Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Virus Spyware, and Malware remova


  • Please log in to reply

#1
edselt

edselt

    New Member

  • Member
  • Pip
  • 9 posts

Im not sure my loptop has been infected please advice...

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-07-2017
Ran by DiNo (administrator) on DINO-PC (25-07-2017 18:20:15)
Running from C:\Users\DiNo\Downloads
Loaded Profiles: DiNo (Available Profiles: DiNo)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Vimicro) C:\Windows\VMSnap3.exe
() C:\Windows\Domino.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\setup\instup.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\setup\instup.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\setup\instup.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213832 2017-07-25] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-371815623-3163942107-3489479027-1000\...\MountPoints2: {e4dd7202-b4bc-11e6-aa64-806e6f6e6963} - E:\setup.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2016-12-12] (Microsoft Corporation)
GroupPolicy: Restriction <==== ATTENTION
GroupPolicyScripts: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254 192.168.254.254
Tcpip\..\Interfaces\{83B85271-B184-48DF-BF65-A8201BF715CB}: [DhcpNameServer] 192.168.254.254 192.168.254.254
Tcpip\..\Interfaces\{EEA3698C-129E-40E3-8CFC-2EC3466A5E51}: [NameServer] 8.8.4.4,8.8.8.8
Tcpip\..\Interfaces\{EEA3698C-129E-40E3-8CFC-2EC3466A5E51}: [DhcpNameServer] 192.168.254.254 192.168.254.254
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ph.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_btlrd_17_25_dopc&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dph%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1Qzu0D0CtD0E0AtCzzyC0DtC0DyC0D0AyCzytN0D0Tzu0StCzyzyyDtN1L2XzutAtFtBzytFtAtFyDtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StA0ByD0B0F0F0A0CtGyEtB0EyCtGzzyDyE0AtGtBtC0A0DtGtCzy0A0AtD0E0FyD0A0CyDyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytByD0CtAyCtByEtGyE0ByB0DtGyEyC0F0EtG0B0EtBtCtGtByBzz0E0CtB0A0DyDtA0D0D2QtN0A0LzuyE%26cr%3D2045322524%26a%3Dwny_btlrd_17_25_dopc%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://ph.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_btlrd_17_25_dopc&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dph%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1Qzu0D0CtD0E0AtCzzyC0DtC0DyC0D0AyCzytN0D0Tzu0StCzyzyyDtN1L2XzutAtFtBzytFtAtFyDtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StA0ByD0B0F0F0A0CtGyEtB0EyCtGzzyDyE0AtGtBtC0A0DtGtCzy0A0AtD0E0FyD0A0CyDyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytByD0CtAyCtByEtGyE0ByB0DtGyEyC0F0EtG0B0EtBtCtGtByBzz0E0CtB0A0DyDtA0D0D2QtN0A0LzuyE%26cr%3D2045322524%26a%3Dwny_btlrd_17_25_dopc%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_btlrd_17_25_dopc&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1Qzu0D0CtD0E0AtCzzyC0DtC0DyC0D0AyCzytN0D0Tzu0StCzyzyyDtN1L2XzutAtFtBzytFtAtFyDtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StA0ByD0B0F0F0A0CtGyEtB0EyCtGzzyDyE0AtGtBtC0A0DtGtCzy0A0AtD0E0FyD0A0CyDyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytByD0CtAyCtByEtGyE0ByB0DtGyEyC0F0EtG0B0EtBtCtGtByBzz0E0CtB0A0DyDtA0D0D2QtN0A0LzuyE%26cr%3D2045322524%26a%3Dwny_btlrd_17_25_dopc%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_btlrd_17_25_dopc&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1Qzu0D0CtD0E0AtCzzyC0DtC0DyC0D0AyCzytN0D0Tzu0StCzyzyyDtN1L2XzutAtFtBzytFtAtFyDtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StA0ByD0B0F0F0A0CtGyEtB0EyCtGzzyDyE0AtGtBtC0A0DtGtCzy0A0AtD0E0FyD0A0CyDyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytByD0CtAyCtByEtGyE0ByB0DtGyEyC0F0EtG0B0EtBtCtGtByBzz0E0CtB0A0DyDtA0D0D2QtN0A0LzuyE%26cr%3D2045322524%26a%3Dwny_btlrd_17_25_dopc%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_btlrd_17_25_dopc&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1Qzu0D0CtD0E0AtCzzyC0DtC0DyC0D0AyCzytN0D0Tzu0StCzyzyyDtN1L2XzutAtFtBzytFtAtFyDtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StA0ByD0B0F0F0A0CtGyEtB0EyCtGzzyDyE0AtGtBtC0A0DtGtCzy0A0AtD0E0FyD0A0CyDyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytByD0CtAyCtByEtGyE0ByB0DtGyEyC0F0EtG0B0EtBtCtGtByBzz0E0CtB0A0DyDtA0D0D2QtN0A0LzuyE%26cr%3D2045322524%26a%3Dwny_btlrd_17_25_dopc%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_btlrd_17_25_dopc&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1Qzu0D0CtD0E0AtCzzyC0DtC0DyC0D0AyCzytN0D0Tzu0StCzyzyyDtN1L2XzutAtFtBzytFtAtFyDtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StA0ByD0B0F0F0A0CtGyEtB0EyCtGzzyDyE0AtGtBtC0A0DtGtCzy0A0AtD0E0FyD0A0CyDyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytByD0CtAyCtByEtGyE0ByB0DtGyEyC0F0EtG0B0EtBtCtGtByBzz0E0CtB0A0DyDtA0D0D2QtN0A0LzuyE%26cr%3D2045322524%26a%3Dwny_btlrd_17_25_dopc%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-07-25] (AVAST Software)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-04] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-07-25] (AVAST Software)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-04] (Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF DefaultProfile: 50x2pgiq.default-1497831639553
FF ProfilePath: C:\Users\DiNo\AppData\Roaming\Mozilla\Firefox\Profiles\50x2pgiq.default-1497831639553 [2017-07-25]
FF Extension: (Firefox Hotfix) - C:\Users\DiNo\AppData\Roaming\Mozilla\Firefox\Profiles\50x2pgiq.default-1497831639553\Extensions\[email protected] [2017-06-19]
FF ProfilePath: C:\Users\DiNo\AppData\Roaming\Mozilla\Firefox\Profiles\cyfvltd1.default-1497831639553-1497831929156 [2017-06-19]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-07-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-07-21] (Google Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://start.roboform.com
CHR StartupUrls: Default -> "hxxp://start.roboform.com/","hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl","hxxp://vosteran.com/?f=7&a=vst_dnldastr_15_01_ch&cd=2XzuyEtN2Y1L1QzutDtDtC0F0EtByC0BtAtDyE0A0AzyyDzztN0D0Tzu0StCtDzyyDtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyC0A0EyByEtAzytDtG0FtA0CyDtG0AyC0B0AtG0AtA0A0BtGyByDtDtD0FtCyE0Ezz0F0DtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0CyE0Czz0E0E0DtGzzzy0FzytGyEtC0EtDtG0A0E0EtBtG0A0FyC0F0B0B0BzyyEtCtBtD2Q&cr=1552769452&ir=","hxxps://ph.search.yahoo.com/yhs/web?hspart=itm&hsimp=yhs-001&type=jmb_dnldastr_16_09&param1=1&param2=f%3D7%26b%3Dchmm%26cc%3Dph%26pa%3DJoomborio%26cd%3D2XzuyEtN2Y1L1QzutDtDtBtByCzytD0D0EtCtDyBtDyB0EyDtN0D0Tzu0StCyDtBtAtN1L2XzutAtFtCyBtFtCtCtFyCtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StCyE0DtCzztDtA0FtGyDtCyD0BtG0ByDyCzytGtB0AzytCtG0FyDzzyBtDtA0BtA0E0B0Azz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEzz0B0AyCtC0BzztGyByB0EyDtGyEyDyD0AtGzztD0EyEtGtCyBzy0C0EyCzztAzy0F0BtD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyDzyyE%26cr%3D787642898%26a%3Djmb_dnldastr_16_09%26os_ver%3D5.1%26os%3DWindows%2BXP&uref=chmm","hxxp://google/","hxxp://www.hohosearch.com/?mode=nnnb&ptid=amz&uid=4C0A05067EAE17E3077F62DD65286CE4&v=20160317&ts=AHEpC3AmB3QpCE..","hxxps://ph.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_tggl_16_52&param1=1&param2=f%3D7%26b%3Dchmm%26cc%3Dph%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtBtAyD0A0E0B0F0DtAtCyDtBtB0BtN0D0Tzu0StCzztByBtN1L2XzutAtFtByDtFtCtFzzyEtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StAzytCyB0C0EyEzytGyD0CtB0DtGzyyCzzyBtGyE0EtBtBtGtCyDtDyDyByD0ByD0CtAtBtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AzyyE0FzzyBtAyBtG0AtD0C0AtGyEtAzztCtGzyzzyCzytG0AtDtAyC0C0A0A0DtC0FtAtA2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCtAyBtC%26cr%3D645584324%26a%3Dwbf_tggl_16_52%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&uref=chmm","hxxps://ph.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_btlrd_16_50&param1=1&param2=f%3D7%26b%3Dchmm%26cc%3Dph%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtBtAyD0A0E0B0F0DtAtCyDtBtB0BtN0D0Tzu0StCzztCtBtN1L2XzutAtFtByDtFtCtFyDtBtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyB0AyE0DtAyDtD0AtGtBtDtAtAtGtB0D0EzytGtD0F0ByEtG0AyCyEyEyE0EyC0A0DtAyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AzyyE0FzzyBtAyBtG0AtD0C0AtGyEtAzztCtGzyzzyCzytG0AtDtAyC0C0A0A0DtC0FtAtA2QtN0A0LzuyE%26cr%3D1327159663%26a%3Dwbf_btlrd_16_50%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate","hxxps://ph.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_17_03_wbf_tggl_16_52&param1=1&param2=f%3D7%26b%3Dchmm%26cc%3Dph%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1QzutDtDtBtAyD0A0E0B0F0DtAtCyDtBtB0BtN0D0Tzu0StCzzyEzztN1L2XzutAtFtByDtFtCtFyDtCtN1L1Czu1M1Q1CtAtCtFtCyEtFtDtN1L1G1B1V1N2Y1L1Qzu2SyD0D0EtDtC0BzyzytGyB0FzyyCtGtCtDtByBtGtA0BtA0FtG0E0EyCyDyEtByD0CtA0F0F0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AzyyE0FzzyBtAyBtG0AtD0C0AtGyEtAzztCtGzyzzyCzytG0AtDtAyC0C0A0A0DtC0FtAtA2QtN0A0LzuyE%26cr%3D178718939%26a%3Dhdr_s_17_03_wbf_tggl_16_52%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&uref=chmm","hxxps://ph.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_17_04_wbf_tggl_16_52&param1=1&param2=f%3D7%26b%3Dchmm%26cc%3Dph%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1QzutDtDtBtAyD0A0E0B0F0DtAtCyDtBtB0BtN0D0Tzu0StCzzyEzytN1L2XzutAtFtByDtFtCtFyDtCtN1L1Czu1M1Q1CtAtCtFtCyEtFtDtN1L1G1B1V1N2Y1L1Qzu2StBtC0AtDtAzy0C0FtGtA0F0D0AtGtAtCyEtCtGyC0C0CtAtGyEyBtB0ByC0D0EyByDyD0D0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AzyyE0FzzyBtAyBtG0AtD0C0AtGyEtAzztCtGzyzzyCzytG0AtDtAyC0C0A0A0DtC0FtAtA2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCyBtAtD%26cr%3D234607685%26a%3Dhdr_s_17_04_wbf_tggl_16_52%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&uref=chmm","hxxps://ph.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_17_05_wbf_tggl_16_52&param1=1&param2=f%3D7%26b%3Dchmm%26cc%3Dph%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1QzutDtDtBtAyD0A0E0B0F0DtAtCyDtBtB0BtN0D0Tzu0StCzzyCtDtN1L2XzutAtFtByCtFyEtFyDtDtN1L1Czu1M1Q1CtAtCtFtCyEtFtDtN1L1G1B1V1N2Y1L1Qzu2SyEtA0FtC0F0CzzyDtGyD0EyBzztGtBtC0BtAtGtAtByDyCtGtAtA0B0AyCtDtB0FtB0C0AyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AzyyE0FzzyBtAyBtG0AtD0C0AtGyEtAzztCtGzyzzyCzytG0AtDtAyC0C0A0A0DtC0FtAtA2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCzytCzz%26cr%3D893137133%26a%3Dhdr_s_17_05_wbf_tggl_16_52%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&uref=chmm","hxxps://ph.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_17_06_wbf_tggl_16_52&param1=1&param2=f%3D7%26b%3Dchmm%26cc%3Dph%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1QzutDtDtBtAyD0A0E0B0F0DtAtCyDtBtB0BtN0D0Tzu0StCzzyCzztN1L2XzutAtFtByCtFyEtFyDtDtN1L1Czu1M1Q1CtAtCtFtCyEtFtDtN1L1G1B1V1N2Y1L1Qzu2SyB0Azy0E0DtBtD0FtGtAyEtAyCtGzzyC0BtBtGyD0CyB0EtG0FyE0D0ByE0Bzy0CtAzzyE0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AzyyE0FzzyBtAyBtG0AtD0C0AtGyEtAzztCtGzyzzyCzytG0AtDtAyC0C0A0A0DtC0FtAtA2QtN0A0LzuyE%26cr%3D1011583167%26a%3Dhdr_s_17_06_wbf_tggl_16_52%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&uref=chmm","hxxps://ph.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_17_09_wbf_tggl_16_52&param1=1&param2=f%3D7%26b%3Dchmm%26cc%3Dph%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1QzutDtDtBtAyD0A0E0B0F0DtAtCyDtBtB0BtN0D0Tzu0StCzzzzyCtN1L2XzutAtFtByBtFtCtFyDtBtN1L1Czu1M1Q1CtAtBtFtAtFtDtN1L1G1B1V1N2Y1L1Qzu2StD0F0CyEtC0Czz0CtGyCyC0EyDtGyDyByD0DtGtCzytD0BtG0C0FtB0FtD0Dzz0F0C0B0FtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AzyyE0FzzyBtAyBtG0AtD0C0AtGyEtAzztCtGzyzzyCzytG0AtDtAyC0C0A0A0DtC0FtAtA2QtN0A0LzuyE%26cr%3D2098982897%26a%3Dhdr_s_17_09_wbf_tggl_16_52%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&uref=chmm","hxxps://ph.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_btrnt_17_10&param1=1&param2=f%3D7%26b%3Dchmm%26cc%3Dph%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtBtAyD0A0E0B0F0DtAtCyDtBtB0BtN0D0Tzu0StCzzzyyCtN1L2XzutAtFtByBtFyEtFyDtBtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyEyEyC0A0E0BtA0FtGtCzyzytAtG0CtDzztBtGyCzz0E0BtGzz0E0A0ByDyBzz0AyBzyyD0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AzyyE0FzzyBtAyBtG0AtD0C0AtGyEtAzztCtGzyzzyCzytG0AtDtAyC0C0A0A0DtC0FtAtA2QtN0A0LzuyE%26cr%3D1457629812%26a%3Dwncy_btrnt_17_10%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&uref=chmm","hxxp://www.trotux.com/?z=a81dae9f3d8cc766334f320g6z8t9e0w3gdgao6z9m&from=icb&uid=WDCXWD3200BEVT-22ZCT0_WD-WX70A59J8743J8743&type=hp","hxxp://www.youndoo.com/?z=7c430dd2dc797958bade6e1g9zatbe6q6g1g5wft9q&from=bcn&uid=WDCXWD3200BEVT-22ZCT0_WD-WX70A59J8743J8743&type=hp"
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Profile: C:\Users\DiNo\AppData\Local\Google\Chrome\User Data\Default [2017-07-25]
CHR Extension: (Google Slides) - C:\Users\DiNo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-07-21]
CHR Extension: (Google Docs) - C:\Users\DiNo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-07-21]
CHR Extension: (Google Sheets) - C:\Users\DiNo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-07-21]
CHR Extension: (Google Docs Offline) - C:\Users\DiNo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-07-21]
CHR Extension: (Chrome Media Router) - C:\Users\DiNo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-21]
CHR Profile: C:\Users\DiNo\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-07-24]
CHR Profile: C:\Users\DiNo\AppData\Local\Google\Chrome\User Data\System Profile [2017-07-03]
CHR HKLM-x32\...\Chrome\Extension: [fabhkdeopjkcpkmofliimbjckmocfiom] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fdbpcigaolookbahgdofnimidinicfid] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7430992 2017-07-25] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263312 2017-07-25] (AVAST Software)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [320008 2017-07-25] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [198976 2017-07-25] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [343288 2017-07-25] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [57728 2017-07-25] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [46984 2017-07-25] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [146696 2017-07-25] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [110352 2017-07-25] (AVAST Software)
S0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [84392 2017-07-25] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1015848 2017-07-25] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [585608 2017-07-25] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [198768 2017-07-25] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [361336 2017-07-25] (AVAST Software)
S3 vvftav303; C:\Windows\System32\drivers\vvftav303.sys [308096 2007-06-23] (Vimicro Corporation)
S3 ZSMC0303; C:\Windows\System32\Drivers\usbVM303.sys [1494656 2007-03-25] (Vimicro Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-25 18:20 - 2017-07-25 18:21 - 00019674 _____ C:\Users\DiNo\Downloads\FRST.txt
2017-07-25 18:19 - 2017-07-25 18:20 - 00000000 ____D C:\FRST
2017-07-25 18:14 - 2017-07-25 18:14 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-07-25 18:13 - 2017-07-25 18:13 - 00000000 ____D C:\Users\DiNo\AppData\Roaming\AVAST Software
2017-07-25 18:12 - 2017-07-25 18:14 - 02382336 _____ (Farbar) C:\Users\DiNo\Downloads\FRST64.exe
2017-07-25 18:12 - 2017-07-25 18:12 - 00001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-07-25 18:12 - 2017-07-25 18:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2017-07-25 18:11 - 2017-07-25 18:12 - 00146696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2017-07-25 18:11 - 2017-07-25 18:11 - 00003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-07-25 18:11 - 2017-07-25 18:10 - 01015848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-07-25 18:11 - 2017-07-25 18:10 - 00585608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-07-25 18:11 - 2017-07-25 18:10 - 00361336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-07-25 18:11 - 2017-07-25 18:10 - 00343288 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-07-25 18:11 - 2017-07-25 18:10 - 00320008 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-07-25 18:11 - 2017-07-25 18:10 - 00198976 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-07-25 18:11 - 2017-07-25 18:10 - 00198768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-07-25 18:11 - 2017-07-25 18:10 - 00146664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys.150097752749803
2017-07-25 18:11 - 2017-07-25 18:10 - 00110352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-07-25 18:11 - 2017-07-25 18:10 - 00084392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-07-25 18:11 - 2017-07-25 18:10 - 00057728 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-07-25 18:11 - 2017-07-25 18:10 - 00046984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-07-25 18:10 - 2017-07-25 18:10 - 00400464 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-07-25 17:28 - 2017-07-25 17:28 - 00000017 _____ C:\Users\DiNo\AppData\Local\resmon.resmoncfg
2017-07-25 17:12 - 2017-07-25 17:12 - 00000000 ____D C:\Program Files\AVAST Software
2017-07-25 17:01 - 2017-07-25 17:05 - 06948656 _____ (AVAST Software) C:\Users\DiNo\Downloads\avast_free_antivirus_setup_online.exe
2017-07-25 01:31 - 2017-07-25 01:31 - 00002924 _____ C:\Windows\System32\Tasks\{2264F74B-1BE9-47DD-A0E7-BCD7FB7BF85E}
2017-07-25 01:30 - 2017-07-25 01:30 - 00002924 _____ C:\Windows\System32\Tasks\{5C5FABB7-A226-4158-A279-D13645A124F8}
2017-07-25 01:15 - 2017-07-25 01:15 - 00000000 ____D C:\ProgramData\UniqueId
2017-07-25 01:10 - 2017-07-25 01:51 - 00000000 ____D C:\Users\DiNo\Downloads\New folder
2017-07-25 01:07 - 2017-07-25 01:20 - 00000048 _____ C:\Users\DiNo\AppData\Roaming\pidloc.txt
2017-07-25 01:07 - 2017-07-25 01:20 - 00000004 _____ C:\Users\DiNo\AppData\Roaming\pid.txt
2017-07-25 01:07 - 2017-07-21 19:42 - 00526848 _____ C:\Users\DiNo\AppData\Roaming\Windows Update.exe
2017-07-24 19:07 - 2017-07-25 16:59 - 00000000 ____D C:\Users\DiNo\Downloads\Brabus
2017-07-24 19:01 - 2017-07-24 22:11 - 00691712 _____ C:\Users\DiNo\Downloads\carbon-b-style.xls
2017-07-23 06:20 - 2017-07-23 09:09 - 00000000 ____D C:\Users\DiNo\Downloads\dmc
2017-07-22 14:18 - 2017-07-22 14:18 - 00814606 _____ C:\Users\DiNo\Downloads\W463 G-Klasse_Mopf_Prospekt_11-2011.pdf
2017-07-22 09:10 - 2017-07-24 13:10 - 00000000 ____D C:\Users\DiNo\Downloads\lorinser
2017-07-22 06:50 - 2017-07-22 06:50 - 00631320 _____ C:\Users\DiNo\Downloads\Preisliste-G-Klasse_W463-04.04.2014.pdf
2017-07-21 20:38 - 2017-07-21 20:38 - 00002267 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-07-21 20:38 - 2017-07-21 20:38 - 00002255 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-07-21 20:35 - 2017-07-21 20:35 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-07-21 20:35 - 2017-07-21 20:35 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-07-21 20:33 - 2017-07-21 20:33 - 01130328 _____ (Google Inc.) C:\Users\DiNo\Downloads\ChromeSetup.exe
2017-07-21 20:13 - 2017-06-30 11:32 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-07-21 20:13 - 2017-06-30 10:39 - 01549312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-07-21 20:13 - 2017-06-30 10:38 - 01363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2017-07-21 20:13 - 2017-06-29 13:23 - 20270592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-07-21 20:13 - 2017-06-29 13:23 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-07-21 20:13 - 2017-06-29 13:05 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-07-21 20:13 - 2017-06-29 12:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-07-21 20:13 - 2017-06-29 12:56 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-07-21 20:13 - 2017-06-29 12:52 - 04549632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-07-21 20:13 - 2017-06-29 12:48 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-07-21 20:13 - 2017-06-29 12:47 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-07-21 20:13 - 2017-06-29 12:46 - 02057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-07-21 20:13 - 2017-06-29 12:46 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-07-21 20:13 - 2017-06-29 12:43 - 13663744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-07-21 20:13 - 2017-06-29 12:28 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-07-21 20:13 - 2017-06-29 12:24 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-07-21 20:13 - 2017-06-13 06:29 - 01227264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2017-07-21 20:13 - 2017-06-13 06:29 - 00444928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
2017-07-21 20:13 - 2017-06-13 06:29 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2017-07-21 20:13 - 2017-06-13 06:28 - 00554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-07-21 20:13 - 2017-06-13 06:28 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-07-21 20:13 - 2017-06-13 06:28 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdhui.dll
2017-07-21 20:13 - 2017-06-13 06:06 - 00303616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinfo32.exe
2017-07-21 20:13 - 2017-06-13 06:06 - 00157184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perfmon.exe
2017-07-21 20:13 - 2017-06-13 06:06 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resmon.exe
2017-07-21 20:13 - 2017-06-10 23:39 - 00271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2017-07-21 20:13 - 2017-06-06 23:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-07-21 20:12 - 2017-07-06 12:56 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthpan.sys
2017-07-21 20:12 - 2017-06-30 12:15 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-07-21 20:12 - 2017-06-30 10:57 - 02319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-07-21 20:12 - 2017-06-30 10:57 - 02222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-07-21 20:12 - 2017-06-30 10:57 - 02058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-07-21 20:12 - 2017-06-30 10:57 - 00778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-07-21 20:12 - 2017-06-30 10:57 - 00491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-07-21 20:12 - 2017-06-30 10:57 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-07-21 20:12 - 2017-06-30 10:57 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-07-21 20:12 - 2017-06-30 10:57 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-07-21 20:12 - 2017-06-30 10:57 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-07-21 20:12 - 2017-06-30 10:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-07-21 20:12 - 2017-06-30 10:40 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-07-21 20:12 - 2017-06-30 10:40 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-07-21 20:12 - 2017-06-30 10:39 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-07-21 20:12 - 2017-06-30 10:38 - 01400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-07-21 20:12 - 2017-06-30 10:38 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-07-21 20:12 - 2017-06-30 10:38 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-07-21 20:12 - 2017-06-30 10:38 - 00197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-07-21 20:12 - 2017-06-30 10:38 - 00104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-07-21 20:12 - 2017-06-30 10:38 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-07-21 20:12 - 2017-06-30 10:38 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-07-21 20:12 - 2017-06-30 10:27 - 00427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-07-21 20:12 - 2017-06-30 10:27 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-07-21 20:12 - 2017-06-30 10:26 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-07-21 20:12 - 2017-06-30 10:26 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-07-21 20:12 - 2017-06-29 14:27 - 25734656 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-07-21 20:12 - 2017-06-29 14:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-07-21 20:12 - 2017-06-29 14:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-07-21 20:12 - 2017-06-29 14:04 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-07-21 20:12 - 2017-06-29 14:03 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-07-21 20:12 - 2017-06-29 14:03 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-07-21 20:12 - 2017-06-29 14:02 - 02899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-07-21 20:12 - 2017-06-29 14:02 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-07-21 20:12 - 2017-06-29 14:02 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-07-21 20:12 - 2017-06-29 13:55 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-07-21 20:12 - 2017-06-29 13:54 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-07-21 20:12 - 2017-06-29 13:51 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-07-21 20:12 - 2017-06-29 13:50 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-07-21 20:12 - 2017-06-29 13:50 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-07-21 20:12 - 2017-06-29 13:50 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-07-21 20:12 - 2017-06-29 13:50 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-07-21 20:12 - 2017-06-29 13:44 - 05975552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-07-21 20:12 - 2017-06-29 13:43 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-07-21 20:12 - 2017-06-29 13:39 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-07-21 20:12 - 2017-06-29 13:35 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-07-21 20:12 - 2017-06-29 13:31 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-07-21 20:12 - 2017-06-29 13:31 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-07-21 20:12 - 2017-06-29 13:30 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-07-21 20:12 - 2017-06-29 13:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-07-21 20:12 - 2017-06-29 13:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-07-21 20:12 - 2017-06-29 13:23 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-07-21 20:12 - 2017-06-29 13:23 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-07-21 20:12 - 2017-06-29 13:23 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-07-21 20:12 - 2017-06-29 13:22 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-07-21 20:12 - 2017-06-29 13:22 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-07-21 20:12 - 2017-06-29 13:22 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-07-21 20:12 - 2017-06-29 13:19 - 02290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-07-21 20:12 - 2017-06-29 13:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-07-21 20:12 - 2017-06-29 13:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-07-21 20:12 - 2017-06-29 13:14 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-07-21 20:12 - 2017-06-29 13:13 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-07-21 20:12 - 2017-06-29 13:13 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-07-21 20:12 - 2017-06-29 13:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-07-21 20:12 - 2017-06-29 13:11 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-07-21 20:12 - 2017-06-29 13:09 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-07-21 20:12 - 2017-06-29 13:09 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-07-21 20:12 - 2017-06-29 13:08 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-07-21 20:12 - 2017-06-29 13:07 - 02132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-07-21 20:12 - 2017-06-29 13:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-07-21 20:12 - 2017-06-29 13:00 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-07-21 20:12 - 2017-06-29 13:00 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-07-21 20:12 - 2017-06-29 12:58 - 15253504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-07-21 20:12 - 2017-06-29 12:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-07-21 20:12 - 2017-06-29 12:54 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-07-21 20:12 - 2017-06-29 12:53 - 03240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-07-21 20:12 - 2017-06-29 12:41 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-07-21 20:12 - 2017-06-29 12:29 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-07-21 20:12 - 2017-06-29 12:23 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-07-21 20:12 - 2017-06-22 22:58 - 03223040 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-07-21 20:12 - 2017-06-16 04:23 - 00753664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2017-07-21 20:12 - 2017-06-13 06:54 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2017-07-21 20:12 - 2017-06-13 06:54 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-07-21 20:12 - 2017-06-13 06:54 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-07-21 20:12 - 2017-06-13 06:49 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-07-21 20:12 - 2017-06-13 06:49 - 01363456 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2017-07-21 20:12 - 2017-06-13 06:49 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-07-21 20:12 - 2017-06-13 06:49 - 00731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-07-21 20:12 - 2017-06-13 06:49 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-07-21 20:12 - 2017-06-13 06:49 - 00594432 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2017-07-21 20:12 - 2017-06-13 06:49 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2017-07-21 20:12 - 2017-06-13 06:49 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-07-21 20:12 - 2017-06-13 06:49 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-07-21 20:12 - 2017-06-13 06:49 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-07-21 20:12 - 2017-06-13 06:49 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-07-21 20:12 - 2017-06-13 06:49 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-07-21 20:12 - 2017-06-13 06:49 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-07-21 20:12 - 2017-06-13 06:49 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-07-21 20:12 - 2017-06-13 06:49 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-07-21 20:12 - 2017-06-13 06:49 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-07-21 20:12 - 2017-06-13 06:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-07-21 20:12 - 2017-06-13 06:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-07-21 20:12 - 2017-06-13 06:49 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\pdhui.dll
2017-07-21 20:12 - 2017-06-13 06:49 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-07-21 20:12 - 2017-06-13 06:49 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-07-21 20:12 - 2017-06-13 06:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-07-21 20:12 - 2017-06-13 06:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-07-21 20:12 - 2017-06-13 06:29 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-07-21 20:12 - 2017-06-13 06:29 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-07-21 20:12 - 2017-06-13 06:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-07-21 20:12 - 2017-06-13 06:29 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-07-21 20:12 - 2017-06-13 06:29 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-07-21 20:12 - 2017-06-13 06:28 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-07-21 20:12 - 2017-06-13 06:28 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-07-21 20:12 - 2017-06-13 06:28 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-07-21 20:12 - 2017-06-13 06:28 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-07-21 20:12 - 2017-06-13 06:28 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-07-21 20:12 - 2017-06-13 06:28 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-07-21 20:12 - 2017-06-13 06:28 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-07-21 20:12 - 2017-06-13 06:28 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-07-21 20:12 - 2017-06-13 06:28 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-07-21 20:12 - 2017-06-13 06:19 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-07-21 20:12 - 2017-06-13 06:14 - 00379392 _____ (Microsoft Corporation) C:\Windows\system32\msinfo32.exe
2017-07-21 20:12 - 2017-06-13 06:14 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\perfmon.exe
2017-07-21 20:12 - 2017-06-13 06:14 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\resmon.exe
2017-07-21 20:12 - 2017-06-13 06:12 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-07-21 20:12 - 2017-06-13 06:12 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-07-21 20:12 - 2017-06-13 06:12 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-07-21 20:12 - 2017-06-13 06:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-07-21 20:12 - 2017-06-13 06:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-07-21 20:12 - 2017-06-13 06:05 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-07-21 20:12 - 2017-06-10 23:59 - 00313856 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2017-07-21 20:12 - 2017-06-09 23:33 - 01680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-07-21 20:12 - 2017-06-06 23:30 - 01867264 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-07-21 20:12 - 2017-05-30 12:56 - 01895656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-07-21 20:12 - 2017-05-30 12:56 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-07-21 20:12 - 2017-05-30 12:56 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2017-07-21 20:12 - 2017-05-21 12:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-07-21 20:12 - 2017-05-21 12:06 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-07-21 20:12 - 2017-05-16 23:35 - 00986856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-07-21 20:12 - 2017-05-16 23:35 - 00265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-07-21 20:12 - 2017-05-16 23:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-07-21 19:31 - 2017-05-03 23:34 - 00094952 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-07-21 19:31 - 2017-05-03 23:29 - 01206272 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-07-21 19:31 - 2017-05-03 21:05 - 01555968 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-07-21 19:31 - 2017-05-03 21:05 - 00620544 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-07-21 19:31 - 2017-05-03 21:05 - 00535552 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-07-21 19:31 - 2017-05-03 21:05 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-07-21 19:31 - 2017-05-03 21:05 - 00311296 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-07-21 19:31 - 2017-05-03 21:05 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-07-21 19:31 - 2017-05-03 21:05 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-07-21 19:31 - 2017-03-23 10:06 - 01691136 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2017-07-21 14:20 - 2017-07-24 22:55 - 00001355 _____ C:\Users\DiNo\Downloads\gwagen.txt
2017-07-21 12:26 - 2017-07-21 12:26 - 01674852 _____ C:\Users\DiNo\Downloads\ubp_forms.zip
2017-07-17 12:24 - 2017-07-24 12:49 - 00000942 _____ C:\Users\DiNo\Desktop\novitec.txt
2017-07-07 17:00 - 2017-07-07 17:00 - 00462824 _____ C:\Windows\Minidump\070717-38282-01.dmp
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-25 18:14 - 2009-07-14 12:45 - 00017488 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-25 18:14 - 2009-07-14 12:45 - 00017488 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-25 18:10 - 2017-02-02 11:35 - 00000000 ____D C:\ProgramData\AVAST Software
2017-07-25 18:07 - 2016-12-18 08:43 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{FB1E8505-2514-419D-B450-EAAEC9838F5F}
2017-07-25 16:58 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-25 15:45 - 2016-12-09 18:51 - 00000000 ____D C:\Windows\system32\Macromed
2017-07-25 15:44 - 2016-12-09 18:51 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-07-25 07:14 - 2016-12-18 20:20 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2017-07-24 22:01 - 2016-11-28 09:23 - 00000000 ____D C:\Users\DiNo\Documents\Youcam
2017-07-23 17:50 - 2016-12-05 11:45 - 00000000 ____D C:\Users\DiNo\AppData\LocalLow\Mozilla
2017-07-22 19:34 - 2009-07-14 13:08 - 00032576 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-07-22 13:00 - 2009-07-14 13:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2017-07-22 13:00 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\inf
2017-07-22 12:32 - 2009-07-14 12:45 - 00412264 _____ C:\Windows\system32\FNTCACHE.DAT
2017-07-22 04:20 - 2016-11-28 00:53 - 00000000 ____D C:\Users\DiNo\AppData\Local\Google
2017-07-21 20:37 - 2016-11-28 00:53 - 00000000 ____D C:\Program Files (x86)\Google
2017-07-21 20:25 - 2017-04-23 12:56 - 00775124 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-07-21 19:52 - 2017-04-02 20:22 - 00000000 ____D C:\Windows\system32\appraiser
2017-07-21 19:51 - 2016-11-28 02:12 - 00000000 ____D C:\Windows\system32\MRT
2017-07-21 19:46 - 2016-12-10 23:17 - 135225752 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-07-21 19:20 - 2017-06-19 08:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-07-21 19:20 - 2017-06-19 08:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-07-13 17:50 - 2016-12-20 19:10 - 00000000 ____D C:\Users\DiNo\AppData\Roaming\vlc
2017-07-07 17:00 - 2016-12-05 12:53 - 00000000 ____D C:\Windows\Minidump
2017-07-07 17:00 - 2016-12-05 12:52 - 330026592 _____ C:\Windows\MEMORY.DMP
2017-07-06 07:40 - 2016-12-18 11:05 - 00000000 ____D C:\Users\DiNo\AppData\Roaming\Skype
2017-06-25 03:19 - 2017-06-19 09:07 - 00000000 ____D C:\Program Files (x86)\BitLord
2017-06-25 03:19 - 2017-03-14 10:32 - 00000000 ____D C:\Users\DiNo\AppData\Roaming\PhotoScape
2017-06-25 03:19 - 2017-03-05 13:10 - 00000000 ____D C:\ProgramData\Package Cache
2017-06-25 03:19 - 2017-01-15 17:47 - 00000000 __RHD C:\MSOCache
2017-06-25 03:19 - 2009-07-14 15:45 - 00000000 ___RD C:\Users\Public\Recorded TV
2017-06-25 03:19 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\NDF
2017-06-25 03:19 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\registration
 
==================== Files in the root of some directories =======
 
2017-03-14 10:31 - 2017-03-14 10:46 - 4096000 _____ () C:\Program Files (x86)\GUTB167.tmp
2017-05-09 14:16 - 2017-05-09 14:18 - 7649280 _____ () C:\Program Files (x86)\GUTDD6.tmp
2017-07-25 01:07 - 2017-07-25 01:20 - 0000004 _____ () C:\Users\DiNo\AppData\Roaming\pid.txt
2017-07-25 01:07 - 2017-07-25 01:20 - 0000048 _____ () C:\Users\DiNo\AppData\Roaming\pidloc.txt
2017-07-25 01:07 - 2017-07-21 19:42 - 0526848 _____ () C:\Users\DiNo\AppData\Roaming\Windows Update.exe
2017-05-24 18:37 - 2017-05-24 18:37 - 0003584 _____ () C:\Users\DiNo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-07-25 17:28 - 2017-07-25 17:28 - 0000017 _____ () C:\Users\DiNo\AppData\Local\resmon.resmoncfg
 
Some files in TEMP:
====================
2012-04-04 12:50 - 2012-04-04 12:50 - 0216064 _____ () C:\Users\DiNo\AppData\Local\Temp\gcapi_dll.dll
2012-11-19 13:14 - 2012-11-19 13:14 - 0012800 _____ () C:\Users\DiNo\AppData\Local\Temp\gdapi.dll
2013-06-25 01:19 - 2013-06-25 01:19 - 2380752 _____ (Mooii) C:\Users\DiNo\AppData\Local\Temp\GoogleSetup.exe
2013-04-30 19:30 - 2013-04-30 19:30 - 0763232 _____ (Google Inc.) C:\Users\DiNo\AppData\Local\Temp\GoogleUpdateSetup_latest.exe
2011-11-21 15:25 - 2011-11-21 15:25 - 0073408 _____ () C:\Users\DiNo\AppData\Local\Temp\gtapi_signed.dll
2013-06-24 22:50 - 2013-06-24 22:50 - 0052800 _____ (Mooii) C:\Users\DiNo\AppData\Local\Temp\GTGCAPI.exe
2017-06-19 07:58 - 2017-06-19 07:58 - 1638344 _____ (Temibosafo                                                  ) C:\Users\DiNo\AppData\Local\Temp\ICReinstall_BitlordSetup_VASVcl.exe
2013-04-30 03:32 - 2013-04-30 03:32 - 0782808 _____ (Google Inc.) C:\Users\DiNo\AppData\Local\Temp\Mooii_GDrive.exe
2013-06-19 20:45 - 2013-06-19 20:45 - 0782520 _____ () C:\Users\DiNo\AppData\Local\Temp\Mooii_Photoscape_Chrome_New.exe
2013-04-30 03:32 - 2013-04-30 03:32 - 0782288 _____ (Google Inc.) C:\Users\DiNo\AppData\Local\Temp\Mooii_Toolbar_Omaha.exe
2007-11-07 00:19 - 2007-11-07 00:19 - 0655872 _____ (Microsoft Corporation) C:\Users\DiNo\AppData\Local\Temp\msvcr90.dll
2017-06-17 13:29 - 2017-07-06 07:40 - 58684896 _____ (Skype Technologies S.A.) C:\Users\DiNo\AppData\Local\Temp\SkypeSetup.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-05-25 05:26
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-07-2017
Ran by DiNo (25-07-2017 18:22:42)
Running from C:\Users\DiNo\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2016-11-27 16:02:35)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-371815623-3163942107-3489479027-500 - Administrator - Disabled)
DiNo (S-1-5-21-371815623-3163942107-3489479027-1000 - Administrator - Enabled) => C:\Users\DiNo
Guest (S-1-5-21-371815623-3163942107-3489479027-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-371815623-3163942107-3489479027-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
A4 TECH PC Camera H (HKLM\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D303B}) (Version:  - )
A4 TECH PC Camera H (HKLM-x32\...\{CE3B8E96-B0AF-4871-9178-1519B58E3A93}) (Version: 2007.11.12 - A4 TECH)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.39 - Atheros Communications Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.5.2303 - AVAST Software)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.4.51 - Conexant)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2342 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.10.1209.1 - Lenovo EasyCamera)
Lenovo YouCam (HKLM-x32\...\{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3603 - CyberLink Corp.) Hidden
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3603 - CyberLink Corp.)
Lenovo_Wireless_Driver (HKLM-x32\...\{28ABE740-47F3-441B-9437-852F6A64EFF8}) (Version: 1.02.01 - Lenovo)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0 - Mozilla)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.0.0 - Synaptics Incorporated)
UnZipper 1.0.0 (HKLM-x32\...\UnZipper) (Version: 1.0.0 - UnZipper)
Upwork version 4.2.153.0 (HKLM-x32\...\{F8678797-5A4B-43CF-88D0-EEF67DB3B55E}_is1) (Version: 4.2.153.0 - Upwork, Inc)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-25] (AVAST Software)
ContextMenuHandlers01: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-25] (AVAST Software)
ContextMenuHandlers01: [UnZipper] -> {73950f91-2061-4ea3-8bd5-49ec4bf08ac2} =>  -> No File
ContextMenuHandlers01: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers01: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
ContextMenuHandlers03: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-25] (AVAST Software)
ContextMenuHandlers03: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
ContextMenuHandlers04: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
ContextMenuHandlers04: [UnZipper] -> {73950f91-2061-4ea3-8bd5-49ec4bf08ac2} =>  -> No File
ContextMenuHandlers04: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-03-26] (Intel Corporation)
ContextMenuHandlers05: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
ContextMenuHandlers06: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-25] (AVAST Software)
ContextMenuHandlers06: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
ContextMenuHandlers06: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers06: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {07837914-2D87-4080-B4AE-C3A755964AC5} - System32\Tasks\{73699240-2671-4D92-BC7A-B8B462C3F904} => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
Task: {08CA8891-A27E-40FB-AA01-4B5511020C32} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-07-25] (AVAST Software)
Task: {09F8EED9-3F66-487E-A528-1D90D5C35FCA} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-02-01] (AVAST Software)
Task: {0A203B3A-574E-4A5C-BA59-E7A93DDA37C1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-07-21] (Google Inc.)
Task: {1B493E77-8301-4461-8D87-2277CB35015F} - System32\Tasks\{7BC72065-8783-4469-AF58-27FA527C304B} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\Alwil Software\Avast5\aswRunDll.exe" -c "C:\Program Files\Alwil Software\Avast5\Setup\setiface.dll" RunSetup
Task: {8A6C6F06-9C83-40B9-A3D5-F370A6345E13} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-07-21] (Google Inc.)
Task: {ADCEAB3F-9684-4814-BCC7-EDF7B3E05A30} - System32\Tasks\{5C5FABB7-A226-4158-A279-D13645A124F8} => C:\Users\DiNo\Downloads\W2W.exe
Task: {B7564E6F-0C10-4033-B1D9-409B2E855F50} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2010-12-05] (CyberLink)
Task: {D5EDD994-5A1C-4077-8E38-4440845FFB99} - System32\Tasks\{2636AC76-8A2F-4C1A-8552-B30D753A0524} => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
Task: {D7E70BA3-FC27-4293-8947-03C61797DCE8} - System32\Tasks\{2264F74B-1BE9-47DD-A0E7-BCD7FB7BF85E} => C:\Users\DiNo\Downloads\W2W.exe
Task: {F34477A7-94AA-4159-AB69-CB4CDF311FFE} - System32\Tasks\{2C72FD5A-CD62-401B-B78E-550AEA7379BB} => C:\Windows\system32\pcalua.exe -a C:\Users\DiNo\AppData\Local\Roblox\Versions\version-934c86ec4aa148f0\RobloxPlayerLauncher.exe -c -uninstall
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\DiNo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\396b803340084593\YouTube.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=blpcfgokakmgnkcojhhkbfbldkacnbeo
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-12-05 12:25 - 2006-07-04 14:16 - 00049152 _____ () C:\Windows\Domino.exe
2016-11-28 00:15 - 2010-08-23 15:46 - 01068032 _____ () C:\Windows\system32\vmprp332x64.ax
2017-07-21 20:38 - 2017-06-23 11:21 - 03807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libglesv2.dll
2017-07-21 20:38 - 2017-06-23 11:21 - 00100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libegl.dll
2016-11-28 00:12 - 2011-02-18 08:16 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2017-07-25 18:10 - 2017-07-25 18:10 - 00170224 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-07-25 18:10 - 2017-07-25 18:10 - 00192664 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-07-25 18:10 - 2017-07-25 18:10 - 00224256 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-07-25 18:11 - 2017-07-25 18:11 - 05884160 _____ () C:\Program Files\AVAST Software\Avast\defs\17071601\algo.dll
2017-07-25 18:10 - 2017-07-25 18:10 - 00689272 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-07-25 18:10 - 2017-07-25 18:10 - 00231664 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2017-07-25 18:10 - 2017-07-25 18:10 - 01065936 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-07-25 18:10 - 2017-07-25 18:10 - 67109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-07-25 18:10 - 2017-07-25 18:10 - 00292920 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 10:34 - 2016-12-09 19:22 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-371815623-3163942107-3489479027-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\DiNo\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.4.4 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupreg: 332BigDog => C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
MSCONFIG\startupreg: Domino => C:\Windows\Domino.exe
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SmartAudio => C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: Upwork => C:\Program Files (x86)\Upwork\upwork.exe
MSCONFIG\startupreg: VMSnap3 => C:\Windows\VMSnap3.exe
MSCONFIG\startupreg: YouCam Mirage => "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
MSCONFIG\startupreg: YouCam Tray => "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{DAE807A8-2E58-4420-8C45-68ABE51B6CD8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{063BEFAC-ED68-49BC-875B-FD4218CE972A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{144DDB73-00A6-42A8-97ED-F5F57FD15342}C:\users\dino\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\dino\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [UDP Query User{5B56E5F4-8B33-45A4-A195-AE75EA7978D7}C:\users\dino\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\dino\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [TCP Query User{63D38F68-26AD-4871-972D-0DA76FB5D6E2}C:\users\dino\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\dino\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [UDP Query User{741E4BCD-45AC-46C5-B883-9C486A65F19D}C:\users\dino\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\dino\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [{406C5E28-4448-4BEE-BAF5-9FDEDDFC8FCD}] => (Allow) C:\Program Files (x86)\Upwork\upwork.exe
FirewallRules: [{B6CD8B94-4971-43E3-9400-C1F0A9799C8C}] => (Allow) C:\Program Files (x86)\Upwork\upwork.exe
FirewallRules: [{B6404E43-7955-4697-9A0A-6B9FB82E3331}] => (Allow) C:\Program Files (x86)\Upwork\upwork.exe
FirewallRules: [{D77003D6-E460-4EB3-871D-66C24DDCF98E}] => (Allow) C:\Program Files (x86)\Upwork\upwork.exe
FirewallRules: [{DD2209C0-DBAF-4636-94FC-6AFCCC616519}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{4B8FA033-B9CD-436B-8F8F-49656371B670}] => (Allow) C:\Users\DiNo\Downloads\New folder\W2W.exe
FirewallRules: [{27B005C5-2564-4DB9-AD4D-115FABAAFAB1}] => (Allow) C:\Users\DiNo\Downloads\New folder\W2W.exe
FirewallRules: [{ADC7496A-21CD-4C94-8EA0-AC061B8ADBE2}] => (Allow) C:\Users\DiNo\Downloads\New folder\W2W.exe
FirewallRules: [{014204D2-B56B-4420-B117-47978AF80B59}] => (Allow) C:\Users\DiNo\Downloads\New folder\W2W.exe
 
==================== Restore Points =========================
 
21-07-2017 19:16:09 Windows Update
21-07-2017 19:44:12 Windows Update
21-07-2017 20:15:35 Windows Update
22-07-2017 12:10:48 Windows Update
22-07-2017 12:50:09 Windows Update
22-07-2017 14:43:02 Windows Update
23-07-2017 19:01:29 Windows Backup
24-07-2017 10:51:27 avast! Free Antivirus Setup
25-07-2017 01:13:46 avast! Free Antivirus Setup
25-07-2017 07:12:32 avast! Free Antivirus Setup
25-07-2017 16:53:48 avast! Free Antivirus Setup
 
==================== Faulty Device Manager Devices =============
 
Name: USB2.0-CRW
Description: USB2.0-CRW
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/25/2017 06:12:45 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll".
Dependent Assembly Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/25/2017 05:00:33 PM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x8000ffff.
 
Error: (07/25/2017 04:56:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 59.0.3071.115, time stamp: 0x594c442d
Faulting module name: ntdll.dll, version: 6.1.7601.23807, time stamp: 0x5915fdce
Exception code: 0xc0000374
Fault offset: 0x00000000000bf3e2
Faulting process id: 0xcb8
Faulting application start time: 0x01d30523dc105ead
Faulting application path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 1b26bab7-7117-11e7-b597-6427378066f6
 
Error: (07/25/2017 03:33:42 PM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x8000ffff.
 
Error: (07/25/2017 06:41:20 AM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x8000ffff.
 
Error: (07/25/2017 01:21:13 AM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x8000ffff.
 
Error: (07/25/2017 01:16:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 59.0.3071.115, time stamp: 0x594c442d
Faulting module name: ntdll.dll, version: 6.1.7601.23807, time stamp: 0x5915fdce
Exception code: 0xc0000374
Fault offset: 0x00000000000bf3e2
Faulting process id: 0x11c4
Faulting application start time: 0x01d304a0a0421563
Faulting application path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: de6f055d-7093-11e7-a9be-6427378066f6
 
Error: (07/25/2017 12:16:58 AM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x8000ffff.
 
Error: (07/25/2017 12:14:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: taskhost.exe, version: 6.1.7601.18010, time stamp: 0x50aee9f3
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000000007757000a
Faulting process id: 0x5f8
Faulting application start time: 0x01d30497e1cf1fe3
Faulting application path: C:\Windows\system32\taskhost.exe
Faulting module path: unknown
Report Id: 2a9a5b74-708b-11e7-a9be-6427378066f6
 
Error: (07/24/2017 12:06:21 PM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x8000ffff.
 
 
System errors:
=============
Error: (07/25/2017 06:22:51 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolume2.
 
Error: (07/25/2017 05:48:56 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.
 
Error: (07/25/2017 05:48:56 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.
 
Error: (07/25/2017 05:48:56 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.
 
Error: (07/25/2017 05:48:56 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.
 
Error: (07/25/2017 05:48:56 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.
 
Error: (07/25/2017 05:48:56 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.
 
Error: (07/25/2017 05:48:56 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.
 
Error: (07/25/2017 05:48:56 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.
 
Error: (07/25/2017 05:48:56 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolume2.
 
 
CodeIntegrity:
===================================
  Date: 2016-12-05 12:21:06.974
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbVM303.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-12-05 12:21:06.958
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbVM303.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU B800 @ 1.50GHz
Percentage of memory in use: 67%
Total physical RAM: 1991.86 MB
Available physical RAM: 645.09 MB
Total Virtual: 3983.72 MB
Available Virtual: 2482.25 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:147.36 GB) (Free:90.23 GB) NTFS
Drive d: () (Fixed) (Total:150.63 GB) (Free:64.87 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: C3FFC3FF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=147.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=150.6 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

 


  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,650 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

Looks like there maybe an issue with the hard drive too. We will check it after this.

Next

Download AdwCleaner from here. Save the file to the desktop.
NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.
Close all open windows and browsers.
  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:
iO5EZayK.png
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be moved to Quarantine.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this
adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt

  • 0

#3
edselt

edselt

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

thank your for your help...

 

# AdwCleaner 7.0.0.0 - Logfile created on Tue Jul 25 23:41:56 2017
# Updated on 2017/17/07 by Malwarebytes 
# Running on Windows 7 Ultimate (X64)
# Mode: clean
 
***** [ Services ] *****
 
No malicious services deleted.
 
***** [ Folders ] *****
 
Deleted: C:\Users\admin\AppData\Local\DVDVideoSoftTB
Deleted: C:\Users\admin\AppData\Local\Mobogenie
Deleted: C:\Users\admin\AppData\LocalLow\Minibar
Deleted: C:\Users\admin\AppData\Roaming\awesomehp
Deleted: C:\Users\admin\AppData\Local\genienext
Deleted: C:\Users\admin\AppData\Local\torch
Deleted: C:\Users\Administrator\AppData\Local\torch
Deleted: C:\Users\Guest\AppData\Local\torch
Deleted: C:\Windows\System32\config\systemprofile\AppData\Local\YSearchUtil
Deleted: C:\Users\DiNo\AppData\Local\YSearchUtil
Deleted: C:\Users\admin\AppData\Local\SaveSenseLive
Deleted: C:\Users\admin\AppData\LocalLow\Conduit
Deleted: C:\Users\admin\AppData\LocalLow\PriceGong
Deleted: C:\Users\admin\AppData\Roaming\PriceGong
Deleted: C:\Users\admin\AppData\Roaming\OpenCandy
Deleted: C:\Users\admin\AppData\Roaming\newnext.me
 
 
***** [ Files ] *****
 
No malicious files deleted.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks deleted.
 
***** [ Registry ] *****
 
Deleted: [Key] - HKU\S-1-5-21-371815623-3163942107-3489479027-1000\Software\PRODUCTSETUP
Deleted: [Key] - HKCU\Software\PRODUCTSETUP
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries deleted.
 
***** [ Chromium (and derivatives) ] *****
 
SearchProvider deleted: AOL - aol.com
SearchProvider deleted: hohosearch - hohosearch
SearchProvider deleted: hohosearch - hohosearch
SearchProvider deleted: Ask - ask.com
SearchProvider deleted: Ask.com - dts.search.ask.com
SearchProvider deleted: default-search.net - default-search.net
SearchProvider deleted: trotux - trotux
SearchProvider deleted: trotux - trotux
SearchProvider deleted: istartsurf - istartsurf.com
SearchProvider deleted: youndoo - youndoo
Startpage deleted: http://start.roboform.com
Startpage deleted: http://start.roboform.com/
Startpage deleted: http://google/
CtFyDtCtN1L1Czu1M1Q1CtAtCtFtCyEtFtDtN1L1G1B1V1N2Y1L1Qzu2StBtC0AtDtAzy0C0FtGtA0F0D0AtGtAtCyEtCtGyC0C0CtAtGyEyBtB0ByC0D0EyByDyD0D0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AzyyE0FzzyBtAyBtG0AtD0C0AtGyEtAzztCtGzyzzyCzytG0AtDtAyC0C0A0A0DtC0FtAtA2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCyBtAtD%26cr%3D234607685%26a%3Dhdr_s_17_04_wbf_tggl_16_52%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&uref=chmm
Startpage deleted: http://start.roboform.com
Startpage deleted: http://start.roboform.com/
Startpage deleted: http://google/
Startpage deleted: http://start.roboform.com
Startpage deleted: http://start.roboform.com/
Startpage deleted: http://google/
Startpage deleted: http://start.roboform.com
Startpage deleted: http://start.roboform.com/
Startpage deleted: http://google/
Startpage deleted: http://start.roboform.com
Startpage deleted: http://start.roboform.com/
Startpage deleted: http://google/
Startpage deleted: http://start.roboform.com
Startpage deleted: http://start.roboform.com/
Startpage deleted: http://google/
Startpage deleted: http://start.roboform.com
Startpage deleted: http://start.roboform.com/
Startpage deleted: http://google/
Startpage deleted: http://start.roboform.com
Startpage deleted: http://start.roboform.com/
Startpage deleted: http://google/
Startpage deleted: http://start.roboform.com
Startpage deleted: http://start.roboform.com/
Startpage deleted: http://google/
Startpage deleted: http://start.roboform.com
Startpage deleted: http://start.roboform.com/
Startpage deleted: http://google/
Startpage deleted: http://start.roboform.com
Startpage deleted: http://start.roboform.com/
Startpage deleted: http://google/
 
 
*************************
 
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
 
 
 
*************************
 
C:/AdwCleaner/AdwCleaner[S0].txt - [28375 B] - [2017/7/25 23:39:48]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

  • 0

#4
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,650 posts
Thanks for that log

We will run to more malware scans.

Next
  • Please download Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.

    Next
    • Please download Malwarebytes Anti-Malware to your desktop.
    • Double-click mbam-setup-version.exe and follow the prompts to install the program.
    • Launch Malwarebytes Anti-Malware
    • Then click Finish.
    • If an update is found, you will be prompted to download and install the latest version.
    • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
    • When the scan is complete , make sure that that all Threats are selected, and click Remove Selected.
    • Reboot your computer if prompted.
    Posting the Malwarebytes log.
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • post that saved log to your next reply.
    In your next reply post;
  • The JRT.txt Log
  • Malwarebytes log

  • 0

#5
edselt

edselt

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Ultimate x64 
Ran by DiNo (Administrator) on Wed 07/26/2017 at  8:39:46.80
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 18 
 
Successfully deleted: C:\Program Files (x86)\GUTB167.tmp (File) 
Successfully deleted: C:\Program Files (x86)\GUTDD6.tmp (File) 
Successfully deleted: C:\Users\DiNo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\DiNo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4QA6A12D (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\DiNo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\DiNo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\803HPVCD (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\DiNo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B9OEAC6J (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\DiNo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\DiNo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\DiNo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W7Q491DT (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4QA6A12D (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\803HPVCD (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B9OEAC6J (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W7Q491DT (Temporary Internet Files Folder) 
 
Deleted the following from C:\Users\DiNo\AppData\Roaming\Mozilla\Firefox\Profiles\50x2pgiq.default-1497831639553\prefs.js
user_pref(browser.urlbar.suggest.searches, true);
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 07/26/2017 at  8:45:08.46
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • 0

#6
edselt

edselt

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 7/26/17
Scan Time: 9:27 AM
Log File: scan log.txt
Administrator: Yes
 
-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.160
Update Package Version: 1.0.2251
License: Trial
 
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: DiNo-PC\DiNo
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 376745
Threats Detected: 18
Threats Quarantined: 18
Time Elapsed: 21 min, 23 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 3
PUP.Optional.WinYahoo, HKU\S-1-5-21-371815623-3163942107-3489479027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Delete-on-Reboot, [91], [247049],1.0.2251
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Delete-on-Reboot, [91], [247049],1.0.2251
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Delete-on-Reboot, [91], [247049],1.0.2251
 
Registry Value: 2
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, Quarantined, [91], [247049],1.0.2251
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, Quarantined, [91], [247049],1.0.2251
 
Registry Data: 2
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replaced, [91], [293458],1.0.2251
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replaced, [91], [293458],1.0.2251
 
Data Stream: 0
(No malicious items detected)
 
Folder: 3
PUP.Optional.Perion, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_1\Plugins, Quarantined, [1562], [178860],1.0.2251
PUP.Optional.Perion, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_1, Quarantined, [1562], [178860],1.0.2251
PUP.Optional.Perion, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\JIFFLLIPLGEAJJDHMKCFNNGFPGBJONJG, Quarantined, [1562], [178860],1.0.2251
 
File: 8
Trojan.Agent.Trace, C:\USERS\DINO\APPDATA\ROAMING\PIDLOC.TXT, Quarantined, [3189], [247557],1.0.2251
Trojan.Agent.Trace, C:\USERS\DINO\APPDATA\ROAMING\PID.TXT, Quarantined, [3189], [247556],1.0.2251
PUP.Optional.SearchManager.BITSRST, C:\USERS\DINO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\chrome-extension_bahkljhhdeciiaodlkppoonappfnheoi_0.localstorage, Quarantined, [1164], [396192],1.0.2251
PUP.Optional.SearchManager.BITSRST, C:\PROGRAMDATA\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Delete-on-Reboot, [1164], [-1],0.0.0
PUP.Optional.SearchManager.BITSRST, C:\PROGRAMDATA\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Delete-on-Reboot, [1164], [-1],0.0.0
PUP.Optional.SearchManager.BITSRST, C:\PROGRAMDATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Quarantined, [1164], [-1],0.0.0
PUP.Optional.SearchManager.BITSRST, C:\PROGRAMDATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Quarantined, [1164], [-1],0.0.0
PUP.Optional.SearchManager.BITSRST, C:\USERS\DINO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\chrome-extension_bahkljhhdeciiaodlkppoonappfnheoi_0.localstorage-journal, Quarantined, [1164], [396192],1.0.2251
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)

  • 0

#7
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,650 posts
Hello,

Keep Malwarebytes on your computer and anytime you suspect something run a scan with it.

Lets see whats left.

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

  • 0

#8
edselt

edselt

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-07-2017
Ran by DiNo (administrator) on DINO-PC (26-07-2017 10:39:59)
Running from D:\OS\SPYWAREMALWARE
Loaded Profiles: DiNo (Available Profiles: DiNo)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.609\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.609\SZBrowser_crashreporter.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.609\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.609\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.609\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.609\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.609\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.609\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.609\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.609\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.609\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.609\SZBrowser.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
() C:\Program Files\AVAST Software\Avast\AvastNM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.609\SZBrowser.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.609\SZBrowser.exe
(Farbar) D:\OS\SPYWAREMALWARE\FRST64-1.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213832 2017-07-25] (AVAST Software)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-371815623-3163942107-3489479027-1000\...\MountPoints2: {e4dd7202-b4bc-11e6-aa64-806e6f6e6963} - E:\setup.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2016-12-12] (Microsoft Corporation)
GroupPolicy: Restriction <==== ATTENTION
GroupPolicyScripts: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254 192.168.254.254
Tcpip\..\Interfaces\{83B85271-B184-48DF-BF65-A8201BF715CB}: [DhcpNameServer] 192.168.254.254 192.168.254.254
Tcpip\..\Interfaces\{EEA3698C-129E-40E3-8CFC-2EC3466A5E51}: [NameServer] 8.8.4.4,8.8.8.8
Tcpip\..\Interfaces\{EEA3698C-129E-40E3-8CFC-2EC3466A5E51}: [DhcpNameServer] 192.168.254.254 192.168.254.254
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-371815623-3163942107-3489479027-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-07-25] (AVAST Software)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-07-25] (AVAST Software)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF DefaultProfile: 50x2pgiq.default-1497831639553
FF ProfilePath: C:\Users\DiNo\AppData\Roaming\Mozilla\Firefox\Profiles\50x2pgiq.default-1497831639553 [2017-07-25]
FF Extension: (Firefox Hotfix) - C:\Users\DiNo\AppData\Roaming\Mozilla\Firefox\Profiles\50x2pgiq.default-1497831639553\Extensions\[email protected] [2017-06-19]
FF Extension: (Avast Online Security) - C:\Users\DiNo\AppData\Roaming\Mozilla\Firefox\Profiles\50x2pgiq.default-1497831639553\Extensions\[email protected] [2017-07-25]
FF ProfilePath: C:\Users\DiNo\AppData\Roaming\Mozilla\Firefox\Profiles\cyfvltd1.default-1497831639553-1497831929156 [2017-06-19]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://www.duckduckgo.com
CHR StartupUrls: Default -> "hxxps://www.duckduckgo.com"
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> DuckDuckGo
CHR DefaultSuggestURL: Default -> hxxps://ac.duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Profile: C:\Users\DiNo\AppData\Local\Google\Chrome\User Data\Default [2017-07-26]
CHR Profile: C:\Users\DiNo\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-07-24]
CHR Profile: C:\Users\DiNo\AppData\Local\Google\Chrome\User Data\System Profile [2017-07-03]
CHR HKLM-x32\...\Chrome\Extension: [fabhkdeopjkcpkmofliimbjckmocfiom] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fdbpcigaolookbahgdofnimidinicfid] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7430992 2017-07-25] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263312 2017-07-25] (AVAST Software)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [320008 2017-07-25] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [198976 2017-07-25] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [343288 2017-07-25] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [57728 2017-07-25] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [46984 2017-07-25] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [41800 2017-07-25] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [146696 2017-07-25] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [110352 2017-07-25] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [84392 2017-07-25] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1015848 2017-07-25] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [585608 2017-07-25] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [198768 2017-07-25] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [361336 2017-07-25] (AVAST Software)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77376 2017-06-27] ()
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [188352 2017-07-26] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [101784 2017-07-26] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [45472 2017-07-26] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [253856 2017-07-26] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [84256 2017-07-26] (Malwarebytes)
S3 vvftav303; C:\Windows\System32\drivers\vvftav303.sys [308096 2007-06-23] (Vimicro Corporation)
S3 ZSMC0303; C:\Windows\System32\Drivers\usbVM303.sys [1494656 2007-03-25] (Vimicro Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-26 10:30 - 2017-07-26 10:34 - 00001207 _____ C:\Users\DiNo\Desktop\scan log.txt
2017-07-26 10:29 - 2017-07-26 10:29 - 00001206 _____ C:\Users\DiNo\Downloads\scanlog.txt
2017-07-26 09:25 - 2017-07-26 10:20 - 00084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-07-26 09:25 - 2017-07-26 09:53 - 00101784 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-07-26 09:25 - 2017-07-26 09:52 - 00253856 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-07-26 09:25 - 2017-07-26 09:52 - 00045472 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-07-26 09:25 - 2017-07-26 09:25 - 00188352 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-07-26 09:24 - 2017-07-26 09:24 - 00001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-07-26 09:24 - 2017-07-26 09:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-07-26 09:24 - 2017-07-26 09:24 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-07-26 09:24 - 2017-07-26 09:24 - 00000000 ____D C:\Program Files\Malwarebytes
2017-07-26 09:24 - 2017-06-27 12:06 - 00077376 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-07-26 08:54 - 2017-07-26 08:55 - 00000000 ____D C:\Users\DiNo\Downloads\SPYWAREMALWARE
2017-07-26 08:48 - 2017-07-26 09:23 - 65033984 _____ (Malwarebytes ) C:\Users\DiNo\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe
2017-07-26 08:45 - 2017-07-26 08:45 - 00003481 _____ C:\Users\DiNo\Desktop\JRT.txt
2017-07-26 07:45 - 2017-07-26 07:45 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-07-26 07:33 - 2017-07-26 07:41 - 00000000 ____D C:\AdwCleaner
2017-07-26 02:45 - 2017-07-26 02:45 - 00028945 _____ C:\Users\DiNo\Downloads\Shortcut.txt
2017-07-25 23:56 - 2017-07-25 23:56 - 00003890 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1500998157
2017-07-25 23:56 - 2017-07-25 23:56 - 00001043 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2017-07-25 23:56 - 2017-07-25 23:56 - 00001043 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-07-25 23:54 - 2017-07-25 23:54 - 00041800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-07-25 22:48 - 2013-10-02 10:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2017-07-25 22:48 - 2013-10-02 10:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2017-07-25 22:48 - 2013-10-02 10:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2017-07-25 22:48 - 2013-10-02 09:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2017-07-25 22:48 - 2013-10-02 09:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2017-07-25 22:48 - 2013-10-02 09:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2017-07-25 22:48 - 2013-10-02 09:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2017-07-25 22:48 - 2013-10-02 08:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2017-07-25 22:48 - 2013-10-02 08:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2017-07-25 22:48 - 2013-10-02 08:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2017-07-25 22:48 - 2013-10-02 08:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2017-07-25 22:48 - 2013-10-02 08:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2017-07-25 22:48 - 2013-10-02 07:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2017-07-25 22:48 - 2013-10-02 07:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2017-07-25 22:48 - 2013-10-02 07:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2017-07-25 22:48 - 2013-10-02 06:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2017-07-25 22:48 - 2013-10-02 04:57 - 06578176 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2017-07-25 22:48 - 2013-10-02 04:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2017-07-25 22:45 - 2012-08-23 22:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2017-07-25 22:45 - 2012-08-23 22:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2017-07-25 22:45 - 2012-08-23 21:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2017-07-25 22:45 - 2012-08-23 19:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2017-07-25 22:45 - 2012-08-23 18:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2017-07-25 22:45 - 2012-08-23 17:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2017-07-25 22:36 - 2015-08-06 01:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2017-07-25 22:36 - 2015-08-06 01:06 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2017-07-25 22:35 - 2015-12-17 02:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2017-07-25 22:35 - 2015-12-17 02:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2017-07-25 22:35 - 2015-12-17 02:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2017-07-25 22:35 - 2015-12-17 02:48 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2017-07-25 22:35 - 2015-12-17 02:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2017-07-25 22:35 - 2015-12-17 02:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2017-07-25 21:51 - 2017-07-25 21:51 - 00000000 ____D C:\Users\DiNo\AppData\Local\AVAST Software
2017-07-25 18:47 - 2017-07-25 22:24 - 00000153 _____ C:\Users\DiNo\Documents\untitled.txt
2017-07-25 18:22 - 2017-07-26 02:45 - 00024449 _____ C:\Users\DiNo\Downloads\Addition.txt
2017-07-25 18:20 - 2017-07-26 02:45 - 00119759 _____ C:\Users\DiNo\Downloads\FRST.txt
2017-07-25 18:19 - 2017-07-26 10:39 - 00000000 ____D C:\FRST
2017-07-25 18:13 - 2017-07-25 18:13 - 00000000 ____D C:\Users\DiNo\AppData\Roaming\AVAST Software
2017-07-25 18:12 - 2017-07-25 18:12 - 00001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-07-25 18:12 - 2017-07-25 18:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2017-07-25 18:11 - 2017-07-25 23:52 - 00004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-07-25 18:11 - 2017-07-25 18:12 - 00146696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2017-07-25 18:11 - 2017-07-25 18:10 - 01015848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-07-25 18:11 - 2017-07-25 18:10 - 00585608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-07-25 18:11 - 2017-07-25 18:10 - 00361336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-07-25 18:11 - 2017-07-25 18:10 - 00343288 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-07-25 18:11 - 2017-07-25 18:10 - 00320008 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-07-25 18:11 - 2017-07-25 18:10 - 00198976 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-07-25 18:11 - 2017-07-25 18:10 - 00198768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-07-25 18:11 - 2017-07-25 18:10 - 00110352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-07-25 18:11 - 2017-07-25 18:10 - 00084392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-07-25 18:11 - 2017-07-25 18:10 - 00057728 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-07-25 18:11 - 2017-07-25 18:10 - 00046984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-07-25 18:10 - 2017-07-25 18:10 - 00400464 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-07-25 17:28 - 2017-07-25 17:28 - 00000017 _____ C:\Users\DiNo\AppData\Local\resmon.resmoncfg
2017-07-25 17:12 - 2017-07-25 23:54 - 00000000 ____D C:\Program Files\AVAST Software
2017-07-25 01:31 - 2017-07-25 01:31 - 00002924 _____ C:\Windows\System32\Tasks\{2264F74B-1BE9-47DD-A0E7-BCD7FB7BF85E}
2017-07-25 01:30 - 2017-07-25 01:30 - 00002924 _____ C:\Windows\System32\Tasks\{5C5FABB7-A226-4158-A279-D13645A124F8}
2017-07-25 01:15 - 2017-07-25 01:15 - 00000000 ____D C:\ProgramData\UniqueId
2017-07-25 01:10 - 2017-07-25 01:51 - 00000000 ____D C:\Users\DiNo\Downloads\New folder
2017-07-24 19:07 - 2017-07-25 16:59 - 00000000 ____D C:\Users\DiNo\Downloads\Brabus
2017-07-24 19:01 - 2017-07-24 22:11 - 00691712 _____ C:\Users\DiNo\Downloads\carbon-b-style.xls
2017-07-23 06:20 - 2017-07-23 09:09 - 00000000 ____D C:\Users\DiNo\Downloads\dmc
2017-07-22 09:10 - 2017-07-24 13:10 - 00000000 ____D C:\Users\DiNo\Downloads\lorinser
2017-07-21 20:33 - 2017-07-21 20:33 - 01130328 _____ (Google Inc.) C:\Users\DiNo\Downloads\ChromeSetup.exe
2017-07-21 20:13 - 2017-06-30 11:32 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-07-21 20:13 - 2017-06-30 10:39 - 01549312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-07-21 20:13 - 2017-06-30 10:38 - 01363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2017-07-21 20:13 - 2017-06-29 13:23 - 20270592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-07-21 20:13 - 2017-06-29 13:23 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-07-21 20:13 - 2017-06-29 13:05 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-07-21 20:13 - 2017-06-29 12:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-07-21 20:13 - 2017-06-29 12:56 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-07-21 20:13 - 2017-06-29 12:52 - 04549632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-07-21 20:13 - 2017-06-29 12:48 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-07-21 20:13 - 2017-06-29 12:47 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-07-21 20:13 - 2017-06-29 12:46 - 02057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-07-21 20:13 - 2017-06-29 12:46 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-07-21 20:13 - 2017-06-29 12:43 - 13663744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-07-21 20:13 - 2017-06-29 12:28 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-07-21 20:13 - 2017-06-29 12:24 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-07-21 20:13 - 2017-06-13 06:29 - 01227264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2017-07-21 20:13 - 2017-06-13 06:29 - 00444928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
2017-07-21 20:13 - 2017-06-13 06:29 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2017-07-21 20:13 - 2017-06-13 06:28 - 00554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-07-21 20:13 - 2017-06-13 06:28 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-07-21 20:13 - 2017-06-13 06:28 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdhui.dll
2017-07-21 20:13 - 2017-06-13 06:06 - 00303616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinfo32.exe
2017-07-21 20:13 - 2017-06-13 06:06 - 00157184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perfmon.exe
2017-07-21 20:13 - 2017-06-13 06:06 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resmon.exe
2017-07-21 20:13 - 2017-06-10 23:39 - 00271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2017-07-21 20:13 - 2017-06-06 23:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-07-21 20:12 - 2017-07-06 12:56 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthpan.sys
2017-07-21 20:12 - 2017-06-30 12:15 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-07-21 20:12 - 2017-06-30 10:57 - 02319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-07-21 20:12 - 2017-06-30 10:57 - 02222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-07-21 20:12 - 2017-06-30 10:57 - 02058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-07-21 20:12 - 2017-06-30 10:57 - 00778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-07-21 20:12 - 2017-06-30 10:57 - 00491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-07-21 20:12 - 2017-06-30 10:57 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-07-21 20:12 - 2017-06-30 10:57 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-07-21 20:12 - 2017-06-30 10:57 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-07-21 20:12 - 2017-06-30 10:57 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-07-21 20:12 - 2017-06-30 10:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-07-21 20:12 - 2017-06-30 10:40 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-07-21 20:12 - 2017-06-30 10:40 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-07-21 20:12 - 2017-06-30 10:39 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-07-21 20:12 - 2017-06-30 10:38 - 01400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-07-21 20:12 - 2017-06-30 10:38 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-07-21 20:12 - 2017-06-30 10:38 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-07-21 20:12 - 2017-06-30 10:38 - 00197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-07-21 20:12 - 2017-06-30 10:38 - 00104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-07-21 20:12 - 2017-06-30 10:38 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-07-21 20:12 - 2017-06-30 10:38 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-07-21 20:12 - 2017-06-30 10:27 - 00427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-07-21 20:12 - 2017-06-30 10:27 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-07-21 20:12 - 2017-06-30 10:26 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-07-21 20:12 - 2017-06-30 10:26 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-07-21 20:12 - 2017-06-29 14:27 - 25734656 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-07-21 20:12 - 2017-06-29 14:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-07-21 20:12 - 2017-06-29 14:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-07-21 20:12 - 2017-06-29 14:04 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-07-21 20:12 - 2017-06-29 14:03 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-07-21 20:12 - 2017-06-29 14:03 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-07-21 20:12 - 2017-06-29 14:02 - 02899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-07-21 20:12 - 2017-06-29 14:02 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-07-21 20:12 - 2017-06-29 14:02 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-07-21 20:12 - 2017-06-29 13:55 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-07-21 20:12 - 2017-06-29 13:54 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-07-21 20:12 - 2017-06-29 13:51 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-07-21 20:12 - 2017-06-29 13:50 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-07-21 20:12 - 2017-06-29 13:50 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-07-21 20:12 - 2017-06-29 13:50 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-07-21 20:12 - 2017-06-29 13:50 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-07-21 20:12 - 2017-06-29 13:44 - 05975552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-07-21 20:12 - 2017-06-29 13:43 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-07-21 20:12 - 2017-06-29 13:39 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-07-21 20:12 - 2017-06-29 13:35 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-07-21 20:12 - 2017-06-29 13:31 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-07-21 20:12 - 2017-06-29 13:31 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-07-21 20:12 - 2017-06-29 13:30 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-07-21 20:12 - 2017-06-29 13:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-07-21 20:12 - 2017-06-29 13:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-07-21 20:12 - 2017-06-29 13:23 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-07-21 20:12 - 2017-06-29 13:23 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-07-21 20:12 - 2017-06-29 13:23 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-07-21 20:12 - 2017-06-29 13:22 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-07-21 20:12 - 2017-06-29 13:22 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-07-21 20:12 - 2017-06-29 13:22 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-07-21 20:12 - 2017-06-29 13:19 - 02290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-07-21 20:12 - 2017-06-29 13:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-07-21 20:12 - 2017-06-29 13:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-07-21 20:12 - 2017-06-29 13:14 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-07-21 20:12 - 2017-06-29 13:13 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-07-21 20:12 - 2017-06-29 13:13 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-07-21 20:12 - 2017-06-29 13:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-07-21 20:12 - 2017-06-29 13:11 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-07-21 20:12 - 2017-06-29 13:09 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-07-21 20:12 - 2017-06-29 13:09 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-07-21 20:12 - 2017-06-29 13:08 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-07-21 20:12 - 2017-06-29 13:07 - 02132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-07-21 20:12 - 2017-06-29 13:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-07-21 20:12 - 2017-06-29 13:00 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-07-21 20:12 - 2017-06-29 13:00 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-07-21 20:12 - 2017-06-29 12:58 - 15253504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-07-21 20:12 - 2017-06-29 12:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-07-21 20:12 - 2017-06-29 12:54 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-07-21 20:12 - 2017-06-29 12:53 - 03240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-07-21 20:12 - 2017-06-29 12:41 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-07-21 20:12 - 2017-06-29 12:29 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-07-21 20:12 - 2017-06-29 12:23 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-07-21 20:12 - 2017-06-22 22:58 - 03223040 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-07-21 20:12 - 2017-06-16 04:23 - 00753664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2017-07-21 20:12 - 2017-06-13 06:54 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2017-07-21 20:12 - 2017-06-13 06:54 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-07-21 20:12 - 2017-06-13 06:54 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-07-21 20:12 - 2017-06-13 06:49 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-07-21 20:12 - 2017-06-13 06:49 - 01363456 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2017-07-21 20:12 - 2017-06-13 06:49 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-07-21 20:12 - 2017-06-13 06:49 - 00731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-07-21 20:12 - 2017-06-13 06:49 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-07-21 20:12 - 2017-06-13 06:49 - 00594432 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2017-07-21 20:12 - 2017-06-13 06:49 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2017-07-21 20:12 - 2017-06-13 06:49 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-07-21 20:12 - 2017-06-13 06:49 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-07-21 20:12 - 2017-06-13 06:49 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-07-21 20:12 - 2017-06-13 06:49 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-07-21 20:12 - 2017-06-13 06:49 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-07-21 20:12 - 2017-06-13 06:49 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-07-21 20:12 - 2017-06-13 06:49 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-07-21 20:12 - 2017-06-13 06:49 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-07-21 20:12 - 2017-06-13 06:49 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-07-21 20:12 - 2017-06-13 06:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-07-21 20:12 - 2017-06-13 06:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-07-21 20:12 - 2017-06-13 06:49 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\pdhui.dll
2017-07-21 20:12 - 2017-06-13 06:49 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-07-21 20:12 - 2017-06-13 06:49 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-07-21 20:12 - 2017-06-13 06:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-07-21 20:12 - 2017-06-13 06:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-07-21 20:12 - 2017-06-13 06:29 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-07-21 20:12 - 2017-06-13 06:29 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-07-21 20:12 - 2017-06-13 06:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-07-21 20:12 - 2017-06-13 06:29 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-07-21 20:12 - 2017-06-13 06:29 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-07-21 20:12 - 2017-06-13 06:28 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-07-21 20:12 - 2017-06-13 06:28 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-07-21 20:12 - 2017-06-13 06:28 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-07-21 20:12 - 2017-06-13 06:28 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-07-21 20:12 - 2017-06-13 06:28 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-07-21 20:12 - 2017-06-13 06:28 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-07-21 20:12 - 2017-06-13 06:28 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-07-21 20:12 - 2017-06-13 06:28 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-07-21 20:12 - 2017-06-13 06:28 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-07-21 20:12 - 2017-06-13 06:19 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-07-21 20:12 - 2017-06-13 06:14 - 00379392 _____ (Microsoft Corporation) C:\Windows\system32\msinfo32.exe
2017-07-21 20:12 - 2017-06-13 06:14 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\perfmon.exe
2017-07-21 20:12 - 2017-06-13 06:14 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\resmon.exe
2017-07-21 20:12 - 2017-06-13 06:12 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-07-21 20:12 - 2017-06-13 06:12 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-07-21 20:12 - 2017-06-13 06:12 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-07-21 20:12 - 2017-06-13 06:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-07-21 20:12 - 2017-06-13 06:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-07-21 20:12 - 2017-06-13 06:05 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-07-21 20:12 - 2017-06-10 23:59 - 00313856 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2017-07-21 20:12 - 2017-06-09 23:33 - 01680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-07-21 20:12 - 2017-06-06 23:30 - 01867264 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-07-21 20:12 - 2017-05-30 12:56 - 01895656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-07-21 20:12 - 2017-05-30 12:56 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-07-21 20:12 - 2017-05-30 12:56 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2017-07-21 20:12 - 2017-05-21 12:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-07-21 20:12 - 2017-05-21 12:06 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-07-21 20:12 - 2017-05-16 23:35 - 00986856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-07-21 20:12 - 2017-05-16 23:35 - 00265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-07-21 20:12 - 2017-05-16 23:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-07-21 19:31 - 2017-05-03 23:34 - 00094952 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-07-21 19:31 - 2017-05-03 23:29 - 01206272 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-07-21 19:31 - 2017-05-03 21:05 - 01555968 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-07-21 19:31 - 2017-05-03 21:05 - 00620544 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-07-21 19:31 - 2017-05-03 21:05 - 00535552 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-07-21 19:31 - 2017-05-03 21:05 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-07-21 19:31 - 2017-05-03 21:05 - 00311296 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-07-21 19:31 - 2017-05-03 21:05 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-07-21 19:31 - 2017-05-03 21:05 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-07-21 19:31 - 2017-03-23 10:06 - 01691136 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2017-07-21 14:20 - 2017-07-24 22:55 - 00001355 _____ C:\Users\DiNo\Downloads\gwagen.txt
2017-07-17 12:24 - 2017-07-24 12:49 - 00000942 _____ C:\Users\DiNo\Desktop\novitec.txt
2017-07-07 17:00 - 2017-07-07 17:00 - 00462824 _____ C:\Windows\Minidump\070717-38282-01.dmp
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-26 10:27 - 2016-12-18 08:43 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{FB1E8505-2514-419D-B450-EAAEC9838F5F}
2017-07-26 10:01 - 2009-07-14 12:45 - 00017488 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-26 10:01 - 2009-07-14 12:45 - 00017488 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-26 09:52 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-26 02:41 - 2017-06-19 08:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-07-26 02:31 - 2016-11-28 00:53 - 00000000 ____D C:\Program Files (x86)\Google
2017-07-26 01:27 - 2017-02-28 22:41 - 00000344 __RSH C:\ProgramData\ntuser.pol
2017-07-26 01:27 - 2009-07-14 12:45 - 00412264 _____ C:\Windows\system32\FNTCACHE.DAT
2017-07-25 23:54 - 2017-02-02 11:35 - 00000000 ____D C:\ProgramData\AVAST Software
2017-07-25 22:51 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-07-25 22:06 - 2017-03-05 13:14 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-07-25 22:06 - 2017-03-01 20:20 - 00000000 ____D C:\Windows\system32\appmgmt
2017-07-25 22:06 - 2016-12-18 11:05 - 00000000 ____D C:\ProgramData\Skype
2017-07-25 22:04 - 2016-12-20 19:04 - 00000000 ____D C:\Program Files\VideoLAN
2017-07-25 15:45 - 2016-12-09 18:51 - 00000000 ____D C:\Windows\system32\Macromed
2017-07-25 15:44 - 2016-12-09 18:51 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-07-25 07:14 - 2016-12-18 20:20 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2017-07-24 22:01 - 2016-11-28 09:23 - 00000000 ____D C:\Users\DiNo\Documents\Youcam
2017-07-23 17:50 - 2016-12-05 11:45 - 00000000 ____D C:\Users\DiNo\AppData\LocalLow\Mozilla
2017-07-22 19:34 - 2009-07-14 13:08 - 00032576 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-07-22 13:00 - 2009-07-14 13:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2017-07-22 13:00 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\inf
2017-07-22 04:20 - 2016-11-28 00:53 - 00000000 ____D C:\Users\DiNo\AppData\Local\Google
2017-07-21 20:25 - 2017-04-23 12:56 - 00775124 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-07-21 19:52 - 2017-04-02 20:22 - 00000000 ____D C:\Windows\system32\appraiser
2017-07-21 19:51 - 2016-11-28 02:12 - 00000000 ____D C:\Windows\system32\MRT
2017-07-21 19:46 - 2016-12-10 23:17 - 135225752 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-07-13 17:50 - 2016-12-20 19:10 - 00000000 ____D C:\Users\DiNo\AppData\Roaming\vlc
2017-07-07 17:00 - 2016-12-05 12:53 - 00000000 ____D C:\Windows\Minidump
2017-07-07 17:00 - 2016-12-05 12:52 - 330026592 _____ C:\Windows\MEMORY.DMP
2017-07-06 07:40 - 2016-12-18 11:05 - 00000000 ____D C:\Users\DiNo\AppData\Roaming\Skype
 
==================== Files in the root of some directories =======
 
2017-05-24 18:37 - 2017-05-24 18:37 - 0003584 _____ () C:\Users\DiNo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-07-25 17:28 - 2017-07-25 17:28 - 0000017 _____ () C:\Users\DiNo\AppData\Local\resmon.resmoncfg
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-05-25 05:26
 
==================== End of FRST.txt ============================

  • 0

#9
edselt

edselt

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-07-2017
Ran by DiNo (26-07-2017 10:43:07)
Running from D:\OS\SPYWAREMALWARE
Windows 7 Ultimate Service Pack 1 (X64) (2016-11-27 16:02:35)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-371815623-3163942107-3489479027-500 - Administrator - Disabled)
DiNo (S-1-5-21-371815623-3163942107-3489479027-1000 - Administrator - Enabled) => C:\Users\DiNo
Guest (S-1-5-21-371815623-3163942107-3489479027-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-371815623-3163942107-3489479027-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
A4 TECH PC Camera H (HKLM\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D303B}) (Version:  - )
A4 TECH PC Camera H (HKLM-x32\...\{CE3B8E96-B0AF-4871-9178-1519B58E3A93}) (Version: 2007.11.12 - A4 TECH)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.39 - Atheros Communications Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.5.2303 - AVAST Software)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.4.51 - Conexant)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2342 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.10.1209.1 - Lenovo EasyCamera)
Lenovo YouCam (HKLM-x32\...\{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3603 - CyberLink Corp.) Hidden
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3603 - CyberLink Corp.)
Lenovo_Wireless_Driver (HKLM-x32\...\{28ABE740-47F3-441B-9437-852F6A64EFF8}) (Version: 1.02.01 - Lenovo)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
SafeZone Stable 3.55.2393.609 (HKLM-x32\...\SafeZone 3.55.2393.609) (Version: 3.55.2393.609 - Avast Software) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.0.0 - Synaptics Incorporated)
UnZipper 1.0.0 (HKLM-x32\...\UnZipper) (Version: 1.0.0 - UnZipper)
Upwork version 4.2.153.0 (HKLM-x32\...\{F8678797-5A4B-43CF-88D0-EEF67DB3B55E}_is1) (Version: 4.2.153.0 - Upwork, Inc)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-25] (AVAST Software)
ContextMenuHandlers01: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-25] (AVAST Software)
ContextMenuHandlers01: [UnZipper] -> {73950f91-2061-4ea3-8bd5-49ec4bf08ac2} =>  -> No File
ContextMenuHandlers01: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers01: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
ContextMenuHandlers03: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-25] (AVAST Software)
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers03: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
ContextMenuHandlers04: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
ContextMenuHandlers04: [UnZipper] -> {73950f91-2061-4ea3-8bd5-49ec4bf08ac2} =>  -> No File
ContextMenuHandlers04: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-03-26] (Intel Corporation)
ContextMenuHandlers05: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
ContextMenuHandlers06: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-25] (AVAST Software)
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers06: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
ContextMenuHandlers06: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers06: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {07837914-2D87-4080-B4AE-C3A755964AC5} - System32\Tasks\{73699240-2671-4D92-BC7A-B8B462C3F904} => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
Task: {08CA8891-A27E-40FB-AA01-4B5511020C32} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-07-25] (AVAST Software)
Task: {09F8EED9-3F66-487E-A528-1D90D5C35FCA} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-02-01] (AVAST Software)
Task: {1B493E77-8301-4461-8D87-2277CB35015F} - System32\Tasks\{7BC72065-8783-4469-AF58-27FA527C304B} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\Alwil Software\Avast5\aswRunDll.exe" -c "C:\Program Files\Alwil Software\Avast5\Setup\setiface.dll" RunSetup
Task: {35B5DA85-3064-48DC-BF5D-A629938523ED} - System32\Tasks\SafeZone scheduled Autoupdate 1500998157 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-06-13] (Avast Software)
Task: {ADCEAB3F-9684-4814-BCC7-EDF7B3E05A30} - System32\Tasks\{5C5FABB7-A226-4158-A279-D13645A124F8} => C:\Users\DiNo\Downloads\W2W.exe
Task: {B7564E6F-0C10-4033-B1D9-409B2E855F50} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2010-12-05] (CyberLink)
Task: {D5EDD994-5A1C-4077-8E38-4440845FFB99} - System32\Tasks\{2636AC76-8A2F-4C1A-8552-B30D753A0524} => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
Task: {D7E70BA3-FC27-4293-8947-03C61797DCE8} - System32\Tasks\{2264F74B-1BE9-47DD-A0E7-BCD7FB7BF85E} => C:\Users\DiNo\Downloads\W2W.exe
Task: {F34477A7-94AA-4159-AB69-CB4CDF311FFE} - System32\Tasks\{2C72FD5A-CD62-401B-B78E-550AEA7379BB} => C:\Windows\system32\pcalua.exe -a C:\Users\DiNo\AppData\Local\Roblox\Versions\version-934c86ec4aa148f0\RobloxPlayerLauncher.exe -c -uninstall
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-07-26 09:24 - 2017-06-27 12:06 - 02260432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-07-25 23:54 - 2017-07-25 23:54 - 00447144 _____ () C:\Program Files\AVAST Software\Avast\AvastNM.exe
2017-07-25 18:10 - 2017-07-25 18:10 - 00162032 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
2017-07-25 18:10 - 2017-07-25 18:10 - 00831664 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll
2017-07-25 18:10 - 2017-07-25 18:10 - 00276808 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
2017-07-25 18:10 - 2017-07-25 18:10 - 00170224 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-07-25 18:10 - 2017-07-25 18:10 - 00192664 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-07-25 18:10 - 2017-07-25 18:10 - 00224256 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-07-26 01:30 - 2017-07-26 01:30 - 05886720 _____ () C:\Program Files\AVAST Software\Avast\defs\17072502\algo.dll
2017-07-25 18:10 - 2017-07-25 18:10 - 00689272 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-07-25 18:10 - 2017-07-25 18:10 - 00231664 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2017-07-25 18:10 - 2017-07-25 18:10 - 01065936 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-07-25 18:10 - 2017-07-25 18:10 - 67109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-07-25 18:10 - 2017-07-25 18:10 - 00292920 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-07-25 23:56 - 2017-06-13 22:21 - 68876832 _____ () C:\Program Files\AVAST Software\SZBrowser\3.55.2393.609\SZBrowser.dll
2016-11-28 00:12 - 2011-02-18 08:16 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2017-07-25 23:55 - 2017-06-13 22:21 - 01894432 _____ () C:\Program Files\AVAST Software\SZBrowser\3.55.2393.609\libglesv2.dll
2017-07-25 23:55 - 2017-06-13 22:21 - 00086560 _____ () C:\Program Files\AVAST Software\SZBrowser\3.55.2393.609\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 10:34 - 2016-12-09 19:22 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-371815623-3163942107-3489479027-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\DiNo\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.4.4 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupreg: 332BigDog => C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
MSCONFIG\startupreg: Domino => C:\Windows\Domino.exe
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SmartAudio => C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: Upwork => C:\Program Files (x86)\Upwork\upwork.exe
MSCONFIG\startupreg: VMSnap3 => C:\Windows\VMSnap3.exe
MSCONFIG\startupreg: YouCam Mirage => "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
MSCONFIG\startupreg: YouCam Tray => "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{144DDB73-00A6-42A8-97ED-F5F57FD15342}C:\users\dino\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\dino\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [UDP Query User{5B56E5F4-8B33-45A4-A195-AE75EA7978D7}C:\users\dino\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\dino\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [TCP Query User{63D38F68-26AD-4871-972D-0DA76FB5D6E2}C:\users\dino\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\dino\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [UDP Query User{741E4BCD-45AC-46C5-B883-9C486A65F19D}C:\users\dino\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\dino\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [{406C5E28-4448-4BEE-BAF5-9FDEDDFC8FCD}] => (Allow) C:\Program Files (x86)\Upwork\upwork.exe
FirewallRules: [{B6CD8B94-4971-43E3-9400-C1F0A9799C8C}] => (Allow) C:\Program Files (x86)\Upwork\upwork.exe
FirewallRules: [{B6404E43-7955-4697-9A0A-6B9FB82E3331}] => (Allow) C:\Program Files (x86)\Upwork\upwork.exe
FirewallRules: [{D77003D6-E460-4EB3-871D-66C24DDCF98E}] => (Allow) C:\Program Files (x86)\Upwork\upwork.exe
FirewallRules: [{DD2209C0-DBAF-4636-94FC-6AFCCC616519}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{4B8FA033-B9CD-436B-8F8F-49656371B670}] => (Allow) C:\Users\DiNo\Downloads\New folder\W2W.exe
FirewallRules: [{27B005C5-2564-4DB9-AD4D-115FABAAFAB1}] => (Allow) C:\Users\DiNo\Downloads\New folder\W2W.exe
FirewallRules: [{ADC7496A-21CD-4C94-8EA0-AC061B8ADBE2}] => (Allow) C:\Users\DiNo\Downloads\New folder\W2W.exe
FirewallRules: [{014204D2-B56B-4420-B117-47978AF80B59}] => (Allow) C:\Users\DiNo\Downloads\New folder\W2W.exe
FirewallRules: [{321474FD-A288-43D5-8E06-84CEAD479232}] => (Allow) C:\Program Files\AVAST Software\Avast\avastui.exe
FirewallRules: [{CB1DC76A-39A8-4A2B-951C-A345BD072446}] => (Allow) C:\Program Files\AVAST Software\Avast\avastui.exe
FirewallRules: [{33D1236A-C161-4F55-9BC2-90A575F98E9F}] => (Allow) C:\Program Files\AVAST Software\Avast\avastui.exe
FirewallRules: [{980F49B6-AC86-4E42-8B47-9063D21F8065}] => (Allow) C:\Program Files\AVAST Software\Avast\avastui.exe
FirewallRules: [{D0C5A009-3A2C-45C0-9148-31C89B9D04B7}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.609\SZBrowser.exe
 
==================== Restore Points =========================
 
22-07-2017 14:43:02 Windows Update
23-07-2017 19:01:29 Windows Backup
24-07-2017 10:51:27 avast! Free Antivirus Setup
25-07-2017 01:13:46 avast! Free Antivirus Setup
25-07-2017 07:12:32 avast! Free Antivirus Setup
25-07-2017 16:53:48 avast! Free Antivirus Setup
25-07-2017 21:14:11 Windows Update
25-07-2017 22:05:07 Removed Skype™ 7.38
25-07-2017 22:06:43 Removed Java 8 Update 121
25-07-2017 22:40:00 Windows Update
26-07-2017 08:39:52 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
Name: USB2.0-CRW
Description: USB2.0-CRW
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/26/2017 09:55:24 AM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x8000ffff.
 
Error: (07/26/2017 07:46:14 AM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x8000ffff.
 
Error: (07/26/2017 07:18:44 AM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x8000ffff.
 
Error: (07/26/2017 03:18:36 AM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x8000ffff.
 
Error: (07/26/2017 03:08:21 AM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x8000ffff.
 
Error: (07/26/2017 01:30:59 AM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x8000ffff.
 
Error: (07/25/2017 10:55:28 PM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x8000ffff.
 
Error: (07/25/2017 07:46:32 PM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x8000ffff.
 
Error: (07/25/2017 06:55:06 PM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x8000ffff.
 
Error: (07/25/2017 06:52:45 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll".
Dependent Assembly Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (07/26/2017 10:43:16 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolume2.
 
Error: (07/26/2017 09:52:55 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (07/26/2017 07:44:01 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (07/26/2017 07:42:35 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\bcmihvsrv64.dll
 
Error: (07/26/2017 07:42:35 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\bcmihvsrv64.dll
 
Error: (07/26/2017 07:42:19 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\bcmihvsrv64.dll
 
Error: (07/26/2017 07:42:13 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
 
Error: (07/26/2017 07:41:14 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (07/26/2017 07:41:13 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/26/2017 07:16:33 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
 
CodeIntegrity:
===================================
  Date: 2016-12-05 12:21:06.974
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbVM303.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-12-05 12:21:06.958
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbVM303.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU B800 @ 1.50GHz
Percentage of memory in use: 78%
Total physical RAM: 1991.86 MB
Available physical RAM: 418.64 MB
Total Virtual: 3983.72 MB
Available Virtual: 1768.4 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:147.36 GB) (Free:91.15 GB) NTFS
Drive d: () (Fixed) (Total:150.63 GB) (Free:64.87 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: C3FFC3FF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=147.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=150.6 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

  • 0

#10
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,650 posts
A few items to fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.
start
CloseProcesses:
CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-371815623-3163942107-3489479027-1000\...\MountPoints2: {e4dd7202-b4bc-11e6-aa64-806e6f6e6963} - E:\setup.exe
GroupPolicy: Restriction <==== ATTENTION
GroupPolicyScripts: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-371815623-3163942107-3489479027-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
ContextMenuHandlers01: [UnZipper] -> {73950f91-2061-4ea3-8bd5-49ec4bf08ac2} =>  -> No File
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers01: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
ContextMenuHandlers03: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
ContextMenuHandlers04: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
ContextMenuHandlers04: [UnZipper] -> {73950f91-2061-4ea3-8bd5-49ec4bf08ac2} =>  -> No File
ContextMenuHandlers04: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
ContextMenuHandlers05: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
ContextMenuHandlers06: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers06: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
Emptytemp:
  • Click Format and ensure Wordwrap is unchecked.
  • Save as Fixlist.txt to D:\OS\SPYWAREMALWARE (Must be in this location)
  • Run FRST/FRST64 and press the Fix button just once and wait.
  • If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
  • The tool will make a log in D:\OS\SPYWAREMALWARE (Fixlog.txt). Please post it to your reply.
Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.
  • 0

Advertisements


#11
edselt

edselt

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Fix result of Farbar Recovery Scan Tool (x64) Version: 23-07-2017
Ran by DiNo (26-07-2017 11:05:03) Run:1
Running from D:\OS\SPYWAREMALWARE
Loaded Profiles: DiNo (Available Profiles: DiNo)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
CloseProcesses:
CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-371815623-3163942107-3489479027-1000\...\MountPoints2: {e4dd7202-b4bc-11e6-aa64-806e6f6e6963} - E:\setup.exe
GroupPolicy: Restriction <==== ATTENTION
GroupPolicyScripts: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-371815623-3163942107-3489479027-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
ContextMenuHandlers01: [UnZipper] -> {73950f91-2061-4ea3-8bd5-49ec4bf08ac2} =>  -> No File
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers01: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
ContextMenuHandlers03: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
ContextMenuHandlers04: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
ContextMenuHandlers04: [UnZipper] -> {73950f91-2061-4ea3-8bd5-49ec4bf08ac2} =>  -> No File
ContextMenuHandlers04: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
ContextMenuHandlers05: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
ContextMenuHandlers06: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers06: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
Emptytemp:
*****************
 
Processes closed successfully.
Restore point was successfully created.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key removed successfully
HKU\S-1-5-21-371815623-3163942107-3489479027-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4dd7202-b4bc-11e6-aa64-806e6f6e6963} => key removed successfully
HKLM\Software\Classes\CLSID\{e4dd7202-b4bc-11e6-aa64-806e6f6e6963} => key not found. 
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"C:\Windows\system32\GroupPolicy\Machine" => not found.
HKLM\SOFTWARE\Policies\Google => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-371815623-3163942107-3489479027-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\UnZipper => key removed successfully
HKLM\Software\Classes\CLSID\{73950f91-2061-4ea3-8bd5-49ec4bf08ac2} => key not found. 
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32 => key removed successfully
HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA} => key not found. 
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX => key removed successfully
HKLM\Software\Classes\CLSID\{6C467336-8281-4E60-8204-430CED96822D} => key not found. 
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX => key removed successfully
HKLM\Software\Classes\CLSID\{6C467336-8281-4E60-8204-430CED96822D} => key not found. 
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\PowerISO => key removed successfully
HKLM\Software\Classes\CLSID\{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => key not found. 
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\UnZipper => key removed successfully
HKLM\Software\Classes\CLSID\{73950f91-2061-4ea3-8bd5-49ec4bf08ac2} => key not found. 
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX => key removed successfully
HKLM\Software\Classes\CLSID\{6C467336-8281-4E60-8204-430CED96822D} => key not found. 
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX => key removed successfully
HKLM\Software\Classes\CLSID\{6C467336-8281-4E60-8204-430CED96822D} => key not found. 
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\PowerISO => key removed successfully
HKLM\Software\Classes\CLSID\{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => key not found. 
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32 => key removed successfully
HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA} => key not found. 
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX => key removed successfully
HKLM\Software\Classes\CLSID\{6C467336-8281-4E60-8204-430CED96822D} => key not found. 
 
========= bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6806660 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 738453199 B
Edge => 0 B
Chrome => 24199296 B
Firefox => 36970850 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 83519 B
systemprofile32 => 82427 B
LocalService => 132244 B
NetworkService => 104082 B
DiNo => 175028817 B
 
RecycleBin => 3122410 B
EmptyTemp: => 947.4 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 11:07:17 ====

  • 0

#12
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,650 posts
Lets check the disc for errors now, run checkdisc from a command prompt.


Check the Disk for Errors

open the Command Prompt as Administrator, click start in the searsh box type CMD, then right click on CMD and run as admin
type the command:
 
chkdsk C: /f /x
Note: When it ask if you want to checked the volume next time the system restarts answer Yes
Restart the Computer and let the check run during boot.

After checkdisc finishes

download ListChkdskResult https://www.dropbox....Result.exe?dl=1
execute the file and accept all the windows prompts to authorize the program to run
Notepad will open with a report showing the chkdsk result
copy & paste the log to your reply
  • 0

#13
edselt

edselt

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
ListChkdskResult by SleepyDude v0.1.7 Beta | 21-09-2013
 
------< Log generate on 7/26/2017 5:15:23 PM >------
Category: 0
Computer Name: DiNo-PC
Event Code: 26212
Record Number: 33233
Source Name: Chkdsk
Time Written: 07-25-2017 @ 19:03:48
Event Type: Information
User: 
Message: Chkdsk was executed in read-only mode on a volume snapshot.  
 
Checking file system on C:
 
CHKDSK is verifying files (stage 1 of 5)...
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x63623c for possibly 0x16 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0x11c37 is already in use.
Attribute record (128, "") from file record segment 72759
is corrupt.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x26b95b for possibly 0x1 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0x11e3b is already in use.
Attribute record (128, "") from file record segment 73275
is corrupt.
Attribute record of type 0x80 and instance tag 0x3 is cross linked
starting at 0x64418b for possibly 0x16 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x3
in file 0x13038 is already in use.
Attribute record (128, "") from file record segment 77880
is corrupt.
Attribute record of type 0x80 and instance tag 0x3 is cross linked
starting at 0x644189 for possibly 0x2 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x3
in file 0x1309b is already in use.
Attribute record (128, "") from file record segment 77979
is corrupt.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x387325 for possibly 0x9 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0x13920 is already in use.
Attribute record (128, "") from file record segment 80160
is corrupt.
  226560 file records processed.                                         
 
File verification completed.
  850 large file records processed.                                   
 
 
Errors found.  CHKDSK cannot continue in read-only mode.
 
-----------------------------------------------------------------------
Category: 0
Computer Name: DiNo-PC
Event Code: 26212
Record Number: 33231
Source Name: Chkdsk
Time Written: 07-25-2017 @ 18:54:22
Event Type: Information
User: 
Message: Chkdsk was executed in read-only mode on a volume snapshot.  
 
Checking file system on C:
The type of the file system is NTFS.
 
WARNING!  F parameter not specified.
Running CHKDSK in read-only mode.
 
CHKDSK is verifying files (stage 1 of 3)...
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x63623c for possibly 0x16 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0x11c37 is already in use.
 
Attribute record (128, "") from file record segment 72759
is corrupt.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x26b95b for possibly 0x1 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0x11e3b is already in use.
Attribute record (128, "") from file record segment 73275
is corrupt.
Attribute record of type 0x80 and instance tag 0x3 is cross linked
starting at 0x64418b for possibly 0x16 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x3
in file 0x13038 is already in use.
 
Attribute record (128, "") from file record segment 77880
is corrupt.
Attribute record of type 0x80 and instance tag 0x3 is cross linked
starting at 0x644189 for possibly 0x2 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x3
in file 0x1309b is already in use.
Attribute record (128, "") from file record segment 77979
is corrupt.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x387325 for possibly 0x9 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0x13920 is already in use.
Attribute record (128, "") from file record segment 80160
is corrupt.
Attribute record of type 0x80 and instance tag 0x0 is cross linked
starting at 0x3ae325 for possibly 0x7 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x0
in file 0x14b1d is already in use.
The attribute of type 0x80 and instance tag 0x0 in file 0x14b1d
has allocated length of 0x216e7000 instead of 0x6350000.
 
Deleted corrupt attribute list entry
with type code 128 in file 84765.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x740000000107c6.  The expected attribute type is 0x80.
Attribute record (128, "") from file record segment 67526
is corrupt.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x8c000000010c7f.  The expected attribute type is 0x80.
Attribute record (128, "") from file record segment 68735
is corrupt.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x10000000011468.  The expected attribute type is 0x80.
Attribute record (128, "") from file record segment 70760
is corrupt.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x6000000011546.  The expected attribute type is 0x80.
Attribute record (128, "") from file record segment 70982
is corrupt.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x500000001154b.  The expected attribute type is 0x80.
Attribute record (128, "") from file record segment 70987
is corrupt.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x600000001154f.  The expected attribute type is 0x80.
Attribute record (128, "") from file record segment 70991
is corrupt.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x8000000011553.  The expected attribute type is 0x80.
Attribute record (128, "") from file record segment 70995
is corrupt.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x70000000115a6.  The expected attribute type is 0x80.
Attribute record (128, "") from file record segment 71078
is corrupt.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x6d000000012607.  The expected attribute type is 0x80.
Attribute record (128, "") from file record segment 75271
is corrupt.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x30000000012f7a.  The expected attribute type is 0x80.
Attribute record (128, "") from file record segment 77690
is corrupt.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x430000000130af.  The expected attribute type is 0x80.
Attribute record (128, "") from file record segment 77999
is corrupt.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x33000000013cd9.  The expected attribute type is 0x80.
Attribute record (128, "") from file record segment 81113
is corrupt.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x29000000013cdf.  The expected attribute type is 0x80.
Attribute record (128, "") from file record segment 81119
is corrupt.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x14000000013da2.  The expected attribute type is 0x80.
Attribute record (128, "") from file record segment 81314
is corrupt.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x26000000014175.  The expected attribute type is 0x80.
Attribute record (128, "") from file record segment 82293
is corrupt.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x630000000141ae.  The expected attribute type is 0x80.
Attribute record (128, "") from file record segment 82350
is corrupt.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x380000000142f3.  The expected attribute type is 0x80.
Attribute record (128, "") from file record segment 82675
is corrupt.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x84000000014531.  The expected attribute type is 0x80.
Attribute record (128, "") from file record segment 83249
is corrupt.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x600000001abc7.  The expected attribute type is 0x80.
Attribute record (128, "") from file record segment 109511
is corrupt.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x700000001ace2.  The expected attribute type is 0x80.
Attribute record (128, "") from file record segment 109794
is corrupt.
Unable to locate attribute with instance tag 0x0 and segment
reference 0xa00000001ace9.  The expected attribute type is 0x80.
Attribute record (128, "") from file record segment 109801
is corrupt.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x1100000001ad35.  The expected attribute type is 0x80.
Attribute record (128, "") from file record segment 109877
is corrupt.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x800000001ad39.  The expected attribute type is 0x80.
Attribute record (128, "") from file record segment 109881
is corrupt.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x900000001ad42.  The expected attribute type is 0x80.
Attribute record (128, "") from file record segment 109890
is corrupt.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x900000001af9b.  The expected attribute type is 0x80.
Attribute record (128, "") from file record segment 110491
is corrupt.
  226560 file records processed.                                         
 
File verification completed.
File record segment 67526 is an orphan.
File record segment 68735 is an orphan.
File record segment 70760 is an orphan.
File record segment 70982 is an orphan.
File record segment 70987 is an orphan.
File record segment 70991 is an orphan.
File record segment 70995 is an orphan.
File record segment 71078 is an orphan.
File record segment 75271 is an orphan.
File record segment 77690 is an orphan.
File record segment 77999 is an orphan.
File record segment 81113 is an orphan.
File record segment 81119 is an orphan.
File record segment 81314 is an orphan.
File record segment 82293 is an orphan.
File record segment 82350 is an orphan.
File record segment 82675 is an orphan.
File record segment 83249 is an orphan.
File record segment 109511 is an orphan.
File record segment 109794 is an orphan.
File record segment 109801 is an orphan.
File record segment 109877 is an orphan.
File record segment 109881 is an orphan.
File record segment 109890 is an orphan.
File record segment 110491 is an orphan.
  875 large file records processed.                                   
 
 
Errors found.  CHKDSK cannot continue in read-only mode.
 
-----------------------------------------------------------------------
Category: 0
Computer Name: DiNo-PC
Event Code: 26212
Record Number: 33223
Source Name: Chkdsk
Time Written: 07-25-2017 @ 18:47:11
Event Type: Information
User: 
Message: Chkdsk was executed in read-only mode on a volume snapshot.  
 
Checking file system on C:
The type of the file system is NTFS.
 
WARNING!  F parameter not specified.
Running CHKDSK in read-only mode.
 
CHKDSK is verifying files (stage 1 of 3)...
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x63623c for possibly 0x16 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0x11c37 is already in use.
 
Attribute record (128, "") from file record segment 72759
is corrupt.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x26b95b for possibly 0x1 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0x11e3b is already in use.
Attribute record (128, "") from file record segment 73275
is corrupt.
Attribute record of type 0x80 and instance tag 0x3 is cross linked
starting at 0x64418b for possibly 0x16 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x3
in file 0x13038 is already in use.
Attribute record (128, "") from file record segment 77880
is corrupt.
Attribute record of type 0x80 and instance tag 0x3 is cross linked
starting at 0x644189 for possibly 0x2 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x3
in file 0x1309b is already in use.
Attribute record (128, "") from file record segment 77979
is corrupt.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x387325 for possibly 0x9 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0x13920 is already in use.
Attribute record (128, "") from file record segment 80160
is corrupt.
Attribute record of type 0x80 and instance tag 0x0 is cross linked
starting at 0x3ae325 for possibly 0x7 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x0
in file 0x14b1d is already in use.
The attribute of type 0x80 and instance tag 0x0 in file 0x14b1d
has allocated length of 0x216e7000 instead of 0x6350000.
Deleted corrupt attribute list entry
with type code 128 in file 84765.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x740000000107c6.  The expected attribute type is 0x80.
Attribute record (128, "") from file record segment 67526
is corrupt.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x8c000000010c7f.  The expected attribute type is 0x80.
Attribute record (128, "") from file record segment 68735
is corrupt.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x10000000011468.  The expected attribute type is 0x80.
Attribute record (128, "") from file record segment 70760
is corrupt.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x6000000011546.  The expected attribute type is 0x80.
Attribute record (128, "") from file record segment 70982
is corrupt.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x500000001154b.  The expected attribute type is 0x80.
Attribute record (128, "") from file record segment 70987
is corrupt.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x600000001154f.  The expected attribute type is 0x80.
Attribute record (128, "") from file record segment 70991
is corrupt.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x8000000011553.  The expected attribute type is 0x80.
Attribute record (128, "") from file record segment 70995
is corrupt.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x70000000115a6.  The expected attribute type is 0x80.
Attribute record (128, "") from file record segment 71078
is corrupt.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x6d000000012607.  The expected attribute type is 0x80.
Attribute record (128, "") from file record segment 75271
is corrupt.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x30000000012f7a.  The expected attribute type is 0x80.
Attribute record (128, "") from file record segment 77690
is corrupt.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x430000000130af.  The expected attribute type is 0x80.
Attribute record (128, "") from file record segment 77999
is corrupt.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x33000000013cd9.  The expected attribute type is 0x80.
Attribute record (128, "") from file record segment 81113
is corrupt.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x29000000013cdf.  The expected attribute type is 0x80.
Attribute record (128, "") from file record segment 81119
is corrupt.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x14000000013da2.  The expected attribute type is 0x80.
Attribute record (128, "") from file record segment 81314
is corrupt.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x26000000014175.  The expected attribute type is 0x80.
Attribute record (128, "") from file record segment 82293
is corrupt.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x630000000141ae.  The expected attribute type is 0x80.
Attribute record (128, "") from file record segment 82350
is corrupt.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x380000000142f3.  The expected attribute type is 0x80.
Attribute record (128, "") from file record segment 82675
is corrupt.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x84000000014531.  The expected attribute type is 0x80.
Attribute record (128, "") from file record segment 83249
is corrupt.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x600000001abc7.  The expected attribute type is 0x80.
Attribute record (128, "") from file record segment 109511
is corrupt.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x700000001ace2.  The expected attribute type is 0x80.
Attribute record (128, "") from file record segment 109794
is corrupt.
Unable to locate attribute with instance tag 0x0 and segment
reference 0xa00000001ace9.  The expected attribute type is 0x80.
Attribute record (128, "") from file record segment 109801
is corrupt.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x1100000001ad35.  The expected attribute type is 0x80.
Attribute record (128, "") from file record segment 109877
is corrupt.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x800000001ad39.  The expected attribute type is 0x80.
Attribute record (128, "") from file record segment 109881
is corrupt.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x900000001ad42.  The expected attribute type is 0x80.
Attribute record (128, "") from file record segment 109890
is corrupt.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x900000001af9b.  The expected attribute type is 0x80.
Attribute record (128, "") from file record segment 110491
is corrupt.
  226560 file records processed.                                         
 
File verification completed.
File record segment 67526 is an orphan.
File record segment 68735 is an orphan.
File record segment 70760 is an orphan.
File record segment 70982 is an orphan.
File record segment 70987 is an orphan.
File record segment 70991 is an orphan.
File record segment 70995 is an orphan.
File record segment 71078 is an orphan.
File record segment 75271 is an orphan.
File record segment 77690 is an orphan.
File record segment 77999 is an orphan.
File record segment 81113 is an orphan.
File record segment 81119 is an orphan.
File record segment 81314 is an orphan.
File record segment 82293 is an orphan.
File record segment 82350 is an orphan.
File record segment 82675 is an orphan.
File record segment 83249 is an orphan.
File record segment 109511 is an orphan.
File record segment 109794 is an orphan.
File record segment 109801 is an orphan.
File record segment 109877 is an orphan.
File record segment 109881 is an orphan.
File record segment 109890 is an orphan.
File record segment 110491 is an orphan.
  873 large file records processed.                                   
 
 
Errors found.  CHKDSK cannot continue in read-only mode.
 
-----------------------------------------------------------------------
Category: 0
Computer Name: DiNo-PC
Event Code: 26212
Record Number: 12636
Source Name: Chkdsk
Time Written: 03-06-2017 @ 07:18:56
Event Type: Information
User: 
Message: Chkdsk was executed in read-only mode on a volume snapshot.  
 
Checking file system on C:
The type of the file system is NTFS.
 
WARNING!  F parameter not specified.
Running CHKDSK in read-only mode.
 
CHKDSK is verifying files (stage 1 of 3)...
Attribute record of type 0x80 and instance tag 0x3 is cross linked
starting at 0xaafcc for possibly 0x5 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x3
in file 0x1daba is already in use.
 
Attribute record (128, "") from file record segment 121530
is corrupt.
  214016 file records processed.                                         
 
File verification completed.
  370 large file records processed.                                   
 
 
Errors found.  CHKDSK cannot continue in read-only mode.
 
-----------------------------------------------------------------------
Category: 0
Computer Name: DiNo-PC
Event Code: 26212
Record Number: 10303
Source Name: Chkdsk
Time Written: 02-19-2017 @ 05:57:31
Event Type: Information
User: 
Message: Chkdsk was executed in read-only mode on a volume snapshot.  
 
Checking file system on C:
The type of the file system is NTFS.
 
WARNING!  F parameter not specified.
Running CHKDSK in read-only mode.
 
CHKDSK is verifying files (stage 1 of 3)...
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x5ec23 for possibly 0x1 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0x100e0 is already in use.
 
Attribute record (128, "") from file record segment 65760
is corrupt.
  146432 file records processed.                                         
 
File verification completed.
  201 large file records processed.                                   
 
 
Errors found.  CHKDSK cannot continue in read-only mode.
 
-----------------------------------------------------------------------
Category: 0
Computer Name: DiNo-PC
Event Code: 26212
Record Number: 9877
Source Name: Chkdsk
Time Written: 02-17-2017 @ 00:15:17
Event Type: Information
User: 
Message: Chkdsk was executed in read-only mode on a volume snapshot.  
 
Checking file system on C:
The type of the file system is NTFS.
 
WARNING!  F parameter not specified.
Running CHKDSK in read-only mode.
 
CHKDSK is verifying files (stage 1 of 3)...
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x5ec23 for possibly 0x1 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0x100e0 is already in use.
 
Attribute record (128, "") from file record segment 65760
is corrupt.
  146432 file records processed.                                         
 
File verification completed.
  198 large file records processed.                                   
 
 
Errors found.  CHKDSK cannot continue in read-only mode.
 
-----------------------------------------------------------------------
Category: 0
Computer Name: DiNo-PC
Event Code: 26212
Record Number: 2062
Source Name: Chkdsk
Time Written: 12-12-2016 @ 07:17:06
Event Type: Information
User: 
Message: Chkdsk was executed in read-only mode on a volume snapshot.  
 
Checking file system on C:
The type of the file system is NTFS.
 
WARNING!  F parameter not specified.
Running CHKDSK in read-only mode.
 
CHKDSK is verifying files (stage 1 of 3)...
  146432 file records processed.                                         
 
File verification completed.
  196 large file records processed.                                   
 
  0 bad file records processed.                                     
 
  2 EA records processed.                                           
 
  47 reparse records processed.                                      
 
CHKDSK is verifying indexes (stage 2 of 3)...
  189556 index entries processed.                                        
 
Index verification completed.
  0 unindexed files scanned.                                        
 
  0 unindexed files recovered.                                      
 
CHKDSK is verifying security descriptors (stage 3 of 3)...
  146432 file SDs/SIDs processed.                                        
 
Cleaning up 324 unused index entries from index $SII of file 0x9.
Cleaning up 324 unused index entries from index $SDH of file 0x9.
Cleaning up 324 unused security descriptors.
Security descriptor verification completed.
  21563 data files processed.                                           
 
CHKDSK is verifying Usn Journal...
  34108776 USN bytes processed.                                            
 
Usn Journal verification completed.
The master file table's (MFT) BITMAP attribute is incorrect.
The Volume Bitmap is incorrect.
Windows found problems with the file system.
Run CHKDSK with the /F (fix) option to correct these.
 
 154521599 KB total disk space.
  22238156 KB in 99158 files.
     73820 KB in 21564 indexes.
         0 KB in bad sectors.
    250955 KB in use by the system.
     65536 KB occupied by the log file.
 131958668 KB available on disk.
 
      4096 bytes in each allocation unit.
  38630399 total allocation units on disk.
  32989667 allocation units available on disk.
 
-----------------------------------------------------------------------

  • 0

#14
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,650 posts
Hello,

How is the computer doing ?

I may have someone else take a look at that log for checkdisc.
  • 0

#15
edselt

edselt

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

it looks fine, thank you for your help... 


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP