Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Laptop wont boot, in need of a FRST fixfile (FRST file attached) [Solv


  • This topic is locked This topic is locked

#1
JohannesK

JohannesK

    Member

  • Member
  • PipPip
  • 34 posts

Hello,

 

After malware removal my laptop goes to a black screen after login in. I can start taskmanager and use that to open some other programs, but several programs do not work. The system uses Windows 8.1 and I tried to restore it with system restoring, but that did not solve the problem. I added the FRST log, which I obtained after scanning the laptop. Now I need help with getting a fixfile. I searched for several tutorials but couldn't figure out what I had to put in the fixfile, and more importantly, The lines I shouldn't include. Can anyone help me?

 

With kind regards,

Johannes

 

PS, sorry for the dutch words in the FRST.txt, I couldn't figure out how to get a report in english.

 

Attached File  FRST.txt   47.85KB   49 downloads


  • 0

Advertisements


#2
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,595 posts
Hello JohannesK and :welcome:

My name is Bruce1270 and I will be helping you with your malware problem.

A few things before we get started.
  • Please read all instructions carefully. If there is anything you do not understand please ask me first before doing anything.
  • Please be patient. I am a volunteer who does this in my spare time so I will try to get back to you as soon as possible.
  • Please follow all instructions in the order given.
  • Please do not install any other software unless advised. This may hinder the removal process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • Please make sure you reply within 4 days to my responses, if there is no reply within 4 days, the topic will be closed and you will need to request the topic be reopened.


    Important!

    Please save or print off these instructions. Part of this fix may require you to be in safe mode where you will not be able to access the internet or my instructions!

    I would strongly recommend you back up your personal data and folders before we begin.

    Malware removal can be very long, complicated and may take multiple steps. I understand this may be frustrating but please stay with this topic until your machine is declared clean. The results will hopefully be very rewarding. :happy:
    As we go along please tell me how the computer is running now. Please be as descriptive as possible e.g. I'm still getting web redirects, I am unable to access the internet etc.

    OK. Let's move on.

    I will need the addition log as well. This can be found in the location %SystemDrive%\FRST\Logs (in most cases this will be C:\FRST\Logs). Look for the log called Addition with the last date and time it was run. The log should open with notepad. Please copy and paste the log in your next reply.

  • 0

#3
JohannesK

JohannesK

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

Hello Bruce,

 

Good to hear from you! I added the Addition file as requested.

 

With kind regards

Johannes

Attached Files


  • 0

#4
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,595 posts
I'll have a look over the logs and post further instructions soon.
  • 0

#5
JohannesK

JohannesK

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

Thank you very much!

 

With kind regards,

Jonathan


  • 0

#6
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,595 posts
Hi JohannesK

Lets see what we can do. :)

Step1 - Move FRST to desktop

If you can, move FRST64.exe to the desktop folder e.g. C:\Users\Johnathan\Desktop. For the FRST fix to work both FRST64.exe and fixlist.txt must be in the same location and the desktop is where the software is most effective from. The FRST64.exe file is currently located at C:\Users\Jonathan\AppData\Local\Microsoft\Windows\INetCache\IE\0IRE1HQ2.


Step2 - FRST fix


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Download the attached fixlist.txt to your desktop.Attached File  fixlist.txt   3.59KB   35 downloads
  • Ensure fixlist.txt is in the same location as FRST.exe on your desktop.
    FRSTfix_zpst41jgkuh.jpg
  • Run FRST by right clicking on it and selecting Run as Administrator and press Fix
  • On completion a log (fixlog.txt) will be generated.
  • Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.

    During the process FRST will prompt for a reboot. Allow it to do so.

    Things for your next post:
  • Any issues running the FRST fix?
  • fixlog.txt
  • Are you able to boot normally now into your desktop?

  • 0

#7
JohannesK

JohannesK

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

Hello Bruce,

 

There where no issues running the fix, this is the fixlog:

 

CreateRestorePoint:
HKU\S-1-5-21-2616087736-3813733752-4251558300-1001\...\Run: [background_fault] => C:\Users\Jonathan\AppData\Local\background_fault\aswRD.exe [1419576 2017-05-04] () <===== AANDACHT
IFEO\GoogleUpdate.exe: [Debugger] 324095823984.exe
IFEO\GoogleUpdaterService.exe: [Debugger] 8736459873644.exe
GroupPolicy: Restrictie <======= AANDACHT
GroupPolicy\User: Restrictie <======= AANDACHT
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrictie <======= AANDACHT
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
CHR DefaultSearchURL: ChromeDefaultData -> hxxp://www.mystarting123.com/search/index.php?q={searchTerms}
CHR DefaultSearchKeyword: ChromeDefaultData -> mystarting123
CHR Profile: C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-05-18] <==== AANDACHT
S2 BIT; C:\ProgramData\BIT\BIT.dll [1857536 2017-05-18] () [Bestand niet getekend] <==== AANDACHT
S2 CSHMDR; C:\Users\Jonathan\AppData\Local\CSHMDR\Snare.dll [832000 2017-05-18] () [Bestand niet getekend] <==== AANDACHT
S2 CWASRE; C:\Users\Jonathan\AppData\Local\CWASRE\Snare.dll [830464 2017-05-16] () [Bestand niet getekend] <==== AANDACHT
S2 NPASRE; C:\Users\Jonathan\AppData\Local\NPASRE\Snare.dll [830464 2017-05-10] () [Bestand niet getekend] <==== AANDACHT
S2 WinAppSvr; C:\ProgramData\Microsoft\AppV\sym\dbg.dll [109056 2017-05-12] () [Bestand niet getekend] <==== AANDACHT
S2 WinSAPSvc; C:\Users\Jonathan\AppData\Roaming\WinSAPSvc\WinSAP.dll [1873920 2017-05-18] () [Bestand niet getekend] <==== AANDACHT
C:\Users\Jonathan\AppData\Local\background_fault
C:\ProgramData\BIT
C:\Users\Jonathan\AppData\Local\CSHMDR
C:\Users\Jonathan\AppData\Local\CWASRE
C:\Users\Jonathan\AppData\Local\NPASRE
C:\ProgramData\Microsoft\AppV
C:\Users\Jonathan\AppData\Roaming\WinSAPSvc
C:\Windows\System32\Tasks\Milimili
C:\Reimward
C:\Users\Jonathan\AppData\Local\Eggper
C:\Program Files (x86)\Eggper
C:\Users\Public\Desktop\Google Chrome.lnk
C:\Windows\SysWOW64\1111
C:\Users\Jonathan\AppData\Local\VNASRE
C:\Program Files (x86)\MIO
C:\Windows\psgo
Task: {8166D98B-E2DF-4105-B52B-925B3A91C908} - \PJm59Oy2pQ -> Geen bestand <==== AANDACHT
Task: {8662E85D-DC9B-4120-86CB-ABBF357A1EF9} - System32\Tasks\Milimili => C:\Program Files (x86)\MIO\MIO.exe [2017-05-18] () <==== AANDACHT
Task: {8AD3D1EB-CD9D-408B-82E5-B1A80216EB92} - \Gherkerge -> Geen bestand <==== AANDACHT
Shortcut: C:\Users\Jonathan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Eggper\Application\chrome.exe ()
Shortcut: C:\Users\Jonathan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Eggper\Application\chrome.exe ()
Shortcut: C:\Users\Jonathan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\360c22b137d62ce9\Google Chrome.lnk -> C:\Program Files (x86)\Eggper\Application\chrome.exe ()
Shortcut: C:\Users\Jonathan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\167c78b32431516\Google Chrome.lnk -> C:\Program Files (x86)\Eggper\Application\chrome.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Eggper\Application\chrome.exe ()
Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Eggper\Application\chrome.exe ()
Hosts:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
EmptyTemp:


But there are still issues after logging in. the screen still turns black and I can only reach certain programs. I rescanned with FRST and added those files again.

 

With kind regards

Johannes

Attached Files


Edited by JohannesK, 25 May 2017 - 02:45 AM.

  • 0

#8
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,595 posts
Hi JohannesK
 

the screen still turns black and I can only reach certain programs


That's ok. We can fix this once the malware is all gone. :)

Next steps..

Step1 - Junkware Removal Tool


Download Junkware Removal Tool by Malwarebytes and save it to your desktop.

Important: Please disable your anti virus prior to running this program.. Advice on how to do this for your anti virus can be found here

1.Ensure all programs and windows are closed before proceeding.
2.Simply double-click the program icon to run it. It will ask for administrator privileges.
3.A black window will appear. Press any key to continue.
4.Wait for it to finish. It won't take long.
5.A log will automatically pop-up once done. Alternatively, you can find JRT.txt at your desktop.
6.Copy (CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
7. Reboot your machine and enable your anti virus again.


Step2 - adwCleaner


Download AdwCleaner from here to the Desktop
  • Close all open windows and browsers
  • Double click the Adwcleaner icon to execute the program
  • When the Tool opens for the first time accept the Terms of use
    adwcleaner1_zpsfhqm5c1w.jpg
  • Click the Scan button and wait for the program to finish.
  • Click on options
    adwcleaner2_zpsewujy48f.jpg
    tick to reset -
    winsock
    TCP/IP Settings
    IPSec
    IE policies
    Chrome policies
    Chrome preferences
  • When finished, please click Cleaning button.
  • when cleaning is finished, you may be prompted to restart your computer.
  • Upon completion, a log (AdwCleaner[C*].txt) will open.
  • Please copy and paste this in your next reply.


    Step3 - fresh FRST logs

    Unfortunately, being British my languages isn't good!

    Rename the FRST64.exe file to EnglishFRST64.exe. Run the file as previously and post the FRST and Addition logs produced. This should produce the full logs in English for me. :)


    Things for your next post:
  • JRT log
  • AdwCleaner[C*].txt
  • FRST and Addition logs

  • 0

#9
JohannesK

JohannesK

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

Hello Bruce,

 

There we go:

 

JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 8.1 Pro x64
Ran by Jonathan (Administrator) on do 25-05-2017 at 23:46:28,90
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on do 25-05-2017 at 23:47:50,63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Adwcleaner (Sorry, this one is in dutch, verwijderd=removed, sleutel=key, waarde=value and bestand=file):

 

# AdwCleaner v6.047 - Logbestand aangemaakt 25/05/2017 op 23:55:39
# Bijgewerkt op 19/05/2017 door Malwarebytes
# Database : 2017-05-19.1 [Lokaal]
# Besturingssysteem : Windows 8.1 Pro  (X64)
# Gebruikersnaam : Jonathan - POOP-LAPTOP
# Gestart vanuit : C:\Users\Jonathan\Desktop\adwcleaner_6.047.exe
# Mode: Verwijderen
# Ondersteuning : https://www.malwarebytes.com/support



***** [ Services ] *****

[-] Service verwijderd: SNARE


***** [ Mappen ] *****

[-] Map verwijderd: C:\Users\Jonathan\AppData\Local\SNARE


***** [ Bestanden ] *****

[-] Bestand verwijderd: C:\Users\Jonathan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\BigFarm.lnk
[-] Bestand verwijderd: C:\Users\Jonathan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\big_bang_empire.lnk
[-] Bestand verwijderd: C:\Users\Jonathan\Desktop\BigFarm.lnk
[-] Bestand verwijderd: C:\Users\Jonathan\Desktop\big_bang_empire.lnk
[-] Bestand verwijderd: C:\Users\Public\Documents\temp.dat


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Snelkoppelingen ] *****



***** [ Geplande Taken ] *****



***** [ Register ] *****

[-] Sleutel verwijderd: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SNARE
[#] Sleutel verwijderd tijdens herstart: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SNARE
[-] Sleutel verwijderd: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\NPASRE
[#] Sleutel verwijderd tijdens herstart: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\NPASRE
[-] Sleutel verwijderd: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\CWASRE
[#] Sleutel verwijderd tijdens herstart: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\CWASRE
[-] Sleutel verwijderd: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\CSHMDR
[#] Sleutel verwijderd tijdens herstart: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\CSHMDR
[-] Sleutel verwijderd: HKLM\SOFTWARE\ScreenShot
[-] Sleutel verwijderd: HKLM\SOFTWARE\Eggper
[-] Sleutel verwijderd: [x64] HKLM\SOFTWARE\InterSect Alliance
[-] Waarde verwijderd: HKU\S-1-5-21-2616087736-3813733752-4251558300-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [background_fault]
[-] Waarde verwijderd: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
[-] Waarde verwijderd: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [BIT]


***** [ Browsers ] *****



*************************

:: "Tracing" sleutels verwijderd
:: Winsock instellingen gereset
:: TCP/IP instellingen gereset
:: IPSec instellingen gereset
:: IE policies verwijderd
:: Chrome policies verwijderd

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [3239 bytes] - [19/03/2017 16:49:35]
C:\AdwCleaner\AdwCleaner[C10].txt - [3442 bytes] - [16/05/2017 12:03:12]
C:\AdwCleaner\AdwCleaner[C11].txt - [3776 bytes] - [17/05/2017 11:18:48]
C:\AdwCleaner\AdwCleaner[C12].txt - [3021 bytes] - [25/05/2017 23:55:39]
C:\AdwCleaner\AdwCleaner[C2].txt - [2749 bytes] - [20/03/2017 16:49:38]
C:\AdwCleaner\AdwCleaner[C3].txt - [8486 bytes] - [29/03/2017 12:14:55]
C:\AdwCleaner\AdwCleaner[C4].txt - [2565 bytes] - [05/04/2017 20:54:39]
C:\AdwCleaner\AdwCleaner[C5].txt - [2909 bytes] - [11/04/2017 10:26:31]
C:\AdwCleaner\AdwCleaner[C6].txt - [1992 bytes] - [11/04/2017 10:39:47]
C:\AdwCleaner\AdwCleaner[C7].txt - [2116 bytes] - [11/04/2017 11:46:33]
C:\AdwCleaner\AdwCleaner[C8].txt - [3334 bytes] - [04/05/2017 12:54:11]
C:\AdwCleaner\AdwCleaner[C9].txt - [5215 bytes] - [12/05/2017 17:28:48]
C:\AdwCleaner\AdwCleaner[S0].txt - [3305 bytes] - [19/03/2017 16:35:08]
C:\AdwCleaner\AdwCleaner[S10].txt - [4960 bytes] - [12/05/2017 17:20:40]
C:\AdwCleaner\AdwCleaner[S11].txt - [5096 bytes] - [16/05/2017 11:54:16]
C:\AdwCleaner\AdwCleaner[S12].txt - [3463 bytes] - [16/05/2017 12:02:31]
C:\AdwCleaner\AdwCleaner[S13].txt - [5681 bytes] - [17/05/2017 11:12:47]
C:\AdwCleaner\AdwCleaner[S14].txt - [3800 bytes] - [17/05/2017 11:18:07]
C:\AdwCleaner\AdwCleaner[S15].txt - [4772 bytes] - [25/05/2017 23:54:02]
C:\AdwCleaner\AdwCleaner[S1].txt - [3192 bytes] - [19/03/2017 16:48:58]
C:\AdwCleaner\AdwCleaner[S2].txt - [3344 bytes] - [20/03/2017 16:49:12]
C:\AdwCleaner\AdwCleaner[S3].txt - [10808 bytes] - [29/03/2017 12:08:21]
C:\AdwCleaner\AdwCleaner[S4].txt - [2603 bytes] - [05/04/2017 20:53:41]
C:\AdwCleaner\AdwCleaner[S5].txt - [2808 bytes] - [11/04/2017 10:23:33]
C:\AdwCleaner\AdwCleaner[S6].txt - [2136 bytes] - [11/04/2017 10:38:59]
C:\AdwCleaner\AdwCleaner[S7].txt - [2271 bytes] - [11/04/2017 11:39:22]
C:\AdwCleaner\AdwCleaner[S8].txt - [2344 bytes] - [11/04/2017 11:45:40]
C:\AdwCleaner\AdwCleaner[S9].txt - [3395 bytes] - [04/05/2017 12:51:18]

########## EOF - C:\AdwCleaner\AdwCleaner[C12].txt - [4854 bytes] ##########
 

FRST (awesome how easy it is to turn it in english, although some parts of the addition file are still in dutch!):

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-05-2017
Ran by Jonathan (administrator) on POOP-LAPTOP (25-05-2017 23:59:46)
Running from C:\Users\Jonathan\Desktop
Loaded Profiles: Jonathan (Available Profiles: Jonathan)
Platform: Windows 8.1 Pro (Update) (X64) Language: Nederlands (Nederland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\Program Files\CE\CovenantEyesCommService.exe
(CovenantEyes) C:\Program Files\CE\CovenantEyesProxy.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Insyde Software Corp.) C:\Program Files (x86)\Hotkey\Driver\x64\HKClipSvc.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(CLEVO CO.) C:\Program Files (x86)\Hotkey\HotkeyService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
() C:\Program Files\CE\authServer.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Farbar) C:\Users\Jonathan\Desktop\EnglishFRST64.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-15] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16404224 2015-08-27] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322472 2015-07-27] (Intel Corporation)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [Covenant Eyes] => C:\Program Files\CE\CovenantEyes.exe [13598616 2016-12-09] ()
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [Sound Blaster Cinema 2] => C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe [1442304 2014-05-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM-x32\...\Run: [tsnp2uvc] => C:\Windows\tsnp2uvc.exe [331776 2008-01-22] ()
HKU\S-1-5-21-2616087736-3813733752-4251558300-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8641240 2016-02-12] (Piriform Ltd)
HKU\S-1-5-21-2616087736-3813733752-4251558300-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27545048 2017-03-14] (Skype Technologies S.A.)
HKU\S-1-5-21-2616087736-3813733752-4251558300-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3019552 2017-04-26] (Valve Corporation)
HKU\S-1-5-21-2616087736-3813733752-4251558300-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [479744 2014-11-21] (Microsoft Corporation)
HKU\S-1-5-21-2616087736-3813733752-4251558300-1001\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[C12].txt [4954 2017-05-25] ()
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [181280 2017-01-25] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [158392 2017-01-25] (NVIDIA Corporation)
ShellExecuteHooks: No Name - {5C88556C-03A1-11E7-ACF2-64006A5CFC23} -  -> No File
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-03-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-03-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-03-14] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hotkey.lnk [2016-03-07]
ShortcutTarget: Hotkey.lnk -> C:\Program Files (x86)\Hotkey\HkeyTray.exe (CLEVO CO.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.254 213.75.63.75 213.75.63.76
Tcpip\..\Interfaces\{0F408AC6-F678-4666-861D-A50460FF1E83}: [DhcpNameServer] 192.168.2.254 195.121.1.34 195.121.1.66
Tcpip\..\Interfaces\{FC625167-8FB0-4474-8282-B37F31C37FC6}: [DhcpNameServer] 192.168.2.254 213.75.63.75 213.75.63.76

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-2616087736-3813733752-4251558300-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://solismail.uu.nl/
SearchScopes: HKLM -> DefaultScope value is missing
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2017-04-11] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-12-28] (Oracle Corporation)
BHO: Covenant Eyes for Internet Explorer -> {927BD2E1-2287-49D2-AE71-95F492CE662E} -> C:\Program Files\CE\extensions\ie\x64\IEExtension.dll [2016-12-09] (Covenant Eyes)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-03-14] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-28] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll [2017-04-11] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL [2017-03-14] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-20] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL [2016-04-20] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 2rergwub.default
FF ProfilePath: C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\2rergwub.default [2017-05-25]
FF Homepage: Mozilla\Firefox\Profiles\2rergwub.default -> google.nl
FF Session Restore: Mozilla\Firefox\Profiles\2rergwub.default -> is enabled.
FF Extension: (Adblock Plus) - C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\2rergwub.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-24]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\CE\extensions\firefox\[email protected]
FF Extension: (Covenant Eyes) - C:\Program Files\CE\extensions\firefox\[email protected] [2016-12-28]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-09] ()
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-12-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-28] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2016-03-07] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-09] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL [2016-03-07] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: ChromeDefaultData
CHR HKLM-x32\...\Chrome\Extension: [bfegkegffcbgpfmemahhkgnbkocmbain] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Auth Service; C:\Program Files\CE\authServer.exe [6371224 2016-12-09] ()
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [1002552 2017-03-23] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5334432 2017-03-23] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1146128 2016-12-06] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [729048 2017-03-23] (AVG Technologies CZ, s.r.o.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042544 2017-03-14] (Microsoft Corporation)
R2 CovenantEyesCommService; C:\Program Files\CE\CovenantEyesCommService.exe [7082392 2016-12-09] ()
R2 CovenantEyesProxy; C:\Program Files\CE\CovenantEyesProxy.exe [5242776 2016-11-28] (CovenantEyes)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-06-15] (NVIDIA Corporation)
R2 HKClipSvc; C:\Program Files (x86)\Hotkey\Driver\x64\HKClipSvc.exe [254960 2015-05-27] (Insyde Software Corp.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-07-27] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [333280 2016-12-14] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-08-13] ()
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-15] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-06-15] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-15] (NVIDIA Corporation)
R2 PowerBiosServer; C:\Program Files (x86)\Hotkey\HotkeyService.exe [27136 2015-08-31] (CLEVO CO.) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831712 2015-08-13] (Intel® Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [313088 2017-02-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [267008 2016-10-05] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [298240 2016-11-30] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [254208 2016-09-26] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.)
R0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [313096 2016-08-04] (AVG Technologies CZ, s.r.o.)
R1 cewd64f; C:\Windows\system32\Drivers\cewd64f.sys [44592 2016-11-28] () [File not signed]
R1 cewd64r; C:\Windows\system32\Drivers\cewd64r.sys [55352 2016-11-28] () [File not signed]
R2 cewfp; C:\Windows\system32\Drivers\cewfp64.sys [56368 2016-11-28] (CovenantEyes)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-03-24] ()
R3 HKKbdFltr; C:\Windows\system32\DRIVERS\HKKbdFltr.sys [50392 2015-05-27] (Insyde Software Corp.)
R3 HKMouFltr; C:\Windows\system32\DRIVERS\HKMouFltr.sys [48856 2015-05-27] (Insyde Software Corp.)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [734976 2016-11-19] (Intel Corporation)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [186304 2017-04-11] (Malwarebytes)
S3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [111544 2017-04-12] (Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-04-13] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [251832 2017-05-25] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [92096 2017-04-14] (Malwarebytes)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [4103920 2015-08-23] (Intel Corporation)
R1 nvkflt; C:\Windows\system32\DRIVERS\nvkflt.sys [314808 2017-01-25] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [751632 2015-05-11] (Realsil Semiconductor Corporation)
R1 SvThANSP; C:\Program Files (x86)\Hotkey\SvThANSP.sys [15224 2013-10-11] (Windows ® Win 7 DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-25 23:59 - 2017-05-25 23:55 - 00004954 _____ C:\Users\Jonathan\Desktop\AdwCleaner[C12].txt
2017-05-25 23:50 - 2017-05-25 23:50 - 04110280 ____N C:\Users\Jonathan\Desktop\adwcleaner_6.047.exe
2017-05-25 23:47 - 2017-05-25 23:47 - 00000556 _____ C:\Users\Jonathan\Desktop\JRT.txt
2017-05-25 23:37 - 2017-05-25 23:30 - 01663672 ____N (Malwarebytes) C:\Users\Jonathan\Desktop\JRT.exe
2017-05-25 10:39 - 2017-05-25 10:39 - 00031332 _____ C:\Users\Jonathan\Desktop\Addition.txt
2017-05-25 10:38 - 2017-05-26 00:00 - 00019670 _____ C:\Users\Jonathan\Desktop\FRST.txt
2017-05-25 10:33 - 2017-05-25 10:34 - 00010306 _____ C:\Users\Jonathan\Desktop\Fixlog.txt
2017-05-25 10:12 - 2017-05-22 23:26 - 02429952 ____R (Farbar) C:\Users\Jonathan\Desktop\EnglishFRST64.exe
2017-05-25 10:10 - 2017-05-25 10:10 - 00000000 ____D C:\Cosusp
2017-05-22 23:45 - 2017-05-25 23:59 - 00000000 ____D C:\FRST
2017-05-18 10:24 - 2017-05-18 10:27 - 41701081 _____ C:\Users\Jonathan\Downloads\Boothspraak Front 2.psd
2017-05-17 11:38 - 2017-05-17 11:41 - 00000000 ____D C:\Users\Jonathan\AppData\Local\4kdownload.com
2017-05-17 11:38 - 2017-05-17 11:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4K Download
2017-05-17 11:38 - 2017-05-17 11:40 - 00000000 ____D C:\Program Files (x86)\4KDownload
2017-05-17 11:37 - 2017-05-17 11:37 - 30931000 _____ (Open Media LLC ) C:\Users\Jonathan\Downloads\4kvideodownloader_4.2.exe
2017-05-17 11:37 - 2017-05-17 11:37 - 30061816 _____ (Open Media LLC ) C:\Users\Jonathan\Downloads\4kyoutubetomp3_3.1.exe
2017-05-16 11:46 - 2017-05-16 11:46 - 04102600 _____ C:\Users\Jonathan\Downloads\adwcleaner_6.046(1).exe
2017-05-15 14:18 - 2017-05-15 14:18 - 00352119 _____ C:\Users\Jonathan\Downloads\chp%3A10.1007%2F978-94-017-7291-4_6.pdf
2017-05-15 14:13 - 2017-05-15 14:13 - 02701904 _____ C:\Users\Jonathan\Downloads\PIIS0092867415016426.pdf
2017-05-15 14:13 - 2017-05-15 14:13 - 01749382 _____ C:\Users\Jonathan\Downloads\1-s2.0-S096098221631257X-main.pdf
2017-05-15 14:13 - 2017-05-15 14:13 - 01344466 _____ C:\Users\Jonathan\Downloads\Plant Cell-2013-Sun-2102-14.pdf
2017-05-15 14:10 - 2017-05-15 14:10 - 00750372 _____ C:\Users\Jonathan\Downloads\plants in their environment presentation.pdf
2017-05-15 14:07 - 2017-05-15 14:07 - 02552091 _____ C:\Users\Jonathan\Downloads\Presentation C3 - Shade Tolerance(1).pdf
2017-05-15 14:07 - 2017-05-15 14:07 - 01978763 _____ C:\Users\Jonathan\Downloads\1 UV-B antagonizes shade avoidance and thermomorphogenesis Lotte Pronk(1).pdf
2017-05-15 14:07 - 2017-05-15 14:07 - 00695514 _____ C:\Users\Jonathan\Downloads\C1 defense(1).pdf
2017-05-15 14:06 - 2017-05-15 14:06 - 01522676 _____ C:\Users\Jonathan\Downloads\886.full-1.pdf
2017-05-15 14:06 - 2017-05-15 14:06 - 01216199 _____ C:\Users\Jonathan\Downloads\897.full-1.pdf
2017-05-15 13:57 - 2017-05-15 13:57 - 02509831 _____ C:\Users\Jonathan\Downloads\Plant Cell-2017-Gommers-331-44(1).pdf
2017-05-15 13:57 - 2017-05-15 13:57 - 01063254 _____ C:\Users\Jonathan\Downloads\art_10.1007_s10059-013-2159-2-1(1).pdf
2017-05-15 13:57 - 2017-05-15 13:57 - 00451806 _____ C:\Users\Jonathan\Downloads\287.full(1).pdf
2017-05-15 13:54 - 2017-05-15 13:54 - 00447743 _____ C:\Users\Jonathan\Downloads\Molecular_and_genetic_control_of_plant_thermomorphogenesis.pdf.part
2017-05-15 13:53 - 2017-05-15 13:53 - 01280103 _____ C:\Users\Jonathan\Downloads\ContentServer.asp.pdf
2017-05-15 13:50 - 2017-05-15 13:50 - 01322682 _____ C:\Users\Jonathan\Downloads\PNAS-2016-Ma-224-9.pdf
2017-05-15 13:50 - 2017-05-15 13:50 - 01264664 _____ C:\Users\Jonathan\Downloads\art%3A10.1186%2Fs12870-015-0566-6.pdf
2017-05-15 13:50 - 2017-05-15 13:50 - 00906153 _____ C:\Users\Jonathan\Downloads\1-s2.0-S0960982214014249-main.pdf
2017-05-15 13:44 - 2017-05-15 13:44 - 01473271 _____ C:\Users\Jonathan\Downloads\pif4 B4.pdf
2017-05-15 13:44 - 2017-05-15 13:44 - 00943949 _____ C:\Users\Jonathan\Downloads\Phytochrome B as thermosensor in Arabidopsis thaliana.pdf
2017-05-15 13:25 - 2017-05-15 13:25 - 02509831 _____ C:\Users\Jonathan\Downloads\Plant Cell-2017-Gommers-331-44.pdf
2017-05-15 13:25 - 2017-05-15 13:25 - 01063254 _____ C:\Users\Jonathan\Downloads\art_10.1007_s10059-013-2159-2-1.pdf
2017-05-15 13:25 - 2017-05-15 13:25 - 00451806 _____ C:\Users\Jonathan\Downloads\287.full.pdf
2017-05-15 13:20 - 2017-05-15 13:20 - 02552091 _____ C:\Users\Jonathan\Downloads\Presentation C3 - Shade Tolerance.pdf
2017-05-15 13:20 - 2017-05-15 13:20 - 01978763 _____ C:\Users\Jonathan\Downloads\1 UV-B antagonizes shade avoidance and thermomorphogenesis Lotte Pronk.pdf
2017-05-15 13:20 - 2017-05-15 13:20 - 00695514 _____ C:\Users\Jonathan\Downloads\C1 defense.pdf
2017-05-12 17:16 - 2017-05-12 17:16 - 04102600 _____ C:\Users\Jonathan\Downloads\adwcleaner_6.046.exe
2017-05-12 17:15 - 2017-05-23 00:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-12 10:55 - 2017-04-29 00:44 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-05-12 10:55 - 2017-04-29 00:44 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-05-11 16:51 - 2017-05-11 16:51 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2017-05-11 16:51 - 2017-03-30 15:15 - 00678592 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2017-05-11 16:51 - 2017-03-30 15:15 - 00536768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2017-05-11 16:50 - 2017-03-30 15:15 - 00875712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2017-05-11 16:50 - 2017-03-30 15:15 - 00869568 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2017-05-10 16:37 - 2017-04-16 12:23 - 01063464 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
2017-05-10 16:37 - 2017-04-16 11:07 - 00548032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinTypes.dll
2017-05-10 16:37 - 2017-04-16 10:35 - 25741312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-05-10 16:37 - 2017-04-16 09:49 - 20278272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-05-10 16:37 - 2017-04-16 09:10 - 15250944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-05-10 16:36 - 2017-04-28 23:15 - 07444824 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-05-10 16:36 - 2017-04-26 16:06 - 04169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-05-10 16:36 - 2017-04-16 12:23 - 02176584 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2017-05-10 16:36 - 2017-04-16 12:23 - 01662096 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-05-10 16:36 - 2017-04-16 12:18 - 01135288 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-05-10 16:36 - 2017-04-16 12:18 - 00803192 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2017-05-10 16:36 - 2017-04-16 11:07 - 01566032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2017-05-10 16:36 - 2017-04-16 11:07 - 01213792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-05-10 16:36 - 2017-04-16 11:05 - 00612096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2017-05-10 16:36 - 2017-04-16 10:54 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-05-10 16:36 - 2017-04-16 10:54 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-05-10 16:36 - 2017-04-16 10:51 - 02899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-05-10 16:36 - 2017-04-16 10:37 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-05-10 16:36 - 2017-04-16 10:36 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-05-10 16:36 - 2017-04-16 10:18 - 05977600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-05-10 16:36 - 2017-04-16 10:16 - 00862720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-05-10 16:36 - 2017-04-16 10:10 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-05-10 16:36 - 2017-04-16 10:03 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-05-10 16:36 - 2017-04-16 10:02 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2017-05-10 16:36 - 2017-04-16 10:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-05-10 16:36 - 2017-04-16 10:00 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-05-10 16:36 - 2017-04-16 10:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-05-10 16:36 - 2017-04-16 09:53 - 02290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-05-10 16:36 - 2017-04-16 09:52 - 01033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-05-10 16:36 - 2017-04-16 09:47 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-05-10 16:36 - 2017-04-16 09:43 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-05-10 16:36 - 2017-04-16 09:40 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-05-10 16:36 - 2017-04-16 09:40 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-05-10 16:36 - 2017-04-16 09:40 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-05-10 16:36 - 2017-04-16 09:37 - 02132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-05-10 16:36 - 2017-04-16 09:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-05-10 16:36 - 2017-04-16 09:24 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-05-10 16:36 - 2017-04-16 09:23 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2017-05-10 16:36 - 2017-04-16 09:22 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2017-05-10 16:36 - 2017-04-16 09:22 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-05-10 16:36 - 2017-04-16 09:17 - 00880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-05-10 16:36 - 2017-04-16 09:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-05-10 16:36 - 2017-04-16 09:10 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-05-10 16:36 - 2017-04-16 09:10 - 00330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-05-10 16:36 - 2017-04-16 09:08 - 04548608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-05-10 16:36 - 2017-04-16 09:08 - 02057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-05-10 16:36 - 2017-04-16 09:04 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-05-10 16:36 - 2017-04-16 09:02 - 00267776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincorlib.dll
2017-05-10 16:36 - 2017-04-16 08:53 - 13661184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-05-10 16:36 - 2017-04-16 08:50 - 01544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-05-10 16:36 - 2017-04-16 08:40 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-05-10 16:36 - 2017-04-16 08:37 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-05-10 16:36 - 2017-04-16 08:34 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-05-10 16:36 - 2017-04-16 08:34 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-05-10 16:36 - 2017-04-10 00:00 - 01548640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-05-10 16:36 - 2017-04-10 00:00 - 00388448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-05-10 16:36 - 2017-04-08 01:20 - 01375960 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-05-10 16:36 - 2017-04-07 15:56 - 01094656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-05-10 16:36 - 2017-04-02 18:41 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-05-10 16:36 - 2017-04-02 18:41 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-05-10 16:36 - 2017-04-01 01:16 - 01968408 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2017-05-10 16:36 - 2017-03-31 23:59 - 01612504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2017-05-10 16:36 - 2017-03-13 18:38 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\wmitomi.dll
2017-05-10 16:36 - 2017-03-13 18:29 - 02609664 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2017-05-10 16:36 - 2017-03-13 18:25 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2017-05-10 16:36 - 2017-03-13 18:13 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmitomi.dll
2017-05-10 16:36 - 2017-03-13 18:07 - 02170880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2017-05-10 16:36 - 2017-03-13 18:06 - 00236032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2017-05-10 16:36 - 2017-03-11 21:34 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-05-10 16:36 - 2017-03-11 21:32 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-05-10 16:36 - 2017-03-11 21:32 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-05-10 16:36 - 2017-03-11 20:49 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-05-10 16:36 - 2017-03-11 19:58 - 01437696 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-05-10 16:36 - 2017-03-11 19:54 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-05-10 16:36 - 2017-03-11 01:38 - 02017624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-05-10 16:36 - 2017-03-11 01:38 - 00275800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2017-05-10 16:36 - 2017-03-09 22:52 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\wisp.dll
2017-05-10 16:36 - 2017-03-09 21:17 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wisp.dll
2017-05-10 16:36 - 2017-03-08 04:44 - 00448285 _____ C:\Windows\system32\ApnDatabase.xml
2017-05-09 20:47 - 2017-05-09 20:47 - 00001397 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2017-05-09 20:47 - 2017-05-09 20:47 - 00001328 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2017-05-09 20:47 - 2017-05-09 20:47 - 00000000 ____D C:\Users\Jonathan\AppData\Roaming\WMM
2017-05-09 20:47 - 2017-05-09 20:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker
2017-05-09 20:47 - 2017-05-09 20:47 - 00000000 ____D C:\Program Files (x86)\Windows Movie Maker
2017-05-09 20:47 - 2017-05-09 20:47 - 00000000 ____D C:\Program Files (x86)\Windows Live
2017-05-09 20:45 - 2017-05-09 20:46 - 26689458 _____ (videowinsoft.com ) C:\Users\Jonathan\Downloads\windows-movie-maker-2016.exe
2017-05-09 15:04 - 2017-05-09 15:04 - 01942655 _____ C:\Users\Jonathan\Downloads\Plant Cell-2013-González-Grandío-834-50.pdf
2017-05-09 15:04 - 2017-05-09 15:04 - 01210350 _____ C:\Users\Jonathan\Downloads\PNAS-2014-Mason-6092-7-2.pdf
2017-05-09 15:04 - 2017-05-09 15:04 - 01057379 _____ C:\Users\Jonathan\Downloads\Plant Physiol.-2015-Yao-611-26.pdf
2017-05-09 15:04 - 2017-05-09 15:04 - 00484439 _____ C:\Users\Jonathan\Downloads\Plant Physiol.-2014-Krishna Reddy-1542-50.pdf
2017-05-08 11:29 - 2017-05-08 11:29 - 00074864 _____ C:\Users\Jonathan\Downloads\ND20170508 Evolutiewetenschap verfrist de theologie etc.pdf
2017-05-04 12:06 - 2017-05-04 12:06 - 00000000 ____D C:\Users\Jonathan\AppData\Local\CrashRpt
2017-05-04 12:05 - 2017-05-04 12:05 - 01979944 _____ C:\Users\Jonathan\Downloads\WiperSoft-installer.exe
2017-05-04 11:12 - 2017-05-17 11:21 - 00001182 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-05-04 11:10 - 2017-05-04 11:10 - 00246104 _____ (Mozilla) C:\Users\Jonathan\Downloads\Firefox Setup Stub 53.0.exe
2017-05-03 15:53 - 2017-05-05 19:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serato
2017-05-03 15:53 - 2017-05-05 19:30 - 00000000 ____D C:\Program Files (x86)\Serato
2017-05-03 13:27 - 2017-05-05 19:30 - 00000000 ____D C:\Program Files (x86)\IIS
2017-05-03 13:27 - 2017-05-03 13:27 - 00000000 ____D C:\Users\Public\Documents\Google
2017-05-03 11:54 - 2017-05-03 11:54 - 00347670 _____ C:\Users\Jonathan\Downloads\journal.pone.0031945.PDF
2017-05-02 14:24 - 2017-05-02 14:25 - 01130328 _____ (Google Inc.) C:\Users\Jonathan\Downloads\ChromeSetup(1).exe
2017-04-30 15:05 - 2017-04-30 15:05 - 00118728 _____ (GreenTree Applications SRL) C:\Users\Jonathan\Downloads\YTDSetup(2).exe
2017-04-30 14:55 - 2017-04-30 15:00 - 60107896 _____ (Malwarebytes ) C:\Users\Jonathan\Downloads\mb3-setup-consumer-3.0.6.1469-10103.exe
2017-04-26 12:01 - 2017-04-26 12:01 - 01701756 _____ C:\Users\Jonathan\Downloads\annurev-arplant-050312-120221.pdf
2017-04-26 12:01 - 2017-04-26 12:01 - 00504263 _____ C:\Users\Jonathan\Downloads\nplants2015190.pdf
2017-04-26 10:19 - 2017-05-25 10:12 - 00000000 ____D C:\Program Files\MK
2017-04-26 10:18 - 2017-05-05 15:41 - 00000000 ____D C:\Insist

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-25 23:58 - 2016-03-07 18:11 - 00000000 ___RD C:\Users\Jonathan\OneDrive
2017-05-25 23:56 - 2017-04-11 12:33 - 00251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-05-25 23:56 - 2016-03-07 17:39 - 00000000 ____D C:\ProgramData\NVIDIA
2017-05-25 23:56 - 2016-03-07 16:57 - 00000000 __SHD C:\Users\Jonathan\IntelGraphicsProfiles
2017-05-25 23:56 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-25 23:55 - 2017-03-19 16:29 - 00000000 ____D C:\AdwCleaner
2017-05-25 23:31 - 2016-03-08 13:24 - 00000000 ____D C:\ProgramData\MFAData
2017-05-25 23:31 - 2016-03-07 18:03 - 00003982 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{70CA87D4-C5CF-42F5-BA88-8DF0FDD58C6C}
2017-05-25 10:42 - 2014-11-21 10:44 - 01826596 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-25 10:42 - 2014-11-21 10:05 - 00807742 _____ C:\Windows\system32\perfh013.dat
2017-05-25 10:42 - 2014-11-21 10:05 - 00162706 _____ C:\Windows\system32\perfc013.dat
2017-05-25 10:42 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\Inf
2017-05-25 10:35 - 2017-03-19 15:31 - 00000000 ____D C:\Program Files (x86)\Shapoly
2017-05-25 10:35 - 2016-03-08 13:25 - 00000008 __RSH C:\ProgramData\ntuser.pol
2017-05-23 00:12 - 2016-03-07 17:52 - 00000000 ___HD C:\Windows\system32\WLANProfiles
2017-05-23 00:12 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2017-05-23 00:12 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\registration
2017-05-22 23:32 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-05-22 23:19 - 2016-11-16 14:47 - 00000000 ____D C:\Users\Jonathan\AppData\LocalLow\Mozilla
2017-05-22 23:13 - 2016-03-07 16:36 - 00000000 ____D C:\Users\Jonathan
2017-05-22 21:27 - 2016-03-07 18:16 - 00000000 ____D C:\Users\Jonathan\AppData\Roaming\Skype
2017-05-22 20:59 - 2017-03-30 13:57 - 00000000 ____D C:\Program Files (x86)\Steam
2017-05-22 20:54 - 2016-12-28 14:15 - 00015200 _____ C:\Windows\SysWOW64\CovenantEyesProxyOff.ini
2017-05-22 20:54 - 2016-12-28 14:15 - 00015200 _____ C:\Windows\system32\CovenantEyesProxyOff.ini
2017-05-18 16:44 - 2016-11-03 17:56 - 00000000 ____D C:\Users\Jonathan\AppData\Local\CrashDumps
2017-05-17 12:53 - 2016-03-07 16:45 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2616087736-3813733752-4251558300-1001
2017-05-17 11:21 - 2017-03-29 11:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-05-17 11:21 - 2016-03-07 18:05 - 00001170 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-05-17 11:20 - 2016-03-08 14:35 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-05-16 20:16 - 2013-08-22 17:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-05-16 20:14 - 2016-03-07 19:27 - 00000000 ____D C:\Program Files\Microsoft Office 15
2017-05-15 19:18 - 2016-03-07 16:36 - 00000000 ____D C:\Users\Jonathan\AppData\Local\Packages
2017-05-12 14:53 - 2017-04-12 15:23 - 00000000 ____D C:\Users\Jonathan\Documents\REAPER Media
2017-05-12 11:09 - 2016-09-23 16:26 - 00003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2017-05-12 10:58 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2017-05-12 10:55 - 2013-08-22 16:44 - 00482488 _____ C:\Windows\system32\FNTCACHE.DAT
2017-05-11 17:18 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-05-11 17:16 - 2016-03-15 17:30 - 156335152 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-05-11 17:15 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-05-11 16:54 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2017-05-09 12:36 - 2016-03-08 13:17 - 00004398 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-05-09 12:36 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-05-09 12:36 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\Macromed
2017-05-08 11:32 - 2016-03-08 13:16 - 00000000 ____D C:\Users\Jonathan\AppData\Local\Adobe
2017-05-08 11:15 - 2016-03-08 14:52 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-05-05 19:30 - 2017-04-12 15:22 - 00000000 ____D C:\Users\Jonathan\AppData\Roaming\REAPER
2017-05-05 19:30 - 2017-04-12 15:20 - 00000000 ____D C:\Program Files\REAPER (x64)
2017-05-05 19:30 - 2017-04-11 12:33 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-05-05 19:30 - 2017-04-11 12:33 - 00000000 ____D C:\Program Files\Malwarebytes
2017-05-05 19:30 - 2016-03-15 18:35 - 00000000 ____D C:\Windows\system32\appraiser
2017-05-05 19:30 - 2014-11-21 14:58 - 00000000 ___SD C:\Windows\system32\CompatTel
2017-05-05 19:30 - 2013-08-22 17:36 - 00000000 __RSD C:\Windows\Media
2017-05-05 19:30 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\WinStore
2017-05-05 19:30 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Windows Defender
2017-05-05 19:30 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\system32\Sysprep
2017-05-03 16:10 - 2016-03-08 13:27 - 00000000 ____D C:\Users\Jonathan\Documents\Jonathan
2017-04-30 15:02 - 2016-03-08 14:52 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-04-30 14:49 - 2017-02-27 22:11 - 00003488 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-30 14:49 - 2017-02-27 22:11 - 00003360 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-28 00:05 - 2017-02-28 15:30 - 00000000 ____D C:\Users\Jonathan\AppData\Roaming\PhotoFiltre 7
2017-04-28 00:05 - 2016-10-24 17:42 - 00000000 ____D C:\Users\Jonathan\AppData\Roaming\vlc
2017-04-28 00:05 - 2016-10-24 17:14 - 00000000 ____D C:\Users\Jonathan\AppData\Roaming\uTorrent
2017-04-28 00:05 - 2016-03-08 13:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2017-04-28 00:05 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2017-04-28 00:04 - 2016-03-07 18:43 - 00000000 ____D C:\Windows\Minidump
2017-04-28 00:02 - 2016-03-15 15:46 - 00000000 __RHD C:\MSOCache
2017-04-27 13:03 - 2017-01-23 12:06 - 00000000 ____D C:\Users\Jonathan\Documents\Digital Viewer

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-05-17 12:53

==================== End of FRST.txt ============================

 

Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-05-2017
Ran by Jonathan (26-05-2017 00:00:11)
Running from C:\Users\Jonathan\Desktop
Windows 8.1 Pro (Update) (X64) (2016-03-07 14:36:23)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2616087736-3813733752-4251558300-500 - Administrator - Disabled)
Gast (S-1-5-21-2616087736-3813733752-4251558300-501 - Limited - Disabled)
Jonathan (S-1-5-21-2616087736-3813733752-4251558300-1001 - Administrator - Enabled) => C:\Users\Jonathan

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2616087736-3813733752-4251558300-1001\...\uTorrent) (Version: 3.4.9.43388 - BitTorrent Inc.)
4K Video Downloader 4.2 (HKLM-x32\...\4K Video Downloader_is1) (Version: 4.2.1.2185 - Open Media LLC)
4K YouTube to MP3 3.1 (HKLM-x32\...\4K YouTube to MP3_is1) (Version: 3.1.1.1707 - Open Media LLC)
Ableton Live 9 Suite (HKLM\...\{7597F2DC-003A-476E-9281-774AB112B7BE}) (Version: 9.0.0.0 - Ableton)
Adobe Acrobat Reader DC - Nederlands (HKLM-x32\...\{AC76BA86-7AD7-1043-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM\...\Steam App 221380) (Version:  - Skybox Labs)
Airplane Mode Hid Installer (HKLM-x32\...\{5E5B067F-52A4-447E-A3F1-D6DD10565E73}) (Version: 5.0.0.2 - )
AlphaGo (HKLM-x32\...\{2C652C0A-EC71-4797-8077-F67649177AB0}) (Version: 1.0.2 - Default Company Name) <==== ATTENTION
Ansel (Version: 375.70 - NVIDIA Corporation) Hidden
AVG (Version: 16.151.8012 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4776 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.151.8012 - AVG Technologies)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.70.1080 - AB Team, d.o.o.)
CCleaner (HKLM\...\CCleaner) (Version: 5.15 - Piriform)
Control Center 5.0000.0.22 (HKLM-x32\...\{2F385B5D-5F23-4513-B3CE-9F5E4F4B882A}) (Version: 5.0000.0.22 - )
Covenant Eyes (HKLM-x32\...\{5AC5ED2E-2936-4B54-A429-703F9034938E}) (Version: 7.2.22 - Covenant Eyes, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DJ Intro version 1.2.8 (HKLM-x32\...\{36625871-9D4B-4046-A837-677974F51CAC}_is1) (Version: 1.2.8 - Serato Audio Research)
FMW 1 (Version: 1.143.3 - AVG Technologies) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.96 - Google Inc.)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1162 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4565 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.6.0.1029 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{A0EFA44C-8182-4306-A59A-1A6C6CFB8122}) (Version: 18.1.1535.1946 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{4c8b7360-62a2-4339-b745-41323055d0bb}) (Version: 18.20.0 - Intel Corporation)
Java 8 Update 111 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Malwarebytes versie 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - nl-nl (HKLM\...\ProPlusRetail - nl-nl) (Version: 15.0.4927.1002 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 53.0.2 (x86 nl) (HKLM-x32\...\Mozilla Firefox 53.0.2 (x86 nl)) (Version: 53.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0.2 - Mozilla)
NVIDIA 3D Vision stuurprogramma 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.54 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.1 - NVIDIA Corporation)
NVIDIA Grafisch stuurprogramma 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.54 - NVIDIA Corporation)
NVIDIA HD Audio-stuurprogramma 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA PhysX Systeem Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4927.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4927.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4927.1002 - Microsoft Corporation) Hidden
PhotoFiltre 7 (HKU\S-1-5-21-2616087736-3813733752-4251558300-1001\...\PhotoFiltre 7) (Version:  - )
Plugable Digital Viewer (HKLM-x32\...\Plugable Technologies Plugable Digital Viewer) (Version: 3.1.07 - Plugable Technologies)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21275 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0035 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7592 - Realtek Semiconductor Corp.)
REAPER (x64) (HKLM\...\REAPER) (Version:  - )
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
Software voor Intel® Chipset-apparaten (x32 Version: 10.1.1.11 - Intel® Corporation) Hidden
Sound Blaster Cinema 2 (HKLM-x32\...\{B4F6F8CC-2C61-42CC-A4CC-76621F25BDC7}) (Version: 1.00.10 - Creative Technology Limited)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Taalpakket voor Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - NLD (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - NLD) (Version: 10.0.50903 - Microsoft Corporation)
Tilia (HKLM-x32\...\{6FC35511-B32A-42C3-ABBC-8D87786F9256}) (Version: 1.7.16 - PahaSapa Software)
USB digital microscope (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.37100.102 - Sonix)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
Windows Movie Maker 2016 (HKLM-x32\...\{3CC29C1A-B5FE-457B-8F22-32A2videowin}}_is1) (Version:  - videowinsoft.com)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.3) (Version: 1.3.3 - Xvid Team)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06E84E63-B079-4A74-B3F9-1E6B7AC66E49} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-02-12] (Piriform Ltd)
Task: {1A1D5A3E-D818-472B-8F9E-30B7EC9F9954} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-04-11] (Microsoft Corporation)
Task: {1CDFA8AB-1D11-409D-951C-F4AF94F7A87C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2017-03-14] (Microsoft Corporation)
Task: {5E8D8F5F-507A-4688-AF37-3591A43C1065} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-27] (Google Inc.)
Task: {654600E0-5CA0-400C-8023-5A9E86F2942F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2017-03-14] (Microsoft Corporation)
Task: {766B431F-69C2-447B-B4D9-88E8D2EEE9E1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {776E5051-C217-43FC-A386-D817BC900DF6} - System32\Tasks\Stikodom Schedule => C:\Program Files (x86)\Shapoly\xgujiy.exe [2017-03-19] (Glarysoft Ltd)
Task: {A0E12FEF-3CB6-4DAE-B9D1-2CB7B2EAEC38} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-04-11] (Microsoft Corporation)
Task: {B215DCA6-5D82-494D-B2E4-1389222D0DAA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-09] (Adobe Systems Incorporated)
Task: {B92BCAD3-E04A-48E9-AEE5-81C6185592B6} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {E7071451-1997-48EC-AAA0-0E438F384AFC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-27] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-03-07 19:27 - 2017-01-17 04:25 - 00117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2016-03-08 13:25 - 2016-12-09 10:31 - 07082392 _____ () C:\Program Files\CE\CovenantEyesCommService.exe
2016-11-03 17:39 - 2016-06-15 03:14 - 00369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-11-03 17:39 - 2016-06-15 03:14 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-11-03 17:39 - 2016-06-15 03:14 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-11-03 17:39 - 2016-06-15 03:14 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-03-07 17:39 - 2016-12-29 15:16 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-03-08 13:25 - 2016-12-09 10:30 - 06371224 _____ () C:\Program Files\CE\authServer.exe
2017-04-11 12:33 - 2017-03-24 04:09 - 02271520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2016-11-03 17:39 - 2016-06-15 03:14 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-11-03 17:39 - 2016-06-15 03:14 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-11-03 17:39 - 2016-06-15 03:14 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-11-03 17:39 - 2016-06-15 03:14 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-11-03 17:39 - 2016-06-15 03:14 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-11-03 17:39 - 2016-06-15 03:14 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2016-11-28 15:47 - 2016-11-28 15:47 - 48920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cewd64f.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cewd64r.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Auth Service => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\cewd64f.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\cewd64r.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\cewfp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CovenantEyesCommService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CovenantEyesProxy => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2017-05-25 10:34 - 00000035 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2616087736-3813733752-4251558300-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.2.254 - 213.75.63.75
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

22-05-2017 21:34:01 Removed AlphaGo
22-05-2017 21:54:42 Herstelbewerking
25-05-2017 10:33:40 Restore Point Created by FRST
25-05-2017 23:46:29 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: Microsoft Basic Render Driver
Description: Microsoft Basic Render Driver
Class Guid:
Manufacturer:
Service: BasicRender
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: EgisTec_ES603
Description: EgisTec_ES603
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI-apparaat
Description: PCI-apparaat
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/25/2017 11:41:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Het programma UNKNOWN, versie 0.0.0.0 reageert niet meer op Windows en is afgesloten. Als u wilt zien of er meer informatie over het probleem beschikbaar is, raadpleegt u de probleemgeschiedenis in het onderdeel Onderhoudscentrum in het Configuratiescherm.

Proces-id: 1af0

Starttijd: 01d2d59ef31e8451

Eindtijd: 60000

Toepassingspad: UNKNOWN

Rapport-id: 43327d1f-4192-11e7-8323-80fa5b23ba57

Volledige pakketnaam met fout:

Relatieve toepassings-id van pakket met fout:

Error: (05/25/2017 11:30:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: xgujiy.exe, versie: 5.0.0.8, tijdstempel: 0x537461dc
Naam van module met fout: CrashReport.dll, versie: 6.3.9600.18233, tijdstempel: 0x56bb4e1d
Uitzonderingscode: 0xc0000135
Foutmarge: 0x0009d3c2
Id van proces met fout: 0x1518
Starttijd van toepassing met fout: 0x01d2d59e30c0a55b
Pad naar toepassing met fout: C:\Program Files (x86)\Shapoly\xgujiy.exe
Pad naar module met fout: CrashReport.dll
Rapport-id: 70133eb1-4191-11e7-8323-80fa5b23ba57
Volledige pakketnaam met fout:
Relatieve toepassings-id van pakket met fout:

Error: (05/25/2017 10:33:39 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Fout in de Volume Shadow Copy-service: onverwachte fout bij het uitvoeren van een query voor de IVssWriterCallback-interface. hr = 0x80070005, Toegang geweigerd.
.
Dit wordt vaak veroorzaakt door onjuiste beveiligingsinstellingen in het writer- of requestorproces.


Bewerking:
   Schrijvergegevens verzamelen

Context:
   Klasse-id van schrijver: {e8132975-6f93-4464-a53e-1050253ae220}
   Naam van schrijver: System Writer
   Instantie-id van schrijver: {5eb3887e-d0a4-4388-9418-9ea3563f4169}

Error: (05/25/2017 10:10:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: xgujiy.exe, versie: 5.0.0.8, tijdstempel: 0x537461dc
Naam van module met fout: CrashReport.dll, versie: 6.3.9600.18233, tijdstempel: 0x56bb4e1d
Uitzonderingscode: 0xc0000135
Foutmarge: 0x0009d3c2
Id van proces met fout: 0x1acc
Starttijd van toepassing met fout: 0x01d2d52e52861cbe
Pad naar toepassing met fout: C:\Program Files (x86)\Shapoly\xgujiy.exe
Pad naar module met fout: CrashReport.dll
Rapport-id: 922e8b8e-4121-11e7-8322-80fa5b23ba57
Volledige pakketnaam met fout:
Relatieve toepassings-id van pakket met fout:

Error: (05/23/2017 11:33:54 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: Gegevens voor het Programma voor verbetering van de gebruikerservaring kunnen niet naar Microsoft worden verzonden. (Fout 80070005).

Error: (05/23/2017 11:15:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: xgujiy.exe, versie: 5.0.0.8, tijdstempel: 0x537461dc
Naam van module met fout: CrashReport.dll, versie: 6.3.9600.18233, tijdstempel: 0x56bb4e1d
Uitzonderingscode: 0xc0000135
Foutmarge: 0x0009d3c2
Id van proces met fout: 0x1ec
Starttijd van toepassing met fout: 0x01d2d3a522f57cf2
Pad naar toepassing met fout: C:\Program Files (x86)\Shapoly\xgujiy.exe
Pad naar module met fout: CrashReport.dll
Rapport-id: 6277c399-3f98-11e7-8322-80fa5b23ba57
Volledige pakketnaam met fout:
Relatieve toepassings-id van pakket met fout:

Error: (05/22/2017 10:36:59 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: Er is tijdens Systeemherstel een onbekende fout opgetreden: (Removed AlphaGo). Aanvullende gegevens: 0x80070005.

Error: (05/22/2017 10:22:38 PM) (Source: ESENT) (EventID: 454) (User: )
Description: svchost (1624) SRUJet: Het herstellen/terugzetten van de database is mislukt vanwege de onverwachte fout -551.

Error: (05/22/2017 10:22:38 PM) (Source: ESENT) (EventID: 517) (User: )
Description: svchost (1624) SRUJet: Tijdens het herstellen van de database treedt fout -551 op, omdat er verwijzingen zijn gevonden naar een database, C:\Windows\system32\SRU\SRUDB.dat, die niet overeenkomen met de huidige set logboeken. De database-engine staat niet toe dat de herstelbewerking voor deze sessie wordt voltooid, voordat de niet-overeenkomende database opnieuw is geïnstalleerd. Als de database echt niet meer beschikbaar is en niet meer vereist is, volgt u de procedures voor het herstellen van deze fout in de Microsoft Knowledge Base of klikt u op de koppeling "Meer informatie" onder aan dit bericht.

Error: (05/22/2017 10:10:18 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (1612) SRUJet: Fout -1811 (0xfffff8ed) is opgetreden tijdens het openen van logboekbestand C:\Windows\system32\SRU\SRU00050.log.


System errors:
=============
Error: (05/25/2017 11:56:26 PM) (Source: bowser) (EventID: 8016) (User: )
Description: Het browserstuurprogramma heeft te veel ongeldige datagrammen van de externe computer EXPERIA ontvangen om POOP-LAPTOP op transport NetBT_Tcpip_{FC625167-8FB0-4474-8282-B37F31C37FC6} te kunnen benoemen. Raadpleeg het datagram voor verdere gegevens.
Er worden pas weer gebeurtenissen gegenereerd nadat de herstelfrequentie is verlopen.

Error: (05/25/2017 11:55:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: De Windows Search-service kan vanwege de volgende fout niet worden gestart:
De service is niet gestart vanwege een aanmeldingsfout.

Error: (05/25/2017 11:55:54 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: De WSearch-service kan niet als NT AUTHORITY\SYSTEM met het huidig ingestelde wachtwoord worden aangemeld vanwege de volgende fout:
De aanvraag wordt niet ondersteund.


Gebruik de module Services in de Microsoft Management Console (MMC) om te controleren of de service juist is geconfigureerd.

Error: (05/25/2017 11:55:51 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN-uitbreidingsmodule is onverwacht gestopt.

Pad naar module: C:\Windows\System32\IWMSSvc.dll

Error: (05/25/2017 11:55:51 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN-uitbreidingsmodule is onverwacht gestopt.

Pad naar module: C:\Windows\System32\IWMSSvc.dll

Error: (05/25/2017 11:55:44 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: ScRegSetValueExW-oproep voor FailureActions is niet geslaagd vanwege deze fout:
Toegang geweigerd.
.

Error: (05/25/2017 11:55:44 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN-uitbreidingsmodule is onverwacht gestopt.

Pad naar module: C:\Windows\System32\IWMSSvc.dll

Error: (05/25/2017 11:55:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: De Intel® Rapid Storage Technology-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.

Error: (05/25/2017 11:55:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: De Windows Search-service is onverwacht gestopt. Dit is 1 keer gebeurd. De volgende herstelbewerking zal over 30000 milliseconden worden uitgevoerd: Service opnieuw starten.

Error: (05/25/2017 11:55:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: De Windows Presentation Foundation Font Cache 3.0.0.0-service is onverwacht gestopt. Dit is 1 keer gebeurd. De volgende herstelbewerking zal over 0 milliseconden worden uitgevoerd: Service opnieuw starten.


CodeIntegrity:
===================================
  Date: 2017-05-25 23:56:27.378
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\msvcp140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-05-25 23:56:27.159
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\msvcp140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-05-25 23:56:26.940
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-05-25 23:56:26.737
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-05-25 23:55:48.227
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-05-25 23:44:53.504
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-05-25 23:31:11.103
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-05-25 23:31:10.713
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-05-25 23:27:59.034
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-05-25 10:44:10.863
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i7-6700HQ CPU @ 2.60GHz
Percentage of memory in use: 23%
Total physical RAM: 8077.93 MB
Available physical RAM: 6141.05 MB
Total Virtual: 8589.93 MB
Available Virtual: 6856.47 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:111.24 GB) (Free:27.51 GB) NTFS
Drive d: (Data) (Fixed) (Total:931.39 GB) (Free:925.37 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 111.8 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

 

With kind regards,

 

Johannes


  • 0

#10
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,595 posts
Hi JohannesK

Things starting to look better :)

Few more steps:

Step1 - FRST fix


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Download the attached fixlist.txt to your desktop.Attached File  fixlist.txt   170bytes   40 downloads
  • Ensure fixlist.txt is in the same location as FRST.exe on your desktop.
    FRSTfix_zpst41jgkuh.jpg
  • Run FRST by right clicking on it and selecting Run as Administrator and press Fix
  • On completion a log (fixlog.txt) will be generated.
  • Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.


    Step2 - Malwarebytes

    Open Malwarebytes program and click to update the databases.

    Once the program has fully updated, Proceed with the Scan options and select "Threat Scan".

    The Scan Pane is the introduction to scan-related options in the program. When you click Scan in the Menu Pane, you will see the screen shown below.

    10a.png

    After a scan has been executed, scan results are displayed as shown below. In this scan, three threats were detected.

    13a.png

    Put a checkmark on all detected and click on "Quarantine Selected"

    18a.png

    Selected reports may be viewed on screen, or exported to a text file for later viewing. Please note that only manual (on demand) scans are available for users of the free version of Malwarebytes.

    19a.png

    Please note that an Export button is shown at the bottom left corner of this screen. This allows you to make a copy of the log for use by other programs. You may export to your clipboard or to a text (TXT) file. Export to a .txt file and post its contents.


    Step3 - Emsisoft Emergency Scan Kit
  • Download the Emsisoft Emergency Kit and execute it. From there, click on the Extract button to extract the program in the EEK folder;
  • Once the extraction is complete, Emsisoft Emergency Kit will open, and suggest you to run an online update before using the program. Click on Yes to launch it.
  • After the update, click on Malware Scan under 2. Scan and accept to let Emsisoft Emergency Kit detect PUPs (click on Yes).
  • Once the scan is complete, if items are detected make sure that every item in the list is checked, and click on Quarantine selected;
    Egla2gt_zps9rvyqyyd.png
  • If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
  • After the restart, click on the Start Emsisoft Emergency Kit icon again on your desktop to open it;
  • This time, click on Logs;
  • From there, go under the Quarantine Log tab, and click on the Export button;
    IgfWDr3_zpsnumgwse6.png
  • Save the log on your desktop, then open it, and copy/paste its content in your next reply;


    Things for your next post:
  • Fixlog.txt
  • MBAM log
  • Emsisoft log

  • 0

Advertisements


#11
JohannesK

JohannesK

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

Hello Bruce,

 

Fixlog

Here are the files you asked for:

Fix result of Farbar Recovery Scan Tool (x64) Version: 22-05-2017
Ran by Jonathan (26-05-2017 23:53:28) Run:2
Running from C:\Users\Jonathan\Desktop
Loaded Profiles: Jonathan (Available Profiles: Jonathan)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
ShellExecuteHooks: No Name - {5C88556C-03A1-11E7-ACF2-64006A5CFC23} -  -> No File
SearchScopes: HKLM -> DefaultScope value is missing
EmptyTemp:

*****************

Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{5C88556C-03A1-11E7-ACF2-64006A5CFC23} => value removed successfully
HKCR\CLSID\{5C88556C-03A1-11E7-ACF2-64006A5CFC23} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9476520 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => -25553 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 3290 B
NetworkService => 0 B
Jonathan => 178522 B

RecycleBin => 0 B
EmptyTemp: => 17.2 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 23:53:57 ====

 

MBAM

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 5/26/17
Scan Time: 11:58 PM
Log File: Malwarebytesscan.txt
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.122
Update Package Version: 1.0.1976
License: Free

-System Information-
OS: Windows 8.1
CPU: x64
File System: NTFS
User: POOP-LAPTOP\Jonathan

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 348647
Threats Detected: 1
Threats Quarantined: 1
Time Elapsed: 1 min, 59 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 1
Adware.Ghokswa, HKU\S-1-5-21-2616087736-3813733752-4251558300-1001\SOFTWARE\Dayglad, Quarantined, [321], [400190],1.0.1976

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)

 

EEK

Emsisoft Emergency Kit - Version 2017.4
Scan log

Datum    Scan Methode    Objecten Gescand    Objecten Gedetecteerd    Duur    Type    Computer Name    
27-5-2017 00:50:28    Malware    138556    0    0:01:44    Handmatige scan    POOP-LAPTOP    
 

 

Again, thank you very much for your help!


  • 0

#12
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,595 posts
Hi JohannesK

I have a file I'm not too sure about so would like you to submit for analysis. It certainly seems to be causing some issues and application hangs.

Step1 - Submit to VirusTotal
  • Please upload the file C:\Program Files (x86)\Shapoly\xgujiy.exe to virustotal
  • To do this click on Choose file. When the window opens navigate to the location C:\Program Files (x86)\Shapoly. Locate file xgujiy.exe and click on it to select it.
  • Once you have selected the file, click the Scan It! button.
  • If file already analysed window will appear, click on reanalyse button.
  • When scan will be finished, post the link to result (you can copy it from address bar in your browser) in your next message.
Other analysis site alternatives are VirScan.org and Jotti .

Thanks.
  • 0

#13
JohannesK

JohannesK

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

Hello Bruce,

 

Since my laptop does not connect to the internet (probably caused by the same deficiency resulting in the black screen after logging in) I transferred the file to a USB-stick and scanned it. this is the result:

 

https://www.virustot...sis/1495878019/

 

With kind regards

Johannes


  • 0

#14
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,595 posts
Hi JohannesK

Ok , lets see if we can now fix that. :)

Step1 -Windows Repair All In One


Boot your system into safe mode with networking.
Download the installer for Windows Repair (All In One) from here. Don't download the portable version.
Browse to the file called tweaking.com_windows_repair_aio_setup. Right click on this file and select Run as Administrator
Follow on screen instructions to install it.
Locate the file called Repair_Windows.exe. Right click on this file and select Run as Administrator. Click continue on the User Account Control prompt.
The below GUI(graphical user interface) will appear/load:-

windows%20all%20in%20one_zpse2cuwqgy.jpg



Click on the Step 5 tab >> Under 1. Registry Backup click on Backup
When the above has been created, under the 2. System Restore setting click on the Create tab.
Then after Restore point created at date/time is denoted >> click on Repairs >> deselect Automatically do a registry backup if it is ticked.
Click Open Repairs
Ensure only options 1,2,3,4,5,10,12,13,26,27 are ticked.
Now click on the Start Repairs and the repair process will begin. Do not use your machine for anything else until the repairs are completed.
Upon completion your machine should automatically reboot, if it does not do so manually please.


Are you now able to see your desktop and internet is running?
  • 0

#15
JohannesK

JohannesK

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

Hello Bruce,

 

I tried to boot it into safe mode with networking. but the screen turned black. Nothing happened and after a while I decided to try a restart, I pressed the power button and turned it off, but after I turned it on again it started loading voor half a second (something vissible on the screen) and then turned black again. The power is on it, the screen is just black. Is there any way I can stop it from booting into safe mode and turning black? And can I use this program you described above on a USB stick to transfer it to my laptop? Just the same way I used the other programs?

 

With kind regards

Johannes


Edited by JohannesK, 27 May 2017 - 05:06 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP