWS.~BT
2015-12-09 22:11 - 2015-09-26 21:02 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-12-09 22:07 - 2015-09-26 21:02 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-12-08 21:39 - 2015-09-29 21:08 - 00301728 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-12-08 12:48 - 2015-07-30 16:25 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-12-07 15:14 - 2015-10-21 22:59 - 00000000 ____D C:\Users\See c\AppData\Local\Spotify
2015-12-07 15:08 - 2015-10-21 22:59 - 00000000 ____D C:\Users\See c\AppData\Roaming\Spotify
2015-12-02 12:50 - 2015-09-27 11:52 - 00000000 ___RD C:\Users\See c\Google Drive
2015-12-02 12:31 - 2015-09-26 18:26 - 00003976 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-02 12:31 - 2015-09-26 18:26 - 00003744 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-11-30 18:32 - 2015-07-30 16:43 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-11-30 18:32 - 2015-07-30 16:43 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2015-09-26 15:42 - 2015-12-27 08:57 - 0000165 _____ () C:\Users\See c\AppData\Roaming\sp_data.sys
2015-09-27 19:39 - 2015-09-27 19:41 - 0007597 _____ () C:\Users\See c\AppData\Local\resmon.resmoncfg
2015-09-26 17:41 - 2015-09-26 17:41 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-04-10 04:45 - 2012-09-07 05:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2015-04-10 04:45 - 2009-07-22 04:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2015-04-10 04:45 - 2012-09-07 05:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
 
Some files in TEMP:
====================
C:\Users\See c\AppData\Local\Temp\McCSPInstall.dll
C:\Users\See c\AppData\Local\Temp\mccspuninstall.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-12-19 11:44
 
==================== End of FRST.txt ============================
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:23-12-2015
Ran by See c (2015-12-27 09:20:44)
Running from C:\Users\See c\Desktop
Windows 10 Home (X64) (2015-09-26 23:58:14)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2057217230-2044250391-2885226823-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2057217230-2044250391-2885226823-503 - Limited - Disabled)
Guest (S-1-5-21-2057217230-2044250391-2885226823-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2057217230-2044250391-2885226823-1003 - Limited - Enabled)
See c (S-1-5-21-2057217230-2044250391-2885226823-1001 - Administrator - Enabled) => C:\Users\See c
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2057217230-2044250391-2885226823-1001\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)
7-Zip 15.08 beta (x64) (HKLM\...\7-Zip) (Version: 15.08 - Igor Pavlov)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.0 - Adobe Systems Incorporated)
ASUS GIFTBOX Desktop (HKLM-x32\...\{4701E5AB-AF91-4D40-8F18-358CC80E4E5B}) (Version: 1.1.2 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.2 - ASUS)
ASUS ROG Gaming Mouse (HKLM-x32\...\{3B9E171F-A955-4834-B877-447C0A437260}) (Version: 2.00.026 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.5 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.05.0001 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.1 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.29 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0037 - ASUS)
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
Device Setup (HKLM-x32\...\{1F07F2C7-596F-4F34-B805-2C61A3E50E5A}) (Version: 1.0.20 - ASUSTek Computer Inc.)
f.lux (HKU\S-1-5-21-2057217230-2044250391-2885226823-1001\...\Flux) (Version:  - )
Foxit PhantomPDF (HKLM-x32\...\{045A0488-55C1-45B1-9992-4B4134904D61}) (Version: 7.0.59.127 - Foxit Software Inc.)
GNU Privacy Guard (HKLM-x32\...\GnuPG) (Version: 1.4.19 - Free Software Foundation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Drive (HKLM-x32\...\{1C3D2F92-D25E-4D98-B810-3F3B0857BF26}) (Version: 1.26.0707.2863 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1018 - Intel Corporation)
Intel® Chipset Device Software (x32 Version: 10.0.22 - Intel® Corporation) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.28.1006 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4062 - Intel Corporation)
Intel® Wireless Bluetooth®(patch version 17.1.1440.2) (HKLM\...\{302600C1-6BDF-4FD1-1409-148929CC1385}) (Version: 17.1.1409.0486 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{9bffdf20-c3a3-4e93-9cbf-61712c6a38be}) (Version: 17.13.2 - Intel Corporation)
Maxx Audio Installer (x64) (Version: 1.6.4882.94 - Waves Audio Ltd.) Hidden
METAL GEAR SOLID V: GROUND ZEROES (HKLM-x32\...\Steam App 311340) (Version:  - Kojima Productions)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
NVIDIA Graphics Driver 345.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 345.05 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Opera Stable 32.0.1948.44 (HKLM-x32\...\Opera 32.0.1948.44) (Version: 32.0.1948.44 - Opera Software)
OverDrive for Windows (HKLM-x32\...\{36994F59-D10D-46DD-A040-C5D095C2A3E9}) (Version: 3.4.1 - OverDrive, Inc.)
PixelMaster Video HDR (HKLM\...\{65302154-AAF6-4020-A070-76CAA9CEC8D3}) (Version: 1.1.23 - ASUS)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21260 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.34.617.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7417 - Realtek Semiconductor Corp.)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-2057217230-2044250391-2885226823-1001\...\Spotify) (Version: 1.0.16.104.g3b776c9e - Spotify AB)
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.21.10.4584 - Enigma Software Group, LLC)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version:  - CD PROJEKT RED)
The Witcher 3: Wild Hunt (HKLM-x32\...\Steam App 292030) (Version:  - CD PROJEKT RED)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WAKFU (HKLM-x32\...\Steam App 215080) (Version:  - Ankama Studio)
Wargame: Red Dragon (HKLM-x32\...\Steam App 251060) (Version:  - Eugen Systems)
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.1.15.458 - ASUS Cloud Corporation)
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
Windows Driver Package - ASUS (ATP) Mouse  (08/01/2015 10.0.0.5) (HKLM\...\B267A462F49A1ACD7A2EC5C262BA0DC7D7B23891) (Version: 08/01/2015 10.0.0.5 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.0.1 - ASUS)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
15-12-2015 13:49:22 Scheduled Checkpoint
17-12-2015 11:39:11 Installed iTunes
18-12-2015 13:28:59 Installed Samsung Kies3
19-12-2015 15:46:39 Removed Samsung Kies3
23-12-2015 15:58:06 Removed Smart Switch
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {05900A47-D84A-488B-A998-45121546B40A} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2014-11-03] ()
Task: {3A20B999-3DA9-439D-84A8-6067682E200E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {3EBFE3DD-66A7-401A-BAAF-F0709F540F9D} - System32\Tasks\{6D26D858-DA90-4EB6-AA0A-B9A6030DDD18} => pcalua.exe -a "C:\Users\See c\Downloads\KBFilter_Win81_64_VER1005\PNPINST64.exe" -d "C:\Users\See c\Downloads\KBFilter_Win81_64_VER1005"
Task: {487D82A5-896C-4E71-B1E9-298D02E83148} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-12-04] (Realtek Semiconductor)
Task: {5EDF6C1D-50D0-413B-B8DA-161716992E53} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {6874765A-CE66-42C0-A334-4ACB235778C5} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {816572D7-8C79-4AC8-9306-105907656E1A} - System32\Tasks\Opera scheduled Autoupdate 1443317334 => C:\Program Files (x86)\Opera\launcher.exe [2015-09-17] (Opera Software)
Task: {8373BD7B-5AFA-4667-A2BF-3E8C987CE932} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-09] (Microsoft Corporation)
Task: {8D1CDCD0-C5E3-450F-85A3-F6C6E6E06CA4} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-12-26] (Realtek Semiconductor)
Task: {A2B10526-9360-4956-9923-9C4179E8D0B2} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2014-11-05] (ASUS)
Task: {A88AF517-5C64-4170-A148-C46B039704A6} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {B4D69965-246B-4F8C-BE17-FD86A98A389F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-26] (Google Inc.)
Task: {B5AB9C9A-E6D5-4E99-8F42-57ED5DE777CC} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2014-12-17] (ASUSTek Computer Inc.)
Task: {BB57E8B2-B9F2-4A2A-A4CD-02983C23646E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-26] (Google Inc.)
Task: {BD40FDC9-E180-48BD-96BF-EED1CB76BA2A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {D25F36D5-9700-4A37-A5D4-BAB4C3A47030} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2015-12-23] (Enigma Software Group USA, LLC.)
Task: {E4DB7DFD-FDF8-47D3-9C26-1C39709CA0C8} - System32\Tasks\Microsoft\Office\Microsoft Office Touchless Attach Notification => C:\Program Files (x86)\Microsoft Office\Office15\FirstRun.exe [2015-03-14] (Microsoft Corporation)
Task: {F0F490E1-3163-4799-9AFF-48C3DAFCDCD2} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2014-06-11] (ASUSTek Computer Inc.)
Task: {F21F1823-400C-4525-B121-978C65A520F8} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2015-03-03] (ASUSTek Computer Inc.)
Task: {F8E1769C-F0F1-4978-9152-C00E7BBE7A6C} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2015-09-23] (AsusTek)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-07-09 21:33 - 2015-07-09 21:33 - 00028160 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-09-09 23:08 - 2015-09-09 23:08 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-09-26 17:40 - 2015-07-13 11:37 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-09-09 23:08 - 2015-09-09 23:08 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-10-01 23:06 - 2015-09-17 00:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-01 23:06 - 2015-09-17 00:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-07-17 23:35 - 2015-07-17 23:35 - 00396688 _____ () C:\WINDOWS\system32\igfxTray.exe
2015-10-01 23:06 - 2015-09-16 23:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-09 21:13 - 2015-07-09 21:13 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
2015-12-08 12:11 - 2015-11-24 22:20 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-08 12:11 - 2015-11-24 22:17 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-08 12:11 - 2015-11-24 22:17 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-01 23:06 - 2015-09-16 23:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-09 21:13 - 2015-09-09 23:08 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2015-07-31 15:38 - 2013-05-15 15:39 - 00463872 _____ () C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe
2015-09-09 23:08 - 2015-09-09 23:08 - 00293376 _____ () C:\WINDOWS\SYSTEM32\textinputframework.dll
2014-11-05 13:44 - 2014-11-05 13:44 - 00037424 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2014-11-05 13:44 - 2014-11-05 13:44 - 00124928 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2014-09-03 12:03 - 2014-09-03 12:03 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-09-26 19:28 - 2015-09-17 03:00 - 59656824 _____ () C:\Program Files (x86)\Opera\32.0.1948.44\opera.dll
2015-09-26 19:28 - 2015-09-17 03:00 - 01881208 _____ () C:\Program Files (x86)\Opera\32.0.1948.44\libglesv2.dll
2015-09-26 19:28 - 2015-09-17 03:00 - 00081528 _____ () C:\Program Files (x86)\Opera\32.0.1948.44\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2057217230-2044250391-2885226823-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\See c\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img3.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-2057217230-2044250391-2885226823-1001\...\StartupApproved\Run: => "f.lux"
HKU\S-1-5-21-2057217230-2044250391-2885226823-1001\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-2057217230-2044250391-2885226823-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2057217230-2044250391-2885226823-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2057217230-2044250391-2885226823-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2057217230-2044250391-2885226823-1001\...\StartupApproved\Run: => "Spotify Web Helper"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{1F1D2871-3088-4B74-A81B-C8E4C8BE157F}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{276926AD-412E-4EE5-82F0-544D308690DB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{66BA0C33-0E21-4853-A118-58770D72A45B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{40EC0B1D-44A8-425D-998A-4C8AC9C31BE5}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{E947509E-F923-4FDB-995B-22E61CEDF9C2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{96FA5CFC-E618-4E5C-81C3-AE9D68460AA6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4DBE92B3-197F-475B-95D4-F00EDF9B33B1}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{6F9D0C59-9B57-4596-81EE-C4B0B778C8F7}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{1AA5F504-A948-420F-AA3B-6D3986F0E4EA}C:\users\see c\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\see c\appdata\local\popcorn time\nw.exe
FirewallRules: [UDP Query User{7D51CD5F-2788-4D84-A183-46E240740873}C:\users\see c\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\see c\appdata\local\popcorn time\nw.exe
FirewallRules: [{F890A05C-D709-4346-A688-2096ACE70B1B}] => (Allow) D:\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{72D75A90-9A9E-43D0-B0A3-26942BF719FF}] => (Allow) D:\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{B321AA8C-DDF2-4BCC-9917-160904C04C6C}] => (Allow) D:\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{72CEC3CE-3517-4C6E-9446-9907A3F7071E}] => (Allow) D:\Star Wars-The Old Republic\launcher.exe
FirewallRules: [TCP Query User{CEAADDDC-796E-4C58-9D6D-904E9EB3F5EC}C:\users\see c\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\see c\appdata\local\popcorn time\nw.exe
FirewallRules: [UDP Query User{833CDDB7-83FA-4354-A53C-40D0A965A345}C:\users\see c\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\see c\appdata\local\popcorn time\nw.exe
FirewallRules: [{096ECA3B-0E4F-42C9-B448-287D985D29A3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wakfu\transition\transition.exe
FirewallRules: [{FCD1EA63-592D-4D06-BD01-685CAE9C9B20}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wakfu\transition\transition.exe
FirewallRules: [{C8FA2A91-7F9A-4B39-99F6-6E739A3A8697}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Metal Gear Solid Ground Zeroes\MgsGroundZeroes.exe
FirewallRules: [{4BDBC3D5-A5BA-4B69-B5E4-789D5E6C47B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Metal Gear Solid Ground Zeroes\MgsGroundZeroes.exe
FirewallRules: [TCP Query User{9B84BC43-B572-48AC-8334-FAB44571E94D}C:\users\see c\downloads\halo\halo\eldorado.exe] => (Allow) C:\users\see c\downloads\halo\halo\eldorado.exe
FirewallRules: [UDP Query User{EA12C9D8-A85D-4C13-AE94-ACE384394FC9}C:\users\see c\downloads\halo\halo\eldorado.exe] => (Allow) C:\users\see c\downloads\halo\halo\eldorado.exe
FirewallRules: [TCP Query User{133EEC37-7B7B-4BC4-8ED0-4145AA326FBD}C:\users\see c\downloads\halo\eldorado.exe] => (Allow) C:\users\see c\downloads\halo\eldorado.exe
FirewallRules: [UDP Query User{B5064890-9942-46F9-A45A-6C3AF58D1530}C:\users\see c\downloads\halo\eldorado.exe] => (Allow) C:\users\see c\downloads\halo\eldorado.exe
FirewallRules: [TCP Query User{D884978A-C55E-41A6-8FD2-5BEF4CD9D5CC}C:\users\see c\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\see c\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{A510F15C-5C1E-402A-B1CF-F5F0846704D2}C:\users\see c\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\see c\appdata\roaming\spotify\spotify.exe
FirewallRules: [{50CC06F7-A344-44F9-9E44-07C8F03724E9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\the witcher 2\Launcher.exe
FirewallRules: [{2A31BE43-4AAD-48AF-98B6-87958089B42A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\the witcher 2\Launcher.exe
FirewallRules: [{3580FFCA-430F-440E-9914-B9287B53A663}] => (Allow) C:\Users\See c\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{26CC39F8-27E2-4FEF-9E03-BCF4EB40FD33}] => (Allow) C:\Users\See c\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1855DE39-5EB8-4A93-AC0F-97D858C11CB8}] => (Allow) C:\Users\See c\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B4A69A9B-A8EB-4C00-823B-DA786E537505}] => (Allow) C:\Users\See c\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{643BF19C-6180-4B04-994A-ED8D1CD02DDC}] => (Allow) C:\Users\See c\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4768B5CE-BA03-491F-BF29-57067D047909}] => (Allow) C:\Users\See c\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{EFADCF31-CAB5-4F40-B908-3C876A35863D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{18E7FD7F-5161-482C-9858-9FB9A434B8D5}C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe
FirewallRules: [UDP Query User{BE2A8B46-FD47-4C88-A936-A5097FFD0114}C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe
FirewallRules: [{37BFA4FC-1A2D-41E7-9E2F-59AC639BE386}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe
FirewallRules: [{923B5AE4-7747-4F9E-A782-2FF258B201FD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe
FirewallRules: [{4199AC26-6B02-4507-9B5D-7837AAD926E6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wargame Red Dragon\WarGame3.exe
FirewallRules: [{EB965D5B-85B6-41F7-BD5C-06382865928D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wargame Red Dragon\WarGame3.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/27/2015 09:03:59 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SEECI)
Description: Activation of app Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (12/27/2015 08:57:19 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SEECI)
Description: Activation of app Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (12/26/2015 09:14:48 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SEECI)
Description: Activation of app Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (12/26/2015 05:59:43 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SEECI)
Description: Activation of app Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (12/26/2015 12:23:45 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SEECI)
Description: Activation of app Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (12/25/2015 10:09:11 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (8964) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
Error: (12/25/2015 10:09:11 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (8964) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).
 
Error: (12/25/2015 10:09:00 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (8964) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
Error: (12/25/2015 10:09:00 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (8964) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).
 
Error: (12/25/2015 10:08:50 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (8964) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
 
System errors:
=============
Error: (12/27/2015 09:19:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Microsoft Account Sign-in Assistant service failed to start due to the following error: 
%%1053
 
Error: (12/27/2015 09:18:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Network Setup Service service failed to start due to the following error: 
%%1053
 
Error: (12/27/2015 09:18:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Device Setup Manager service failed to start due to the following error: 
%%1053
 
Error: (12/27/2015 09:17:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Group Policy Client service failed to start due to the following error: 
%%1053
 
Error: (12/27/2015 09:13:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Network Setup Service service failed to start due to the following error: 
%%1053
 
Error: (12/27/2015 09:12:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Group Policy Client service failed to start due to the following error: 
%%1053
 
Error: (12/27/2015 09:08:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Network Setup Service service failed to start due to the following error: 
%%1053
 
Error: (12/27/2015 09:03:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Network Setup Service service failed to start due to the following error: 
%%1053
 
Error: (12/27/2015 09:02:07 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: 1053UsoSvcUnavailable{B91D5831-B1BD-4608-8198-D72E155020F7}
 
Error: (12/27/2015 09:02:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update Orchestrator Service service failed to start due to the following error: 
%%1053
 
 
CodeIntegrity:
===================================
  Date: 2015-12-25 22:22:50.384
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-12-18 23:29:18.490
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-11-15 10:28:44.995
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-11-12 22:44:48.560
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-11-10 22:35:16.236
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-11-04 16:35:46.200
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-10-19 17:47:42.859
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-10-13 17:24:53.536
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-10-12 17:59:24.582
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-10-10 00:27:12.115
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4720HQ CPU @ 2.60GHz
Percentage of memory in use: 24%
Total physical RAM: 16273.04 MB
Available physical RAM: 12240.01 MB
Total Virtual: 18705.04 MB
Available Virtual: 14263.65 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:372.6 GB) (Free:192.48 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Data) (Fixed) (Total:503.73 GB) (Free:503.57 GB) NTFS
 
==================== MBR & Partition Table ==================
 
==================== End of Addition.txt ============================

Edited by Seeci, 27 December 2015 - 01:34 PM.

  • 0

Advertisements

#2
zep516
Posted 27 December 2015 - 01:47 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)


What problems are you having currently ? Is anything popping up or redirects and in what browser ? Give me time to look over log reports.

Joe
  • 0

#3
Seeci
Posted 27 December 2015 - 01:51 PM

Seeci

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

Yay! 

No nothing has popped up in any browser. Opera actually works just fine but, chrome is struggling.
Also, when I tried to close out of my file browser my screen flashed black and thats when all of my desktop icons moved

Not sure if that helps; I appreciate your time! 


  • 0

#4
zep516
Posted 27 December 2015 - 02:01 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hello,

Please remove SpyHunter 4 from your uninstall list, right click on the start button > click control panel > click programs an features, find spyhunter in the list and uninstall it.

Next
A few items to fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.
start
CloseProcesses:
CreateRestorePoint:
SearchScopes: HKU\S-1-5-21-2057217230-2044250391-2885226823-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2057217230-2044250391-2885226823-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80920 2015-07-02] (McAfee, Inc.) 
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
Emptytemp:
  • Click Format and ensure Wordwrap is unchecked.
  • Save as Fixlist.txt to your Desktop (Must be in this location)
  • Run FRST/FRST64 and press the Fix button just once and wait.
  • If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
  • The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
    Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

    Next

    Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the logfile button and the log will open in Notepad.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • The report will be saved in the C:\AdwCleaner folder.

    Next

    Please download Junkware Removal Tool to your Desktop.
    Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
    Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete, depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    Please post the contents of JRT.txt into your reply.

    Next reset Chrome
    To do that;
    1.In the top-right corner of the browser window, click the Chrome menu
    2.Select Settings.
    3.At the bottom, click Show advanced settings.
    4.Under the section "Reset settings, click Reset settings.
    5.In the dialog that appears, click Reset.

    In your next reply post;
  • Fixlog.txt
  • The AdwCleaner [SO].txt Log
  • The JRT.txt Log

  • 0

#5
Seeci
Posted 27 December 2015 - 05:13 PM

Seeci

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Fix result of Farbar Recovery Scan Tool (x64) Version:23-12-2015
Ran by See c (2015-12-27 15:43:17) Run:2
Running from C:\Users\See c\Desktop
Loaded Profiles: See c (Available Profiles: See c)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
CloseProcesses:
CreateRestorePoint:
SearchScopes: HKU\S-1-5-21-2057217230-2044250391-2885226823-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2057217230-2044250391-2885226823-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80920 2015-07-02] (McAfee, Inc.) 
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
Emptytemp:
 
*****************
 
Processes closed successfully.
Restore point was successfully created.
HKU\S-1-5-21-2057217230-2044250391-2885226823-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-21-2057217230-2044250391-2885226823-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
mfeelamk => service not found.
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.8.10240 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {04404CAA-976A-4635-AE3B-775C9B47664F}.
Unable to cancel {96F0FDAA-336A-479A-BFD7-B96977BBBF78}.
Unable to cancel {40E63933-271B-4BCB-9451-7A008BA943DC}.
Unable to cancel {38407D32-E7A9-47CD-9127-C3E796DC1E3A}.
Unable to cancel {60D8DF50-3928-4862-8493-4290CBD189CB}.
Unable to cancel {C85BCA9B-A19D-43B5-B406-DC7696225554}.
Unable to cancel {B8199379-BDB2-45CA-96AB-B977FC3D572A}.
Unable to cancel {A7E8CD3C-76D4-4875-B503-E6D44D716003}.
Unable to cancel {1C5BCD0C-4E08-43F5-8B09-D544FAD2B7BA}.
{EB762E0B-00E1-485A-8BCF-805E66CE1C97} canceled.
{11A0FC8C-1FC1-4635-98C6-50E12CC2F8CB} canceled.
{5E881F46-DB93-499D-A106-6A368189DFBE} canceled.
3 out of 12 jobs canceled.
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
EmptyTemp: => 1.7 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 15:44:08 ====
 
 
 
 
 
# AdwCleaner v5.026 - Logfile created 27/12/2015 at 17:01:41
# Updated 21/12/2015 by Xplode
# Database : 2015-12-23.1 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : See c - SEECI
# Running from : C:\Users\See c\Desktop\adwcleaner_5.026.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
[-] File Deleted : C:\END
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
 
***** [ Web browsers ] *****
 
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1211 bytes] ##########
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 10 Home x64 
Ran by See c (Administrator) on Sun 12/27/2015 at 17:10:58.69
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 1 
 
Successfully deleted: C:\Users\See c\AppData\Roaming\sp_data.sys (File) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 12/27/2015 at 17:12:03.77
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 

 


  • 0

#6
zep516
Posted 27 December 2015 - 05:17 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hello,
FYI
I don't suggest using Hitman from here on out.

  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that that all Threats are selected, and click Remove Selected.
  • Reboot your computer if prompted.


    Posting the Malwarebytes log.

    [list]
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • post that saved log to your next reply.


  • 0

#7
Seeci
Posted 27 December 2015 - 05:47 PM

Seeci

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 12/27/2015
Scan Time: 5:25 PM
Logfile: malwarebytes.txt
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2015.12.27.05
Rootkit Database: v2015.12.26.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: See c
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 337774
Time Elapsed: 9 min, 12 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#8
zep516
Posted 27 December 2015 - 07:05 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hello,

I'm not seeing anything else can't quite explain the Icon issue at the moment.
  • 0

#9
Seeci
Posted 27 December 2015 - 07:09 PM

Seeci

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
There isn't anything happening now, I'm pretty sure everything has been corrected. Thank you so much kind person!
  • 0

#10
zep516
Posted 27 December 2015 - 07:12 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).


Download DelFix by Xplode and save it to your desktop.
  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run.
  • The program will run for a few seconds and display a notepad report.
    Paste it for my review.

  • 0

#11
zep516
Posted 11 January 2016 - 10:19 AM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Thanks
Joe :)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP