Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Possible Virus - Reimageplus hijack

Started by Jamazz , Sep 20 2016 09:20 AM

This topic is locked

#1
Jamazz

Posted 20 September 2016 - 09:20 AM

Member

Member
90 posts

Greetings, and thank you for looking into my issue.

Yesterday, my work laptop and my home desktop (I work from home) began to exhibit possible symptoms of a virus. My Google Chrome browser started opening up new tabs on its own. Most of the tabs were reimageplus dot com. During the barrage of tabs, one or more of the tabs would open a mini window and start a loud and obnoxious video of a woman specifying there's a virus infection and to follow the instructions. It feels like a bad toolbar, but I am a veteran PC user with years of IT experience. I don't download toolbars and practice safe surfing habits. This issue occurred for both machines at the same time.

What I believe to be an infection has crushed my work laptop to the point where it takes a long time to open applications and has slightly affected the performance of my Home PC. Currently, I'm submitting this thread for my home PC.

I have ran my virus program, avast, and have downloaded and ran MalwareBytes. MalwareBytes found a few PUPs, but I believe them to be dormant cookies. I don't recall doing anything differently, on both machines, that would be a common denominator towards what allowed this issue to surface.

When I am done with my home PC, I would like to scan and work on my Work Laptop. See below for my home PC logs from FRST64 scan. I have and will donate for assistance rendered. Thank you.

~Jamazz

FRST64

-------------------------------------------------------------------

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-09-2016
Ran by Jamazz (administrator) on ANDROMEDA (20-09-2016 10:56:12)
Running from C:\Users\Jamazz\Desktop
Loaded Profiles: Jamazz (Available Profiles: Jamazz)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Matrox Graphics Inc) C:\Program Files (x86)\Matrox Graphics\PowerDesk\Matrox.PDesk.Services.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe
(TiVo Inc.) C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe
(TiVo Inc.) C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TiVo Inc.) C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(Matrox Graphics Inc.) C:\Program Files (x86)\Matrox Graphics\PowerDesk\Matrox.PDesk.Startup.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Matrox Graphics Inc.) C:\Program Files (x86)\Matrox Graphics\PowerDesk\Matrox.PDesk.Core.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\Matrox Graphics\PowerDesk\Matrox.PDesk.HookHost.exe
() C:\Program Files (x86)\Matrox Graphics\PowerDesk\Matrox.PDesk.HookHost64.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1767944 2016-06-14] (NVIDIA Corporation)
HKLM-x32\...\Run: [Matrox PowerDesk] => C:\Program Files (x86)\Matrox Graphics\PowerDesk\Matrox.PDesk.Startup.exe [894720 2014-08-27] (Matrox Graphics Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9107616 2016-09-12] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKU\S-1-5-21-2871713377-2916007404-1485540439-1000\...\Run: [HP Deskjet 3050A J611 series (NET)] => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2871713377-2916007404-1485540439-1000\...\Run: [TivoServer] => C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe [2264336 2010-08-24] (TiVo Inc.)
HKU\S-1-5-21-2871713377-2916007404-1485540439-1000\...\Run: [TivoTransfer] => C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe [608528 2010-08-24] (TiVo Inc.)
HKU\S-1-5-21-2871713377-2916007404-1485540439-1000\...\Run: [TivoNotify] => C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe [437520 2010-08-24] (TiVo Inc.)
HKU\S-1-5-21-2871713377-2916007404-1485540439-1000\...\Run: [TranscodingService] => C:\Program Files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe [856336 2010-08-24] (TiVo Inc.)
HKU\S-1-5-21-2871713377-2916007404-1485540439-1000\...\MountPoints2: {91c32647-8500-11e5-a83d-806e6f6e6963} - D:\Install.exe
HKU\S-1-5-21-2871713377-2916007404-1485540439-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-08-30] (AVAST Software)
Startup: C:\Users\Jamazz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2015-11-07]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{91C9EE3E-D059-460D-B432-66A610AF83A7}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-2871713377-2916007404-1485540439-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://nuggets.nightowldvr.com:2051/login.rsp
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-07-22] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-08-30] (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-22] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-08-30] (AVAST Software)
DPF: HKLM-x32 {9AA03FEC-6582-48B1-BC62-821D4A7B9461} hxxp://nuggets.nightowldvr.com:2051/N9DvrOcx.cab?V1163

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-22] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-08-25] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-08-25] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin-x32: LTS Web Components -> C:\Program Files (x86)\LTS Web Components\npLTSWebVideoPlugin.dll [2015-08-06] ()
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-08-30]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-08-30]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF

Chrome:
=======
CHR HomePage: Default -> hxxp://google.com/
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Jamazz\AppData\Local\Google\Chrome\User Data\Default [2016-09-20]
CHR Extension: (Easy Auto Refresh) - C:\Users\Jamazz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2016-07-12]
CHR Extension: (Google Slides) - C:\Users\Jamazz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-06]
CHR Extension: (TooManyTabs for Chrome) - C:\Users\Jamazz\AppData\Local\Google\Chrome\User Data\Default\Extensions\amigcgbheognjmfkaieeeadojiibgbdp [2015-11-06]
CHR Extension: (Google Docs) - C:\Users\Jamazz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-06]
CHR Extension: (Google Drive) - C:\Users\Jamazz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-06]
CHR Extension: (FB-Purity.net - AdBlock & Spam Filter 2016) - C:\Users\Jamazz\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdhljddfhikjfjommjpannedebejkffb [2016-08-31]
CHR Extension: (YouTube) - C:\Users\Jamazz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-06]
CHR Extension: (Google Search) - C:\Users\Jamazz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-06]
CHR Extension: (Google Sheets) - C:\Users\Jamazz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-06]
CHR Extension: (Google Docs Offline) - C:\Users\Jamazz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18]
CHR Extension: (AdBlock) - C:\Users\Jamazz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-09-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jamazz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-09]
CHR Extension: (Gmail) - C:\Users\Jamazz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-06]
CHR Extension: (Chrome Media Router) - C:\Users\Jamazz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-19]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-08-30] (AVAST Software)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433688 2016-02-05] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413208 2016-02-05] (BlueStack Systems, Inc.)
S3 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [859672 2016-02-05] (BlueStack Systems, Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-14] (NVIDIA Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-15] (HP Inc.)
R2 Matrox.Pdesk3.ServicesHost; C:\Program Files (x86)\Matrox Graphics\PowerDesk\Matrox.PDesk.Services.exe [3875072 2014-08-27] (Matrox Graphics Inc)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7534864 2016-08-25] (TeamViewer GmbH)
S4 TivoBeacon2; C:\Program Files (x86)\TiVo\Desktop\TiVoBeacon.exe [1104656 2010-08-24] (TiVo Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-08-30] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-09-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513496 2016-08-30] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-08-30] (AVAST Software)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [154680 2016-02-05] (BlueStack Systems)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [27552 2015-11-07] (REALiX™)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-09-20] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
S3 RZMAELSTROMVADService; C:\Windows\System32\drivers\RzMaelstromVAD.sys [32768 2014-05-23] (Windows ® Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-20 10:56 - 2016-09-20 10:56 - 00015990 _____ C:\Users\Jamazz\Desktop\FRST.txt
2016-09-20 10:55 - 2016-09-20 10:56 - 00000000 ____D C:\FRST
2016-09-20 10:55 - 2016-09-20 10:55 - 02400256 _____ (Farbar) C:\Users\Jamazz\Desktop\FRST64.exe
2016-09-20 09:45 - 2016-09-20 10:46 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-09-20 09:44 - 2016-09-20 09:44 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-09-20 09:44 - 2016-09-20 09:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-09-20 09:44 - 2016-09-20 09:44 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-09-20 09:44 - 2016-09-20 09:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-09-20 09:44 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-09-20 09:44 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-09-20 09:44 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-09-20 09:43 - 2016-09-20 09:43 - 22851472 _____ (Malwarebytes ) C:\Users\Jamazz\Downloads\mbam-setup-2.2.1.1043.exe
2016-09-19 10:50 - 2016-09-18 16:38 - 112086654 ____N C:\Users\Jamazz\Desktop\20160918_163746.mp4
2016-09-16 18:37 - 2016-09-19 18:57 - 00001136 _____ C:\Users\Jamazz\Desktop\nativelog.txt
2016-09-16 18:24 - 2016-09-19 14:24 - 00000000 ____D C:\Users\Jamazz\AppData\Roaming\.minecraft
2016-09-16 18:24 - 2016-09-16 18:24 - 00000000 ____D C:\Users\Jamazz\AppData\Roaming\java
2016-09-16 18:23 - 2016-09-16 18:24 - 00000000 ____D C:\Program Files (x86)\Minecraft
2016-09-16 18:23 - 2016-09-16 18:23 - 02314240 _____ C:\Users\Jamazz\Downloads\MinecraftInstaller.msi
2016-09-16 18:23 - 2016-09-16 18:23 - 00000961 _____ C:\Users\Public\Desktop\Minecraft.lnk
2016-09-16 18:23 - 2016-09-16 18:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2016-09-12 10:20 - 2016-09-12 10:20 - 00595053 _____ C:\Users\Jamazz\Downloads\Field Schedule Week 9-12.xlsx
2016-08-30 22:20 - 2016-08-25 16:50 - 00133056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2016-08-30 22:18 - 2016-08-25 19:28 - 40070200 _____ C:\Windows\system32\nvcompiler.dll
2016-08-30 22:18 - 2016-08-25 19:28 - 35182648 _____ C:\Windows\SysWOW64\nvcompiler.dll
2016-08-30 22:18 - 2016-08-25 19:28 - 34801088 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2016-08-30 22:18 - 2016-08-25 19:28 - 28207672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2016-08-30 22:18 - 2016-08-25 19:28 - 17463088 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2016-08-30 22:18 - 2016-08-25 19:28 - 17263792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2016-08-30 22:18 - 2016-08-25 19:28 - 14093368 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-08-30 22:18 - 2016-08-25 19:28 - 10865704 _____ C:\Windows\system32\nvptxJitCompiler.dll
2016-08-30 22:18 - 2016-08-25 19:28 - 10737632 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-08-30 22:18 - 2016-08-25 19:28 - 10278080 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-08-30 22:18 - 2016-08-25 19:28 - 09086856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2016-08-30 22:18 - 2016-08-25 19:28 - 08875408 _____ C:\Windows\SysWOW64\nvptxJitCompiler.dll
2016-08-30 22:18 - 2016-08-25 19:28 - 08680696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2016-08-30 22:18 - 2016-08-25 19:28 - 03594808 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-08-30 22:18 - 2016-08-25 19:28 - 03160512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-08-30 22:18 - 2016-08-25 19:28 - 01920960 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437270.dll
2016-08-30 22:18 - 2016-08-25 19:28 - 01586744 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437270.dll
2016-08-30 22:18 - 2016-08-25 19:28 - 01019960 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2016-08-30 22:18 - 2016-08-25 19:28 - 00956352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2016-08-30 22:18 - 2016-08-25 19:28 - 00941504 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2016-08-30 22:18 - 2016-08-25 19:28 - 00892864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2016-08-30 22:18 - 2016-08-25 19:28 - 00686896 _____ C:\Windows\system32\nvfatbinaryLoader.dll
2016-08-30 22:18 - 2016-08-25 19:28 - 00575984 _____ C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2016-08-30 22:18 - 2016-08-25 19:28 - 00520912 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2016-08-30 22:18 - 2016-08-25 19:28 - 00493608 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2016-08-30 22:18 - 2016-08-25 19:28 - 00437696 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2016-08-30 22:18 - 2016-08-25 19:28 - 00436088 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2016-08-30 22:18 - 2016-08-25 19:28 - 00408784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2016-08-30 22:18 - 2016-08-25 19:28 - 00390200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2016-08-30 22:18 - 2016-08-25 19:28 - 00223304 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2016-08-30 22:18 - 2016-08-25 19:28 - 00181488 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2016-08-30 22:18 - 2016-08-25 19:28 - 00159352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2016-08-30 22:18 - 2016-08-25 19:28 - 00153368 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2016-08-30 22:18 - 2016-08-25 19:28 - 00131536 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2016-08-30 22:18 - 2016-08-25 19:28 - 00054728 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2016-08-30 22:18 - 2016-08-25 19:28 - 00000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2016-08-30 22:18 - 2016-08-25 19:28 - 00000669 _____ C:\Windows\system32\nv-vk64.json
2016-08-30 18:49 - 2016-08-30 18:49 - 00391496 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-08-30 18:49 - 2016-08-30 18:49 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-20 10:53 - 2009-07-14 01:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-20 10:53 - 2009-07-14 00:45 - 00022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-20 10:53 - 2009-07-14 00:45 - 00022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-20 10:53 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-09-20 10:45 - 2015-11-06 22:09 - 00000000 ____D C:\ProgramData\NVIDIA
2016-09-20 10:45 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-20 10:44 - 2015-11-06 23:02 - 00289596 _____ C:\Windows\ntbtlog.txt
2016-09-20 10:38 - 2015-11-29 04:41 - 00000336 _____ C:\Windows\Tasks\HPCeeScheduleForJamazz.job
2016-09-20 10:38 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\Performance
2016-09-20 10:36 - 2015-11-07 17:51 - 00000000 ____D C:\Program Files (x86)\Steam
2016-09-20 10:01 - 2015-11-06 23:32 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-18 01:53 - 2015-11-29 04:41 - 00003192 _____ C:\Windows\System32\Tasks\HPCeeScheduleForJamazz
2016-09-16 20:03 - 2015-11-06 23:33 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-14 10:10 - 2015-11-07 17:43 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-09-13 09:37 - 2016-06-02 10:30 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-09-13 06:50 - 2016-04-22 14:54 - 00969184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2016-09-02 22:18 - 2016-07-18 23:33 - 00000000 ____D C:\Users\Jamazz\Desktop\Fallout 4 save game backup
2016-09-02 22:13 - 2016-07-21 09:36 - 00000000 ____D C:\Users\Jamazz\AppData\Local\Bilago
2016-09-02 22:03 - 2016-01-18 14:06 - 00000971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-08-30 22:20 - 2016-03-18 23:32 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-08-30 22:20 - 2015-11-06 22:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-08-30 22:20 - 2015-11-06 22:34 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-08-30 22:20 - 2015-11-06 22:34 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-08-30 18:50 - 2016-04-22 14:55 - 00003922 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-08-30 18:49 - 2016-04-22 14:54 - 00513496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-08-30 18:49 - 2016-04-22 14:54 - 00292704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-08-30 18:49 - 2016-04-22 14:54 - 00163416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-08-30 18:49 - 2016-04-22 14:54 - 00108816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-08-30 18:49 - 2016-04-22 14:54 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-08-30 18:49 - 2016-04-22 14:54 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-08-30 18:49 - 2016-04-22 14:54 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-08-29 18:50 - 2015-12-08 19:13 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-08-29 18:50 - 2015-11-10 16:13 - 00000000 ____D C:\Users\Jamazz\AppData\Roaming\Skype
2016-08-29 18:50 - 2015-11-10 16:13 - 00000000 ____D C:\ProgramData\Skype
2016-08-29 15:28 - 2016-06-20 14:30 - 00000000 ____D C:\Users\Jamazz\AppData\Roaming\Audacity
2016-08-25 19:28 - 2015-11-06 22:29 - 19848080 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2016-08-25 19:28 - 2015-11-06 22:29 - 14352816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2016-08-25 19:28 - 2015-11-06 22:29 - 03917512 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2016-08-25 19:28 - 2015-11-06 22:29 - 03456888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2016-08-25 19:28 - 2015-11-06 22:29 - 01588688 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2016-08-25 19:28 - 2015-11-06 22:29 - 00039731 _____ C:\Windows\system32\nvinfo.pb
2016-08-25 17:10 - 2016-02-11 14:20 - 00548408 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2016-08-25 17:10 - 2016-02-11 14:20 - 00081856 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2016-08-25 17:10 - 2015-11-06 22:34 - 06385720 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2016-08-25 17:10 - 2015-11-06 22:34 - 02475064 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2016-08-25 17:10 - 2015-11-06 22:34 - 01764408 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2016-08-25 17:10 - 2015-11-06 22:34 - 01362368 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2016-08-25 17:10 - 2015-11-06 22:34 - 00393784 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2016-08-25 17:10 - 2015-11-06 22:34 - 00071224 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2016-08-22 11:18 - 2015-11-06 22:34 - 07320235 _____ C:\Windows\system32\nvcoproc.bin

==================== Files in the root of some directories =======

2016-03-20 10:17 - 2016-03-20 10:17 - 0007597 _____ () C:\Users\Jamazz\AppData\Local\Resmon.ResmonCfg
2015-11-18 12:19 - 2015-11-18 12:19 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
C:\Users\Jamazz\AppData\Local\Temp\jre-8u101-windows-au.exe
C:\Users\Jamazz\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Jamazz\AppData\Local\Temp\nvscpapisvr.exe
C:\Users\Jamazz\AppData\Local\Temp\nvStInst.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-09-15 00:32

==================== End of FRST.txt ============================

Addition.txt

--------------------------------------------------------------------------------------------

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-09-2016
Ran by Jamazz (20-09-2016 10:56:54)
Running from C:\Users\Jamazz\Desktop
Windows 7 Professional Service Pack 1 (X64) (2015-11-07 01:59:21)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2871713377-2916007404-1485540439-500 - Administrator - Disabled)
Guest (S-1-5-21-2871713377-2916007404-1485540439-501 - Limited - Disabled)
Jamazz (S-1-5-21-2871713377-2916007404-1485540439-1000 - Administrator - Enabled) => C:\Users\Jamazz

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Advanced Port Scanner 2.4 (HKLM-x32\...\{10F177CF-543F-4BC2-A297-DBF73709D3C5}) (Version: 2.4.2750 - Famatech)
Ansel (Version: 372.70 - NVIDIA Corporation) Hidden
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
Battle Worlds: Kronos (HKLM-x32\...\Steam App 237470) (Version: - KING Art Games)
BlueStacks App Player (HKLM-x32\...\{AF0D9073-1AE0-4C21-AA70-41294AEFBDFD}) (Version: 2.0.8.5638 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{877924AA-E044-4266-B37D-E974CD799934}) (Version: 2.0.0.34 - Apple Inc.)
Cities: Skylines (HKLM-x32\...\Steam App 255710) (Version: - Colossal Order Ltd.)
Edge of Space (HKLM\...\Steam App 238240) (Version: - Handyman Studios)
Endless Sky (HKLM\...\Steam App 404410) (Version: - Michael Zahniser)
Fallout 4 (HKLM\...\Steam App 377160) (Version: - Bethesda Game Studios)
Fallout Mod Manager 0.13.21 (HKLM-x32\...\Generic Mod Manager_is1) (Version: - Q, Timeslip)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version: - Obsidian Entertainment)
Galactic Civilizations III (HKLM\...\Steam App 226860) (Version: - Stardock Entertainment)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
GTA San Andreas (HKLM-x32\...\{E0303B6A-C675-4102-95DA-C013625BFA99}) (Version: 1.00.00001 - Rockstar Games)
How to Survive (HKLM-x32\...\Steam App 250400) (Version: - EKO Software)
HP Deskjet 3050A J611 series Basic Device Software (HKLM\...\{1B77E249-B8D5-4E5E-8848-693ACEF84E6D}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.3.34.7 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.5.32.37 - Hewlett-Packard Company)
HWiNFO64 Version 5.06 (HKLM\...\HWiNFO64_is1) (Version: 5.06 - Martin Malík - REALiX)
Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Left 4 Dead 2 (HKLM\...\Steam App 550) (Version: - Valve)
LTS Web Components (HKLM-x32\...\{03B13AF8-9625-478A-AF0E-205337B9415A}_is1) (Version: - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Matrox PowerDesk (HKLM\...\{329AECC6-DA23-4D45-9056-2BC116088BFF}) (Version: 1.18.5001.0821 2.08.04 GXM - Matrox Graphics Inc.)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mount & Blade: Warband (HKLM-x32\...\Steam App 48700) (Version: - TaleWorlds Entertainment)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.61.23 - Black Tree Gaming)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 372.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 372.70 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA Graphics Driver 372.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 372.70 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Out There Somewhere (HKLM\...\Steam App 263980) (Version: - MiniBoss)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.3 beta r2468 - )
Rebel Galaxy (HKLM\...\Steam App 290300) (Version: - Double Damage Games)
Rise of Nations: Extended Edition (HKLM-x32\...\Steam App 287450) (Version: - SkyBox Labs)
SEGA Genesis & Mega Drive Classics (HKLM-x32\...\Steam App 34270) (Version: - Sega)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Skype™ 7.27 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.27.101 - Skype Technologies S.A.)
Star Wars - Jedi Knight II: Jedi Outcast (HKLM-x32\...\Steam App 6030) (Version: - Raven Software)
Star Wars®: Knights of the Old Republic ™ (HKLM-x32\...\{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}) (Version: - )
STAR WARS™ Knights of the Old Republic™ II: The Sith Lords™ (HKLM\...\Steam App 208580) (Version: - Obsidian Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.65452 - TeamViewer)
TiVo Desktop 2.8.2 (HKLM-x32\...\{4E839090-3B68-436A-B3CF-A2A08C38DD26}) (Version: 2.8.412.369 - TiVo Inc.)
Transistor (HKLM-x32\...\Steam App 237930) (Version: - Supergiant Games)
Trove (HKLM-x32\...\Steam App 304050) (Version: - Trion Worlds)
Unclaimed World (HKLM\...\Steam App 284100) (Version: - Refactored Games OÜ)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
Windward (HKLM-x32\...\Steam App 326410) (Version: - Tasharen Entertainment Inc.)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00E4C341-2148-4231-AC56-67720B3DDA72} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-06] (Google Inc.)
Task: {0C357F59-D368-492F-A03C-F7343AD2D507} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-03] (AVAST Software)
Task: {207D09DE-0847-4146-AC77-03338BB63B10} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
Task: {2AE2FD3A-CB1C-4F18-A084-F05A2547C53F} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-08-18] (HP Inc.)
Task: {40908ECD-098C-45F6-8F06-D1D1E5507268} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-06] (Google Inc.)
Task: {560088CA-513D-4824-A00E-8E1D7FA52939} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-08-30] (AVAST Software)
Task: {78FDFA34-23EE-4750-BED4-8A333A04451B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-09-05] (HP Inc.)
Task: {B52264CE-E989-4BE8-8FC3-7C6863DEDF83} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-08] (Adobe Systems Incorporated)
Task: {BE2999D9-AFBF-4B79-8AEF-EB0F9CC29E3E} - System32\Tasks\HPCeeScheduleForJamazz => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {DE7CA1CE-49CE-4AA0-A362-E28C278202D9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {F301AE95-0EC1-4802-8A77-D3326E07AE68} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
Task: {FECE9D4D-3DD1-4D2A-8775-E4722FA6811A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForJamazz.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-11-06 22:34 - 2016-08-25 17:10 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-03-18 23:24 - 2016-06-14 16:03 - 00367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-07-15 22:47 - 2016-06-14 16:03 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-03-18 23:24 - 2016-06-14 16:03 - 03611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-02-11 14:10 - 2016-06-14 16:03 - 00288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2015-10-04 10:19 - 2015-10-04 10:19 - 00036544 _____ () C:\Program Files\Rainmeter\Rainmeter.exe
2015-10-04 10:19 - 2015-10-04 10:19 - 00829632 _____ () C:\Program Files\Rainmeter\Rainmeter.dll
2015-11-07 18:29 - 2015-11-07 19:15 - 00015360 _____ () C:\Users\Jamazz\AppData\Roaming\Rainmeter\Plugins\ActiveNet.DLL
2015-10-04 10:18 - 2015-10-04 10:18 - 00011776 _____ () C:\Program Files\Rainmeter\Plugins\PowerPlugin.DLL
2015-10-04 10:18 - 2015-10-04 10:18 - 00012800 _____ () C:\Program Files\Rainmeter\Plugins\PerfMon.DLL
2015-10-04 10:18 - 2015-10-04 10:18 - 00024576 _____ () C:\Program Files\Rainmeter\Plugins\SysInfo.DLL
2015-10-04 10:18 - 2015-10-04 10:18 - 00057856 _____ () C:\Program Files\Rainmeter\Plugins\WebParser.DLL
2016-07-15 22:47 - 2016-06-14 16:03 - 01988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-07-15 22:47 - 2016-06-14 16:03 - 02665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-07-15 22:47 - 2016-06-14 16:03 - 01840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-02-11 14:10 - 2016-06-14 16:03 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-07-15 22:47 - 2016-06-14 16:03 - 00034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-07-15 22:47 - 2016-06-14 16:03 - 00920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2014-08-27 13:32 - 2014-08-27 13:32 - 00395008 _____ () C:\Program Files (x86)\Matrox Graphics\PowerDesk\Matrox.PDesk.HookHost.exe
2014-08-27 13:32 - 2014-08-27 13:32 - 00523008 _____ () C:\Program Files (x86)\Matrox Graphics\PowerDesk\Matrox.PDesk.HookHost64.exe
2016-08-30 18:49 - 2016-08-30 18:49 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-09-20 08:08 - 2016-09-20 08:08 - 03086648 _____ () C:\Program Files\AVAST Software\Avast\defs\16092000\algo.dll
2016-08-30 18:49 - 2016-08-30 18:49 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-02-11 14:10 - 2016-06-14 16:03 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2010-05-17 23:51 - 2010-05-17 23:51 - 00716800 _____ () C:\Program Files (x86)\TiVo\Desktop\LOUDMOUTH.DLL
2003-01-30 08:04 - 2003-01-30 08:04 - 00618496 _____ () C:\Program Files (x86)\TiVo\Desktop\STLPMT45.DLL
2010-08-24 17:40 - 2010-08-24 17:40 - 00259584 _____ () C:\Program Files (x86)\TiVo\Desktop\ID3LIB.DLL
2010-05-17 23:52 - 2010-05-17 23:52 - 00684032 _____ () C:\Program Files (x86)\TiVo\Desktop\libeay32.dll
2010-05-17 23:52 - 2010-05-17 23:52 - 00155648 _____ () C:\Program Files (x86)\TiVo\Desktop\ssleay32.dll
2016-06-29 18:08 - 2016-06-29 18:08 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2871713377-2916007404-1485540439-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Jamazz\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: DDNS-Enterprise => C:\Program Files (x86)\Enterprise DDNS Client\DDNS.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{9D7E03A3-9B41-4D1A-92F3-1D81153FFE35}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7B6E53AA-5302-4ED8-98D5-B35BBD401798}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D95195BC-11DB-43E3-89E8-F657256ECE07}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E98212EF-18A3-4C9D-A6DE-AF747D135E22}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{2E05B1F3-EC16-40EB-9C78-51C916B274F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [{3696991C-8EAD-47D8-9E63-93B9E178AEE0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [{86A7842D-D398-4D89-B0D9-A6EA23058403}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\DeviceSetup.exe
FirewallRules: [{5BE16663-8D61-4EDC-BCD0-48DB10C6D24C}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{E2537B9D-9F2B-4DBD-959B-9F366EECD725}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{4CFBCFDB-01CB-4DAD-BD60-026480890BEA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trove\GlyphClient.exe
FirewallRules: [{6BB64ACD-1073-49F1-8231-AC07460733CA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trove\GlyphClient.exe
FirewallRules: [{840F1E1E-4A82-40F9-AD58-11877C6C0098}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AF1EE9AA-FCE3-489A-8FAF-2AC647C88E99}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{306EDD38-339F-437E-B3DA-BA081362373C}] => (Allow) C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe
FirewallRules: [{E3F84AE7-AF1D-4416-89E0-08CA4958C5A7}] => (Allow) C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe
FirewallRules: [{D2FF72D5-E264-4506-8251-2F435AE548BB}] => (Allow) C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe
FirewallRules: [{6AC9212D-53E5-4617-BF8C-3F18BBA836C5}] => (Allow) C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe
FirewallRules: [{0D64894A-ABD1-4FDB-BD0A-0780F244CE6D}] => (Allow) C:\Program Files (x86)\TiVo\Desktop\TiVoDesktop.exe
FirewallRules: [{E8D18172-6759-408C-862C-4C679B33D804}] => (Allow) C:\Program Files (x86)\TiVo\Desktop\TiVoDesktop.exe
FirewallRules: [{6702955D-0F8C-4CEC-A770-6593C38EF8A7}] => (Allow) C:\Program Files (x86)\TiVo\Desktop\curl.exe
FirewallRules: [{C6561A6B-388D-40D5-86D2-72713537A722}] => (Allow) C:\Program Files (x86)\TiVo\Desktop\curl.exe
FirewallRules: [{E5E05DA5-1F44-4648-8592-341443FAA541}] => (Allow) C:\Program Files (x86)\TiVo\Desktop\TiVoBeacon.exe
FirewallRules: [{E4AFCF7E-2A2B-40C5-9EBA-67830E046162}] => (Allow) C:\Program Files (x86)\TiVo\Desktop\TiVoBeacon.exe
FirewallRules: [{B4B48CB4-C491-4200-960C-C215D0FF37E7}] => (Allow) C:\Program Files (x86)\TiVo\Desktop\TiVoDiag.exe
FirewallRules: [{44F02E4F-3C51-453E-8732-D0849E680D99}] => (Allow) C:\Program Files (x86)\TiVo\Desktop\TiVoDiag.exe
FirewallRules: [{963A232C-D34C-4087-AA9E-7B1E79E172EB}] => (Allow) LPort=5353
FirewallRules: [{0B7A6F41-B1F5-4B75-AA29-53B0333E49DB}] => (Allow) LPort=7288
FirewallRules: [{266CAB17-3726-4FA6-B026-C85C4844E6FE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Jedi Outcast\GameData\jk2sp.exe
FirewallRules: [{B8FFF1C4-9892-4507-9D5A-9C57B5FF8F59}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Jedi Outcast\GameData\jk2sp.exe
FirewallRules: [{5F978B7D-7F8F-40B9-A197-A629468F1F62}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Jedi Outcast\GameData\jk2mp.exe
FirewallRules: [{2A4F8A79-09A0-4675-94A0-DDE23C1FB6E1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Jedi Outcast\GameData\jk2mp.exe
FirewallRules: [{2C25337D-3AF4-4AC0-BD44-03BF55804594}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Windward\Windward.exe
FirewallRules: [{532EB408-77A4-4183-A6E3-27ED0D94E226}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Windward\Windward.exe
FirewallRules: [{6BB254DA-9E57-4E49-9F8C-95005E0ECB73}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\How to Survive\HowToSurvive.exe
FirewallRules: [{4D822D27-3352-4962-96BE-041B6C34487E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\How to Survive\HowToSurvive.exe
FirewallRules: [{A357F85A-B004-4F3F-9DF0-3668ED2B7825}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\How to Survive\Detect.exe
FirewallRules: [{B58BBBD2-B754-4AC3-BBD5-C64745FF2F5D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\How to Survive\Detect.exe
FirewallRules: [{26024530-D10C-4887-886D-BB4803E31C30}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{15ECD7EE-7E9D-4FCF-A2D2-0637D92505B7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BattleWorldsKronos\BattleWorldsKronos.exe
FirewallRules: [{DE2082A6-D75C-4493-97EC-377E7611C301}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BattleWorldsKronos\BattleWorldsKronos.exe
FirewallRules: [{FE7809AF-7513-4627-8488-BA29EAC3B965}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BattleWorldsKronos\Battleworlds Builder\BattleworldsBuilder.exe
FirewallRules: [{A25774C4-3E92-424F-B447-AA0F2D40B899}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BattleWorldsKronos\Battleworlds Builder\BattleworldsBuilder.exe
FirewallRules: [{4E7B3E77-10FC-4C34-A2B4-EE1E85991769}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Transistor\x64\Transistor.exe
FirewallRules: [{D1F5A8D4-4D90-4A63-8FAB-DB7171E4C3B7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Transistor\x64\Transistor.exe
FirewallRules: [{C83E8D80-0B8F-4850-8202-54C3CD0A3DC3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{6A847FE4-2298-47BB-AE5F-577D7E3D430A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{9277BCD5-907F-4B2B-A0EF-AF0255A99D28}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sega Classics\SEGAGenesisClassics.exe
FirewallRules: [{D55A8360-5F48-41DC-9FCC-AF8F8F83C6FC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sega Classics\SEGAGenesisClassics.exe
FirewallRules: [{45E1CF61-4CBE-4DAE-AF16-71779C5BB037}] => (Allow) C:\Program Files (x86)\Simple Port Tester\spt.exe
FirewallRules: [{F5FB7A81-366D-461F-93A0-719FB84DF7B2}] => (Allow) C:\Program Files (x86)\Simple Port Tester\spt.exe
FirewallRules: [{A217F138-79BA-4EE6-A7E0-778BD1A3D8A4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{D782539C-FAF2-452C-8583-9DA9610CF27C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{4E31653E-6188-4775-9FCD-59CCFBCE0A48}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{A39E019D-8A84-45C7-85EC-48469EDF2167}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{D64BF9D0-256F-42DD-9322-6D1D5E053F32}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{854EBBE5-9825-47F2-ADED-ED0E8EF93EB7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{08145786-ADF8-462A-A418-20DE603EC32C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{DFA6132C-1198-4FE9-8F2B-71E18580FA65}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{EB53B557-8BC6-42DF-8A7F-4FE74B03373A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{E30EEA43-61E1-46B2-8597-C3A29858281C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Edge of Space\Launcher.exe
FirewallRules: [{31841B91-5A1F-46FD-AAAA-BEC1A73534EF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Edge of Space\Launcher.exe
FirewallRules: [{202CBC5E-5DA8-48A2-847B-215ACC9E0E14}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unclaimed World\UnclaimedWorld.exe
FirewallRules: [{B2733655-8CC8-4A23-8D45-375B26437012}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unclaimed World\UnclaimedWorld.exe
FirewallRules: [{7E97AB77-FD9E-42AE-A363-4E77BD9D7EFB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sega Classics\SEGAGameRoom.exe
FirewallRules: [{F2FE659A-76F1-4B48-AF54-34097E7A8F00}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sega Classics\SEGAGameRoom.exe
FirewallRules: [{EF95DC57-D430-4FFC-A575-7C2029FF003D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Godus\windows\godus.exe
FirewallRules: [{71310B11-B06A-4491-823C-85F3B9F6F1D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Godus\windows\godus.exe
FirewallRules: [{3E311B3B-8029-4BFD-859E-4212E2BE7147}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Knights of the Old Republic II\swkotor2.exe
FirewallRules: [{A374DAD0-5A36-4F3E-814A-9F20FAEED84B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Knights of the Old Republic II\swkotor2.exe
FirewallRules: [{8DBACDB6-41F3-4BB5-BA1A-E7F79B9FF1CC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Galactic Civilizations III\GalCiv3.exe
FirewallRules: [{5685B144-0F1F-4135-BA5B-307A771021F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Galactic Civilizations III\GalCiv3.exe
FirewallRules: [{572AF831-E78B-42A8-B88B-E84752E1300D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Endless Sky\EndlessSky.exe
FirewallRules: [{397E5CAF-0943-4672-9764-DDFC36158498}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Endless Sky\EndlessSky.exe
FirewallRules: [{F8499BC6-EA00-4C7D-9F27-5FE893A4E19E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\outtheresomewhere\ots.exe
FirewallRules: [{B2617FD0-CE13-4C5A-AC79-0450D3D5534F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\outtheresomewhere\ots.exe
FirewallRules: [TCP Query User{F352422C-3B43-42A3-A2C1-0493B41F0034}C:\program files (x86)\steam\steamapps\common\fallout 4\fallout4.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\fallout 4\fallout4.exe
FirewallRules: [UDP Query User{9C5E845C-AC60-4778-9DFB-F1B6CFB9072E}C:\program files (x86)\steam\steamapps\common\fallout 4\fallout4.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\fallout 4\fallout4.exe
FirewallRules: [{33C4C306-2832-41D7-B581-A070C1ADDD59}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{A2300565-BFEF-468D-B2D2-F09F3773E9F2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{CA13F6FD-85BB-4D5B-BC6A-2806FFEA89AD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RebelGalaxy\SteamLauncher.exe
FirewallRules: [{10057E0E-1026-4D7D-9225-C18D918B053F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RebelGalaxy\SteamLauncher.exe
FirewallRules: [{CAD70B46-74C3-4CE8-89EB-D7A3F385CB82}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{0453C1B2-D5EE-4960-8B81-D50C43494CB6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{234C9BAB-BDC5-4326-867A-1DDD1DE11FDE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{4E606352-5999-47C0-B316-730DD741B278}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{02E50D16-70C7-4A63-924F-56AB481B4215}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{2E2955D5-C420-4D02-83FB-7662F4479F81}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{7E36619C-24E7-46A1-850C-0061526C5795}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

06-09-2016 00:00:01 Scheduled Checkpoint
14-09-2016 00:00:02 Scheduled Checkpoint
16-09-2016 18:23:27 Installed Minecraft

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (09/20/2016 10:45:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/20/2016 10:38:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/20/2016 10:36:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 504: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (09/16/2016 02:34:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/16/2016 02:32:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 504: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (09/08/2016 05:24:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/30/2016 10:23:29 PM) (Source: TivoTransfer) (EventID: 0) (User: )
Description: Event-ID 0

Error: (08/30/2016 10:23:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/30/2016 10:21:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 488: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (08/22/2016 06:40:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

System errors:
=============
Error: (09/20/2016 10:43:47 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (09/20/2016 10:43:47 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (09/20/2016 10:43:46 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (09/20/2016 10:43:45 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
The dependency service or group failed to start.

CodeIntegrity:
===================================
Date: 2016-08-22 18:39:37.792
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-12 00:24:57.508
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-08 00:42:25.714
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-05 16:47:57.791
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-03 10:23:09.103
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-03 10:22:08.394
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-07-22 19:21:11.714
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-07-18 22:17:37.175
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-07-18 22:16:29.650
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-07-18 16:16:43.649
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU E8500 @ 3.16GHz
Percentage of memory in use: 29%
Total physical RAM: 8190.54 MB
Available physical RAM: 5794.29 MB
Total Virtual: 16379.26 MB
Available Virtual: 13484.37 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1862.92 GB) (Free:1395.74 GB) NTFS
Drive d: (GTA_SAN_ANDREAS) (CDROM) (Total:3.93 GB) (Free:0 GB) UDF
Drive e: () (Removable) (Total:1.89 GB) (Free:1.85 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 4C37B19E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1862.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1.9 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=1.9 GB) - (Type=06)

==================== End of Addition.txt ============================

#2
Jamazz

Posted 20 September 2016 - 12:13 PM

Member

Topic Starter
Member
90 posts

***Update***

I uninstalled and reinstalled Google Chrome and the problem, so far, has not returned. I would like the scans above to be checked for other possible threats. Thank you.

#3
zep516

Posted 20 September 2016 - 12:35 PM

Trusted Helper

Malware Removal
8,093 posts

Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions!

Lets run some additional scans

Next

Please download AdwCleaner by Xplode onto your Desktop.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click the Scan button and wait for the process to complete.
Click the logfile button and the log will open in Notepad.
Click on the Clean button follow the prompts.
A log file will automatically open after the scan has finished and the PC has rebooted.
Please post the content of that log file with your next answer.
The report will be saved in the C:\AdwCleaner folder.

Next
Please download Junkware Removal Tool to your Desktop.
Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete, depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
Please post the contents of JRT.txt into your reply.

Next
Please download Malwarebytes Anti-Malware to your desktop.
Double-click mbam-setup-version.exe and follow the prompts to install the program.
Launch Malwarebytes Anti-Malware
Then click Finish.
If an update is found, you will be prompted to download and install the latest version.
Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
When the scan is complete , make sure that that all Threats are selected, and click Remove Selected.
Reboot your computer if prompted.

Posting the Malwarebytes log.

[list]
After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the Scan Log which shows the Date and time of the scan just performed.
Click 'Export'.
Click 'Text file (*.txt)'
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named 'File Saved' should appear stating "Your file has been successfully exported".
Click Ok
post that saved log to your next reply.

In your next reply post;
The AdwCleaner [C1].txt Log
The JRT.txt Log
Malwarebyteslog

#4
Jamazz

Posted 22 September 2016 - 01:13 PM

Member

Topic Starter
Member
90 posts

Here are all three logs:

# AdwCleaner v6.020 - Logfile created 22/09/2016 at 14:58:50

# Updated on 14/09/2016 by ToolsLib

# Database : 2016-09-22.1 [Server]

# Operating System : Windows 7 Professional Service Pack 1 (X64)

# Username : Jamazz - ANDROMEDA

# Running from : C:\Users\Jamazz\Desktop\adwcleaner_6.020.exe

# Mode: Clean

# Support : https://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

[-] [C:\Users\Jamazz\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com

[-] [C:\Users\Jamazz\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com

[-] [C:\Users\Jamazz\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: easy-video-reverser.en.softonic.com

*************************

:: "Tracing" keys deleted

:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1127 Bytes] - [22/09/2016 14:58:50]

C:\AdwCleaner\AdwCleaner[S0].txt - [1442 Bytes] - [22/09/2016 14:57:53]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1273 Bytes] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes

Version: 8.0.7 (07.03.2016)

Operating System: Windows 7 Professional x64

Ran by Jamazz (Administrator) on Thu 09/22/2016 at 15:03:46.83

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 24

Successfully deleted: C:\Users\Jamazz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)

Successfully deleted: C:\Users\Jamazz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)

Successfully deleted: C:\Users\Jamazz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\74LWEJIW (Temporary Internet Files Folder)

Successfully deleted: C:\Users\Jamazz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AR9X59XO (Temporary Internet Files Folder)

Successfully deleted: C:\Users\Jamazz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)

Successfully deleted: C:\Users\Jamazz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)

Successfully deleted: C:\Users\Jamazz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SHOEOSM5 (Temporary Internet Files Folder)

Successfully deleted: C:\Users\Jamazz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T9XEFO1W (Temporary Internet Files Folder)

Successfully deleted: C:\Users\Jamazz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TJJ5G09L (Temporary Internet Files Folder)

Successfully deleted: C:\Users\Jamazz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEX6KDJN (Temporary Internet Files Folder)

Successfully deleted: C:\Users\Jamazz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VP38EX9J (Temporary Internet Files Folder)

Successfully deleted: C:\Users\Jamazz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XQQ2GF8Q (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\74LWEJIW (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AR9X59XO (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SHOEOSM5 (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T9XEFO1W (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TJJ5G09L (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEX6KDJN (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VP38EX9J (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XQQ2GF8Q (Temporary Internet Files Folder)

Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Thu 09/22/2016 at 15:07:34.18

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 9/20/2016

Scan Time: 9:45 AM

Logfile: MB Scan.txt

Administrator: Yes

Version: 2.2.1.1043

Malware Database: v2016.09.20.05

Rootkit Database: v2016.08.15.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Jamazz

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 307903

Time Elapsed: 10 min, 27 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 0

(No malicious items detected)

Registry Values: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

Folders: 0

(No malicious items detected)

Files: 10

PUP.Optional.PricePeep, C:\Users\Jamazz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage, Quarantined, [b9ac165ea6f43cfafa89169a28db1be5],

PUP.Optional.BestPriceNinja, C:\Users\Jamazz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_pstatic.bestpriceninja.com_0.localstorage, Delete-on-Reboot, [32332a4acecc64d2b13ca839669d15eb],

PUP.Optional.BestPriceNinja, C:\Users\Jamazz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_pstatic.bestpriceninja.com_0.localstorage-journal, Delete-on-Reboot, [b4b1e4902d6d14229b52c8193dc6b848],

PUP.Optional.BestPriceNinja, C:\Users\Jamazz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.bestpriceninja.com_0.localstorage, Delete-on-Reboot, [84e1cba92278b97d0be240a1dd266997],

PUP.Optional.BestPriceNinja, C:\Users\Jamazz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.bestpriceninja.com_0.localstorage-journal, Delete-on-Reboot, [5015b0c4b5e50e28f7f6746d8b782fd1],

PUP.Optional.ReMarkIt.PrxySvrRST, C:\Users\Jamazz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.re-markit00.re-markit.co_0.localstorage, Delete-on-Reboot, [3530195bdbbf3402292928c609fa9070],

PUP.Optional.ReMarkIt.PrxySvrRST, C:\Users\Jamazz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.re-markit00.re-markit.co_0.localstorage-journal, Delete-on-Reboot, [3431abc9cad03ef8fc5604eac63d9f61],

PUP.Optional.Yontoo, C:\Users\Jamazz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.coupontime00.coupontime.co_0.localstorage, Delete-on-Reboot, [372ef57fe4b6b6805f41911249bb42be],

PUP.Optional.Yontoo, C:\Users\Jamazz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.coupontime00.coupontime.co_0.localstorage-journal, Delete-on-Reboot, [de874034b3e7b086257bbfe44fb5619f],

Physical Sectors: 0

(No malicious items detected)

(end)

#5
zep516

Posted 22 September 2016 - 01:16 PM

Trusted Helper

Malware Removal
8,093 posts

Hello,

A few items to fix for Jamazz,

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.

start
CloseProcesses:
CreateRestorePoint:
C:\Users\Jamazz\AppData\Local\Temp\jre-8u101-windows-au.exe
C:\Users\Jamazz\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Jamazz\AppData\Local\Temp\nvscpapisvr.exe
C:\Users\Jamazz\AppData\Local\Temp\nvStInst.exe
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
Emptytemp:

Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

What issues remain and in what browser ?

#6
Jamazz

Posted 26 September 2016 - 08:18 AM

Member

Topic Starter
Member
90 posts

Zep516,

After uninstalling and reinstalling Google Chrome on my home PC, I believe the issue was remedied. It seems the browser was hijacked.

I uninstalled Chrome on my work laptop, too, and the problem has not resurfaced there, either. I believe I am good to go, so I don't think it is necessary to go through the same steps on my laptop.

See below for requested info from your last post, about my home PC. I appreciate the assistance. Love this forum and its community.

---------------------------------------------------------------------------------------------------------

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-09-2016

Ran by Jamazz (23-09-2016 20:12:32) Run:1

Running from C:\Users\Jamazz\Desktop

Loaded Profiles: Jamazz (Available Profiles: Jamazz)

Boot Mode: Normal

==============================================

fixlist content:

*****************

start

CloseProcesses:

CreateRestorePoint:

C:\Users\Jamazz\AppData\Local\Temp\jre-8u101-windows-au.exe

C:\Users\Jamazz\AppData\Local\Temp\nvSCPAPI.dll

C:\Users\Jamazz\AppData\Local\Temp\nvscpapisvr.exe

C:\Users\Jamazz\AppData\Local\Temp\nvStInst.exe

CMD: bitsadmin /reset /allusers

CMD: ipconfig /flushdns

Emptytemp:

*****************

Processes closed successfully.

Restore point was successfully created.

"C:\Users\Jamazz\AppData\Local\Temp\jre-8u101-windows-au.exe" => not found.

"C:\Users\Jamazz\AppData\Local\Temp\nvSCPAPI.dll" => not found.

"C:\Users\Jamazz\AppData\Local\Temp\nvscpapisvr.exe" => not found.

"C:\Users\Jamazz\AppData\Local\Temp\nvStInst.exe" => not found.

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]

BITS administration utility.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.

Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B

DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5987907 B

Java, Flash, Steam htmlcache => 442456178 B

Windows/system/drivers => 232494962 B

Edge => 0 B

Chrome => 581034790 B

Firefox => 0 B

Opera => 0 B

Temp, IE cache, history, cookies, recent:

Default => 0 B

Public => 0 B

ProgramData => 0 B

systemprofile => 66356 B

systemprofile32 => 65960 B

LocalService => 66228 B

NetworkService => 66228 B

Jamazz => 40110295 B

RecycleBin => 560027 B

EmptyTemp: => 1.2 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 20:13:31 ====

#7
zep516

Posted 26 September 2016 - 01:23 PM

Trusted Helper

Malware Removal
8,093 posts

Hello,

After uninstalling and reinstalling Google Chrome on my home PC, I believe the issue was remedied. It seems the browser was hijacked.

Are there any other issues ?

#8
Jamazz

Posted 27 September 2016 - 08:10 AM

Member

Topic Starter
Member
90 posts

None at this time. I appreciate your help, Zep516. Thank you.

#9
zep516

Posted 27 September 2016 - 08:50 AM

Trusted Helper

Malware Removal
8,093 posts

You usually get infected because your security settings are too low.

Here are a number of recommendations that will help tighten them, and which will contribute to making you a less likely victim:

Safe Computing Practices please read Here

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Thanks
Joe