Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Virus Spyware, and Malware remova

Started by edselt , Jul 25 2017 05:08 AM

Please log in to reply

#1
edselt

Posted 25 July 2017 - 05:08 AM

New Member

Member
9 posts

Im not sure my loptop has been infected please advice...

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-07-2017

Ran by DiNo (administrator) on DINO-PC (25-07-2017 18:20:15)

Running from C:\Users\DiNo\Downloads

Loaded Profiles: DiNo (Available Profiles: DiNo)

Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe

(Vimicro) C:\Windows\VMSnap3.exe

() C:\Windows\Domino.exe

(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Microsoft Corporation) C:\Windows\System32\taskmgr.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\setup\instup.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213832 2017-07-25] (AVAST Software)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION

HKU\S-1-5-21-371815623-3163942107-3489479027-1000\...\MountPoints2: {e4dd7202-b4bc-11e6-aa64-806e6f6e6963} - E:\setup.exe

HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2016-12-12] (Microsoft Corporation)

GroupPolicy: Restriction <==== ATTENTION

GroupPolicyScripts: Restriction <==== ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.254.254 192.168.254.254

Tcpip\..\Interfaces\{83B85271-B184-48DF-BF65-A8201BF715CB}: [DhcpNameServer] 192.168.254.254 192.168.254.254

Tcpip\..\Interfaces\{EEA3698C-129E-40E3-8CFC-2EC3466A5E51}: [NameServer] 8.8.4.4,8.8.8.8

Tcpip\..\Interfaces\{EEA3698C-129E-40E3-8CFC-2EC3466A5E51}: [DhcpNameServer] 192.168.254.254 192.168.254.254

Internet Explorer:

==================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ph.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_btlrd_17_25_dopc&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dph%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1Qzu0D0CtD0E0AtCzzyC0DtC0DyC0D0AyCzytN0D0Tzu0StCzyzyyDtN1L2XzutAtFtBzytFtAtFyDtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StA0ByD0B0F0F0A0CtGyEtB0EyCtGzzyDyE0AtGtBtC0A0DtGtCzy0A0AtD0E0FyD0A0CyDyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytByD0CtAyCtByEtGyE0ByB0DtGyEyC0F0EtG0B0EtBtCtGtByBzz0E0CtB0A0DyDtA0D0D2QtN0A0LzuyE%26cr%3D2045322524%26a%3Dwny_btlrd_17_25_dopc%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://ph.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_btlrd_17_25_dopc&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dph%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1Qzu0D0CtD0E0AtCzzyC0DtC0DyC0D0AyCzytN0D0Tzu0StCzyzyyDtN1L2XzutAtFtBzytFtAtFyDtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StA0ByD0B0F0F0A0CtGyEtB0EyCtGzzyDyE0AtGtBtC0A0DtGtCzy0A0AtD0E0FyD0A0CyDyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytByD0CtAyCtByEtGyE0ByB0DtGyEyC0F0EtG0B0EtBtCtGtByBzz0E0CtB0A0DyDtA0D0D2QtN0A0LzuyE%26cr%3D2045322524%26a%3Dwny_btlrd_17_25_dopc%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_btlrd_17_25_dopc&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1Qzu0D0CtD0E0AtCzzyC0DtC0DyC0D0AyCzytN0D0Tzu0StCzyzyyDtN1L2XzutAtFtBzytFtAtFyDtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StA0ByD0B0F0F0A0CtGyEtB0EyCtGzzyDyE0AtGtBtC0A0DtGtCzy0A0AtD0E0FyD0A0CyDyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytByD0CtAyCtByEtGyE0ByB0DtGyEyC0F0EtG0B0EtBtCtGtByBzz0E0CtB0A0DyDtA0D0D2QtN0A0LzuyE%26cr%3D2045322524%26a%3Dwny_btlrd_17_25_dopc%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_btlrd_17_25_dopc&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1Qzu0D0CtD0E0AtCzzyC0DtC0DyC0D0AyCzytN0D0Tzu0StCzyzyyDtN1L2XzutAtFtBzytFtAtFyDtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StA0ByD0B0F0F0A0CtGyEtB0EyCtGzzyDyE0AtGtBtC0A0DtGtCzy0A0AtD0E0FyD0A0CyDyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytByD0CtAyCtByEtGyE0ByB0DtGyEyC0F0EtG0B0EtBtCtGtByBzz0E0CtB0A0DyDtA0D0D2QtN0A0LzuyE%26cr%3D2045322524%26a%3Dwny_btlrd_17_25_dopc%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}

SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_btlrd_17_25_dopc&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1Qzu0D0CtD0E0AtCzzyC0DtC0DyC0D0AyCzytN0D0Tzu0StCzyzyyDtN1L2XzutAtFtBzytFtAtFyDtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StA0ByD0B0F0F0A0CtGyEtB0EyCtGzzyDyE0AtGtBtC0A0DtGtCzy0A0AtD0E0FyD0A0CyDyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytByD0CtAyCtByEtGyE0ByB0DtGyEyC0F0EtG0B0EtBtCtGtByBzz0E0CtB0A0DyDtA0D0D2QtN0A0LzuyE%26cr%3D2045322524%26a%3Dwny_btlrd_17_25_dopc%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}

SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_btlrd_17_25_dopc&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1Qzu0D0CtD0E0AtCzzyC0DtC0DyC0D0AyCzytN0D0Tzu0StCzyzyyDtN1L2XzutAtFtBzytFtAtFyDtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StA0ByD0B0F0F0A0CtGyEtB0EyCtGzzyDyE0AtGtBtC0A0DtGtCzy0A0AtD0E0FyD0A0CyDyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytByD0CtAyCtByEtGyE0ByB0DtGyEyC0F0EtG0B0EtBtCtGtByBzz0E0CtB0A0DyDtA0D0D2QtN0A0LzuyE%26cr%3D2045322524%26a%3Dwny_btlrd_17_25_dopc%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-07-25] (AVAST Software)

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-04] (Oracle Corporation)

BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-07-25] (AVAST Software)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-04] (Oracle Corporation)

StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:

========

FF DefaultProfile: 50x2pgiq.default-1497831639553

FF ProfilePath: C:\Users\DiNo\AppData\Roaming\Mozilla\Firefox\Profiles\50x2pgiq.default-1497831639553 [2017-07-25]

FF Extension: (Firefox Hotfix) - C:\Users\DiNo\AppData\Roaming\Mozilla\Firefox\Profiles\50x2pgiq.default-1497831639553\Extensions\[email protected] [2017-06-19]

FF ProfilePath: C:\Users\DiNo\AppData\Roaming\Mozilla\Firefox\Profiles\cyfvltd1.default-1497831639553-1497831929156 [2017-06-19]

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-04] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-04] (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-07-21] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-07-21] (Google Inc.)

Chrome:

=======

CHR DefaultProfile: Default

CHR HomePage: Default -> hxxp://start.roboform.com

CHR StartupUrls: Default -> "hxxp://start.roboform.com/","hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl","hxxp://vosteran.com/?f=7&a=vst_dnldastr_15_01_ch&cd=2XzuyEtN2Y1L1QzutDtDtC0F0EtByC0BtAtDyE0A0AzyyDzztN0D0Tzu0StCtDzyyDtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyC0A0EyByEtAzytDtG0FtA0CyDtG0AyC0B0AtG0AtA0A0BtGyByDtDtD0FtCyE0Ezz0F0DtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0CyE0Czz0E0E0DtGzzzy0FzytGyEtC0EtDtG0A0E0EtBtG0A0FyC0F0B0B0BzyyEtCtBtD2Q&cr=1552769452&ir=","hxxps://ph.search.yahoo.com/yhs/web?hspart=itm&hsimp=yhs-001&type=jmb_dnldastr_16_09&param1=1&param2=f%3D7%26b%3Dchmm%26cc%3Dph%26pa%3DJoomborio%26cd%3D2XzuyEtN2Y1L1QzutDtDtBtByCzytD0D0EtCtDyBtDyB0EyDtN0D0Tzu0StCyDtBtAtN1L2XzutAtFtCyBtFtCtCtFyCtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StCyE0DtCzztDtA0FtGyDtCyD0BtG0ByDyCzytGtB0AzytCtG0FyDzzyBtDtA0BtA0E0B0Azz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEzz0B0AyCtC0BzztGyByB0EyDtGyEyDyD0AtGzztD0EyEtGtCyBzy0C0EyCzztAzy0F0BtD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyDzyyE%26cr%3D787642898%26a%3Djmb_dnldastr_16_09%26os_ver%3D5.1%26os%3DWindows%2BXP&uref=chmm","hxxp://google/","hxxp://www.hohosearch.com/?mode=nnnb&ptid=amz&uid=4C0A05067EAE17E3077F62DD65286CE4&v=20160317&ts=AHEpC3AmB3QpCE..","hxxps://ph.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_tggl_16_52&param1=1&param2=f%3D7%26b%3Dchmm%26cc%3Dph%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtBtAyD0A0E0B0F0DtAtCyDtBtB0BtN0D0Tzu0StCzztByBtN1L2XzutAtFtByDtFtCtFzzyEtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StAzytCyB0C0EyEzytGyD0CtB0DtGzyyCzzyBtGyE0EtBtBtGtCyDtDyDyByD0ByD0CtAtBtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AzyyE0FzzyBtAyBtG0AtD0C0AtGyEtAzztCtGzyzzyCzytG0AtDtAyC0C0A0A0DtC0FtAtA2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCtAyBtC%26cr%3D645584324%26a%3Dwbf_tggl_16_52%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&uref=chmm","hxxps://ph.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_btlrd_16_50&param1=1&param2=f%3D7%26b%3Dchmm%26cc%3Dph%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtBtAyD0A0E0B0F0DtAtCyDtBtB0BtN0D0Tzu0StCzztCtBtN1L2XzutAtFtByDtFtCtFyDtBtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyB0AyE0DtAyDtD0AtGtBtDtAtAtGtB0D0EzytGtD0F0ByEtG0AyCyEyEyE0EyC0A0DtAyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AzyyE0FzzyBtAyBtG0AtD0C0AtGyEtAzztCtGzyzzyCzytG0AtDtAyC0C0A0A0DtC0FtAtA2QtN0A0LzuyE%26cr%3D1327159663%26a%3Dwbf_btlrd_16_50%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate","hxxps://ph.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_17_03_wbf_tggl_16_52&param1=1&param2=f%3D7%26b%3Dchmm%26cc%3Dph%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1QzutDtDtBtAyD0A0E0B0F0DtAtCyDtBtB0BtN0D0Tzu0StCzzyEzztN1L2XzutAtFtByDtFtCtFyDtCtN1L1Czu1M1Q1CtAtCtFtCyEtFtDtN1L1G1B1V1N2Y1L1Qzu2SyD0D0EtDtC0BzyzytGyB0FzyyCtGtCtDtByBtGtA0BtA0FtG0E0EyCyDyEtByD0CtA0F0F0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AzyyE0FzzyBtAyBtG0AtD0C0AtGyEtAzztCtGzyzzyCzytG0AtDtAyC0C0A0A0DtC0FtAtA2QtN0A0LzuyE%26cr%3D178718939%26a%3Dhdr_s_17_03_wbf_tggl_16_52%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&uref=chmm","hxxps://ph.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_17_04_wbf_tggl_16_52&param1=1&param2=f%3D7%26b%3Dchmm%26cc%3Dph%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1QzutDtDtBtAyD0A0E0B0F0DtAtCyDtBtB0BtN0D0Tzu0StCzzyEzytN1L2XzutAtFtByDtFtCtFyDtCtN1L1Czu1M1Q1CtAtCtFtCyEtFtDtN1L1G1B1V1N2Y1L1Qzu2StBtC0AtDtAzy0C0FtGtA0F0D0AtGtAtCyEtCtGyC0C0CtAtGyEyBtB0ByC0D0EyByDyD0D0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AzyyE0FzzyBtAyBtG0AtD0C0AtGyEtAzztCtGzyzzyCzytG0AtDtAyC0C0A0A0DtC0FtAtA2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCyBtAtD%26cr%3D234607685%26a%3Dhdr_s_17_04_wbf_tggl_16_52%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&uref=chmm","hxxps://ph.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_17_05_wbf_tggl_16_52&param1=1&param2=f%3D7%26b%3Dchmm%26cc%3Dph%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1QzutDtDtBtAyD0A0E0B0F0DtAtCyDtBtB0BtN0D0Tzu0StCzzyCtDtN1L2XzutAtFtByCtFyEtFyDtDtN1L1Czu1M1Q1CtAtCtFtCyEtFtDtN1L1G1B1V1N2Y1L1Qzu2SyEtA0FtC0F0CzzyDtGyD0EyBzztGtBtC0BtAtGtAtByDyCtGtAtA0B0AyCtDtB0FtB0C0AyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AzyyE0FzzyBtAyBtG0AtD0C0AtGyEtAzztCtGzyzzyCzytG0AtDtAyC0C0A0A0DtC0FtAtA2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCzytCzz%26cr%3D893137133%26a%3Dhdr_s_17_05_wbf_tggl_16_52%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&uref=chmm","hxxps://ph.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_17_06_wbf_tggl_16_52&param1=1&param2=f%3D7%26b%3Dchmm%26cc%3Dph%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1QzutDtDtBtAyD0A0E0B0F0DtAtCyDtBtB0BtN0D0Tzu0StCzzyCzztN1L2XzutAtFtByCtFyEtFyDtDtN1L1Czu1M1Q1CtAtCtFtCyEtFtDtN1L1G1B1V1N2Y1L1Qzu2SyB0Azy0E0DtBtD0FtGtAyEtAyCtGzzyC0BtBtGyD0CyB0EtG0FyE0D0ByE0Bzy0CtAzzyE0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AzyyE0FzzyBtAyBtG0AtD0C0AtGyEtAzztCtGzyzzyCzytG0AtDtAyC0C0A0A0DtC0FtAtA2QtN0A0LzuyE%26cr%3D1011583167%26a%3Dhdr_s_17_06_wbf_tggl_16_52%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&uref=chmm","hxxps://ph.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_17_09_wbf_tggl_16_52&param1=1&param2=f%3D7%26b%3Dchmm%26cc%3Dph%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1QzutDtDtBtAyD0A0E0B0F0DtAtCyDtBtB0BtN0D0Tzu0StCzzzzyCtN1L2XzutAtFtByBtFtCtFyDtBtN1L1Czu1M1Q1CtAtBtFtAtFtDtN1L1G1B1V1N2Y1L1Qzu2StD0F0CyEtC0Czz0CtGyCyC0EyDtGyDyByD0DtGtCzytD0BtG0C0FtB0FtD0Dzz0F0C0B0FtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AzyyE0FzzyBtAyBtG0AtD0C0AtGyEtAzztCtGzyzzyCzytG0AtDtAyC0C0A0A0DtC0FtAtA2QtN0A0LzuyE%26cr%3D2098982897%26a%3Dhdr_s_17_09_wbf_tggl_16_52%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&uref=chmm","hxxps://ph.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_btrnt_17_10&param1=1&param2=f%3D7%26b%3Dchmm%26cc%3Dph%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtBtAyD0A0E0B0F0DtAtCyDtBtB0BtN0D0Tzu0StCzzzyyCtN1L2XzutAtFtByBtFyEtFyDtBtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyEyEyC0A0E0BtA0FtGtCzyzytAtG0CtDzztBtGyCzz0E0BtGzz0E0A0ByDyBzz0AyBzyyD0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AzyyE0FzzyBtAyBtG0AtD0C0AtGyEtAzztCtGzyzzyCzytG0AtDtAyC0C0A0A0DtC0FtAtA2QtN0A0LzuyE%26cr%3D1457629812%26a%3Dwncy_btrnt_17_10%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&uref=chmm","hxxp://www.trotux.com/?z=a81dae9f3d8cc766334f320g6z8t9e0w3gdgao6z9m&from=icb&uid=WDCXWD3200BEVT-22ZCT0_WD-WX70A59J8743J8743&type=hp","hxxp://www.youndoo.com/?z=7c430dd2dc797958bade6e1g9zatbe6q6g1g5wft9q&from=bcn&uid=WDCXWD3200BEVT-22ZCT0_WD-WX70A59J8743J8743&type=hp"

CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}

CHR DefaultSearchKeyword: Default -> Yahoo

CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}

CHR Profile: C:\Users\DiNo\AppData\Local\Google\Chrome\User Data\Default [2017-07-25]

CHR Extension: (Google Slides) - C:\Users\DiNo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-07-21]

CHR Extension: (Google Docs) - C:\Users\DiNo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-07-21]

CHR Extension: (Google Sheets) - C:\Users\DiNo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-07-21]

CHR Extension: (Google Docs Offline) - C:\Users\DiNo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-07-21]

CHR Extension: (Chrome Media Router) - C:\Users\DiNo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-21]

CHR Profile: C:\Users\DiNo\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-07-24]

CHR Profile: C:\Users\DiNo\AppData\Local\Google\Chrome\User Data\System Profile [2017-07-03]

CHR HKLM-x32\...\Chrome\Extension: [fabhkdeopjkcpkmofliimbjckmocfiom] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [fdbpcigaolookbahgdofnimidinicfid] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7430992 2017-07-25] (AVAST Software s.r.o.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263312 2017-07-25] (AVAST Software)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [320008 2017-07-25] (AVAST Software s.r.o.)

R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [198976 2017-07-25] (AVAST Software s.r.o.)

R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [343288 2017-07-25] (AVAST Software s.r.o.)

R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [57728 2017-07-25] (AVAST Software s.r.o.)

S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [46984 2017-07-25] (AVAST Software)

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [146696 2017-07-25] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [110352 2017-07-25] (AVAST Software)

S0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [84392 2017-07-25] (AVAST Software)

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1015848 2017-07-25] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [585608 2017-07-25] (AVAST Software)

R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [198768 2017-07-25] (AVAST Software)

R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [361336 2017-07-25] (AVAST Software)

S3 vvftav303; C:\Windows\System32\drivers\vvftav303.sys [308096 2007-06-23] (Vimicro Corporation)

S3 ZSMC0303; C:\Windows\System32\Drivers\usbVM303.sys [1494656 2007-03-25] (Vimicro Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-25 18:20 - 2017-07-25 18:21 - 00019674 _____ C:\Users\DiNo\Downloads\FRST.txt

2017-07-25 18:19 - 2017-07-25 18:20 - 00000000 ____D C:\FRST

2017-07-25 18:14 - 2017-07-25 18:14 - 00000000 ____D C:\ProgramData\SWCUTemp

2017-07-25 18:13 - 2017-07-25 18:13 - 00000000 ____D C:\Users\DiNo\AppData\Roaming\AVAST Software

2017-07-25 18:12 - 2017-07-25 18:14 - 02382336 _____ (Farbar) C:\Users\DiNo\Downloads\FRST64.exe

2017-07-25 18:12 - 2017-07-25 18:12 - 00001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk

2017-07-25 18:12 - 2017-07-25 18:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software

2017-07-25 18:11 - 2017-07-25 18:12 - 00146696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys

2017-07-25 18:11 - 2017-07-25 18:11 - 00003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update

2017-07-25 18:11 - 2017-07-25 18:10 - 01015848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys

2017-07-25 18:11 - 2017-07-25 18:10 - 00585608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys

2017-07-25 18:11 - 2017-07-25 18:10 - 00361336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys

2017-07-25 18:11 - 2017-07-25 18:10 - 00343288 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys

2017-07-25 18:11 - 2017-07-25 18:10 - 00320008 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys

2017-07-25 18:11 - 2017-07-25 18:10 - 00198976 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys

2017-07-25 18:11 - 2017-07-25 18:10 - 00198768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys

2017-07-25 18:11 - 2017-07-25 18:10 - 00146664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys.150097752749803

2017-07-25 18:11 - 2017-07-25 18:10 - 00110352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys

2017-07-25 18:11 - 2017-07-25 18:10 - 00084392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys

2017-07-25 18:11 - 2017-07-25 18:10 - 00057728 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys

2017-07-25 18:11 - 2017-07-25 18:10 - 00046984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys

2017-07-25 18:10 - 2017-07-25 18:10 - 00400464 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

2017-07-25 17:28 - 2017-07-25 17:28 - 00000017 _____ C:\Users\DiNo\AppData\Local\resmon.resmoncfg

2017-07-25 17:12 - 2017-07-25 17:12 - 00000000 ____D C:\Program Files\AVAST Software

2017-07-25 17:01 - 2017-07-25 17:05 - 06948656 _____ (AVAST Software) C:\Users\DiNo\Downloads\avast_free_antivirus_setup_online.exe

2017-07-25 01:31 - 2017-07-25 01:31 - 00002924 _____ C:\Windows\System32\Tasks\{2264F74B-1BE9-47DD-A0E7-BCD7FB7BF85E}

2017-07-25 01:30 - 2017-07-25 01:30 - 00002924 _____ C:\Windows\System32\Tasks\{5C5FABB7-A226-4158-A279-D13645A124F8}

2017-07-25 01:15 - 2017-07-25 01:15 - 00000000 ____D C:\ProgramData\UniqueId

2017-07-25 01:10 - 2017-07-25 01:51 - 00000000 ____D C:\Users\DiNo\Downloads\New folder

2017-07-25 01:07 - 2017-07-25 01:20 - 00000048 _____ C:\Users\DiNo\AppData\Roaming\pidloc.txt

2017-07-25 01:07 - 2017-07-25 01:20 - 00000004 _____ C:\Users\DiNo\AppData\Roaming\pid.txt

2017-07-25 01:07 - 2017-07-21 19:42 - 00526848 _____ C:\Users\DiNo\AppData\Roaming\Windows Update.exe

2017-07-24 19:07 - 2017-07-25 16:59 - 00000000 ____D C:\Users\DiNo\Downloads\Brabus

2017-07-24 19:01 - 2017-07-24 22:11 - 00691712 _____ C:\Users\DiNo\Downloads\carbon-b-style.xls

2017-07-23 06:20 - 2017-07-23 09:09 - 00000000 ____D C:\Users\DiNo\Downloads\dmc

2017-07-22 14:18 - 2017-07-22 14:18 - 00814606 _____ C:\Users\DiNo\Downloads\W463 G-Klasse_Mopf_Prospekt_11-2011.pdf

2017-07-22 09:10 - 2017-07-24 13:10 - 00000000 ____D C:\Users\DiNo\Downloads\lorinser

2017-07-22 06:50 - 2017-07-22 06:50 - 00631320 _____ C:\Users\DiNo\Downloads\Preisliste-G-Klasse_W463-04.04.2014.pdf

2017-07-21 20:38 - 2017-07-21 20:38 - 00002267 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2017-07-21 20:38 - 2017-07-21 20:38 - 00002255 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2017-07-21 20:35 - 2017-07-21 20:35 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2017-07-21 20:35 - 2017-07-21 20:35 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2017-07-21 20:33 - 2017-07-21 20:33 - 01130328 _____ (Google Inc.) C:\Users\DiNo\Downloads\ChromeSetup.exe

2017-07-21 20:13 - 2017-06-30 11:32 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2017-07-21 20:13 - 2017-06-30 10:39 - 01549312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll

2017-07-21 20:13 - 2017-06-30 10:38 - 01363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll

2017-07-21 20:13 - 2017-06-29 13:23 - 20270592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2017-07-21 20:13 - 2017-06-29 13:23 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2017-07-21 20:13 - 2017-06-29 13:05 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2017-07-21 20:13 - 2017-06-29 12:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2017-07-21 20:13 - 2017-06-29 12:56 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2017-07-21 20:13 - 2017-06-29 12:52 - 04549632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2017-07-21 20:13 - 2017-06-29 12:48 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll

2017-07-21 20:13 - 2017-06-29 12:47 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2017-07-21 20:13 - 2017-06-29 12:46 - 02057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2017-07-21 20:13 - 2017-06-29 12:46 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2017-07-21 20:13 - 2017-06-29 12:43 - 13663744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2017-07-21 20:13 - 2017-06-29 12:28 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2017-07-21 20:13 - 2017-06-29 12:24 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2017-07-21 20:13 - 2017-06-13 06:29 - 01227264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll

2017-07-21 20:13 - 2017-06-13 06:29 - 00444928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll

2017-07-21 20:13 - 2017-06-13 06:29 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx

2017-07-21 20:13 - 2017-06-13 06:28 - 00554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2017-07-21 20:13 - 2017-06-13 06:28 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll

2017-07-21 20:13 - 2017-06-13 06:28 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdhui.dll

2017-07-21 20:13 - 2017-06-13 06:06 - 00303616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinfo32.exe

2017-07-21 20:13 - 2017-06-13 06:06 - 00157184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perfmon.exe

2017-07-21 20:13 - 2017-06-13 06:06 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resmon.exe

2017-07-21 20:13 - 2017-06-10 23:39 - 00271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll

2017-07-21 20:13 - 2017-06-06 23:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll

2017-07-21 20:12 - 2017-07-06 12:56 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthpan.sys

2017-07-21 20:12 - 2017-06-30 12:15 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2017-07-21 20:12 - 2017-06-30 10:57 - 02319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll

2017-07-21 20:12 - 2017-06-30 10:57 - 02222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll

2017-07-21 20:12 - 2017-06-30 10:57 - 02058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll

2017-07-21 20:12 - 2017-06-30 10:57 - 00778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll

2017-07-21 20:12 - 2017-06-30 10:57 - 00491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll

2017-07-21 20:12 - 2017-06-30 10:57 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll

2017-07-21 20:12 - 2017-06-30 10:57 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll

2017-07-21 20:12 - 2017-06-30 10:57 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll

2017-07-21 20:12 - 2017-06-30 10:57 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll

2017-07-21 20:12 - 2017-06-30 10:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll

2017-07-21 20:12 - 2017-06-30 10:40 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe

2017-07-21 20:12 - 2017-06-30 10:40 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe

2017-07-21 20:12 - 2017-06-30 10:39 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe

2017-07-21 20:12 - 2017-06-30 10:38 - 01400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll

2017-07-21 20:12 - 2017-06-30 10:38 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll

2017-07-21 20:12 - 2017-06-30 10:38 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll

2017-07-21 20:12 - 2017-06-30 10:38 - 00197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll

2017-07-21 20:12 - 2017-06-30 10:38 - 00104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll

2017-07-21 20:12 - 2017-06-30 10:38 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll

2017-07-21 20:12 - 2017-06-30 10:38 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll

2017-07-21 20:12 - 2017-06-30 10:27 - 00427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe

2017-07-21 20:12 - 2017-06-30 10:27 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe

2017-07-21 20:12 - 2017-06-30 10:26 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe

2017-07-21 20:12 - 2017-06-30 10:26 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll

2017-07-21 20:12 - 2017-06-29 14:27 - 25734656 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2017-07-21 20:12 - 2017-06-29 14:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2017-07-21 20:12 - 2017-06-29 14:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2017-07-21 20:12 - 2017-06-29 14:04 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2017-07-21 20:12 - 2017-06-29 14:03 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2017-07-21 20:12 - 2017-06-29 14:03 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2017-07-21 20:12 - 2017-06-29 14:02 - 02899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2017-07-21 20:12 - 2017-06-29 14:02 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2017-07-21 20:12 - 2017-06-29 14:02 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2017-07-21 20:12 - 2017-06-29 13:55 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2017-07-21 20:12 - 2017-06-29 13:54 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2017-07-21 20:12 - 2017-06-29 13:51 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2017-07-21 20:12 - 2017-06-29 13:50 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2017-07-21 20:12 - 2017-06-29 13:50 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2017-07-21 20:12 - 2017-06-29 13:50 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2017-07-21 20:12 - 2017-06-29 13:50 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2017-07-21 20:12 - 2017-06-29 13:44 - 05975552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2017-07-21 20:12 - 2017-06-29 13:43 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2017-07-21 20:12 - 2017-06-29 13:39 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2017-07-21 20:12 - 2017-06-29 13:35 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2017-07-21 20:12 - 2017-06-29 13:31 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx

2017-07-21 20:12 - 2017-06-29 13:31 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2017-07-21 20:12 - 2017-06-29 13:30 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll

2017-07-21 20:12 - 2017-06-29 13:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2017-07-21 20:12 - 2017-06-29 13:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2017-07-21 20:12 - 2017-06-29 13:23 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2017-07-21 20:12 - 2017-06-29 13:23 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2017-07-21 20:12 - 2017-06-29 13:23 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2017-07-21 20:12 - 2017-06-29 13:22 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2017-07-21 20:12 - 2017-06-29 13:22 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll

2017-07-21 20:12 - 2017-06-29 13:22 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2017-07-21 20:12 - 2017-06-29 13:19 - 02290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2017-07-21 20:12 - 2017-06-29 13:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2017-07-21 20:12 - 2017-06-29 13:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2017-07-21 20:12 - 2017-06-29 13:14 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2017-07-21 20:12 - 2017-06-29 13:13 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2017-07-21 20:12 - 2017-06-29 13:13 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2017-07-21 20:12 - 2017-06-29 13:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2017-07-21 20:12 - 2017-06-29 13:11 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll

2017-07-21 20:12 - 2017-06-29 13:09 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2017-07-21 20:12 - 2017-06-29 13:09 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2017-07-21 20:12 - 2017-06-29 13:08 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2017-07-21 20:12 - 2017-06-29 13:07 - 02132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2017-07-21 20:12 - 2017-06-29 13:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2017-07-21 20:12 - 2017-06-29 13:00 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll

2017-07-21 20:12 - 2017-06-29 13:00 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx

2017-07-21 20:12 - 2017-06-29 12:58 - 15253504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2017-07-21 20:12 - 2017-06-29 12:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2017-07-21 20:12 - 2017-06-29 12:54 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll

2017-07-21 20:12 - 2017-06-29 12:53 - 03240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2017-07-21 20:12 - 2017-06-29 12:41 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2017-07-21 20:12 - 2017-06-29 12:29 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2017-07-21 20:12 - 2017-06-29 12:23 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2017-07-21 20:12 - 2017-06-22 22:58 - 03223040 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2017-07-21 20:12 - 2017-06-16 04:23 - 00753664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys

2017-07-21 20:12 - 2017-06-13 06:54 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys

2017-07-21 20:12 - 2017-06-13 06:54 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2017-07-21 20:12 - 2017-06-13 06:54 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2017-07-21 20:12 - 2017-06-13 06:49 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2017-07-21 20:12 - 2017-06-13 06:49 - 01363456 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll

2017-07-21 20:12 - 2017-06-13 06:49 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2017-07-21 20:12 - 2017-06-13 06:49 - 00731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2017-07-21 20:12 - 2017-06-13 06:49 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2017-07-21 20:12 - 2017-06-13 06:49 - 00594432 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll

2017-07-21 20:12 - 2017-06-13 06:49 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx

2017-07-21 20:12 - 2017-06-13 06:49 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll

2017-07-21 20:12 - 2017-06-13 06:49 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2017-07-21 20:12 - 2017-06-13 06:49 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2017-07-21 20:12 - 2017-06-13 06:49 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2017-07-21 20:12 - 2017-06-13 06:49 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2017-07-21 20:12 - 2017-06-13 06:49 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll

2017-07-21 20:12 - 2017-06-13 06:49 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

2017-07-21 20:12 - 2017-06-13 06:49 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2017-07-21 20:12 - 2017-06-13 06:49 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll

2017-07-21 20:12 - 2017-06-13 06:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2017-07-21 20:12 - 2017-06-13 06:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll

2017-07-21 20:12 - 2017-06-13 06:49 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\pdhui.dll

2017-07-21 20:12 - 2017-06-13 06:49 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll

2017-07-21 20:12 - 2017-06-13 06:49 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2017-07-21 20:12 - 2017-06-13 06:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2017-07-21 20:12 - 2017-06-13 06:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2017-07-21 20:12 - 2017-06-13 06:29 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2017-07-21 20:12 - 2017-06-13 06:29 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

2017-07-21 20:12 - 2017-06-13 06:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2017-07-21 20:12 - 2017-06-13 06:29 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll

2017-07-21 20:12 - 2017-06-13 06:29 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2017-07-21 20:12 - 2017-06-13 06:28 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll

2017-07-21 20:12 - 2017-06-13 06:28 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

2017-07-21 20:12 - 2017-06-13 06:28 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2017-07-21 20:12 - 2017-06-13 06:28 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2017-07-21 20:12 - 2017-06-13 06:28 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll

2017-07-21 20:12 - 2017-06-13 06:28 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll

2017-07-21 20:12 - 2017-06-13 06:28 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll

2017-07-21 20:12 - 2017-06-13 06:28 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2017-07-21 20:12 - 2017-06-13 06:28 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2017-07-21 20:12 - 2017-06-13 06:19 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe

2017-07-21 20:12 - 2017-06-13 06:14 - 00379392 _____ (Microsoft Corporation) C:\Windows\system32\msinfo32.exe

2017-07-21 20:12 - 2017-06-13 06:14 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\perfmon.exe

2017-07-21 20:12 - 2017-06-13 06:14 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\resmon.exe

2017-07-21 20:12 - 2017-06-13 06:12 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys

2017-07-21 20:12 - 2017-06-13 06:12 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys

2017-07-21 20:12 - 2017-06-13 06:12 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys

2017-07-21 20:12 - 2017-06-13 06:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2017-07-21 20:12 - 2017-06-13 06:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe

2017-07-21 20:12 - 2017-06-13 06:05 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll

2017-07-21 20:12 - 2017-06-10 23:59 - 00313856 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll

2017-07-21 20:12 - 2017-06-09 23:33 - 01680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys

2017-07-21 20:12 - 2017-06-06 23:30 - 01867264 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll

2017-07-21 20:12 - 2017-05-30 12:56 - 01895656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2017-07-21 20:12 - 2017-05-30 12:56 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys

2017-07-21 20:12 - 2017-05-30 12:56 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS

2017-07-21 20:12 - 2017-05-21 12:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2017-07-21 20:12 - 2017-05-21 12:06 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2017-07-21 20:12 - 2017-05-16 23:35 - 00986856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

2017-07-21 20:12 - 2017-05-16 23:35 - 00265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys

2017-07-21 20:12 - 2017-05-16 23:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll

2017-07-21 19:31 - 2017-05-03 23:34 - 00094952 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe

2017-07-21 19:31 - 2017-05-03 23:29 - 01206272 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2017-07-21 19:31 - 2017-05-03 21:05 - 01555968 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll

2017-07-21 19:31 - 2017-05-03 21:05 - 00620544 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2017-07-21 19:31 - 2017-05-03 21:05 - 00535552 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2017-07-21 19:31 - 2017-05-03 21:05 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll

2017-07-21 19:31 - 2017-05-03 21:05 - 00311296 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll

2017-07-21 19:31 - 2017-05-03 21:05 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll

2017-07-21 19:31 - 2017-05-03 21:05 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll

2017-07-21 19:31 - 2017-03-23 10:06 - 01691136 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe

2017-07-21 14:20 - 2017-07-24 22:55 - 00001355 _____ C:\Users\DiNo\Downloads\gwagen.txt

2017-07-21 12:26 - 2017-07-21 12:26 - 01674852 _____ C:\Users\DiNo\Downloads\ubp_forms.zip

2017-07-17 12:24 - 2017-07-24 12:49 - 00000942 _____ C:\Users\DiNo\Desktop\novitec.txt

2017-07-07 17:00 - 2017-07-07 17:00 - 00462824 _____ C:\Windows\Minidump\070717-38282-01.dmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-25 18:14 - 2009-07-14 12:45 - 00017488 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2017-07-25 18:14 - 2009-07-14 12:45 - 00017488 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2017-07-25 18:10 - 2017-02-02 11:35 - 00000000 ____D C:\ProgramData\AVAST Software

2017-07-25 18:07 - 2016-12-18 08:43 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{FB1E8505-2514-419D-B450-EAAEC9838F5F}

2017-07-25 16:58 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2017-07-25 15:45 - 2016-12-09 18:51 - 00000000 ____D C:\Windows\system32\Macromed

2017-07-25 15:44 - 2016-12-09 18:51 - 00000000 ____D C:\Windows\SysWOW64\Macromed

2017-07-25 07:14 - 2016-12-18 20:20 - 00000000 _____ C:\Windows\SysWOW64\config.nt

2017-07-24 22:01 - 2016-11-28 09:23 - 00000000 ____D C:\Users\DiNo\Documents\Youcam

2017-07-23 17:50 - 2016-12-05 11:45 - 00000000 ____D C:\Users\DiNo\AppData\LocalLow\Mozilla

2017-07-22 19:34 - 2009-07-14 13:08 - 00032576 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2017-07-22 13:00 - 2009-07-14 13:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI

2017-07-22 13:00 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\inf

2017-07-22 12:32 - 2009-07-14 12:45 - 00412264 _____ C:\Windows\system32\FNTCACHE.DAT

2017-07-22 04:20 - 2016-11-28 00:53 - 00000000 ____D C:\Users\DiNo\AppData\Local\Google

2017-07-21 20:37 - 2016-11-28 00:53 - 00000000 ____D C:\Program Files (x86)\Google

2017-07-21 20:25 - 2017-04-23 12:56 - 00775124 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

2017-07-21 19:52 - 2017-04-02 20:22 - 00000000 ____D C:\Windows\system32\appraiser

2017-07-21 19:51 - 2016-11-28 02:12 - 00000000 ____D C:\Windows\system32\MRT

2017-07-21 19:46 - 2016-12-10 23:17 - 135225752 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe

2017-07-21 19:20 - 2017-06-19 08:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2017-07-21 19:20 - 2017-06-19 08:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2017-07-13 17:50 - 2016-12-20 19:10 - 00000000 ____D C:\Users\DiNo\AppData\Roaming\vlc

2017-07-07 17:00 - 2016-12-05 12:53 - 00000000 ____D C:\Windows\Minidump

2017-07-07 17:00 - 2016-12-05 12:52 - 330026592 _____ C:\Windows\MEMORY.DMP

2017-07-06 07:40 - 2016-12-18 11:05 - 00000000 ____D C:\Users\DiNo\AppData\Roaming\Skype

2017-06-25 03:19 - 2017-06-19 09:07 - 00000000 ____D C:\Program Files (x86)\BitLord

2017-06-25 03:19 - 2017-03-14 10:32 - 00000000 ____D C:\Users\DiNo\AppData\Roaming\PhotoScape

2017-06-25 03:19 - 2017-03-05 13:10 - 00000000 ____D C:\ProgramData\Package Cache

2017-06-25 03:19 - 2017-01-15 17:47 - 00000000 __RHD C:\MSOCache

2017-06-25 03:19 - 2009-07-14 15:45 - 00000000 ___RD C:\Users\Public\Recorded TV

2017-06-25 03:19 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\NDF

2017-06-25 03:19 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\registration

==================== Files in the root of some directories =======

2017-03-14 10:31 - 2017-03-14 10:46 - 4096000 _____ () C:\Program Files (x86)\GUTB167.tmp

2017-05-09 14:16 - 2017-05-09 14:18 - 7649280 _____ () C:\Program Files (x86)\GUTDD6.tmp

2017-07-25 01:07 - 2017-07-25 01:20 - 0000004 _____ () C:\Users\DiNo\AppData\Roaming\pid.txt

2017-07-25 01:07 - 2017-07-25 01:20 - 0000048 _____ () C:\Users\DiNo\AppData\Roaming\pidloc.txt

2017-07-25 01:07 - 2017-07-21 19:42 - 0526848 _____ () C:\Users\DiNo\AppData\Roaming\Windows Update.exe

2017-05-24 18:37 - 2017-05-24 18:37 - 0003584 _____ () C:\Users\DiNo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2017-07-25 17:28 - 2017-07-25 17:28 - 0000017 _____ () C:\Users\DiNo\AppData\Local\resmon.resmoncfg

Some files in TEMP:

====================

2012-04-04 12:50 - 2012-04-04 12:50 - 0216064 _____ () C:\Users\DiNo\AppData\Local\Temp\gcapi_dll.dll

2012-11-19 13:14 - 2012-11-19 13:14 - 0012800 _____ () C:\Users\DiNo\AppData\Local\Temp\gdapi.dll

2013-06-25 01:19 - 2013-06-25 01:19 - 2380752 _____ (Mooii) C:\Users\DiNo\AppData\Local\Temp\GoogleSetup.exe

2013-04-30 19:30 - 2013-04-30 19:30 - 0763232 _____ (Google Inc.) C:\Users\DiNo\AppData\Local\Temp\GoogleUpdateSetup_latest.exe

2011-11-21 15:25 - 2011-11-21 15:25 - 0073408 _____ () C:\Users\DiNo\AppData\Local\Temp\gtapi_signed.dll

2013-06-24 22:50 - 2013-06-24 22:50 - 0052800 _____ (Mooii) C:\Users\DiNo\AppData\Local\Temp\GTGCAPI.exe

2017-06-19 07:58 - 2017-06-19 07:58 - 1638344 _____ (Temibosafo ) C:\Users\DiNo\AppData\Local\Temp\ICReinstall_BitlordSetup_VASVcl.exe

2013-04-30 03:32 - 2013-04-30 03:32 - 0782808 _____ (Google Inc.) C:\Users\DiNo\AppData\Local\Temp\Mooii_GDrive.exe

2013-06-19 20:45 - 2013-06-19 20:45 - 0782520 _____ () C:\Users\DiNo\AppData\Local\Temp\Mooii_Photoscape_Chrome_New.exe

2013-04-30 03:32 - 2013-04-30 03:32 - 0782288 _____ (Google Inc.) C:\Users\DiNo\AppData\Local\Temp\Mooii_Toolbar_Omaha.exe

2007-11-07 00:19 - 2007-11-07 00:19 - 0655872 _____ (Microsoft Corporation) C:\Users\DiNo\AppData\Local\Temp\msvcr90.dll

2017-06-17 13:29 - 2017-07-06 07:40 - 58684896 _____ (Skype Technologies S.A.) C:\Users\DiNo\AppData\Local\Temp\SkypeSetup.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-05-25 05:26

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-07-2017

Ran by DiNo (25-07-2017 18:22:42)

Running from C:\Users\DiNo\Downloads

Windows 7 Ultimate Service Pack 1 (X64) (2016-11-27 16:02:35)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-371815623-3163942107-3489479027-500 - Administrator - Disabled)

DiNo (S-1-5-21-371815623-3163942107-3489479027-1000 - Administrator - Enabled) => C:\Users\DiNo

Guest (S-1-5-21-371815623-3163942107-3489479027-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-371815623-3163942107-3489479027-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

A4 TECH PC Camera H (HKLM\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D303B}) (Version: - )

A4 TECH PC Camera H (HKLM-x32\...\{CE3B8E96-B0AF-4871-9178-1519B58E3A93}) (Version: 2007.11.12 - A4 TECH)

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.39 - Atheros Communications Inc.)

Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.5.2303 - AVAST Software)

Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.4.51 - Conexant)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)

Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2342 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation)

Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)

Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.10.1209.1 - Lenovo EasyCamera)

Lenovo YouCam (HKLM-x32\...\{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3603 - CyberLink Corp.) Hidden

Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3603 - CyberLink Corp.)

Lenovo_Wireless_Driver (HKLM-x32\...\{28ABE740-47F3-441B-9437-852F6A64EFF8}) (Version: 1.02.01 - Lenovo)

Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)

Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)

Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0 - Mozilla)

PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )

Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.0.0 - Synaptics Incorporated)

UnZipper 1.0.0 (HKLM-x32\...\UnZipper) (Version: 1.0.0 - UnZipper)

Upwork version 4.2.153.0 (HKLM-x32\...\{F8678797-5A4B-43CF-88D0-EEF67DB3B55E}_is1) (Version: 4.2.153.0 - Upwork, Inc)

VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)

WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-25] (AVAST Software)

ContextMenuHandlers01: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-25] (AVAST Software)

ContextMenuHandlers01: [UnZipper] -> {73950f91-2061-4ea3-8bd5-49ec4bf08ac2} => -> No File

ContextMenuHandlers01: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)

ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File

ContextMenuHandlers01: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => -> No File

ContextMenuHandlers03: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-25] (AVAST Software)

ContextMenuHandlers03: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => -> No File

ContextMenuHandlers04: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File

ContextMenuHandlers04: [UnZipper] -> {73950f91-2061-4ea3-8bd5-49ec4bf08ac2} => -> No File

ContextMenuHandlers04: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => -> No File

ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-03-26] (Intel Corporation)

ContextMenuHandlers05: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => -> No File

ContextMenuHandlers06: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-25] (AVAST Software)

ContextMenuHandlers06: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File

ContextMenuHandlers06: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)

ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File

ContextMenuHandlers06: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => -> No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {07837914-2D87-4080-B4AE-C3A755964AC5} - System32\Tasks\{73699240-2671-4D92-BC7A-B8B462C3F904} => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Task: {08CA8891-A27E-40FB-AA01-4B5511020C32} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-07-25] (AVAST Software)

Task: {09F8EED9-3F66-487E-A528-1D90D5C35FCA} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-02-01] (AVAST Software)

Task: {0A203B3A-574E-4A5C-BA59-E7A93DDA37C1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-07-21] (Google Inc.)

Task: {1B493E77-8301-4461-8D87-2277CB35015F} - System32\Tasks\{7BC72065-8783-4469-AF58-27FA527C304B} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\Alwil Software\Avast5\aswRunDll.exe" -c "C:\Program Files\Alwil Software\Avast5\Setup\setiface.dll" RunSetup

Task: {8A6C6F06-9C83-40B9-A3D5-F370A6345E13} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-07-21] (Google Inc.)

Task: {ADCEAB3F-9684-4814-BCC7-EDF7B3E05A30} - System32\Tasks\{5C5FABB7-A226-4158-A279-D13645A124F8} => C:\Users\DiNo\Downloads\W2W.exe

Task: {B7564E6F-0C10-4033-B1D9-409B2E855F50} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2010-12-05] (CyberLink)

Task: {D5EDD994-5A1C-4077-8E38-4440845FFB99} - System32\Tasks\{2636AC76-8A2F-4C1A-8552-B30D753A0524} => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Task: {D7E70BA3-FC27-4293-8947-03C61797DCE8} - System32\Tasks\{2264F74B-1BE9-47DD-A0E7-BCD7FB7BF85E} => C:\Users\DiNo\Downloads\W2W.exe

Task: {F34477A7-94AA-4159-AB69-CB4CDF311FFE} - System32\Tasks\{2C72FD5A-CD62-401B-B78E-550AEA7379BB} => C:\Windows\system32\pcalua.exe -a C:\Users\DiNo\AppData\Local\Roblox\Versions\version-934c86ec4aa148f0\RobloxPlayerLauncher.exe -c -uninstall

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\DiNo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\396b803340084593\YouTube.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=blpcfgokakmgnkcojhhkbfbldkacnbeo

==================== Loaded Modules (Whitelisted) ==============

2016-12-05 12:25 - 2006-07-04 14:16 - 00049152 _____ () C:\Windows\Domino.exe

2016-11-28 00:15 - 2010-08-23 15:46 - 01068032 _____ () C:\Windows\system32\vmprp332x64.ax

2017-07-21 20:38 - 2017-06-23 11:21 - 03807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libglesv2.dll

2017-07-21 20:38 - 2017-06-23 11:21 - 00100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libegl.dll

2016-11-28 00:12 - 2011-02-18 08:16 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

2017-07-25 18:10 - 2017-07-25 18:10 - 00170224 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll

2017-07-25 18:10 - 2017-07-25 18:10 - 00192664 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll

2017-07-25 18:10 - 2017-07-25 18:10 - 00224256 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll

2017-07-25 18:11 - 2017-07-25 18:11 - 05884160 _____ () C:\Program Files\AVAST Software\Avast\defs\17071601\algo.dll

2017-07-25 18:10 - 2017-07-25 18:10 - 00689272 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll

2017-07-25 18:10 - 2017-07-25 18:10 - 00231664 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll

2017-07-25 18:10 - 2017-07-25 18:10 - 01065936 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll

2017-07-25 18:10 - 2017-07-25 18:10 - 67109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

2017-07-25 18:10 - 2017-07-25 18:10 - 00292920 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 10:34 - 2016-12-09 19:22 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-371815623-3163942107-3489479027-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\DiNo\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 8.8.4.4 - 8.8.8.8

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: 332BigDog => C:\Program Files (x86)\USB Camera2\VM332_STI.EXE

MSCONFIG\startupreg: Domino => C:\Windows\Domino.exe

MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe

MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe

MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe

MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

MSCONFIG\startupreg: SmartAudio => C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t

MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

MSCONFIG\startupreg: Upwork => C:\Program Files (x86)\Upwork\upwork.exe

MSCONFIG\startupreg: VMSnap3 => C:\Windows\VMSnap3.exe

MSCONFIG\startupreg: YouCam Mirage => "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"

MSCONFIG\startupreg: YouCam Tray => "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{DAE807A8-2E58-4420-8C45-68ABE51B6CD8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{063BEFAC-ED68-49BC-875B-FD4218CE972A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

FirewallRules: [TCP Query User{144DDB73-00A6-42A8-97ED-F5F57FD15342}C:\users\dino\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\dino\appdata\local\skypeplugin\pluginhost.exe

FirewallRules: [UDP Query User{5B56E5F4-8B33-45A4-A195-AE75EA7978D7}C:\users\dino\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\dino\appdata\local\skypeplugin\pluginhost.exe

FirewallRules: [TCP Query User{63D38F68-26AD-4871-972D-0DA76FB5D6E2}C:\users\dino\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\dino\appdata\local\skypeplugin\pluginhost.exe

FirewallRules: [UDP Query User{741E4BCD-45AC-46C5-B883-9C486A65F19D}C:\users\dino\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\dino\appdata\local\skypeplugin\pluginhost.exe

FirewallRules: [{406C5E28-4448-4BEE-BAF5-9FDEDDFC8FCD}] => (Allow) C:\Program Files (x86)\Upwork\upwork.exe

FirewallRules: [{B6CD8B94-4971-43E3-9400-C1F0A9799C8C}] => (Allow) C:\Program Files (x86)\Upwork\upwork.exe

FirewallRules: [{B6404E43-7955-4697-9A0A-6B9FB82E3331}] => (Allow) C:\Program Files (x86)\Upwork\upwork.exe

FirewallRules: [{D77003D6-E460-4EB3-871D-66C24DDCF98E}] => (Allow) C:\Program Files (x86)\Upwork\upwork.exe

FirewallRules: [{DD2209C0-DBAF-4636-94FC-6AFCCC616519}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

FirewallRules: [{4B8FA033-B9CD-436B-8F8F-49656371B670}] => (Allow) C:\Users\DiNo\Downloads\New folder\W2W.exe

FirewallRules: [{27B005C5-2564-4DB9-AD4D-115FABAAFAB1}] => (Allow) C:\Users\DiNo\Downloads\New folder\W2W.exe

FirewallRules: [{ADC7496A-21CD-4C94-8EA0-AC061B8ADBE2}] => (Allow) C:\Users\DiNo\Downloads\New folder\W2W.exe

FirewallRules: [{014204D2-B56B-4420-B117-47978AF80B59}] => (Allow) C:\Users\DiNo\Downloads\New folder\W2W.exe

==================== Restore Points =========================

21-07-2017 19:16:09 Windows Update

21-07-2017 19:44:12 Windows Update

21-07-2017 20:15:35 Windows Update

22-07-2017 12:10:48 Windows Update

22-07-2017 12:50:09 Windows Update

22-07-2017 14:43:02 Windows Update

23-07-2017 19:01:29 Windows Backup

24-07-2017 10:51:27 avast! Free Antivirus Setup

25-07-2017 01:13:46 avast! Free Antivirus Setup

25-07-2017 07:12:32 avast! Free Antivirus Setup

25-07-2017 16:53:48 avast! Free Antivirus Setup

==================== Faulty Device Manager Devices =============

Name: USB2.0-CRW

Description: USB2.0-CRW

Class Guid:

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:

Description:

Class Guid:

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:

==================

Error: (07/25/2017 06:12:45 PM) (Source: SideBySide) (EventID: 33) (User: )

Description: Activation context generation failed for "C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll".

Dependent Assembly Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found.

Please use sxstrace.exe for detailed diagnosis.

Error: (07/25/2017 05:00:33 PM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x8000ffff.

Error: (07/25/2017 04:56:12 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: chrome.exe, version: 59.0.3071.115, time stamp: 0x594c442d

Faulting module name: ntdll.dll, version: 6.1.7601.23807, time stamp: 0x5915fdce

Exception code: 0xc0000374

Fault offset: 0x00000000000bf3e2

Faulting process id: 0xcb8

Faulting application start time: 0x01d30523dc105ead

Faulting application path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Faulting module path: C:\Windows\SYSTEM32\ntdll.dll

Report Id: 1b26bab7-7117-11e7-b597-6427378066f6

Error: (07/25/2017 03:33:42 PM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x8000ffff.

Error: (07/25/2017 06:41:20 AM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x8000ffff.

Error: (07/25/2017 01:21:13 AM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x8000ffff.

Error: (07/25/2017 01:16:46 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: chrome.exe, version: 59.0.3071.115, time stamp: 0x594c442d

Faulting module name: ntdll.dll, version: 6.1.7601.23807, time stamp: 0x5915fdce

Exception code: 0xc0000374

Fault offset: 0x00000000000bf3e2

Faulting process id: 0x11c4

Faulting application start time: 0x01d304a0a0421563

Faulting application path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Faulting module path: C:\Windows\SYSTEM32\ntdll.dll

Report Id: de6f055d-7093-11e7-a9be-6427378066f6

Error: (07/25/2017 12:16:58 AM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x8000ffff.

Error: (07/25/2017 12:14:28 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: taskhost.exe, version: 6.1.7601.18010, time stamp: 0x50aee9f3

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception code: 0xc0000005

Fault offset: 0x000000007757000a

Faulting process id: 0x5f8

Faulting application start time: 0x01d30497e1cf1fe3

Faulting application path: C:\Windows\system32\taskhost.exe

Faulting module path: unknown

Report Id: 2a9a5b74-708b-11e7-a9be-6427378066f6

Error: (07/24/2017 12:06:21 PM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x8000ffff.

System errors:

=============

Error: (07/25/2017 06:22:51 PM) (Source: Ntfs) (EventID: 55) (User: )

Description: The file system structure on the disk is corrupt and unusable.

Please run the chkdsk utility on the volume \Device\HarddiskVolume2.

Error: (07/25/2017 05:48:56 PM) (Source: Ntfs) (EventID: 55) (User: )

Description: The file system structure on the disk is corrupt and unusable.

Please run the chkdsk utility on the volume C:.

Error: (07/25/2017 05:48:56 PM) (Source: Ntfs) (EventID: 55) (User: )

Description: The file system structure on the disk is corrupt and unusable.

Please run the chkdsk utility on the volume C:.

Error: (07/25/2017 05:48:56 PM) (Source: Ntfs) (EventID: 55) (User: )

Description: The file system structure on the disk is corrupt and unusable.

Please run the chkdsk utility on the volume C:.

Error: (07/25/2017 05:48:56 PM) (Source: Ntfs) (EventID: 55) (User: )

Description: The file system structure on the disk is corrupt and unusable.

Please run the chkdsk utility on the volume C:.

Error: (07/25/2017 05:48:56 PM) (Source: Ntfs) (EventID: 55) (User: )

Description: The file system structure on the disk is corrupt and unusable.

Please run the chkdsk utility on the volume C:.

Error: (07/25/2017 05:48:56 PM) (Source: Ntfs) (EventID: 55) (User: )

Description: The file system structure on the disk is corrupt and unusable.

Please run the chkdsk utility on the volume C:.

Error: (07/25/2017 05:48:56 PM) (Source: Ntfs) (EventID: 55) (User: )

Description: The file system structure on the disk is corrupt and unusable.

Please run the chkdsk utility on the volume C:.

Error: (07/25/2017 05:48:56 PM) (Source: Ntfs) (EventID: 55) (User: )

Description: The file system structure on the disk is corrupt and unusable.

Please run the chkdsk utility on the volume C:.

Error: (07/25/2017 05:48:56 PM) (Source: Ntfs) (EventID: 55) (User: )

Description: The file system structure on the disk is corrupt and unusable.

Please run the chkdsk utility on the volume \Device\HarddiskVolume2.

CodeIntegrity:

===================================

Date: 2016-12-05 12:21:06.974

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbVM303.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-12-05 12:21:06.958

==================== Memory info ===========================

Processor: Intel® Celeron® CPU B800 @ 1.50GHz

Percentage of memory in use: 67%

Total physical RAM: 1991.86 MB

Available physical RAM: 645.09 MB

Total Virtual: 3983.72 MB

Available Virtual: 2482.25 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:147.36 GB) (Free:90.23 GB) NTFS

Drive d: () (Fixed) (Total:150.63 GB) (Free:64.87 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: C3FFC3FF)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=147.4 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=150.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

#2
zep516

Posted 25 July 2017 - 01:45 PM

Trusted Helper

Malware Removal
8,090 posts

Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions!

Looks like there maybe an issue with the hard drive too. We will check it after this.

Next

Download AdwCleaner from here. Save the file to the desktop.
NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.
Close all open windows and browsers.

XP users: Double click the AdwCleaner icon to start the program.
Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
You will see the following console:

Click the Scan button and wait for the scan to finish.
After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
Click the Clean button.
Everything checked will be moved to Quarantine.
When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this

On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt

#3
edselt

Posted 25 July 2017 - 06:05 PM

New Member

Topic Starter
Member
9 posts

thank your for your help...

# AdwCleaner 7.0.0.0 - Logfile created on Tue Jul 25 23:41:56 2017

# Updated on 2017/17/07 by Malwarebytes

# Running on Windows 7 Ultimate (X64)

# Mode: clean

# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\Users\admin\AppData\Local\DVDVideoSoftTB

Deleted: C:\Users\admin\AppData\Local\Mobogenie

Deleted: C:\Users\admin\AppData\LocalLow\Minibar

Deleted: C:\Users\admin\AppData\Roaming\awesomehp

Deleted: C:\Users\admin\AppData\Local\genienext

Deleted: C:\Users\admin\AppData\Local\torch

Deleted: C:\Users\Administrator\AppData\Local\torch

Deleted: C:\Users\Guest\AppData\Local\torch

Deleted: C:\Windows\System32\config\systemprofile\AppData\Local\YSearchUtil

Deleted: C:\Users\DiNo\AppData\Local\YSearchUtil

Deleted: C:\Users\admin\AppData\Local\SaveSenseLive

Deleted: C:\Users\admin\AppData\LocalLow\Conduit

Deleted: C:\Users\admin\AppData\LocalLow\PriceGong

Deleted: C:\Users\admin\AppData\Roaming\PriceGong

Deleted: C:\Users\admin\AppData\Roaming\OpenCandy

Deleted: C:\Users\admin\AppData\Roaming\newnext.me

***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKU\S-1-5-21-371815623-3163942107-3489479027-1000\Software\PRODUCTSETUP

Deleted: [Key] - HKCU\Software\PRODUCTSETUP

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

SearchProvider deleted: AOL - aol.com

SearchProvider deleted: hohosearch - hohosearch

SearchProvider deleted: Ask - ask.com

SearchProvider deleted: Ask.com - dts.search.ask.com

SearchProvider deleted: default-search.net - default-search.net

SearchProvider deleted: trotux - trotux

SearchProvider deleted: istartsurf - istartsurf.com

SearchProvider deleted: youndoo - youndoo

Startpage deleted: http://start.roboform.com

Startpage deleted: http://start.roboform.com/

Startpage deleted: https://www.yahoo.co...t&type=avastbcl

Startpage deleted: http://vosteran.com/...=1552769452&ir=

Startpage deleted: https://ph.search.ya...ws+XP&uref=chmm

Startpage deleted: http://google/

Startpage deleted: http://www.hohosearc...HEpC3AmB3QpCE..

Startpage deleted: https://ph.search.ya...imate&uref=chmm

Startpage deleted: https://ph.search.ya...dows+7+Ultimate

Startpage deleted: https://ph.search.ya...imate&uref=chmm

Startpage deleted: https://ph.search.ya...dows+7+Ultimate

Startpage deleted: https://ph.search.ya...imate&uref=chmm

CtFyDtCtN1L1Czu1M1Q1CtAtCtFtCyEtFtDtN1L1G1B1V1N2Y1L1Qzu2StBtC0AtDtAzy0C0FtGtA0F0D0AtGtAtCyEtCtGyC0C0CtAtGyEyBtB0ByC0D0EyByDyD0D0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AzyyE0FzzyBtAyBtG0AtD0C0AtGyEtAzztCtGzyzzyCzytG0AtDtAyC0C0A0A0DtC0FtAtA2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCyBtAtD%26cr%3D234607685%26a%3Dhdr_s_17_04_wbf_tggl_16_52%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&uref=chmm

Startpage deleted: https://ph.search.ya...imate&uref=chmm

Startpage deleted: http://www.trotux.co...43J8743&type=hp

Startpage deleted: http://www.youndoo.c...43J8743&type=hp

Startpage deleted: http://start.roboform.com

Startpage deleted: http://start.roboform.com/

Startpage deleted: https://www.yahoo.co...t&type=avastbcl

Startpage deleted: http://vosteran.com/...=1552769452&ir=

Startpage deleted: https://ph.search.ya...ws+XP&uref=chmm

Startpage deleted: http://google/

Startpage deleted: http://www.hohosearc...HEpC3AmB3QpCE..

Startpage deleted: https://ph.search.ya...imate&uref=chmm

Startpage deleted: https://ph.search.ya...dows+7+Ultimate

Startpage deleted: https://ph.search.ya...imate&uref=chmm

Startpage deleted: http://www.trotux.co...43J8743&type=hp

Startpage deleted: http://www.youndoo.c...43J8743&type=hp

Startpage deleted: http://start.roboform.com

Startpage deleted: http://start.roboform.com/

Startpage deleted: https://www.yahoo.co...t&type=avastbcl

Startpage deleted: http://vosteran.com/...=1552769452&ir=

Startpage deleted: https://ph.search.ya...ws+XP&uref=chmm

Startpage deleted: http://google/

Startpage deleted: http://www.hohosearc...HEpC3AmB3QpCE..

Startpage deleted: https://ph.search.ya...imate&uref=chmm

Startpage deleted: https://ph.search.ya...dows+7+Ultimate

Startpage deleted: https://ph.search.ya...imate&uref=chmm

Startpage deleted: http://www.trotux.co...43J8743&type=hp

Startpage deleted: http://www.youndoo.c...43J8743&type=hp

Startpage deleted: http://start.roboform.com

Startpage deleted: http://start.roboform.com/

Startpage deleted: https://www.yahoo.co...t&type=avastbcl

Startpage deleted: http://vosteran.com/...=1552769452&ir=

Startpage deleted: https://ph.search.ya...ws+XP&uref=chmm

Startpage deleted: http://google/

Startpage deleted: http://www.hohosearc...HEpC3AmB3QpCE..

Startpage deleted: https://ph.search.ya...imate&uref=chmm

Startpage deleted: https://ph.search.ya...dows+7+Ultimate

Startpage deleted: https://ph.search.ya...imate&uref=chmm

Startpage deleted: http://www.trotux.co...43J8743&type=hp

Startpage deleted: http://www.youndoo.c...43J8743&type=hp

Startpage deleted: http://start.roboform.com

Startpage deleted: http://start.roboform.com/

Startpage deleted: https://www.yahoo.co...t&type=avastbcl

Startpage deleted: http://vosteran.com/...=1552769452&ir=

Startpage deleted: https://ph.search.ya...ws+XP&uref=chmm

Startpage deleted: http://google/

Startpage deleted: http://www.hohosearc...HEpC3AmB3QpCE..

Startpage deleted: https://ph.search.ya...imate&uref=chmm

Startpage deleted: https://ph.search.ya...dows+7+Ultimate

Startpage deleted: https://ph.search.ya...imate&uref=chmm

Startpage deleted: http://www.trotux.co...43J8743&type=hp

Startpage deleted: http://www.youndoo.c...43J8743&type=hp

Startpage deleted: http://start.roboform.com

Startpage deleted: http://start.roboform.com/

Startpage deleted: https://www.yahoo.co...t&type=avastbcl

Startpage deleted: http://vosteran.com/...=1552769452&ir=

Startpage deleted: https://ph.search.ya...ws+XP&uref=chmm

Startpage deleted: http://google/

Startpage deleted: http://www.hohosearc...HEpC3AmB3QpCE..

Startpage deleted: https://ph.search.ya...imate&uref=chmm

Startpage deleted: https://ph.search.ya...dows+7+Ultimate

Startpage deleted: https://ph.search.ya...imate&uref=chmm

Startpage deleted: http://www.trotux.co...43J8743&type=hp

Startpage deleted: http://www.youndoo.c...43J8743&type=hp

Startpage deleted: http://start.roboform.com

Startpage deleted: http://start.roboform.com/

Startpage deleted: https://www.yahoo.co...t&type=avastbcl

Startpage deleted: http://vosteran.com/...=1552769452&ir=

Startpage deleted: https://ph.search.ya...ws+XP&uref=chmm

Startpage deleted: http://google/

Startpage deleted: http://www.hohosearc...HEpC3AmB3QpCE..

Startpage deleted: https://ph.search.ya...imate&uref=chmm

Startpage deleted: https://ph.search.ya...dows+7+Ultimate

Startpage deleted: https://ph.search.ya...imate&uref=chmm

Startpage deleted: http://www.trotux.co...43J8743&type=hp

Startpage deleted: http://www.youndoo.c...43J8743&type=hp

Startpage deleted: http://start.roboform.com

Startpage deleted: http://start.roboform.com/

Startpage deleted: https://www.yahoo.co...t&type=avastbcl

Startpage deleted: http://vosteran.com/...=1552769452&ir=

Startpage deleted: https://ph.search.ya...ws+XP&uref=chmm

Startpage deleted: http://google/

Startpage deleted: http://www.hohosearc...HEpC3AmB3QpCE..

Startpage deleted: https://ph.search.ya...imate&uref=chmm

Startpage deleted: https://ph.search.ya...dows+7+Ultimate

Startpage deleted: https://ph.search.ya...imate&uref=chmm

Startpage deleted: http://www.trotux.co...43J8743&type=hp

Startpage deleted: http://www.youndoo.c...43J8743&type=hp

Startpage deleted: http://start.roboform.com

Startpage deleted: http://start.roboform.com/

Startpage deleted: https://www.yahoo.co...t&type=avastbcl

Startpage deleted: http://vosteran.com/...=1552769452&ir=

Startpage deleted: https://ph.search.ya...ws+XP&uref=chmm

Startpage deleted: http://google/

Startpage deleted: http://www.hohosearc...HEpC3AmB3QpCE..

Startpage deleted: https://ph.search.ya...imate&uref=chmm

Startpage deleted: https://ph.search.ya...dows+7+Ultimate

Startpage deleted: https://ph.search.ya...imate&uref=chmm

Startpage deleted: http://www.trotux.co...43J8743&type=hp

Startpage deleted: http://www.youndoo.c...43J8743&type=hp

Startpage deleted: http://start.roboform.com

Startpage deleted: http://start.roboform.com/

Startpage deleted: https://www.yahoo.co...t&type=avastbcl

Startpage deleted: http://vosteran.com/...=1552769452&ir=

Startpage deleted: https://ph.search.ya...ws+XP&uref=chmm

Startpage deleted: http://google/

Startpage deleted: http://www.hohosearc...HEpC3AmB3QpCE..

Startpage deleted: https://ph.search.ya...imate&uref=chmm

Startpage deleted: https://ph.search.ya...dows+7+Ultimate

Startpage deleted: https://ph.search.ya...imate&uref=chmm

Startpage deleted: http://www.trotux.co...43J8743&type=hp

Startpage deleted: http://www.youndoo.c...43J8743&type=hp

Startpage deleted: http://start.roboform.com

Startpage deleted: http://start.roboform.com/

Startpage deleted: https://www.yahoo.co...t&type=avastbcl

Startpage deleted: http://vosteran.com/...=1552769452&ir=

Startpage deleted: https://ph.search.ya...ws+XP&uref=chmm

Startpage deleted: http://google/

Startpage deleted: http://www.hohosearc...HEpC3AmB3QpCE..

Startpage deleted: https://ph.search.ya...imate&uref=chmm

Startpage deleted: https://ph.search.ya...dows+7+Ultimate

Startpage deleted: https://ph.search.ya...imate&uref=chmm

Startpage deleted: http://www.trotux.co...43J8743&type=hp

Startpage deleted: http://www.youndoo.c...43J8743&type=hp

*************************

::Tracing keys deleted

::Winsock settings cleared

::Additional Actions: 0

*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [28375 B] - [2017/7/25 23:39:48]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

#4
zep516

Posted 25 July 2017 - 06:29 PM

Trusted Helper

Malware Removal
8,090 posts

Thanks for that log

We will run to more malware scans.

Next

Please download Junkware Removal Tool to your Desktop.
Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete, depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
Please post the contents of JRT.txt into your reply.

Next
- Please download Malwarebytes Anti-Malware to your desktop.
- Double-click mbam-setup-version.exe and follow the prompts to install the program.
- Launch Malwarebytes Anti-Malware
- Then click Finish.
- If an update is found, you will be prompted to download and install the latest version.
- Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
- When the scan is complete , make sure that that all Threats are selected, and click Remove Selected.
- Reboot your computer if prompted.
Posting the Malwarebytes log.
- After the restart once you are back at your desktop, open MBAM once more.
- Click on the History tab > Application Logs.
- Double click on the Scan Log which shows the Date and time of the scan just performed.
- Click 'Export'.
- Click 'Text file (*.txt)'
- In the Save File dialog box which appears, click on Desktop.
- In the File name: box type a name for your scan log.
- A message box named 'File Saved' should appear stating "Your file has been successfully exported".
- Click Ok
- post that saved log to your next reply.
In your next reply post;
The JRT.txt Log
Malwarebytes log

#5
edselt

Posted 25 July 2017 - 06:45 PM

New Member

Topic Starter
Member
9 posts

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes

Version: 8.1.4 (07.09.2017)

Operating System: Windows 7 Ultimate x64

Ran by DiNo (Administrator) on Wed 07/26/2017 at 8:39:46.80

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 18

Successfully deleted: C:\Program Files (x86)\GUTB167.tmp (File)

Successfully deleted: C:\Program Files (x86)\GUTDD6.tmp (File)

Successfully deleted: C:\Users\DiNo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)

Successfully deleted: C:\Users\DiNo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4QA6A12D (Temporary Internet Files Folder)

Successfully deleted: C:\Users\DiNo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)

Successfully deleted: C:\Users\DiNo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\803HPVCD (Temporary Internet Files Folder)

Successfully deleted: C:\Users\DiNo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B9OEAC6J (Temporary Internet Files Folder)

Successfully deleted: C:\Users\DiNo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)

Successfully deleted: C:\Users\DiNo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)

Successfully deleted: C:\Users\DiNo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W7Q491DT (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4QA6A12D (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\803HPVCD (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B9OEAC6J (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W7Q491DT (Temporary Internet Files Folder)

Deleted the following from C:\Users\DiNo\AppData\Roaming\Mozilla\Firefox\Profiles\50x2pgiq.default-1497831639553\prefs.js

user_pref(browser.urlbar.suggest.searches, true);

Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Wed 07/26/2017 at 8:45:08.46

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#6
edselt

Posted 25 July 2017 - 08:31 PM

New Member

Topic Starter
Member
9 posts

Malwarebytes

www.malwarebytes.com

-Log Details-

Scan Date: 7/26/17

Scan Time: 9:27 AM

Log File: scan log.txt

Administrator: Yes

-Software Information-

Version: 3.1.2.1733

Components Version: 1.0.160

Update Package Version: 1.0.2251

License: Trial

-System Information-

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: DiNo-PC\DiNo

-Scan Summary-

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 376745

Threats Detected: 18

Threats Quarantined: 18

Time Elapsed: 21 min, 23 sec

-Scan Options-

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

-Scan Details-

Process: 0

(No malicious items detected)

Module: 0

(No malicious items detected)

Registry Key: 3

PUP.Optional.WinYahoo, HKU\S-1-5-21-371815623-3163942107-3489479027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Delete-on-Reboot, [91], [247049],1.0.2251

PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Delete-on-Reboot, [91], [247049],1.0.2251

PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Delete-on-Reboot, [91], [247049],1.0.2251

Registry Value: 2

PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, Quarantined, [91], [247049],1.0.2251

PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, Quarantined, [91], [247049],1.0.2251

Registry Data: 2

PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replaced, [91], [293458],1.0.2251

PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replaced, [91], [293458],1.0.2251

Data Stream: 0

(No malicious items detected)

Folder: 3

PUP.Optional.Perion, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_1\Plugins, Quarantined, [1562], [178860],1.0.2251

PUP.Optional.Perion, C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_1, Quarantined, [1562], [178860],1.0.2251

PUP.Optional.Perion, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\JIFFLLIPLGEAJJDHMKCFNNGFPGBJONJG, Quarantined, [1562], [178860],1.0.2251

File: 8

Trojan.Agent.Trace, C:\USERS\DINO\APPDATA\ROAMING\PIDLOC.TXT, Quarantined, [3189], [247557],1.0.2251

Trojan.Agent.Trace, C:\USERS\DINO\APPDATA\ROAMING\PID.TXT, Quarantined, [3189], [247556],1.0.2251

PUP.Optional.SearchManager.BITSRST, C:\USERS\DINO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\chrome-extension_bahkljhhdeciiaodlkppoonappfnheoi_0.localstorage, Quarantined, [1164], [396192],1.0.2251

PUP.Optional.SearchManager.BITSRST, C:\PROGRAMDATA\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Delete-on-Reboot, [1164], [-1],0.0.0

PUP.Optional.SearchManager.BITSRST, C:\PROGRAMDATA\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Delete-on-Reboot, [1164], [-1],0.0.0

PUP.Optional.SearchManager.BITSRST, C:\PROGRAMDATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Quarantined, [1164], [-1],0.0.0

PUP.Optional.SearchManager.BITSRST, C:\PROGRAMDATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Quarantined, [1164], [-1],0.0.0

Physical Sector: 0

(No malicious items detected)

(end)

#7
zep516

Posted 25 July 2017 - 08:35 PM

Trusted Helper

Malware Removal
8,090 posts

Hello,

Keep Malwarebytes on your computer and anytime you suspect something run a scan with it.

Lets see whats left.

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

Double-click to run it. When the tool opens click Yes to disclaimer.
Make sure you checkmark Addition.txt box.
Press Scan button.
Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

#8
edselt

Posted 25 July 2017 - 08:45 PM

New Member

Topic Starter
Member
9 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-07-2017

Ran by DiNo (administrator) on DINO-PC (26-07-2017 10:39:59)

Running from D:\OS\SPYWAREMALWARE

Loaded Profiles: DiNo (Available Profiles: DiNo)

Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Opera)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe

(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe

(Avast Software) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.609\SZBrowser.exe

(Avast Software) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.609\SZBrowser_crashreporter.exe

(Avast Software) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.609\SZBrowser.exe

(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe

() C:\Program Files\AVAST Software\Avast\AvastNM.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Avast Software) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.609\SZBrowser.exe

(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe

(Avast Software) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.609\SZBrowser.exe

(Farbar) D:\OS\SPYWAREMALWARE\FRST64-1.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213832 2017-07-25] (AVAST Software)

HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION

HKU\S-1-5-21-371815623-3163942107-3489479027-1000\...\MountPoints2: {e4dd7202-b4bc-11e6-aa64-806e6f6e6963} - E:\setup.exe

HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2016-12-12] (Microsoft Corporation)

GroupPolicy: Restriction <==== ATTENTION

GroupPolicyScripts: Restriction <==== ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.254.254 192.168.254.254

Tcpip\..\Interfaces\{83B85271-B184-48DF-BF65-A8201BF715CB}: [DhcpNameServer] 192.168.254.254 192.168.254.254

Tcpip\..\Interfaces\{EEA3698C-129E-40E3-8CFC-2EC3466A5E51}: [NameServer] 8.8.4.4,8.8.8.8

Tcpip\..\Interfaces\{EEA3698C-129E-40E3-8CFC-2EC3466A5E51}: [DhcpNameServer] 192.168.254.254 192.168.254.254

Internet Explorer:

==================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-371815623-3163942107-3489479027-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-07-25] (AVAST Software)

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)

BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-07-25] (AVAST Software)

StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:

========

FF DefaultProfile: 50x2pgiq.default-1497831639553

FF ProfilePath: C:\Users\DiNo\AppData\Roaming\Mozilla\Firefox\Profiles\50x2pgiq.default-1497831639553 [2017-07-25]

FF Extension: (Firefox Hotfix) - C:\Users\DiNo\AppData\Roaming\Mozilla\Firefox\Profiles\50x2pgiq.default-1497831639553\Extensions\[email protected] [2017-06-19]

FF Extension: (Avast Online Security) - C:\Users\DiNo\AppData\Roaming\Mozilla\Firefox\Profiles\50x2pgiq.default-1497831639553\Extensions\[email protected] [2017-07-25]

FF ProfilePath: C:\Users\DiNo\AppData\Roaming\Mozilla\Firefox\Profiles\cyfvltd1.default-1497831639553-1497831929156 [2017-06-19]

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

Chrome:

=======

CHR DefaultProfile: Default

CHR HomePage: Default -> hxxps://www.duckduckgo.com

CHR StartupUrls: Default -> "hxxps://www.duckduckgo.com"

CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}

CHR DefaultSearchKeyword: Default -> DuckDuckGo

CHR DefaultSuggestURL: Default -> hxxps://ac.duckduckgo.com/ac/?q={searchTerms}&type=list

CHR Profile: C:\Users\DiNo\AppData\Local\Google\Chrome\User Data\Default [2017-07-26]

CHR Profile: C:\Users\DiNo\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-07-24]

CHR Profile: C:\Users\DiNo\AppData\Local\Google\Chrome\User Data\System Profile [2017-07-03]

CHR HKLM-x32\...\Chrome\Extension: [fabhkdeopjkcpkmofliimbjckmocfiom] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [fdbpcigaolookbahgdofnimidinicfid] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7430992 2017-07-25] (AVAST Software s.r.o.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263312 2017-07-25] (AVAST Software)

R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)