Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware/Adware keeps installing himself and more Adware constantly

Started by Javixo , Jan 26 2016 09:25 AM
Adware Malware

  • Please log in to reply

#1
Javixo
Posted 26 January 2016 - 09:25 AM

Javixo

    New Member

  • Member
  • Pip
  • 9 posts

Hello! Since I downloaded a game from a pretty suspicious site (my bad) my computer is afflicted by ads running while there is no program running at all, task manager has like 5 or 6 suspicious processes, my av does not detect any threat, Malwarebytes did and it removed like 18 threats, but the problem is still there. 20%like of my opened links end up blank in www.smartnewtab.com. I scanned the game multiple times for no trojan/malware results multiple times, and I feel like the problem its similar to: http://www.geekstogo.com/forum/topic/346760-multiple-malwareadware-programs-that-keep-installing-each-other-when-i-uninstall/page-2

Sadly I cant follow the steps as my pc runs Windows 10 (x64) and I cant use combofix.

Each time I start Firefox, It has been changed for Edge in the default browser config, and the system config windows automatically opens...

Farbar scan:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-01-2016
Ran by J-PC (administrator) on J-PC-PC (26-01-2016 15:39:49)
Running from C:\Users\J-PC\Downloads
Loaded Profiles: J-PC (Available Profiles: J-PC)
Platform: Windows 10 Home Version 1511 (X64) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IOBit) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 8\ASCAvSvc.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 8\ASCService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynAsusAcpi] => %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe
HKLM-x32\...\Run: [pcmgr] => C:\Program Files (x86)\ppt\Uninst.exe
HKU\S-1-5-21-3088415727-1519323197-3262068295-1000\...\Run: [Advanced SystemCare Ultimate] => C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 8\ASCTray.exe [2596640 2015-05-22] (IObit)
HKU\S-1-5-21-3088415727-1519323197-3262068295-1000\...\Run: [Akamai NetSession Interface] => C:\Users\J-PC\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3088415727-1519323197-3262068295-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\J-PC\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\J-PC\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\J-PC\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll [2010-09-02] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll [2010-09-02] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\J-PC\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\J-PC\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\J-PC\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\J-PC\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\J-PC\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\J-PC\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\J-PC\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\J-PC\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\J-PC\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\J-PC\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
Startup: C:\Users\J-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2015-11-26]
ShortcutTarget: MEGAsync.lnk -> C:\Users\J-PC\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [S-1-5-21-3088415727-1519323197-3262068295-1000] => hxxp://unstopp.me/wpad.dat?ad74078b910f52201a509537578d87134663478
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{261d4722-4a03-4a9e-9186-a86555572ea9}: [DhcpNameServer] 213.60.205.175 213.60.205.173 212.51.32.254
Tcpip\..\Interfaces\{aabf40d5-b68e-4b77-b6f0-e12d12e85143}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{aabf40d5-b68e-4b77-b6f0-e12d12e85143}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{bccbfd75-77c7-4be6-97ae-c3b7a3ae542c}: [DhcpNameServer] 213.60.205.175 213.60.205.173 212.51.32.254

Internet Explorer:
==================
HKU\S-1-5-21-3088415727-1519323197-3262068295-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-3088415727-1519323197-3262068295-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3088415727-1519323197-3262068295-1000 -> {82B1BA66-266B-4977-B51E-25A3E2AA33DC} URL = hxxp://www.bing.com/search?q={searchTerms}&r=252
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2011-04-13] (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll [2011-04-13] (Google Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-23] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-03-13] (Atheros Commnucations)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2011-04-13] (Google Inc.)
BHO-x32: Google Dictionary Compression sdch -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -> C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2011-04-13] (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-23] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2011-04-13] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2011-04-13] (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\J-PC\AppData\Roaming\Mozilla\Firefox\Profiles\kqlp2lf0.default-1442571416963
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Homepage: op.gg
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-20] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-20] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1219160.dll [2015-07-23] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-23] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-14] (NVIDIA Corporation)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\J-PC\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-05-27] (Raidcall)
FF Plugin-x32: @raidcall.tw/RCplugin -> C:\Users\J-PC\AppData\Roaming\RCTW\plugins\nprcplugin.dll [2013-06-25] (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll [2010-01-23] (Zeon Corporation)
FF Plugin HKU\S-1-5-21-3088415727-1519323197-3262068295-1000: @my.com/Games -> C:\Users\J-PC\AppData\Local\MyComGames\NPMyComDetector.dll [2015-09-15] (My.com, Inc)
FF Plugin HKU\S-1-5-21-3088415727-1519323197-3262068295-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\J-PC\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-08-08] (Unity Technologies ApS)
FF Extension: DownThemAll! - C:\Users\J-PC\AppData\Roaming\Mozilla\Firefox\Profiles\kqlp2lf0.default-1442571416963\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2015-12-06]
FF Extension: MEGA - C:\Users\J-PC\AppData\Roaming\Mozilla\Firefox\Profiles\kqlp2lf0.default-1442571416963\Extensions\[email protected] [2015-11-04] [not signed]
FF Extension: uBlock Origin - C:\Users\J-PC\AppData\Roaming\Mozilla\Firefox\Profiles\kqlp2lf0.default-1442571416963\Extensions\[email protected] [2016-01-12]
FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\[email protected] [2016-01-07] [not signed]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR Profile: C:\Users\J-PC\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\J-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-11]
CHR Extension: (Google Drive) - C:\Users\J-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-24]
CHR Extension: (YouTube) - C:\Users\J-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-24]
CHR Extension: (Adblock Plus) - C:\Users\J-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-11-26]
CHR Extension: (Búsqueda de Google) - C:\Users\J-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-24]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\J-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-24]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\J-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-24]
CHR Extension: (Gmail) - C:\Users\J-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-11]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 8\ASCService.exe [911648 2014-11-22] (IObit)
R2 ASCAntivirusSrv; C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 8\ascavsvc.exe [660768 2015-06-11] (IOBit)
S3 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-13] (Atheros) [File not signed]
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433784 2015-07-16] (BlueStack Systems, Inc.)
S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413304 2015-07-16] (BlueStack Systems, Inc.)
S3 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [831096 2015-07-16] (BlueStack Systems, Inc.)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2013-12-27] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-12-27] (Creative Labs) [File not signed]
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [236832 2015-12-28] (EasyAntiCheat Ltd)
S3 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156384 2015-11-05] (NVIDIA Corporation)
S3 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [919040 2014-05-17] (AnchorFree Inc.) [File not signed]
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [78512 2014-05-17] ()
S3 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [430344 2014-05-16] ()
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2934048 2015-11-02] (IObit)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1873696 2015-11-05] (NVIDIA Corporation)
S3 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5568288 2015-11-05] (NVIDIA Corporation)
S3 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [183488 2014-10-31] ()
S3 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [105448 2014-09-11] (Razer Inc.)
S2 SkypeUpdate; D:\Skype\Updater\Updater.exe [327296 2015-07-09] (Skype Technologies)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [809424 2015-10-27] (Tunngle.net GmbH) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\System32\drivers\athw10x.sys [4322440 2015-11-21] (Qualcomm Atheros Communications, Inc.)
S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [145528 2015-07-16] (BlueStack Systems)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-04-15] (Disc Soft Ltd)
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [30752 2014-04-07] (EldoS Corporation)
R3 FLxHCIh; C:\Windows\System32\drivers\FLxHCIh.sys [76592 2015-08-10] (Fresco Logic)
R1 HssDRV6; C:\Windows\system32\DRIVERS\hssdrv6.sys [44744 2014-05-17] (AnchorFree Inc.)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-08-10] (REALiX™)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (EZB Systems, Inc.)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [15416 2009-07-20] ( )
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20768 2015-11-05] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-11-05] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [889584 2015-11-19] (Realtek                                            )
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [410880 2015-08-17] (Realsil Semiconductor Corporation)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-10-31] (Razer, Inc.)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
R3 tap0901t; C:\Windows\System32\drivers\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
R3 taphss6; C:\Windows\System32\drivers\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U4 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-26 15:35 - 2016-01-26 15:36 - 00055740 _____ C:\Users\J-PC\Downloads\Addition.txt
2016-01-26 15:35 - 2016-01-26 15:35 - 01600184 _____ (Malwarebytes) C:\Users\J-PC\Downloads\JRT.exe
2016-01-26 15:34 - 2016-01-26 15:39 - 00020326 _____ C:\Users\J-PC\Downloads\FRST.txt
2016-01-26 15:32 - 2016-01-26 15:39 - 00000000 ____D C:\FRST
2016-01-26 15:31 - 2016-01-26 15:32 - 02370560 _____ (Farbar) C:\Users\J-PC\Downloads\FRST64.exe
2016-01-26 15:29 - 2016-01-26 15:30 - 01721856 _____ (Farbar) C:\Users\J-PC\Downloads\FRST.exe
2016-01-26 15:21 - 2016-01-26 15:21 - 01507840 _____ C:\Users\J-PC\Downloads\AdwCleaner(1).exe
2016-01-26 15:13 - 2016-01-26 15:13 - 00000000 ____D C:\_OTL
2016-01-26 15:10 - 2016-01-26 15:10 - 00602112 _____ (OldTimer Tools) C:\Users\J-PC\Downloads\OTL.exe
2016-01-26 15:05 - 2016-01-26 15:05 - 01507840 _____ C:\Users\J-PC\Downloads\AdwCleaner.exe
2016-01-26 15:02 - 2016-01-26 15:02 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\J-PC\Downloads\SpyHunter-Installer.exe
2016-01-26 03:44 - 2016-01-26 03:44 - 00000000 _____ C:\autoexec.bat
2016-01-26 03:43 - 2016-01-26 03:43 - 00000000 ____D C:\sh4ldr
2016-01-26 03:42 - 2016-01-26 03:42 - 00000000 ____D C:\Program Files\Enigma Software Group
2016-01-22 16:13 - 2016-01-26 15:37 - 00001890 _____ C:\Users\J-PC\Desktop\JRT.txt
2016-01-20 15:04 - 2016-01-20 15:04 - 00001142 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-01-20 15:02 - 2016-01-26 15:25 - 00000000 ____D C:\AdwCleaner
2016-01-20 15:01 - 2016-01-20 15:02 - 01505280 _____ C:\Users\J-PC\Downloads\adwcleaner_5.030.exe
2016-01-20 14:58 - 2016-01-20 14:58 - 00000000 ____D C:\Users\J-PC\AppData\Roaming\kingsoft
2016-01-20 14:52 - 2016-01-20 15:10 - 00000000 ____D C:\Users\J-PC\AppData\Local\PPTAssist
2016-01-20 14:52 - 2016-01-20 14:58 - 00000000 ____D C:\ProgramData\kingsoft
2016-01-20 14:43 - 2016-01-20 15:23 - 00000000 ____D C:\Users\J-PC\Documents\Darkest
2016-01-20 14:26 - 2016-01-20 14:27 - 00000984 _____ C:\WINDOWS\SysWOW64\${LOGFILE}
2016-01-20 14:21 - 2014-07-17 19:53 - 00450709 ____R C:\WINDOWS\system32\Drivers\etc\hp.bak
2016-01-17 01:26 - 2016-01-15 23:26 - 148879304 _____ C:\Users\J-PC\Desktop\D&D - Manual del Jugador 3.5.pdf
2016-01-13 01:43 - 2016-01-05 03:51 - 07477600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-01-13 01:43 - 2016-01-05 03:51 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-01-13 01:43 - 2016-01-05 03:51 - 01141496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-01-13 01:43 - 2016-01-05 03:50 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-13 01:43 - 2016-01-05 03:50 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-13 01:43 - 2016-01-05 03:50 - 00671472 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2016-01-13 01:43 - 2016-01-05 03:49 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-13 01:43 - 2016-01-05 03:48 - 00499432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2016-01-13 01:43 - 2016-01-05 03:45 - 02587696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2016-01-13 01:43 - 2016-01-05 03:42 - 02026736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2016-01-13 01:43 - 2016-01-05 03:37 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-01-13 01:43 - 2016-01-05 03:37 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-01-13 01:43 - 2016-01-05 03:37 - 00858952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-01-13 01:43 - 2016-01-05 03:37 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-13 01:43 - 2016-01-05 03:37 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-13 01:43 - 2016-01-05 03:37 - 00245840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-01-13 01:43 - 2016-01-05 03:37 - 00234504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2016-01-13 01:43 - 2016-01-05 03:36 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-01-13 01:43 - 2016-01-05 03:33 - 02180128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-01-13 01:43 - 2016-01-05 03:33 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-01-13 01:43 - 2016-01-05 03:33 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-13 01:43 - 2016-01-05 03:33 - 00701384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-01-13 01:43 - 2016-01-05 03:33 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-13 01:43 - 2016-01-05 03:33 - 00208176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
2016-01-13 01:43 - 2016-01-05 03:33 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-01-13 01:43 - 2016-01-05 03:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-01-13 01:43 - 2016-01-05 03:27 - 01594408 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-01-13 01:43 - 2016-01-05 03:24 - 00796352 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-01-13 01:43 - 2016-01-05 03:23 - 01804664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2016-01-13 01:43 - 2016-01-05 03:23 - 01309376 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-01-13 01:43 - 2016-01-05 03:23 - 00786696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2016-01-13 01:43 - 2016-01-05 03:23 - 00119320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
2016-01-13 01:43 - 2016-01-05 03:21 - 01371792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-01-13 01:43 - 2016-01-05 03:17 - 00695752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2016-01-13 01:43 - 2016-01-05 03:16 - 00100160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
2016-01-13 01:43 - 2016-01-05 02:59 - 22393856 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-01-13 01:43 - 2016-01-05 02:57 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-01-13 01:43 - 2016-01-05 02:57 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMSRoamingSecurity.dll
2016-01-13 01:43 - 2016-01-05 02:57 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgrcli.dll
2016-01-13 01:43 - 2016-01-05 02:56 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2016-01-13 01:43 - 2016-01-05 02:54 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-01-13 01:43 - 2016-01-05 02:53 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2016-01-13 01:43 - 2016-01-05 02:52 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-01-13 01:43 - 2016-01-05 02:51 - 00472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2016-01-13 01:43 - 2016-01-05 02:51 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2016-01-13 01:43 - 2016-01-05 02:50 - 00644096 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2016-01-13 01:43 - 2016-01-05 02:50 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-01-13 01:43 - 2016-01-05 02:50 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-01-13 01:43 - 2016-01-05 02:49 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-01-13 01:43 - 2016-01-05 02:49 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-01-13 01:43 - 2016-01-05 02:49 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2016-01-13 01:43 - 2016-01-05 02:49 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-01-13 01:43 - 2016-01-05 02:49 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2016-01-13 01:43 - 2016-01-05 02:49 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityCommon.dll
2016-01-13 01:43 - 2016-01-05 02:48 - 01009152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
2016-01-13 01:43 - 2016-01-05 02:48 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-01-13 01:43 - 2016-01-05 02:48 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usermgrcli.dll
2016-01-13 01:43 - 2016-01-05 02:47 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-01-13 01:43 - 2016-01-05 02:47 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-01-13 01:43 - 2016-01-05 02:47 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2016-01-13 01:43 - 2016-01-05 02:45 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-01-13 01:43 - 2016-01-05 02:45 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-01-13 01:43 - 2016-01-05 02:44 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx
2016-01-13 01:43 - 2016-01-05 02:43 - 00953856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-01-13 01:43 - 2016-01-05 02:43 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2016-01-13 01:43 - 2016-01-05 02:43 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-01-13 01:43 - 2016-01-05 02:43 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-01-13 01:43 - 2016-01-05 02:42 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2016-01-13 01:43 - 2016-01-05 02:41 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-01-13 01:43 - 2016-01-05 02:41 - 01070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2016-01-13 01:43 - 2016-01-05 02:41 - 00558592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2016-01-13 01:43 - 2016-01-05 02:40 - 00890880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
2016-01-13 01:43 - 2016-01-05 02:40 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ProximityCommon.dll
2016-01-13 01:43 - 2016-01-05 02:39 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-01-13 01:43 - 2016-01-05 02:39 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-01-13 01:43 - 2016-01-05 02:39 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-01-13 01:43 - 2016-01-05 02:39 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2016-01-13 01:43 - 2016-01-05 02:38 - 00389120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-01-13 01:43 - 2016-01-05 02:36 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2016-01-13 01:43 - 2016-01-05 02:36 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-01-13 01:43 - 2016-01-05 02:33 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-13 01:43 - 2016-01-05 02:30 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-01-13 01:43 - 2016-01-05 02:30 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-01-13 01:43 - 2016-01-05 02:29 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-01-13 01:43 - 2016-01-05 02:28 - 07826432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-01-13 01:43 - 2016-01-05 02:28 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-01-13 01:43 - 2016-01-05 02:28 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-13 01:43 - 2016-01-05 02:25 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-01-10 02:52 - 2016-01-10 02:52 - 00000000 ____D C:\Users\J-PC\AppData\LocalLow\Dragon Foundry
2016-01-10 02:51 - 2015-09-30 23:11 - 00000000 ____D C:\Users\J-PC\Desktop\NovaBlitzAlpha-PC
2016-01-10 02:50 - 2016-01-10 02:50 - 160169051 _____ C:\Users\J-PC\Downloads\NovaBlitzAlpha-PC.zip
2016-01-08 02:50 - 2016-01-08 02:50 - 00034412 _____ C:\Users\J-PC\Desktop\e5bf7785d90c4f269b4c1660522a2af7_A.jpeg
2016-01-07 04:12 - 2016-01-12 18:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-07 02:43 - 2016-01-03 02:40 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-01-07 02:43 - 2016-01-03 02:40 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-30 02:07 - 2016-01-26 14:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-12-30 02:07 - 2015-12-30 02:07 - 00002630 _____ C:\Users\Public\Desktop\Skype.lnk
2015-12-30 02:07 - 2015-12-30 02:07 - 00000000 ____D C:\Program Files (x86)\Skype
2015-12-29 15:53 - 2015-12-29 15:53 - 00003324 _____ C:\WINDOWS\System32\Tasks\ASCU8_PerformanceMonitor
2015-12-28 20:35 - 2016-01-20 18:56 - 00238328 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
2015-12-28 20:35 - 2015-12-28 20:34 - 00236832 _____ (EasyAntiCheat Ltd) C:\WINDOWS\SysWOW64\EasyAntiCheat.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-26 15:38 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-26 15:36 - 2015-10-30 07:28 - 00000000 ____D C:\Windows
2016-01-26 15:36 - 2015-08-07 14:51 - 00000000 ____D C:\ProgramData\IObit
2016-01-26 15:36 - 2015-08-07 14:51 - 00000000 ____D C:\Program Files (x86)\IObit
2016-01-26 15:36 - 2015-08-07 14:49 - 00000000 ____D C:\Users\J-PC\AppData\Roaming\IObit
2016-01-26 15:34 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-01-26 15:33 - 2015-12-09 18:06 - 02138816 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-01-26 15:33 - 2015-10-30 19:59 - 00931508 _____ C:\WINDOWS\system32\perfh00A.dat
2016-01-26 15:33 - 2015-10-30 19:59 - 00207924 _____ C:\WINDOWS\system32\perfc00A.dat
2016-01-26 15:33 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF
2016-01-26 15:27 - 2015-12-05 03:42 - 00001120 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-26 15:26 - 2015-12-09 18:19 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-26 15:26 - 2015-12-09 18:04 - 00000000 ____D C:\ProgramData\NVIDIA
2016-01-26 15:26 - 2015-10-30 07:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-01-26 15:12 - 2015-12-09 12:28 - 00000274 _____ C:\WINDOWS\Tasks\ASCU8_SkipUac_J-PC.job
2016-01-26 15:12 - 2014-01-09 15:47 - 00000000 ____D C:\Users\J-PC\AppData\Roaming\TS3Client
2016-01-26 14:47 - 2015-12-05 03:42 - 00001124 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-26 14:46 - 2015-11-26 02:27 - 00002265 _____ C:\Users\Public\Desktop\Advanced SystemCare Ultimate 8.lnk
2016-01-26 14:45 - 2015-12-24 20:39 - 00000000 ____D C:\WINDOWS\Minidump
2016-01-26 14:41 - 2015-12-09 18:07 - 00000000 ____D C:\Users\J-PC
2016-01-26 14:39 - 2015-12-09 17:49 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IIS
2016-01-26 14:39 - 2015-11-26 02:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
2016-01-26 14:39 - 2015-11-23 21:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble
2016-01-26 14:39 - 2015-11-21 10:08 - 00000000 ____D C:\ProgramData\P4G
2016-01-26 14:39 - 2015-11-19 18:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 3
2016-01-26 14:39 - 2015-11-14 18:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2
2016-01-26 14:39 - 2015-11-04 07:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle
2016-01-26 14:39 - 2015-11-04 06:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Risk of Rain [GOG.com]
2016-01-26 14:39 - 2015-11-04 06:42 - 00000000 ____D C:\Users\J-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync
2016-01-26 14:39 - 2015-10-31 05:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Phantasy Star Online Blue Burst
2016-01-26 14:39 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Windows Defender
2016-01-26 14:39 - 2015-10-29 07:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2016-01-26 14:39 - 2015-10-29 06:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® Processor Identification Utility
2016-01-26 14:39 - 2015-10-29 06:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Life Is Strange Episode 5
2016-01-26 14:39 - 2015-10-27 15:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Life Is Strange
2016-01-26 14:39 - 2015-09-26 02:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon Age Inquisition
2016-01-26 14:39 - 2015-09-25 16:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO
2016-01-26 14:39 - 2015-09-01 14:10 - 00000000 ____D C:\Users\J-PC\AppData\Local\Akamai
2016-01-26 14:39 - 2015-08-18 18:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2016-01-26 14:39 - 2015-08-10 13:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 4
2016-01-26 14:39 - 2015-08-07 14:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare Ultimate 8
2016-01-26 14:39 - 2015-07-31 12:16 - 00000000 ____D C:\Users\J-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My.com Games
2016-01-26 14:39 - 2015-07-27 17:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-01-26 14:39 - 2015-04-25 01:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-26 14:39 - 2015-04-24 17:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programas para vídeo
2016-01-26 14:39 - 2015-04-24 17:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Conjunto de programas de NCH
2016-01-26 14:39 - 2015-03-28 15:06 - 00000000 ____D C:\Users\J-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-01-26 14:39 - 2015-03-05 03:56 - 00000000 ____D C:\Users\J-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HearthstoneTracker
2016-01-26 14:39 - 2015-02-24 18:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2016-01-26 14:39 - 2015-02-24 09:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2016-01-26 14:39 - 2014-12-02 14:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft Note Block Studio
2016-01-26 14:39 - 2014-11-12 02:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph
2016-01-26 14:39 - 2014-10-09 01:00 - 00000000 ____D C:\Users\J-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2016-01-26 14:39 - 2014-09-25 19:17 - 00000000 ____D C:\Users\J-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RaidCall
2016-01-26 14:39 - 2014-09-25 19:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RaidCall
2016-01-26 14:39 - 2014-09-21 21:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby Axon
2016-01-26 14:39 - 2014-09-10 16:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield
2016-01-26 14:39 - 2014-09-07 20:19 - 00000000 ____D C:\Users\J-PC\Desktop\Nueva carpeta (6)
2016-01-26 14:39 - 2014-08-12 17:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live
2016-01-26 14:39 - 2014-08-09 00:45 - 00000000 ____D C:\Users\J-PC\Desktop\Nueva carpeta (4)
2016-01-26 14:39 - 2014-07-19 21:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clownfish
2016-01-26 14:39 - 2014-06-05 06:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McPixel
2016-01-26 14:39 - 2014-05-29 00:18 - 00000000 ____D C:\Users\J-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN Movie Creator
2016-01-26 14:39 - 2014-05-20 16:49 - 00000000 ____D C:\Users\J-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2016-01-26 14:39 - 2014-05-16 19:39 - 00000000 ____D C:\Users\J-PC\Desktop\Nueva carpeta (2)
2016-01-26 14:39 - 2014-04-21 14:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-01-26 14:39 - 2014-04-15 01:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2016-01-26 14:39 - 2014-04-11 16:14 - 00000000 ____D C:\Users\J-PC\Desktop\Nueva carpeta
2016-01-26 14:39 - 2014-04-05 22:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2016-01-26 14:39 - 2014-03-17 20:51 - 00000000 ____D C:\Users\J-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2016-01-26 14:39 - 2014-02-15 17:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2016-01-26 14:39 - 2014-01-29 08:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2016-01-26 14:39 - 2014-01-29 01:47 - 00000000 ____D C:\Users\J-PC\AppData\Roaming\Battle.net
2016-01-26 14:39 - 2014-01-29 01:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2016-01-26 14:39 - 2014-01-23 02:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-01-26 14:39 - 2014-01-10 20:34 - 00000000 ____D C:\Users\J-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-01-26 14:39 - 2014-01-10 16:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-01-26 14:39 - 2014-01-09 15:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2016-01-26 14:39 - 2013-12-29 18:50 - 00000000 ____D C:\Users\J-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-01-26 14:39 - 2013-12-29 18:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-01-26 14:39 - 2013-12-27 05:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility
2016-01-26 14:39 - 2013-12-26 10:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2016-01-26 14:39 - 2011-04-13 03:38 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2016-01-26 14:39 - 2011-04-13 03:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nuance
2016-01-26 14:39 - 2011-04-13 03:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2016-01-26 14:32 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\registration
2016-01-26 14:31 - 2013-12-27 02:33 - 00000000 ____D C:\Users\J-PC\AppData\Roaming\Skype
2016-01-25 21:32 - 2014-01-29 01:47 - 00000000 ____D C:\Users\J-PC\AppData\Local\Battle.net
2016-01-24 15:22 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-01-21 14:26 - 2014-09-12 04:07 - 00000838 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-01-20 15:19 - 2014-01-10 16:51 - 00000000 ____D C:\Users\J-PC\AppData\Roaming\vlc
2016-01-20 15:11 - 2015-08-16 21:03 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-01-20 15:08 - 2015-08-16 21:03 - 00000000 ____D C:\Users\J-PC\AppData\Local\Packages
2016-01-20 14:22 - 2014-12-23 00:27 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-01-20 14:18 - 2014-04-15 01:49 - 00000000 ____D C:\Users\J-PC\AppData\Roaming\DAEMON Tools Lite
2016-01-20 02:24 - 2014-10-06 20:13 - 00000045 _____ C:\Users\J-PC\Desktop\cuenta.txt
2016-01-20 01:01 - 2015-11-04 06:42 - 00000000 ____D C:\Users\J-PC\AppData\Local\MEGAsync
2016-01-19 20:11 - 2013-12-26 04:51 - 00000000 ____D C:\Users\J-PC\AppData\Local\VirtualStore
2016-01-19 17:09 - 2014-04-18 06:26 - 00000000 ____D C:\Users\J-PC\AppData\Local\ElevatedDiagnostics
2016-01-18 03:13 - 2015-02-21 03:38 - 00000000 ____D C:\Users\J-PC\AppData\Local\Steam
2016-01-15 02:48 - 2015-08-16 20:57 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-13 14:45 - 2013-12-30 10:13 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-01-13 14:39 - 2013-12-30 10:13 - 143671360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-01-13 12:46 - 2014-01-23 02:36 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-13 12:46 - 2014-01-23 02:36 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-01-13 12:45 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-01-13 04:02 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-01-12 18:52 - 2014-04-22 05:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-06 21:34 - 2014-01-29 08:58 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2015-12-30 02:07 - 2014-03-30 19:43 - 00000000 ____D C:\Users\J-PC\AppData\Local\Skype
2015-12-30 02:07 - 2013-12-27 02:33 - 00000000 ____D C:\ProgramData\Skype

==================== Files in the root of some directories =======

2014-07-01 17:01 - 2015-11-21 08:48 - 0007601 _____ () C:\Users\J-PC\AppData\Local\Resmon.ResmonCfg
2015-08-02 04:45 - 2015-08-02 04:45 - 0000000 _____ () C:\Users\J-PC\AppData\Local\{C7B31831-34EE-4740-BF15-52DEF65AE9E6}
2011-04-13 03:48 - 2010-07-07 00:10 - 0131472 _____ () C:\ProgramData\FullRemove.exe
2015-03-05 03:56 - 2015-03-05 03:56 - 0000078 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2013-12-27 05:34 - 2013-12-27 05:34 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2013-12-27 05:33 - 2013-12-27 05:34 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

Some files in TEMP:
====================
C:\Users\J-PC\AppData\Local\Temp\26DE.tmp.exe
C:\Users\J-PC\AppData\Local\Temp\33D4.tmp.exe
C:\Users\J-PC\AppData\Local\Temp\56F7.tmp.exe
C:\Users\J-PC\AppData\Local\Temp\62BB.tmp.exe
C:\Users\J-PC\AppData\Local\Temp\6978.tmp.exe
C:\Users\J-PC\AppData\Local\Temp\atdl.exe
C:\Users\J-PC\AppData\Local\Temp\FB5c6nFD8R.exe
C:\Users\J-PC\AppData\Local\Temp\fsd3A55.exe
C:\Users\J-PC\AppData\Local\Temp\GaQ1vgUZXs.exe
C:\Users\J-PC\AppData\Local\Temp\KqvjMF7lrH.exe
C:\Users\J-PC\AppData\Local\Temp\OfficeAssist.0744.80.1211.exe
C:\Users\J-PC\AppData\Local\Temp\Q8kv28dwf7.exe
C:\Users\J-PC\AppData\Local\Temp\qqpcmgr_v10.7.16066.216_71821_Silence.exe
C:\Users\J-PC\AppData\Local\Temp\sqlite3.dll
C:\Users\J-PC\AppData\Local\Temp\Uninstall.exe
C:\Users\J-PC\AppData\Local\Temp\xbZBn84dPN.exe
C:\Users\J-PC\AppData\Local\Temp\{409C8697-A103-4DE1-AB4C-BBE68C75323E}.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-24 19:00

==================== End of FRST.txt ============================

Thanks a lot




 


Edited by Javixo, 26 January 2016 - 09:43 AM.

  • 0

Advertisements

#2
RKinner
Posted 26 January 2016 - 10:03 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

I need the addition.txt file.  If you don't have it then run a FRST scan again with the addition.txt box checked.


  • 0

#3
Javixo
Posted 26 January 2016 - 10:18 AM

Javixo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Thanks for the fast reply, here you go:Attached File  FRST.txt   82.42KB   165 downloads

Attached Files


Edited by Javixo, 26 January 2016 - 10:20 AM.

  • 0

#4
RKinner
Posted 26 January 2016 - 11:09 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Uninstall

Driver Booster 3.0 

IObit Uninstaller

Surfing Protection

Smart Defrag

 

I don't rust anything by iobit

 

Download the attached fixlist.txt to the same location as FRST
 
 
Run FRST and press Fix
A fix log will be generated please post that.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.
 
 

 

Download aswMBR.exe 
to your desktop.
Double click the aswMBR.exe to run it
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply
 

  • 0

#5
Javixo
Posted 26 January 2016 - 11:57 AM

Javixo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Currently running aswMBR, the FRST logs are ready:Attached File  Fixlog.txt   12.87KB   241 downloadsAttached File  FRST.txt   79.79KB   200 downloadsAttached File  Addition.txt   64.31KB   209 downloads
Windows still shows iobit driver booster in the app list, how should I get rid of that?


Edited by Javixo, 26 January 2016 - 11:58 AM.

  • 0

#6
RKinner
Posted 26 January 2016 - 12:12 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

driver booster doesn't seem to be active so I wouldn't worry about it.

 

Your logs look clean of malware tho you have some errors in the event logs.  Are you still seeing the malware reinstalling?


  • 0

#7
Javixo
Posted 26 January 2016 - 12:25 PM

Javixo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

OK,  I dont see the malware (not sure yet as I just unistalled candy crush (I have never played it, install date today)and I ran some more av including eset online that at 25% had found like 20 new threats) but Edge seems to want to be the default browser and the System config window still opens with FF, this is really weird. There's something really wrong with my system.. Well Intel turbo boost doesnt even work.

The new log is ready.


Update: turbo boost is working and I dont see any redirects in my browser. Thanks a lot. I still think there could be more malware issues related, but the big ones are gone :D

Attached Files


Edited by Javixo, 26 January 2016 - 01:20 PM.

  • 0

#8
RKinner
Posted 26 January 2016 - 01:24 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Let's clear the alarms:  Search for event and you will see a result View event logs.  Click on that and it will open the Event Viewer.

 

Click on the arrow in front of Windows Logs and it will expand to show 5 or more categories of logs.  Right click on Application and select Clear Log.  A little window will pop up above the event viewer.  Click Clear.

 

Repeat for System.

 

 
Copy the next line:
DISM /Online /Cleanup-Image /RestoreHealth  
search for: cmd.exe
when it finds it, right click on it and Run As Administrator.  (Alternatively if you have a Windows key you can press the Windows key + x and then select Command Prompt (Admin) -careful here are two.)
 
(Yes)
 
Prompt should say:
 

 
C:\windows\system32>

 

 

 
 
If it doesn't have the above prompt then you didn't get the elevated command prompt so try again.
Right click in the cmd window and Paste and the copied line should appear.  (Some systems you have to hit Edit first then Paste).  Hit Enter.
 
That should start it without any typing to go wrong.
 
It should start off something like this 
 

 
Deployment Image Servicing and Management tool
Version: 6.3.9600.17031
 
Image Version: 6.3.9600.17031

 

 

 
Wait for it to finish and give you the prompt back.  Now type:
 
sfc /scannow
 
and hit Enter.  It should say:
 
 
Beginning system scan.  This process will take some time.

 

 

When it finishes it will tell you if it was not able to fix all files.  If that is the case then:
 
Copy the next two lines:
 
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
notepad \windows\logs\cbs\junk.txt 

Go back to your Command Prompt (Admin) and Right click in the cmd window and Paste and the copied line should appear.  (Some systems you have to hit Edit first then Paste).  Hit Enter if notepad does not open.  Copy and Paste the text from notepad into a Reply.

 

In either case:

 

 
Choose the download that applies to your system 
 
.Download MyEventViewer  <== 32 bit
Download MyEventViewer for x64  <== 64 bit  (I think this is yours.)
 
. Don't worry about the language options
It's a zip file so you need to save it then right click and Extract All.  Find the MyEventViewer.exe and right click and run as admin.
 
Hit Ctrl 3 then Ctrl 4 then Ctrl  5 (that's the Ctrl button then the number.  This eliminates events we don't care about.)
 
now click on the first event.  Hit Ctrl  A to select all events.  Then File, Save Selected Items.  Put it on your desktop and call it events.  Open the file if it's not too big and copy and paste it to a reply or attach it if too big.
 
 
 
 
 
 

  • 0

#9
Javixo
Posted 26 January 2016 - 02:44 PM

Javixo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

6287    System    Warning    26/01/2016 21:33:05    Microsoft-Windows-DNS-Client    1014    1014    Servicio de red    J-PC-PC    0    712    Se agotó el tiempo de espera para la resolución del nombre www.makale.web.tr después de que ninguno de los servidores DNS configurados respondiese.      


okay, seems to be an unwanted connection

Thanks!

Attached Files


Edited by Javixo, 26 January 2016 - 02:44 PM.

  • 0

#10
RKinner
Posted 26 January 2016 - 03:00 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

www.makale.web.tr

 

doesn't talk to me either.  Not sure why your PC would want to go there.  The .tr means it is in Turkey.  Let's see how the CPU is doing and if something odd is running:

 

Get Process Explorer
 
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Wait a full minute then:
 
File, Save As, Save.  Open the file Procexp.txt on your desktop and copy and paste the text to a reply.

  • 0

Advertisements

#11
Javixo
Posted 26 January 2016 - 03:29 PM

Javixo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Here you go, thanks again!

Attached Files


  • 0

#12
RKinner
Posted 26 January 2016 - 03:44 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

I don't see anything.  The log looks really good.  

 

The latest Win10 (updates) makes MSN.com your home page and Edge your default brower as well as your default PDF Reader.   Nothing like going over to the dark side.  See if this helps:

 

https://support.mozi...wser-windows-10

 

What else is still broken?


  • 0

#13
Javixo
Posted 26 January 2016 - 03:52 PM

Javixo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

It actually seems to be alright, all browser issues are gone. the hidden desktop icons no longer show up again without consent and windows defender is working again. I'm sure there some more little issues I don't remember right now, but I'm pretty sure that they are also solved.
THANKS A LOT!!

Feel free to suggest me security upgrades :D Thanks again.


  • 0

#14
RKinner
Posted 26 January 2016 - 04:25 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
I don't close out threads so if you notice something else you can just pop back here.
 
We usually clean up with Delfix.  This removes most of our tools and their logs and quarantines and also removes all but the latest System Restore point so there is no chance of the malware coming back with a system restore.  
 
 
Ensure Remove disinfection tools is ticked
Also tick:
Create registry backup
Purge system restore
 
Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply
 
I would install the free version of Avast:
 
ttp://files.avast.com/iavs9x/avast_free_antivirus_setup.exe
 
Download, Save, and right click and Run As Administrator.
 
Notes on living with Avast:
 
 
They have started using their info popup to try and get you to upgrade so I go into Settings (the Gear icon), (General), Popups and change the first two to 1 second.  Their Browser Cleanup is not so user friendly since it wants to reset your home page and search engine to Yahoo (an evil site as far as I am concerned) so I go into Settings,Tools, and turn it off.
 
You may also want to go in a turn off Scan Complete audio notification: Settings (the Gear icon), (General), Sounds and uncheck Scan Complete  OK.
 
The registration is free for 12-14 months then you need to reregister.  They will try and talk you in to buying their premium service but the Basic free version is always an option (tho it may not be the default).
 
 
Avast has a really good boot-time scan.  This loads before most of windows so has a better chance of catching malware.  It is very thorough and takes a long time so I usually let it run while I sleep:
Click on the Avast ball in systray or the Avast shortcut on your desktop or All Programs, Avast Software, Avast Free Anti-virus.
 
Click on Scan then Scan for Viruses.  In the box under the monitor icon, click on the down arrow and select Boot-time Scan.
 
Click on Scan Settings
 
Change System Drive to All hard drives
 
 
Under Heuristics click on the gray box to the left of Normal. It should turn Orange and now say High
 
Make sure the two boxes are checked.  Where it says 
 
When a threat is found... change it to Move to Chest.  OK.  Start.
 
The next time you reboot the scan will start.  I usually let it run while I sleep because it can take 6 hours.  (Good idea to mute the speakers so windows won't wake you when it finally boots up)
 
It normally stores its log in C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change but last time I ran it it told you where to look for the log when it first started up.
 
Once it finishes copy and paste the log into a replay.  (if it says it found anything)
 
 
 
Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.  Flash is now the most malware targeted program so it must be kept up to date.  Be careful with Adobe.  They are fond of offering optional downloads like yahoo or Ask toolbars or that worthless McAfee Security Scan.  Go slow and uncheck the optional stuff.
 
Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program.  There is an exploit out there now that can use it to get on your PC.  For Adobe Reader:  Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript.  OK Close program.  It's the same for Foxit reader except you uncheck Enable Javascript Actions. 
 
 
If you use Chrome/Firefox/IE then get the AdBlock Plus Add-on.  Go to adblockplus.org with each browser and get the add-on.  (It's actually a program for IE)
 
If Chrome/Firefox is slow loading make sure it only has the current Java add-on.  Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox.  Close Chrome/Firefox/Skpe. Hit Optimize.   You can run it any time that Chrome/Firefox seems slow starting..
 
Be warned:  If you use Limewire, utorrent or any of the other P2P programs you will probably be coming back to the Malware Removal forum.  If you must use P2P then submit any files you get to http://virustotal.combefore you open them.
 
 
If you have a router, log on to it today and change the default password!  If using a Wireless router you really should be using encryption on the link.  Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business.  See http://www.king5.com...-120637284.htmland http://www.seattlepi...ted-1344185.php for why encryption is important.  If you don't know how, visit the router maker's website.  They all have detailed step by step instructions or a wizard you can download.
 
Special note on Java.  Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 25 or better.  These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE.  Get the latest version from Java.com.  They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download.  Just uncheck the garbage before the download (or install) starts.  If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it.  
 
Make sure Windows Updates is turned and that it works.  
 
The last recommendation is something I use on my Windows 7's but haven't tested on Win 10 tho I have seen some Win 10 logs which had it so it should be OK.
Due to a recent rise in the number of Crytolocker infections I am now recommending you install:
 
CryptoPrevent
 
 
Last time I downloaded it you had to give them your IP address and they would send you the link to download it.  When it ran it asked if you were sure your PC was clean then it would try to allow everything on your PC to continue running.  The free version does not update on its own so you should check for updated versions once in a while.  If you have problems after installing CryptoPrevent you can just uninstall it.
 
My help is free but if you wish to show your appreciation, please donate to Kwiaht instead of me. It's a local environmental organization that I volunteer with: http://www.kwiaht.org/donate.htm
(The name means something like "clean place" in one of the local native-American dialects)
 
 
 
 
 

  • 0

#15
Javixo
Posted 27 January 2016 - 10:13 AM

Javixo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Hi, I just ran delfix, here's the log, ill finish tweaking up by tomorrow after the av scan.

# DelFix v1.011 - Logfile created 27/01/2016 at 16:57:49
# Updated 18/08/2015 by Xplode
# Username : J-PC - J-PC-PC
# Operating System : Windows 10 Home  (64 bits)

~ Removing disinfection tools ...

Deleted : C:\_OTL
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\J-PC\Desktop\JRT.txt
Deleted : C:\Users\J-PC\Downloads\Addition.txt
Deleted : C:\Users\J-PC\Downloads\AdwCleaner(1).exe
Deleted : C:\Users\J-PC\Downloads\AdwCleaner.exe
Deleted : C:\Users\J-PC\Downloads\adwcleaner_5.030.exe
Deleted : C:\Users\J-PC\Downloads\aswmbr.exe
Deleted : C:\Users\J-PC\Downloads\ComboFix(1).exe
Deleted : C:\Users\J-PC\Downloads\ComboFix.exe
Deleted : C:\Users\J-PC\Downloads\esetsmartinstaller_enu.exe
Deleted : C:\Users\J-PC\Downloads\Fixlog.txt
Deleted : C:\Users\J-PC\Downloads\FRST.txt
Deleted : C:\Users\J-PC\Downloads\FRST64.exe
Deleted : C:\Users\J-PC\Downloads\JRT.exe
Deleted : C:\Users\J-PC\Downloads\OTL.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #14 [Operación de restauración | 01/26/2016 13:25:49]
Deleted : RP #15 [JRT Pre-Junkware Removal | 01/26/2016 14:35:58]

New restore point created !

########## - EOF - ##########

Thanks! ill check Kwiaht page deeper tomorrow too, and update the post with the av log :)


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: Adware, Malware

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP