1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[Resolved] Infected computer

Discussion in 'Spyware, Adware, Viruses and Malware Removal' started by syzygy1234, Dec 23, 2016.

  1. syzygy1234

    syzygy1234 Techie7 New Member

    Mr. Broni I have the same issue, I scanned my laptop using AdwareCLeaner, Malwarebytes and Plumbytes Anti-Malware but still there are files that keeps on coming back, also there is this FAST SEARCH extension on my Google Browser that i got when the laptop got infected by malwares that causes me to be directed to nova.rambler.ru website everytime i tried search info on Google.com but it stopped after the initial scan and cleaning i did with AdwareCleaner and mawarebytes. I am just worried about the other files left that is being detectedby Plumbytes as a malware . I attached the Log files for each respectively for the initial scan i did. I will also upload an image file for the detected files by plumbytes which is related to the deleted threats by adwarecleaner.
     

    Attached Files:

  2. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Welcome aboard [​IMG]

    Please, complete all steps listed HERE

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. syzygy1234

    syzygy1234 Techie7 New Member

    heres the log for FRST scan

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-12-2016
    Ran by user (administrator) on USER-PC (24-12-2016 12:04:50)
    Running from C:\Users\user\Desktop
    Loaded Profiles: user (Available Profiles: user)
    Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 8 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
    (PLUMBYTES) C:\Program Files\Plumbytes Software\Plumbytes Anti-Malware\AmwService.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Microsoft Corporation) C:\Windows\System32\wisptis.exe
    (Microsoft Corporation) C:\Windows\System32\wisptis.exe
    (Lenovo) C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
    () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
    () C:\Program Files (x86)\Garena Plus\ggdllhost.exe
    () C:\Program Files (x86)\Garena Plus\ggdllhost.exe
    () C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
    () C:\Program Files (x86)\Garena Plus\bbtalk\BBTalk.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (ASUS) C:\Program Files (x86)\ASUS\FaceLogon\smartlogon.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe

    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [177952 2016-05-20] (NVIDIA Corporation)
    AppInit_DLLs: ,C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [177952 2016-05-20] (NVIDIA Corporation)
    AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [155768 2016-05-20] (NVIDIA Corporation)
    BootExecute: autocheck autochk * sdnclean64.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 114.108.193.201 114.108.195.1
    Tcpip\..\Interfaces\{185EA24D-447A-43B2-BE76-42B999E1F24B}: [DhcpNameServer] 114.108.193.201 114.108.195.1

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-1079155416-1279843625-3375403390-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-1079155416-1279843625-3375403390-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
    BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-12-29] (Atheros Commnucations)
    Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
    Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
    Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
    Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)

    FireFox:
    ========
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2011-12-01] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2011-12-01] (Intel Corporation)
    FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2016-09-23] ( Garena)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2016-12-24]
    CHR Extension: (Google Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-12-23]
    CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-23]
    CHR Extension: (Google Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-12-23]
    CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-23]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-23]
    CHR Extension: (Fast search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha [2016-12-23]
    CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-23]
    CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-23]

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
    R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [106144 2011-12-29] (Atheros Commnucations) [File not signed]
    R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-05-02] (NVIDIA Corporation)
    R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2011-12-16] ()
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
    S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
    R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-05-02] (NVIDIA Corporation)
    R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-05-02] (NVIDIA Corporation)
    R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-05-02] (NVIDIA Corporation)
    R2 pbamw_service; C:\Program Files\Plumbytes Software\Plumbytes Anti-Malware\AmwService.exe [125712 2016-11-09] (PLUMBYTES)
    S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.)
    S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
    R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-12-29] (Atheros) [File not signed]

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 AiCharger; C:\Windows\SysWOW64\DRIVERS\AiCharger.sys [17152 2012-01-30] (ASUSTek Computer Inc.)
    R3 AsusVBus; C:\Windows\System32\DRIVERS\AsusVBus.sys [35968 2011-12-21] (Windows (R) Win 7 DDK provider)
    R3 AsusVTouch; C:\Windows\System32\DRIVERS\AsusVTouch.sys [16512 2011-11-07] (Windows (R) Win 7 DDK provider)
    S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-09-01] (Disc Soft Ltd)
    R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
    R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-05-02] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
    S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]
    S3 gkernel; \??\C:\Users\user\AppData\Local\Temp\gkernel.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-12-24 12:04 - 2016-12-24 12:05 - 00012830 _____ C:\Users\user\Desktop\FRST.txt
    2016-12-24 12:04 - 2016-12-24 12:04 - 06334848 _____ (AVAST Software) C:\Users\user\Downloads\avast_free_antivirus_setup_online.exe
    2016-12-23 17:14 - 2016-12-23 17:14 - 00007991 _____ C:\Users\user\Downloads\fixlist (1).txt
    2016-12-23 17:08 - 2016-12-23 17:09 - 02420736 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
    2016-12-23 17:05 - 2016-12-23 17:05 - 00002193 _____ C:\Users\user\Desktop\JRT.txt
    2016-12-23 17:01 - 2016-12-23 17:01 - 01663040 _____ (Malwarebytes) C:\Users\user\Downloads\JRT.exe
    2016-12-23 16:47 - 2016-12-23 16:47 - 00013866 _____ C:\ComboFix.txt
    2016-12-23 16:41 - 2016-12-23 16:47 - 00000000 ____D C:\Windows\erdnt
    2016-12-23 16:41 - 2016-12-23 16:47 - 00000000 ____D C:\Qoobox
    2016-12-23 16:41 - 2011-06-26 14:45 - 00256000 _____ C:\Windows\PEV.exe
    2016-12-23 16:41 - 2010-11-08 01:20 - 00208896 _____ C:\Windows\MBR.exe
    2016-12-23 16:41 - 2009-04-20 12:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2016-12-23 16:41 - 2000-08-31 08:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2016-12-23 16:41 - 2000-08-31 08:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2016-12-23 16:41 - 2000-08-31 08:00 - 00098816 _____ C:\Windows\sed.exe
    2016-12-23 16:41 - 2000-08-31 08:00 - 00080412 _____ C:\Windows\grep.exe
    2016-12-23 16:41 - 2000-08-31 08:00 - 00068096 _____ C:\Windows\zip.exe
    2016-12-23 16:40 - 2016-12-23 16:40 - 05659917 ____R (Swearware) C:\Users\user\Downloads\ComboFix.exe
    2016-12-23 16:35 - 2016-12-23 17:12 - 00000000 ____D C:\Users\user\Desktop\virus form
    2016-12-23 16:21 - 2016-12-23 16:34 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2016-12-23 16:00 - 2016-12-23 16:00 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
    2016-12-23 15:59 - 2016-12-23 16:34 - 00000000 ____D C:\Users\user\Desktop\mbar
    2016-12-23 15:57 - 2016-12-23 15:58 - 16563352 _____ (Malwarebytes Corp.) C:\Users\user\Downloads\mbar-1.09.3.1001.exe
    2016-12-23 15:36 - 2016-12-23 15:36 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
    2016-12-23 15:36 - 2016-12-23 15:36 - 00000858 _____ C:\Users\Public\Desktop\RogueKiller.lnk
    2016-12-23 15:36 - 2016-12-23 15:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
    2016-12-23 15:35 - 2016-12-23 16:20 - 00000000 ____D C:\ProgramData\RogueKiller
    2016-12-23 15:35 - 2016-12-23 15:36 - 00000000 ____D C:\Program Files\RogueKiller
    2016-12-23 15:29 - 2016-12-23 15:34 - 34221208 _____ (Adlice Software ) C:\Users\user\Downloads\setup.exe
    2016-12-23 14:21 - 2016-12-23 14:21 - 00899584 _____ (Farbar) C:\Users\user\Downloads\FSS.exe
    2016-12-23 14:21 - 2016-12-23 14:21 - 00002465 _____ C:\Users\user\Downloads\FSS.txt
    2016-12-23 14:08 - 2016-12-23 21:42 - 00001160 _____ C:\Users\user\Desktop\Plumbytes Anti-Malware.lnk
    2016-12-23 14:08 - 2016-12-23 14:18 - 00000000 ____D C:\Users\user\AppData\Local\{12A8CCFE-3C33-4995-BAD8-074E4C5B22FD}
    2016-12-23 14:08 - 2016-12-23 14:08 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Plumbytes Anti-Malware
    2016-12-23 14:04 - 2016-12-23 14:04 - 00881936 _____ (Plumbytes Software) C:\Users\user\Downloads\antimalwaresetup.exe
    2016-12-23 13:20 - 2016-12-23 16:21 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2016-12-23 13:20 - 2016-12-23 15:25 - 00102856 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
    2016-12-23 13:20 - 2016-12-23 15:25 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
    2016-12-23 13:20 - 2016-12-23 13:20 - 00001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2016-12-23 13:20 - 2016-12-14 12:55 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
    2016-12-23 13:10 - 2016-12-23 13:10 - 03977168 _____ C:\Users\user\Downloads\AdwCleaner.exe
    2016-12-23 11:22 - 2016-12-23 11:22 - 00040111 _____ C:\Users\user\Downloads\Addition.txt
    2016-12-23 11:21 - 2016-12-23 11:22 - 00020285 _____ C:\Users\user\Downloads\FRST.txt
    2016-12-23 10:00 - 2016-12-23 10:00 - 00002270 _____ C:\Users\user\Downloads\Fixlog.txt
    2016-12-23 09:58 - 2016-12-24 12:04 - 00000000 ____D C:\FRST
    2016-12-23 09:58 - 2016-12-23 09:54 - 00001786 _____ C:\Users\user\Downloads\fixlist.txt
    2016-12-23 09:54 - 2016-12-23 09:54 - 00001786 _____ C:\Users\user\Desktop\fixlist.txt
    2016-12-23 08:48 - 2016-12-23 08:50 - 00000000 ____D C:\Users\user\AppData\LocalLow\Mozilla
    2016-12-23 08:47 - 2016-12-23 08:47 - 00000000 ____D C:\Users\user\AppData\Local\Mozilla
    2016-12-23 06:57 - 2016-12-23 16:56 - 00000000 ____D C:\AdwCleaner
    2016-12-23 06:01 - 2016-12-23 12:51 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
    2016-12-23 06:01 - 2016-12-23 06:01 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
    2016-12-23 06:01 - 2016-12-23 06:01 - 00000000 ____D C:\Users\user\AppData\Local\Zemana
    2016-12-23 06:01 - 2016-12-23 06:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
    2016-12-23 05:50 - 2016-12-23 05:55 - 00000000 ____D C:\ProgramData\HitmanPro
    2016-12-23 05:12 - 2016-12-23 16:21 - 00000000 ____D C:\ProgramData\Malwarebytes
    2016-12-23 05:12 - 2016-12-23 13:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2016-12-23 05:12 - 2016-12-23 05:12 - 00000000 ____D C:\Program Files\Malwarebytes
    2016-12-23 05:08 - 2016-12-23 05:10 - 54199488 _____ (Malwarebytes ) C:\Users\user\Downloads\mb3-setup-consumer-3.0.5.1299.exe
    2016-12-21 01:50 - 2016-12-21 01:50 - 00000000 ____D C:\Program Files\Common Files\AV
    2016-12-21 01:50 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
    2016-12-21 01:41 - 2016-12-23 12:51 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
    2016-12-21 01:41 - 2016-12-23 12:50 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
    2016-12-21 01:41 - 2016-12-23 12:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    2016-12-21 01:41 - 2016-12-23 04:53 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
    2016-12-21 01:41 - 2016-12-21 01:41 - 00001395 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    2016-12-21 01:41 - 2016-12-21 01:41 - 00001383 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    2016-12-21 01:41 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
    2016-12-21 01:36 - 2016-12-21 01:38 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\user\Downloads\spybot-2.4.exe
    2016-12-20 20:29 - 2016-12-21 01:30 - 135632432 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2016-12-20 20:22 - 2016-12-20 20:29 - 47675104 _____ (Microsoft Corporation) C:\Users\user\Downloads\Windows-KB890830-x64-V5.43.exe
    2016-12-20 19:57 - 2016-12-20 19:57 - 00000000 _____ C:\autoexec.bat
    2016-12-20 19:48 - 2016-12-20 19:48 - 03516080 _____ (Enigma Software Group USA, LLC.) C:\Users\user\Downloads\SpyHunter-Installer.exe
    2016-12-20 18:57 - 2016-12-23 14:08 - 00000000 ____D C:\Program Files\Plumbytes Software
    2016-12-20 11:41 - 2016-12-20 11:41 - 00000000 ____D C:\Users\user\AppData\Local\Chromium
    2016-12-17 13:33 - 2016-12-17 13:48 - 00000000 ____D C:\Users\user\Desktop\order
    2016-12-12 18:00 - 2016-12-13 14:36 - 00009435 _____ C:\Users\user\Desktop\wedding list.xlsx
    2016-12-07 06:30 - 2016-12-07 06:30 - 00978643 _____ C:\Users\user\Downloads\video-1481034697.mp4
    2016-12-05 15:07 - 2016-12-05 15:07 - 00146788 _____ C:\Users\user\Downloads\Tadhana (Fingerstyle Guitar Tab by ralphjay14).pdf

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-12-23 21:42 - 2015-08-18 19:00 - 00000000 ____D C:\Users\user\AppData\Roaming\GarenaPlus
    2016-12-23 21:42 - 2015-08-18 18:54 - 00000000 ____D C:\ProgramData\GarenaMessenger
    2016-12-23 19:30 - 2016-11-13 00:28 - 00003476 _____ C:\Windows\System32\Tasks\Garena+ Plugin Host Service
    2016-12-23 19:30 - 2015-08-18 18:54 - 00000000 ____D C:\Program Files (x86)\Garena Plus
    2016-12-23 19:29 - 2015-08-18 15:32 - 00000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
    2016-12-23 17:04 - 2009-07-14 12:45 - 00021248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2016-12-23 17:04 - 2009-07-14 12:45 - 00021248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2016-12-23 16:57 - 2015-08-18 17:59 - 00000380 _____ C:\Users\user\AppData\Roaming\sp_data.sys
    2016-12-23 16:57 - 2015-08-18 15:50 - 00001622 _____ C:\Windows\system32\ServiceFilter.ini
    2016-12-23 16:56 - 2016-06-02 11:09 - 00000000 ____D C:\Windows\SysWOW64\NV
    2016-12-23 16:56 - 2016-06-02 11:09 - 00000000 ____D C:\Windows\system32\NV
    2016-12-23 16:56 - 2015-08-18 15:56 - 00000000 ____D C:\Program Files (x86)\SMADAV
    2016-12-23 16:56 - 2015-08-18 15:32 - 00000828 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
    2016-12-23 16:56 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-12-23 16:46 - 2009-07-14 10:34 - 00000215 _____ C:\Windows\system.ini
    2016-12-23 14:45 - 2015-08-20 10:42 - 00000000 ____D C:\Users\user\AppData\Roaming\Skype
    2016-12-23 14:43 - 2016-03-02 14:24 - 00000000 ____D C:\Program Files (x86)\Steam
    2016-12-23 14:25 - 2015-08-18 15:50 - 00001834 _____ C:\Windows\system32\AutoRunFilter.ini
    2016-12-23 13:15 - 2009-07-14 13:08 - 00032642 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2016-12-23 12:50 - 2016-07-29 12:05 - 00000000 ____D C:\Windows\System32\Tasks\Apple
    2016-12-23 12:50 - 2015-08-18 15:48 - 00000000 ____D C:\ProgramData\Atheros
    2016-12-23 12:50 - 2015-08-18 15:47 - 00000000 ____D C:\ProgramData\P4G
    2016-12-23 12:50 - 2015-08-18 15:42 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BT Program
    2016-12-23 12:50 - 2009-07-14 13:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
    2016-12-23 12:50 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\NDF
    2016-12-23 12:50 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\registration
    2016-12-23 12:50 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\inf
    2016-12-23 12:50 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\AppCompat
    2016-12-23 12:49 - 2015-08-18 18:28 - 00000000 ____D C:\Program Files (x86)\Google
    2016-12-23 12:41 - 2015-08-19 21:50 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps
    2016-12-23 08:48 - 2016-09-11 12:47 - 00000000 ____D C:\Users\user\AppData\Roaming\Mozilla
    2016-12-21 01:30 - 2015-09-10 17:00 - 00000000 ____D C:\Users\user\AppData\Roaming\vlc
    2016-12-20 19:29 - 2015-08-18 15:56 - 00000000 ____D C:\[Smad-Cage]
    2016-12-20 11:41 - 2016-03-02 14:32 - 00000000 ____D C:\Users\user\AppData\Local\Steam
    2016-12-17 13:27 - 2009-07-14 13:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-12-17 09:45 - 2015-08-18 18:28 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2016-12-17 09:45 - 2015-08-18 18:28 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2016-12-16 01:37 - 2015-09-02 21:47 - 00002225 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-12-16 01:37 - 2015-09-02 21:47 - 00002213 _____ C:\Users\Public\Desktop\Google Chrome.lnk

    ==================== Files in the root of some directories =======

    2015-08-18 17:59 - 2016-12-23 16:57 - 0000380 _____ () C:\Users\user\AppData\Roaming\sp_data.sys

    Some files in TEMP:
    ====================
    C:\Users\user\AppData\Local\Temp\libeay32.dll
    C:\Users\user\AppData\Local\Temp\msvcr120.dll
    C:\Users\user\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2016-12-14 01:30

    ==================== End of FRST.txt ============================
     
  4. syzygy1234

    syzygy1234 Techie7 New Member

    and is for the additional scan result


    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-12-2016
    Ran by user (24-12-2016 12:05:16)
    Running from C:\Users\user\Desktop
    Windows 7 Ultimate Service Pack 1 (X64) (2015-08-18 07:16:28)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1079155416-1279843625-3375403390-500 - Administrator - Disabled)
    Guest (S-1-5-21-1079155416-1279843625-3375403390-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-1079155416-1279843625-3375403390-1003 - Limited - Enabled)
    user (S-1-5-21-1079155416-1279843625-3375403390-1000 - Administrator - Enabled) => C:\Users\user

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
    AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
    AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKU\S-1-5-21-1079155416-1279843625-3375403390-1000\...\uTorrent) (Version: 3.4.7.42330 - BitTorrent Inc.)
    Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ASUS FaceLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0013 - ASUS)
    ASUS K5 Series ScreenSaver (HKLM-x32\...\ASUS K5 Series ScreenSaver) (Version: 1.0.0002 - ASUS)
    ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.2.0 - ASUS)
    ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0040 - ASUS)
    ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.0.8 - ASUS)
    ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.25 - ASUS)
    ASUS Virtual Touch (HKLM-x32\...\{938CFBD4-0652-49E5-BB8B-153948865941}) (Version: 1.0.9 - ASUS)
    Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.115 - Atheros)
    ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0020 - ASUS)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Crysis 2 Maximum Edition (HKLM\...\Steam App 108800) (Version: - Crytek Studios)
    DARK.SOULS.III.Deluxe.Edition.[v1.05].Repacked-ALI213 version 1.05.0.0 (HKLM-x32\...\{3B5C2526-3FF3-45AE-BD06-6D60698070AA}}_is1) (Version: 1.05.0.0 - Ali213.net)
    Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
    ETDWare PS/2-X64 10.5.9.0 (HKLM\...\Elantech) (Version: 10.5.9.0 - ELAN Microelectronic Corp.)
    Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.10 - ASUS)
    Garena - Heroes of Newerth (HKLM-x32\...\HoN) (Version: - Garena Online Pte Ltd.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
    Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35132 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
    Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2653 - Intel Corporation)
    Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
    Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)
    iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: 12.2.2.25 - Apple Inc.)
    Malwarebytes version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
    Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
    Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Mobile Assistant (HKLM-x32\...\{48D6D221-9262-4159-9DBF-E40DA8478648}) (Version: 1.4.1.10090 - Lenovo)
    NVIDIA GeForce Experience 2.11.3.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.3.5 - NVIDIA Corporation)
    NVIDIA Graphics Driver 368.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 368.22 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
    Plumbytes Anti-Malware 2017 (HKLM\...\Plumbytes Anti-Malware 2017) (Version: - Plumbytes Software)
    Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{7D916FA5-DAE9-4A25-B089-655C70EAF607}) (Version: 9.2 - Qualcomm Atheros)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6570 - Realtek Semiconductor Corp.)
    Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.27015 - Realtek Semiconductor Corp.)
    RogueKiller version 12.8.6.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.8.6.0 - Adlice Software)
    SceneSwitch (HKLM-x32\...\{5172E572-C175-4F80-A6D5-5CB45826AD61}) (Version: 1.0.11 - ASUS)
    SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
    SHIELD Wireless Controller Driver (Version: 2.11.3.5 - NVIDIA Corporation) Hidden
    Skype™ 7.28 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.28.101 - Skype Technologies S.A.)
    SMADAV version 10.0.1 (HKLM-x32\...\{8B9FA5FF-3E61-4658-B0DA-E6DDB46D6BAD}_is1) (Version: 10.0.1 - SmadSoft)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
    StarCraft II (HKLM-x32\...\StarCraft II_R.G. Mechanics_is1) (Version: - R.G. Mechanics, ProZorg_tm)
    Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
    The Witcher 3 Wild Hunt v.1.12 (HKLM-x32\...\The Witcher 3 Wild Hunt_is1) (Version: - )
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
    Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
    WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.0 - ASUS)
    WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
    Wireless Console 3 (HKLM-x32\...\{19EA33FB-B34E-40EA-8B8A-61743AEB795A}) (Version: 3.0.27 - ASUS)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {00AD8DB1-5581-4247-B022-2EB59791CC87} - System32\Tasks\Garena+ Plugin Host Service => C:\Program Files (x86)\Garena Plus\ggdllhost.exe [2016-02-22] ()
    Task: {0B3FCA04-23E9-445F-8016-4B88E873D508} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-01-30] (ASUSTek Computer Inc.)
    Task: {0BEE71C2-5BAA-4C7D-850A-9FDCD252F18F} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe [2011-10-03] (ASUS)
    Task: {1F0028EB-A434-4941-BEC6-61E06C12C5F9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
    Task: {25DDA4B3-B0ED-4A4D-BE63-F0342E9C1FA9} - System32\Tasks\ASUS Quick Gesture => C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe [2011-12-21] (ASUSTeK Computer Inc.)
    Task: {3FC35088-C4FA-49EE-85D0-37671D0B06F6} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
    Task: {770C24A2-B29F-47D4-BBE3-7F2EAECE39BB} - System32\Tasks\lenovo mobile auto run => C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe [2014-09-29] (Lenovo)
    Task: {7E18D9E4-AC0D-46EC-9B82-F0323AF021AF} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-01-04] (ASUS)
    Task: {841B824B-67D3-4C6F-BA51-E63FE958B8B7} - System32\Tasks\smadav => C:\Program Files (x86)\Smadav\SMΔRTP.exe [2015-08-18] (Smadsoft)
    Task: {86B04DD6-7B89-4437-A6E1-191B9C3B615D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-18] (Google Inc.)
    Task: {9587EDC7-A4AF-485E-92E0-C1235C8DBE5C} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
    Task: {A0E0EB92-57C2-4C55-9952-396942893AE5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
    Task: {A6099C30-8642-4F21-A3E7-657D9A261FC5} - System32\Tasks\{A27A7952-4966-4733-A435-EDA18ADA4426} => Chrome.exe hxxp://ui.skype.com/ui/0/7.8.0.102/en/abandoninstall?source=lightinstaller&amp;page=tsInstall
    Task: {B467776F-E08B-4B10-96B6-D4C4259C0D97} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
    Task: {BC7C3567-2F6C-412C-A95F-3342523597E0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
    Task: {E48F5E71-9DDD-4A24-B457-357C5CA8B021} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-18] (Google Inc.)
    Task: {F1D9D54F-892D-4CBD-B854-F78B9EF70CBE} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2012-06-25] (ASUSTek Computer Inc.)
    Task: {F7C68A6A-A4A9-4ADF-89E1-920F724EBDDE} - System32\Tasks\ASUS Quick Gesture (x64) => C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x64\QuickGesture64.exe [2011-12-21] (ASUSTeK Computer Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
    Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
    ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
    ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic

    ==================== Loaded Modules (Whitelisted) ==============

    2015-08-18 15:25 - 2005-06-07 12:26 - 00043008 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
    2015-05-15 16:26 - 2015-05-15 16:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2015-08-18 15:31 - 2011-12-16 11:02 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    2016-06-01 18:48 - 2016-05-02 13:54 - 00369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
    2016-06-01 18:48 - 2016-05-02 13:54 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
    2016-06-01 18:48 - 2016-05-02 13:55 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
    2016-01-30 22:55 - 2016-05-02 13:55 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
    2016-06-01 18:48 - 2016-05-02 13:55 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
    2016-06-01 18:48 - 2016-05-02 13:55 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
    2016-06-01 18:48 - 2016-05-02 13:55 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
    2016-01-30 22:55 - 2016-05-02 13:55 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
    2015-08-18 15:25 - 2016-05-20 10:11 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2011-12-14 16:18 - 2011-12-14 16:18 - 00119808 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
    2015-08-11 17:11 - 2016-02-22 19:24 - 00174632 _____ () C:\Program Files (x86)\Garena Plus\ggdllhost.exe
    2015-08-11 17:11 - 2016-12-22 01:47 - 09136168 _____ () C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
    2015-07-07 19:40 - 2016-12-22 00:09 - 07341008 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\BBtalk.exe
    2016-06-01 18:48 - 2016-05-02 13:54 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
    2016-06-01 18:48 - 2016-05-02 13:54 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
    2015-08-18 15:31 - 2011-12-16 10:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
    2014-09-29 15:05 - 2014-09-29 15:05 - 00109736 _____ () C:\Program Files (x86)\MagicPlus\crashreport.dll
    2014-09-29 15:05 - 2014-09-29 15:05 - 00351400 _____ () C:\Program Files (x86)\MagicPlus\UsbHelper.dll
    2015-08-18 19:32 - 2016-05-02 14:02 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
    2011-08-15 20:12 - 2011-08-15 20:12 - 02603520 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtCore4.dll
    2011-08-15 20:15 - 2011-08-15 20:15 - 00382464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtXml4.dll
    2011-08-17 16:41 - 2011-08-17 16:41 - 00400384 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\sqlite3.dll
    2011-08-17 16:48 - 2011-08-17 16:48 - 00322048 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\log4cplus.dll
    2011-11-25 13:29 - 2011-11-25 13:29 - 00015872 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\featureController.dll
    2011-08-15 20:12 - 2011-08-15 20:12 - 01006592 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtNetwork4.dll
    2011-08-17 16:48 - 2011-08-17 16:48 - 00195584 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\libgsoap.dll
    2011-08-15 19:23 - 2011-08-15 19:23 - 00062464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\zlib1.dll
    2011-11-25 13:28 - 2011-11-25 13:28 - 00484352 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\DeviceProfile.dll
    2011-11-25 13:42 - 2011-11-25 13:42 - 00499976 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\plugin\PServerPlugin.dll
    2011-11-25 13:26 - 2011-11-25 13:26 - 00013824 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\eventsSender.dll
    2011-07-19 16:05 - 2011-07-19 16:05 - 14978048 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtWebKit4.dll
    2011-07-19 16:04 - 2011-07-19 16:04 - 00317952 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\phonon4.dll
    2011-08-15 20:17 - 2011-08-15 20:17 - 09224704 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtGui4.dll
    2015-08-01 17:07 - 2016-09-29 12:26 - 03437008 _____ () C:\Program Files (x86)\Garena Plus\ggspawn.dll
    2015-08-11 17:11 - 2015-08-11 17:11 - 00111552 _____ () C:\Program Files (x86)\Garena Plus\CommonLib.dll
    2015-08-11 17:11 - 2015-08-11 17:11 - 00040384 _____ () C:\Program Files (x86)\Garena Plus\DibModule.dll
    2015-08-11 17:12 - 2016-12-22 01:47 - 00047096 _____ () C:\Program Files (x86)\Garena Plus\VersionModule.dll
    2015-08-11 17:11 - 2015-08-11 17:11 - 00058304 _____ () C:\Program Files (x86)\Garena Plus\FileLoader.dll
    2015-08-11 17:12 - 2015-08-11 17:12 - 00094144 _____ () C:\Program Files (x86)\Garena Plus\PluginKernel.dll
    2015-08-11 17:11 - 2015-08-11 17:11 - 00494016 _____ () C:\Program Files (x86)\Garena Plus\CxImage.dll
    2015-08-11 17:12 - 2015-08-11 17:12 - 00032192 _____ () C:\Program Files (x86)\Garena Plus\PluginModule.dll
    2015-08-11 17:12 - 2015-08-11 17:12 - 00177600 _____ () C:\Program Files (x86)\Garena Plus\lib\fs\YYFileSystem.dll
    2015-08-11 17:12 - 2016-06-24 20:05 - 00379744 _____ () C:\Program Files (x86)\Garena Plus\lib\Http.dll
    2015-08-11 17:12 - 2015-08-11 17:12 - 00191424 _____ () C:\Program Files (x86)\Garena Plus\lib\MP3Module.dll
    2012-02-22 16:52 - 2012-02-22 16:52 - 00162304 _____ () C:\Program Files (x86)\Garena Plus\lame_enc.DLL
    2015-08-11 17:12 - 2015-08-11 17:12 - 00226752 _____ () C:\Program Files (x86)\Garena Plus\lib\TaskManagerLib.dll
    2015-08-11 17:12 - 2015-11-24 21:26 - 00159168 _____ () C:\Program Files (x86)\Garena Plus\lib\UILayout.dll
    2015-08-11 17:12 - 2015-08-11 17:12 - 00965056 _____ () C:\Program Files (x86)\Garena Plus\lib\XLL.dll
    2015-08-11 17:12 - 2015-08-11 17:12 - 00061888 _____ () C:\Program Files (x86)\Garena Plus\lib\XmlUIModule.dll
    2012-02-22 16:52 - 2012-02-22 16:52 - 00573100 _____ () C:\Program Files (x86)\Garena Plus\sqlite3.dll
    2015-08-11 17:12 - 2016-02-22 19:25 - 00237608 _____ () C:\Program Files (x86)\Garena Plus\Plugins\StatsPlugin.dll
    2015-08-11 17:12 - 2016-11-25 18:53 - 02217424 _____ () C:\Program Files (x86)\Garena Plus\Plugins\ggplugin.dll
    2015-08-11 17:12 - 2015-08-11 17:12 - 00199616 _____ () C:\Program Files (x86)\Garena Plus\ImageModule.dll
    2015-08-11 17:12 - 2015-08-11 17:12 - 00162240 _____ () C:\Program Files (x86)\Garena Plus\libmpg123.dll
    2015-08-11 17:11 - 2016-08-29 15:48 - 04892664 _____ () C:\Program Files (x86)\Garena Plus\ggdownloader.dll
    2015-08-11 17:12 - 2015-08-11 17:12 - 00072640 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\AudioMixerLib.dll
    2015-08-11 17:12 - 2015-08-11 17:12 - 00023488 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\ClientTcp.dll
    2015-08-11 17:12 - 2015-08-11 17:12 - 01552320 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\FileSender.dll
    2013-02-01 13:42 - 2013-02-01 13:42 - 00153088 _____ () C:\Program Files (x86)\Garena Plus\libzmq.dll
    2015-08-11 17:12 - 2015-08-11 17:12 - 00963008 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\GaFileTransfer.dll
    2015-08-11 17:12 - 2015-08-11 17:12 - 00251840 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\MediaEngine.dll
    2015-08-11 17:12 - 2015-08-11 17:12 - 00033216 _____ () C:\Program Files (x86)\Garena Plus\ServerMemAlloc.dll
    2015-08-11 17:12 - 2015-08-11 17:12 - 00523712 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\RSALib.dll
    2015-08-11 17:12 - 2015-08-11 17:12 - 00075200 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\UdtLib.dll
    2015-08-11 17:12 - 2016-03-17 21:18 - 00113192 _____ () C:\Program Files (x86)\Garena Plus\Plugins\PlatformPlugin.dll
    2015-08-11 17:12 - 2016-11-30 21:35 - 00242680 _____ () C:\Program Files (x86)\Garena Plus\Plugins\PluginNews.dll
    2015-08-11 17:12 - 2016-03-17 21:18 - 00410152 _____ () C:\Program Files (x86)\Garena Plus\Plugins\GarenaTalkPlugin.dll
    2015-08-11 17:12 - 2016-11-10 14:00 - 00237560 _____ () C:\Program Files (x86)\Garena Plus\Plugins\GameSalePlugin.dll
    2015-01-16 12:27 - 2015-01-16 12:27 - 00110680 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\CommonLib.dll
    2015-01-16 12:27 - 2015-01-16 12:27 - 00069720 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\PluginKernel.dll
    2015-01-16 12:27 - 2016-09-23 19:05 - 00046032 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\DibModule.dll
    2015-01-16 12:27 - 2016-10-25 21:05 - 00394744 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\ImageModule.dll
    2015-01-16 12:27 - 2016-09-23 19:05 - 00829944 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\gagmhook.dll
    2015-01-16 12:27 - 2016-09-23 19:05 - 00053752 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lollauncher.dll
    2015-07-07 19:41 - 2016-12-22 00:10 - 00035320 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\VersionModule.dll
    2015-01-16 12:27 - 2015-01-16 12:27 - 00454600 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\sqlite3.dll
    2015-02-11 15:55 - 2016-12-22 00:10 - 02499024 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\Overlay.dll
    2015-01-16 12:27 - 2015-01-16 12:27 - 00115288 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\AudioMixerLib.dll
    2015-01-16 12:27 - 2015-01-16 12:27 - 00036440 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\ChannelUrlDll.dll
    2015-01-16 12:27 - 2015-01-16 12:27 - 00431192 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\exchndl.dll
    2015-01-16 12:27 - 2016-09-23 19:06 - 00089592 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\FileManager.dll
    2015-01-16 12:27 - 2016-10-25 21:05 - 00065064 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\FileSystem.dll
    2015-01-16 12:27 - 2016-10-13 16:41 - 00387024 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\Http.dll
    2015-01-16 12:27 - 2016-10-13 16:41 - 00059856 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\InputHookLib.dll
    2015-01-16 12:27 - 2016-10-25 21:05 - 00079824 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\InputHook.dll
    2015-01-16 12:27 - 2016-09-23 19:06 - 00054736 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\IPCLib.dll
    2015-01-16 12:27 - 2016-09-23 19:06 - 00067624 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\LangLib.dll
    2015-01-16 12:27 - 2016-09-23 19:05 - 00102864 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\audiohost.dll
    2015-01-16 12:27 - 2015-01-16 12:27 - 00141400 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\MessagePumpLib.dll
    2015-01-16 12:27 - 2015-01-16 12:27 - 00036952 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\MP3Saver.dll
    2015-01-16 12:27 - 2015-01-16 12:27 - 00244824 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\libmp3lame.DLL
    2015-01-16 12:27 - 2016-09-23 19:06 - 01060344 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\RealTimeVideoEngine.dll
    2015-01-16 12:27 - 2016-09-23 19:06 - 00068648 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\ResLib.dll
    2015-01-16 12:27 - 2015-01-16 12:27 - 00105560 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\PngModule.dll
    2015-01-16 12:27 - 2016-01-05 19:31 - 00134592 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\TcpClient.dll
    2015-01-16 12:27 - 2015-01-16 12:27 - 00143960 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\UdpClient.dll
    2015-01-16 12:27 - 2015-01-16 12:27 - 00117336 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\UILayout.dll
    2015-01-16 12:27 - 2016-10-25 21:06 - 00879056 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\UILib.dll
    2015-01-16 12:27 - 2016-09-23 19:06 - 00068560 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\XmlUIModule.dll
    2016-12-23 04:28 - 2016-12-08 15:29 - 01829208 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
    2016-12-23 04:28 - 2016-12-08 15:29 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll
    2016-12-13 13:00 - 2016-12-13 13:00 - 17833560 _____ () C:\Users\user\AppData\Local\Google\Chrome\User Data\PepperFlash\24.0.0.186\pepflashplayer.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 10:34 - 2009-06-11 05:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1079155416-1279843625-3375403390-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 114.108.193.201 - 114.108.195.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    MSCONFIG\startupreg: ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
    MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
    MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
    MSCONFIG\startupreg: ATKMEDIA => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    MSCONFIG\startupreg: ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\Bluestacks\HD-Agent.exe
    MSCONFIG\startupreg: ETDCtrl => %ProgramFiles%\Elantech\ETDCtrl.exe
    MSCONFIG\startupreg: GarenaPlus => "C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe" -autolaunch
    MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    MSCONFIG\startupreg: HControlUser => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
    MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: MagicPlusHelper => "C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe"
    MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
    MSCONFIG\startupreg: Plumbytes Anti-Malware => "C:\Program Files\Plumbytes Software\Plumbytes Anti-Malware\Plumbytes.exe" /tray
    MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
    MSCONFIG\startupreg: ShadowPlay => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
    MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
    MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
    MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
    MSCONFIG\startupreg: Wireless Console 3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{550C21D8-E80D-4728-8B56-280C7C69525D}] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    FirewallRules: [{7B916B46-A6A6-4FC2-9470-4602B22005AE}] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    FirewallRules: [{83FE7423-095D-4A09-A4C1-4DFB0142EC33}] => C:\Windows\SysWOW64\rundll32.exe
    FirewallRules: [{C314BC58-3BEB-4F56-BF22-C9423F8998B5}] => C:\GarenaDownload\Games\hon\HoNInstaller.exe
    FirewallRules: [{51630695-0617-4285-BE92-24D9CF183490}] => C:\GarenaDownload\Games\hon\HoNInstaller.exe
    FirewallRules: [{8E6E2FFD-9F4E-43DB-8810-35E70B959C96}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{F4D06CF1-CF62-4051-99AB-D4FCDDD574CA}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{D0E16087-EC0F-4A61-B8B3-21A1DEB9587A}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    FirewallRules: [{E81CF42D-6D6C-49FF-B244-D0CEA13E2EF8}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    FirewallRules: [{C8359B99-304A-418A-B35A-C4A1D6CD4A54}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
    FirewallRules: [{3FC988F2-4C7D-4AC3-A7E3-A8D39D14DB2E}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{4B58FB04-8965-4BDD-B844-48E930A7F237}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{EA443C02-1FF7-49FD-9940-6161DCAE00F9}] => C:\Program Files (x86)\Garena Plus\ggdllhost.exe
    FirewallRules: [{7B9EA2F5-793A-436B-A11F-2EE769EAC0A9}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{1552E701-EDA8-4559-8389-5B7865433705}] => C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{1A1B8167-ABC3-452B-AEB3-A5A4B3ABD3ED}] => C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{7642B33E-35A1-48F0-8CAB-9782326B72E9}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{4E450695-44BD-4AB6-9DAF-1C3B00D7CB7E}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{BEB43EAA-5A29-4D1E-8D56-4A6143B21C7B}] => C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [TCP Query User{CB0B88F0-5A46-457E-A4D4-5B5E5CA9BB8B}C:\program files (x86)\garena plus\garenamessenger.exe] => C:\program files (x86)\garena plus\garenamessenger.exe
    FirewallRules: [UDP Query User{836B3269-F021-49D3-A3D2-97D34C82BAFF}C:\program files (x86)\garena plus\garenamessenger.exe] => C:\program files (x86)\garena plus\garenamessenger.exe
    FirewallRules: [{F5DB3F44-FDEF-4FA2-8007-B2480BDF7BE1}] => C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{445649C1-F323-4582-A045-336B94296E0A}] => C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{8B27A357-078C-474D-B24A-151794997270}] => C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{C28672A8-27D0-42ED-9427-715F6457F7E8}] => C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{B3EA7D71-A924-43A7-A2FA-FA6AB40E04C9}] => C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{D554FA01-2A00-4E01-A4FE-FC8C152285DF}] => C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{C916FA09-41DC-47AB-AB3C-65F7478BEEAC}] => C:\Program Files (x86)\Garena Plus\Room\garena_room.exe
    FirewallRules: [TCP Query User{D219E048-E690-461D-A2F2-0E3510D32079}C:\program files (x86)\garenahon\gamedata\apps\hon\hon.exe] => C:\program files (x86)\garenahon\gamedata\apps\hon\hon.exe
    FirewallRules: [UDP Query User{ACDE7836-01A3-4FA1-841B-606F76F73475}C:\program files (x86)\garenahon\gamedata\apps\hon\hon.exe] => C:\program files (x86)\garenahon\gamedata\apps\hon\hon.exe
    FirewallRules: [{DF3E12AB-B984-4A3C-9250-D2B51A15D8F8}] => C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{3CCDA8C5-0A43-4F17-BB8F-218C9099D6E6}] => C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{6150EF5A-EF26-4C6F-B573-3CEC993A7FA6}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{A800A5E3-B0D6-4539-B1A4-6DE1675E6B24}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{251CAB77-3097-4516-B83E-1288D7F8D974}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{CF5F32CF-7ED0-403E-8F75-0D37CD5DCC31}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [TCP Query User{FD17A9C1-B718-4CD9-A5F5-81B974CEB7C4}C:\program files (x86)\magicplus\magicplus.exe] => C:\program files (x86)\magicplus\magicplus.exe
    FirewallRules: [UDP Query User{E1F4625A-DA96-4B3A-9F53-301EF3E80CEB}C:\program files (x86)\magicplus\magicplus.exe] => C:\program files (x86)\magicplus\magicplus.exe
    FirewallRules: [{8B1B1164-573A-4856-B6C0-AF20E8214379}] => D:\StarCraft II\Versions\Base38996\SC2_x64.exe
    FirewallRules: [{6E680E75-A11B-4BF6-A69E-7E626DE19E4A}] => D:\StarCraft II\Versions\Base38996\SC2_x64.exe
    FirewallRules: [{23E2B87C-8E8D-40A6-9F0C-809F03A981F0}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
    FirewallRules: [{46540291-B70A-47C2-88F6-1D151DA2FC1D}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
    FirewallRules: [{5057CDC4-B445-4DA6-AF40-8BAFB9FA78D7}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{F2CD42C6-0063-4FC9-9759-99CA5CD2E6B1}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{2FFB9CE3-9C7E-4A72-90EA-104459A6B214}] => C:\Program Files (x86)\Steam\steamapps\common\Crysis 2 Game of the Year\bin32\Crysis2Launcher.exe
    FirewallRules: [{A92F9990-18FD-45B0-8312-FF83C525C193}] => C:\Program Files (x86)\Steam\steamapps\common\Crysis 2 Game of the Year\bin32\Crysis2Launcher.exe
    FirewallRules: [{F5C3C8D3-3B7D-4235-94FF-6771F944A027}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{EEBDB2DD-AA31-4D2F-AEEE-FFE5A6E769D4}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{C0CA2348-FB8F-4B92-A730-37AC4D18721C}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{294FF890-3A85-4381-9FDB-7FC1E2CF0348}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{87E9204C-3461-4B1C-A5D4-73CEFDE5A183}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{42BA6DBB-CF94-4240-A2E7-963A18475C33}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{6C4FCC17-7E28-4CCC-8012-A820A274BA60}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{56ED4824-E57B-4532-B830-E4BEE0D02C0C}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{CD3F27EF-F117-4D62-B2B2-86265202E0BE}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{E875222B-6D9E-4163-A5FE-2359C0F05078}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{7C593D99-C567-483F-8294-38EDE1250E04}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{5ED84062-DA7F-431F-BF55-6B789097939C}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
    FirewallRules: [{AB8385B6-CCBC-49E8-A60D-17652FF7411F}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
    FirewallRules: [{1DF75682-0699-45B2-A01D-A292A0D26C98}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{4448A8B5-7774-48F1-83C9-6D7A96FACF55}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{11E2DD3D-4F7E-4B45-AC42-1C5C4A799951}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{A56E1EBB-1BC6-45FC-90EF-64746400EAB4}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

    ==================== Restore Points =========================

    23-12-2016 09:57:20 aaa
    23-12-2016 10:00:15 Restore Point Created by FRST
    23-12-2016 12:47:34 Restore Operation
    23-12-2016 17:03:13 JRT Pre-Junkware Removal

    ==================== Faulty Device Manager Devices =============

    Name: Bluetooth module
    Description: Bluetooth module
    Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
    Manufacturer: Atheros Communications
    Service: BTHUSB
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: gkernel
    Description: gkernel
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: gkernel
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (12/24/2016 12:15:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 2153

    Error: (12/24/2016 12:15:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 2153

    Error: (12/24/2016 12:15:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (12/24/2016 12:15:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 998

    Error: (12/24/2016 12:15:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 998

    Error: (12/24/2016 12:15:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (12/23/2016 10:47:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 1014

    Error: (12/23/2016 10:47:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 1014

    Error: (12/23/2016 10:47:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (12/23/2016 08:18:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 1997


    System errors:
    =============
    Error: (12/24/2016 11:53:53 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: The following fatal alert was received: 40.

    Error: (12/24/2016 11:53:53 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: The following fatal alert was received: 40.

    Error: (12/23/2016 09:24:52 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: The following fatal alert was received: 40.

    Error: (12/23/2016 09:24:52 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: The following fatal alert was received: 40.

    Error: (12/23/2016 07:16:52 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: The following fatal alert was received: 40.

    Error: (12/23/2016 07:16:51 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: The following fatal alert was received: 40.

    Error: (12/23/2016 06:12:51 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: The following fatal alert was received: 40.

    Error: (12/23/2016 06:12:51 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: The following fatal alert was received: 40.

    Error: (12/23/2016 05:40:51 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: The following fatal alert was received: 40.

    Error: (12/23/2016 05:40:51 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: The following fatal alert was received: 40.


    CodeIntegrity:
    ===================================
    Date: 2016-12-24 12:05:01.914
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

    Date: 2016-12-24 12:05:01.908
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

    Date: 2016-12-24 12:05:01.892
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

    Date: 2016-12-24 12:05:01.885
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

    Date: 2016-12-23 19:30:48.647
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\user\AppData\Local\Temp\gkernel.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2016-12-23 19:30:48.644
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\user\AppData\Local\Temp\gkernel.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2016-12-23 19:30:41.273
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\user\AppData\Local\Temp\gkernel.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2016-12-23 19:30:41.270
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\user\AppData\Local\Temp\gkernel.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2016-12-23 17:10:01.244
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

    Date: 2016-12-23 17:10:01.238
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-3610QM CPU @ 2.30GHz
    Percentage of memory in use: 30%
    Total physical RAM: 8077.9 MB
    Available physical RAM: 5591.85 MB
    Total Virtual: 16154 MB
    Available Virtual: 13494.16 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:148.34 GB) (Free:64.31 GB) NTFS
    Drive d: () (Fixed) (Total:317.32 GB) (Free:90.09 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B63ED2B4)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=148.3 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=317.3 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================
     
  5. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Double click on downloaded setup.exe file to install the program.
    • Click on Start Scan button.
    • Click on another Start Scan button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    [​IMG] Please download Malwarebytes to your desktop.
    • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
    • Then click Finish.
    • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
    • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
    • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
    • Restart your computer when prompted to do so.
    • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
    [​IMG] Please download AdwCleaner by Xplode and save to your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8 users right-click and select Run As Administrator
    • The tool will start to update the database if one is required.
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Logfile button.
    • A window will open which lists the logs of your scans.
    • Click on the Scan tab.
    • Double-click the most recent scan which will be at the top of the list....the log will appear.
    • Review the results...see note below
    • After reviewing the log, click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
    • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
    • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
    • A copy of all logfiles are saved to C:\AdwCleaner.
    -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.


    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  6. syzygy1234

    syzygy1234 Techie7 New Member

    heres the logs for each scan respectively.
     

    Attached Files:

  7. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Please observe forum rules.
    All logs have to be pasted not attached.
    Also, I didn't ask you to run MBAR
     
  8. syzygy1234

    syzygy1234 Techie7 New Member

    Im sorry ill post it shortly.
     
  9. syzygy1234

    syzygy1234 Techie7 New Member

    here is for the roguekill logs

    RogueKiller V12.8.6.0 (x64) [Dec 19 2016] (Free) by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/download/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : user [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
    Mode : Delete -- Date : 12/23/2016 16:03:01 (Duration : 00:16:18)

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 3 ¤¤¤
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\im -> Deleted
    [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1079155416-1279843625-3375403390-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Replaced (http://search.msn.com/spbasic.htm)
    [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1079155416-1279843625-3375403390-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Replaced (http://search.msn.com/spbasic.htm)

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ WMI : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

    ¤¤¤ Web browsers : 1 ¤¤¤
    [PUP][Firefox:Addon] uieposwo.default : Fast search [amcontextmenu@loucypher] -> Deleted

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: TOSHIBA MQ01ABF050 +++++
    --- User ---
    [MBR] 126cd6c5b89f9d6bcfd6205858f7b463
    [BSP] 22b5ab1ef71f4be3fc5d3331d495684e : Windows Vista/7/8|VT.Unknown MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 151900 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 311298048 | Size: 324938 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK
     
  10. syzygy1234

    syzygy1234 Techie7 New Member

    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 12/23/16
    Scan Time: 1:33 PM
    Logfile: Malwarebytes.txt
    Administrator: Yes

    -Software Information-
    Version: 3.0.5.1299
    Components Version: 1.0.43
    Update Package Version: 1.0.840
    License: Trial

    -System Information-
    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: user-PC\user

    -Scan Summary-
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 348273
    Time Elapsed: 7 min, 24 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    -Scan Details-
    Process: 0
    (No malicious items detected)

    Module: 0
    (No malicious items detected)

    Registry Key: 5
    PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, Quarantined, [964], [169684],1.0.840
    PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}, Quarantined, [964], [169676],1.0.840
    PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, Quarantined, [964], [169674],1.0.840
    PUP.Optional.Plumbytes, HKLM\SOFTWARE\Plumbytes Software, No Action By User, [10525], [262040],1.0.840
    PUP.Optional.MyBrowser, HKU\S-1-5-21-1079155416-1279843625-3375403390-1000\SOFTWARE\MyBrowser 1.0.2V02.09-nv-ie, Quarantined, [1575], [241004],1.0.840

    Registry Value: 2
    PUP.Optional.GamesDesktop, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|GMSD_RA_005010078, Quarantined, [13828], [238638],1.0.840
    PUP.Optional.Chatom, HKU\S-1-5-21-1079155416-1279843625-3375403390-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|CHATOM, Quarantined, [2396], [353561],1.0.840

    Data Stream: 0
    (No malicious items detected)

    Folder: 3
    PUP.Optional.FastSearch, C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\uieposwo.default\extensions\amcontextmenu@loucypher\META-INF, Removal Failed, [1412], [329326],1.0.840
    PUP.Optional.FastSearch, C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\uieposwo.default\extensions\amcontextmenu@loucypher\content, Removal Failed, [1412], [329326],1.0.840
    PUP.Optional.FastSearch, C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UIEPOSWO.DEFAULT\EXTENSIONS\AMCONTEXTMENU@LOUCYPHER, Removal Failed, [1412], [329326],1.0.840

    File: 10
    PUP.Optional.SpyHunter, C:\USERS\USER\DOWNLOADS\SPYHUNTER-INSTALLER.EXE, No Action By User, [1670], [331753],1.0.840
    PUP.Optional.Plumbytes, C:\USERS\USER\DOWNLOADS\ANTIMALWARESETUP.EXE, No Action By User, [10525], [123575],1.0.840
    PUP.Optional.FastSearch, C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\uieposwo.default\extensions\amcontextmenu@loucypher\content\browser.xul, Removal Failed, [1412], [329326],1.0.840
    PUP.Optional.FastSearch, C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\uieposwo.default\extensions\amcontextmenu@loucypher\content\icon-48.png, Removal Failed, [1412], [329326],1.0.840
    PUP.Optional.FastSearch, C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\uieposwo.default\extensions\amcontextmenu@loucypher\content\icon-64.png, Removal Failed, [1412], [329326],1.0.840
    PUP.Optional.FastSearch, C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\uieposwo.default\extensions\amcontextmenu@loucypher\META-INF\manifest.mf, Removal Failed, [1412], [329326],1.0.840
    PUP.Optional.FastSearch, C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\uieposwo.default\extensions\amcontextmenu@loucypher\META-INF\mozilla.rsa, Removal Failed, [1412], [329326],1.0.840
    PUP.Optional.FastSearch, C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\uieposwo.default\extensions\amcontextmenu@loucypher\META-INF\mozilla.sf, Removal Failed, [1412], [329326],1.0.840
    PUP.Optional.FastSearch, C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\uieposwo.default\extensions\amcontextmenu@loucypher\0024397e, Removal Failed, [1412], [329326],1.0.840
    PUP.Optional.FastSearch, C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\uieposwo.default\extensions\amcontextmenu@loucypher\install.rdf, Removal Failed, [1412], [329326],1.0.840

    Physical Sector: 0
    (No malicious items detected)


    (end)
     
  11. syzygy1234

    syzygy1234 Techie7 New Member

    # AdwCleaner v6.041 - Logfile created 23/12/2016 at 16:54:47
    # Updated on 16/12/2016 by Malwarebytes
    # Database : 2016-12-22.1 [Local]
    # Operating System : Windows 7 Ultimate Service Pack 1 (X64)
    # Username : user - USER-PC
    # Running from : C:\Users\user\Downloads\AdwCleaner.exe
    # Mode: Scan
    # Support : https://www.malwarebytes.com/support



    ***** [ Services ] *****

    No malicious services found.


    ***** [ Folders ] *****

    No malicious folders found.


    ***** [ Files ] *****

    No malicious files found.


    ***** [ DLL ] *****

    No malicious DLLs found.


    ***** [ WMI ] *****

    No malicious keys found.


    ***** [ Shortcuts ] *****

    No infected shortcut found.


    ***** [ Scheduled Tasks ] *****

    No malicious task found.


    ***** [ Registry ] *****

    Key Found: HKLM\SOFTWARE\Classes\Installer\Features\0C1AAA506D92B2D44BD6FEF6CDFB71E1
    Key Found: HKLM\SOFTWARE\Classes\Installer\Products\0C1AAA506D92B2D44BD6FEF6CDFB71E1
    Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0C1AAA506D92B2D44BD6FEF6CDFB71E1
    Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0C1AAA506D92B2D44BD6FEF6CDFB71E1
    Key Found: [x64] HKLM\SOFTWARE\Classes\Installer\Features\0C1AAA506D92B2D44BD6FEF6CDFB71E1
    Key Found: [x64] HKLM\SOFTWARE\Classes\Installer\Products\0C1AAA506D92B2D44BD6FEF6CDFB71E1
    Key Found: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\Plumbytes Anti-Malware


    ***** [ Web browsers ] *****

    No malicious Firefox based browser items found.
    Chrome pref Found: [C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
    Chrome pref Found: [C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com

    *************************

    C:\AdwCleaner\AdwCleaner[C0].txt - [2688 Bytes] - [23/12/2016 07:06:56]
    C:\AdwCleaner\AdwCleaner[C2].txt - [1858 Bytes] - [23/12/2016 07:21:36]
    C:\AdwCleaner\AdwCleaner[C3].txt - [2205 Bytes] - [23/12/2016 11:57:41]
    C:\AdwCleaner\AdwCleaner[C4].txt - [16967 Bytes] - [23/12/2016 13:14:23]
    C:\AdwCleaner\AdwCleaner[S0].txt - [2563 Bytes] - [23/12/2016 06:59:45]
    C:\AdwCleaner\AdwCleaner[S1].txt - [1897 Bytes] - [23/12/2016 07:15:07]
    C:\AdwCleaner\AdwCleaner[S2].txt - [2044 Bytes] - [23/12/2016 08:03:48]
    C:\AdwCleaner\AdwCleaner[S3].txt - [2210 Bytes] - [23/12/2016 11:47:13]
    C:\AdwCleaner\AdwCleaner[S4].txt - [15573 Bytes] - [23/12/2016 13:11:31]
    C:\AdwCleaner\AdwCleaner[S5].txt - [2404 Bytes] - [23/12/2016 13:58:46]
    C:\AdwCleaner\AdwCleaner[S6].txt - [2558 Bytes] - [23/12/2016 16:54:47]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [2631 Bytes] ##########
     
  12. syzygy1234

    syzygy1234 Techie7 New Member

    # AdwCleaner v6.041 - Logfile created 23/12/2016 at 16:56:07
    # Updated on 16/12/2016 by Malwarebytes
    # Database : 2016-12-22.1 [Local]
    # Operating System : Windows 7 Ultimate Service Pack 1 (X64)
    # Username : user - USER-PC
    # Running from : C:\Users\user\Downloads\AdwCleaner.exe
    # Mode: Clean
    # Support : https://www.malwarebytes.com/support



    ***** [ Services ] *****



    ***** [ Folders ] *****



    ***** [ Files ] *****



    ***** [ DLL ] *****



    ***** [ WMI ] *****



    ***** [ Shortcuts ] *****



    ***** [ Scheduled Tasks ] *****



    ***** [ Registry ] *****

    [!] Key not deleted: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\Plumbytes Anti-Malware
    [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Installer\Features\0C1AAA506D92B2D44BD6FEF6CDFB71E1
    [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Installer\Products\0C1AAA506D92B2D44BD6FEF6CDFB71E1
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0C1AAA506D92B2D44BD6FEF6CDFB71E1
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0C1AAA506D92B2D44BD6FEF6CDFB71E1
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Features\0C1AAA506D92B2D44BD6FEF6CDFB71E1
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Products\0C1AAA506D92B2D44BD6FEF6CDFB71E1


    ***** [ Web browsers ] *****

    [-] [C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
    [-] [C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com


    *************************

    :: "Tracing" keys deleted
    :: Winsock settings cleared

    *************************

    C:\AdwCleaner\AdwCleaner[C0].txt - [2688 Bytes] - [23/12/2016 07:06:56]
    C:\AdwCleaner\AdwCleaner[C2].txt - [1858 Bytes] - [23/12/2016 07:21:36]
    C:\AdwCleaner\AdwCleaner[C3].txt - [2205 Bytes] - [23/12/2016 11:57:41]
    C:\AdwCleaner\AdwCleaner[C4].txt - [16967 Bytes] - [23/12/2016 13:14:23]
    C:\AdwCleaner\AdwCleaner[C5].txt - [2084 Bytes] - [23/12/2016 16:56:07]
    C:\AdwCleaner\AdwCleaner[S0].txt - [2563 Bytes] - [23/12/2016 06:59:45]
    C:\AdwCleaner\AdwCleaner[S1].txt - [1897 Bytes] - [23/12/2016 07:15:07]
    C:\AdwCleaner\AdwCleaner[S2].txt - [2044 Bytes] - [23/12/2016 08:03:48]
    C:\AdwCleaner\AdwCleaner[S3].txt - [2210 Bytes] - [23/12/2016 11:47:13]
    C:\AdwCleaner\AdwCleaner[S4].txt - [15573 Bytes] - [23/12/2016 13:11:31]
    C:\AdwCleaner\AdwCleaner[S5].txt - [2404 Bytes] - [23/12/2016 13:58:46]
    C:\AdwCleaner\AdwCleaner[S6].txt - [2730 Bytes] - [23/12/2016 16:54:47]

    ########## EOF - C:\AdwCleaner\AdwCleaner[C5].txt - [2669 Bytes] ##########
     
  13. syzygy1234

    syzygy1234 Techie7 New Member

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.1.0 (12.05.2016)
    Operating System: Windows 7 Ultimate x64
    Ran by user (Administrator) on Fri 12/23/2016 at 17:03:11.47
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 10

    Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\20XIZ8DN (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\217NTQRS (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\69PG6BDV (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OPPQ5JX9 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WHSUTXXY (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\20XIZ8DN (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\217NTQRS (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\69PG6BDV (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OPPQ5JX9 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WHSUTXXY (Temporary Internet Files Folder)



    Registry: 0





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Fri 12/23/2016 at 17:05:16.17
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  14. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  15. syzygy1234

    syzygy1234 Techie7 New Member

    ComboFix 16-12-15.01 - user 12/25/2016 13:22:46.2.8 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8078.6379 [GMT 8:00]
    Running from: c:\users\user\Downloads\ComboFix.exe
    AV: Malwarebytes *Disabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
    SP: Malwarebytes *Disabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((( Files Created from 2016-11-25 to 2016-12-25 )))))))))))))))))))))))))))))))
    .
    .
    2016-12-25 05:27 . 2016-12-25 05:27 -------- d-----w- c:\users\Default\AppData\Local\temp
    2016-12-23 08:21 . 2016-12-23 08:34 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
    2016-12-23 08:00 . 2016-12-23 08:00 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2016-12-23 07:36 . 2016-12-23 07:36 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2016-12-23 07:35 . 2016-12-23 07:36 -------- d-----w- c:\program files\RogueKiller
    2016-12-23 07:35 . 2016-12-23 08:20 -------- d-----w- c:\programdata\RogueKiller
    2016-12-23 06:08 . 2016-12-23 06:18 -------- d-----w- c:\users\user\AppData\Local\{12A8CCFE-3C33-4995-BAD8-074E4C5B22FD}
    2016-12-23 05:20 . 2016-12-23 07:25 102856 ----a-w- c:\windows\system32\drivers\farflt.sys
    2016-12-23 05:20 . 2016-12-23 07:25 43968 ----a-w- c:\windows\system32\drivers\mbam.sys
    2016-12-23 05:20 . 2016-12-23 08:21 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2016-12-23 05:20 . 2016-12-14 04:55 77416 ----a-w- c:\windows\system32\drivers\mbae64.sys
    2016-12-23 01:58 . 2016-12-24 04:05 -------- d-----w- C:\FRST
    2016-12-23 00:47 . 2016-12-23 00:47 -------- d-----w- c:\users\user\AppData\Local\Mozilla
    2016-12-22 22:57 . 2016-12-23 08:56 -------- d-----w- C:\AdwCleaner
    2016-12-22 22:01 . 2016-12-22 22:01 203680 ----a-w- c:\windows\system32\drivers\zamguard64.sys
    2016-12-22 22:01 . 2016-12-23 04:51 -------- d-----w- c:\program files (x86)\Zemana AntiMalware
    2016-12-22 22:01 . 2016-12-22 22:01 -------- d-----w- c:\users\user\AppData\Local\Zemana
    2016-12-22 21:50 . 2016-12-22 21:55 -------- d-----w- c:\programdata\HitmanPro
    2016-12-22 21:12 . 2016-12-23 08:21 -------- d-----w- c:\programdata\Malwarebytes
    2016-12-22 21:12 . 2016-12-22 21:12 -------- d-----w- c:\program files\Malwarebytes
    2016-12-20 17:50 . 2016-12-20 17:50 -------- d-----w- c:\program files\Common Files\AV
    2016-12-20 17:41 . 2013-09-20 02:49 21040 ----a-w- c:\windows\system32\sdnclean64.exe
    2016-12-20 17:41 . 2016-12-22 20:53 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2016-12-20 17:41 . 2016-12-23 04:51 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
    2016-12-20 12:29 . 2016-12-20 17:30 135632432 -c--a-w- c:\windows\system32\MRT.exe
    2016-12-20 10:57 . 2016-12-23 06:08 -------- d-----w- c:\program files\Plumbytes Software
    2016-12-20 03:41 . 2016-12-20 03:41 -------- d-----w- c:\users\user\AppData\Local\Chromium
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2016-12-25 05:05 . 2015-08-18 09:59 380 ----a-w- c:\users\user\AppData\Roaming\sp_data.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
    R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
    R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
    R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
    R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
    R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
    R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
    R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
    R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtlitescsibus.sys [x]
    R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]
    R3 gkernel;gkernel;c:\users\user\AppData\Local\Temp\gkernel.sys;c:\users\user\AppData\Local\Temp\gkernel.sys [x]
    R3 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
    R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
    S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
    S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
    S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
    S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
    S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
    S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
    S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
    S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
    S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
    S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
    S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
    S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
    S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [x]
    S2 pbamw_service;AMW Service;c:\program files\Plumbytes Software\Plumbytes Anti-Malware\AmwService.exe run;c:\program files\Plumbytes Software\Plumbytes Anti-Malware\AmwService.exe run [x]
    S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
    S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
    S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x]
    S3 AsusVBus;AsusVBus;c:\windows\system32\DRIVERS\AsusVBus.sys;c:\windows\SYSNATIVE\DRIVERS\AsusVBus.sys [x]
    S3 AsusVTouch;AsusVTouch;c:\windows\system32\DRIVERS\AsusVTouch.sys;c:\windows\SYSNATIVE\DRIVERS\AsusVTouch.sys [x]
    S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
    S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
    S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
    S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
    S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
    S3 NvStreamNetworkSvc;NVIDIA Streamer Network Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [x]
    S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
    S3 RSBASTOR;Realtek PCIE CardReader Driver - BA;c:\windows\system32\DRIVERS\RtsBaStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsBaStor.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2016-12-15 17:37 1384792 ----a-w- c:\program files (x86)\Google\Chrome\Application\55.0.2883.87\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2016-12-25 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
    - c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 05:41]
    .
    2016-12-23 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
    - c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 05:41]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=c:\windows\System32\nvinitx.dll c:\windows\System32\nvinitx.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 114.108.193.201 114.108.195.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Notify-SDWinLogon - SDWinLogon.dll
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2016-12-25 13:28:38
    ComboFix-quarantined-files.txt 2016-12-25 05:28
    ComboFix2.txt 2016-12-23 08:47
    .
    Pre-Run: 68,913,553,408 bytes free
    Post-Run: 68,354,002,944 bytes free
    .
    - - End Of File - - 5857AB2F2DB2A0B0636C0C8F126F1428
     
  16. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

    • Double click to run it.
    • Make sure you checkmark Addition.txt box.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
     
  17. syzygy1234

    syzygy1234 Techie7 New Member

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-12-2016
    Ran by user (administrator) on USER-PC (26-12-2016 09:02:30)
    Running from C:\Users\user\Desktop
    Loaded Profiles: user (Available Profiles: user)
    Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 8 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (Microsoft Corporation) C:\Windows\System32\wisptis.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    (Microsoft Corporation) C:\Windows\System32\wisptis.exe
    () C:\Program Files (x86)\Garena Plus\ggdllhost.exe
    (ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
    (ASUS) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe
    (Smadsoft) C:\Program Files (x86)\SMADAV\SMΔRTP.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x64\QuickGesture64.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
    () C:\Program Files (x86)\Garena Plus\ggdllhost.exe
    (PLUMBYTES) C:\Program Files\Plumbytes Software\Plumbytes Anti-Malware\AmwService.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    (ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (ASUS) C:\Windows\AsScrPro.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
    (Lenovo) C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe
    () C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
    () C:\Program Files (x86)\Garena Plus\bbtalk\BBTalk.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
    () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe

    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [177952 2016-05-20] (NVIDIA Corporation)
    AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [177952 2016-05-20] (NVIDIA Corporation)
    AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [155768 2016-05-20] (NVIDIA Corporation)
    BootExecute: autocheck autochk * sdnclean64.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 114.108.193.201 114.108.195.1
    Tcpip\..\Interfaces\{185EA24D-447A-43B2-BE76-42B999E1F24B}: [DhcpNameServer] 114.108.193.201 114.108.195.1

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-1079155416-1279843625-3375403390-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-1079155416-1279843625-3375403390-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
    BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-12-29] (Atheros Commnucations)
    Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
    Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
    Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
    Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)

    FireFox:
    ========
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2011-12-01] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2011-12-01] (Intel Corporation)
    FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2016-09-23] ( Garena)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2016-12-26]
    CHR Extension: (Google Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-12-23]
    CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-23]
    CHR Extension: (Google Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-12-23]
    CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-23]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-23]
    CHR Extension: (Fast search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha [2016-12-23]
    CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-23]
    CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-23]

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
    R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [106144 2011-12-29] (Atheros Commnucations) [File not signed]
    R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-05-02] (NVIDIA Corporation)
    R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2011-12-16] ()
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
    S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
    R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-05-02] (NVIDIA Corporation)
    R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-05-02] (NVIDIA Corporation)
    R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-05-02] (NVIDIA Corporation)
    R2 pbamw_service; C:\Program Files\Plumbytes Software\Plumbytes Anti-Malware\AmwService.exe [125712 2016-11-09] (PLUMBYTES)
    S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.)
    S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
    R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-12-29] (Atheros) [File not signed]

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 AiCharger; C:\Windows\SysWOW64\DRIVERS\AiCharger.sys [17152 2012-01-30] (ASUSTek Computer Inc.)
    R3 AsusVBus; C:\Windows\System32\DRIVERS\AsusVBus.sys [35968 2011-12-21] (Windows (R) Win 7 DDK provider)
    R3 AsusVTouch; C:\Windows\System32\DRIVERS\AsusVTouch.sys [16512 2011-11-07] (Windows (R) Win 7 DDK provider)
    S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-09-01] (Disc Soft Ltd)
    R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
    R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-05-02] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
    S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]
    S3 gkernel; \??\C:\Users\user\AppData\Local\Temp\gkernel.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-12-25 13:28 - 2016-12-25 13:28 - 00013859 _____ C:\ComboFix.txt
    2016-12-24 12:37 - 2016-12-24 12:37 - 00003912 _____ C:\Users\user\Downloads\rkreport1.txt
    2016-12-24 12:05 - 2016-12-24 12:05 - 00048509 _____ C:\Users\user\Desktop\Addition.txt
    2016-12-24 12:04 - 2016-12-26 09:02 - 00013308 _____ C:\Users\user\Desktop\FRST.txt
    2016-12-24 12:04 - 2016-12-24 12:04 - 06334848 _____ (AVAST Software) C:\Users\user\Downloads\avast_free_antivirus_setup_online.exe
    2016-12-23 17:14 - 2016-12-23 17:14 - 00007991 _____ C:\Users\user\Downloads\fixlist (1).txt
    2016-12-23 17:08 - 2016-12-23 17:09 - 02420736 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
    2016-12-23 17:05 - 2016-12-23 17:05 - 00002193 _____ C:\Users\user\Desktop\JRT.txt
    2016-12-23 17:01 - 2016-12-23 17:01 - 01663040 _____ (Malwarebytes) C:\Users\user\Downloads\JRT.exe
    2016-12-23 16:41 - 2016-12-25 13:28 - 00000000 ____D C:\Qoobox
    2016-12-23 16:41 - 2016-12-23 16:47 - 00000000 ____D C:\Windows\erdnt
    2016-12-23 16:41 - 2011-06-26 14:45 - 00256000 _____ C:\Windows\PEV.exe
    2016-12-23 16:41 - 2010-11-08 01:20 - 00208896 _____ C:\Windows\MBR.exe
    2016-12-23 16:41 - 2009-04-20 12:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2016-12-23 16:41 - 2000-08-31 08:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2016-12-23 16:41 - 2000-08-31 08:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2016-12-23 16:41 - 2000-08-31 08:00 - 00098816 _____ C:\Windows\sed.exe
    2016-12-23 16:41 - 2000-08-31 08:00 - 00080412 _____ C:\Windows\grep.exe
    2016-12-23 16:41 - 2000-08-31 08:00 - 00068096 _____ C:\Windows\zip.exe
    2016-12-23 16:40 - 2016-12-23 16:40 - 05659917 ____R (Swearware) C:\Users\user\Downloads\ComboFix.exe
    2016-12-23 16:35 - 2016-12-23 17:12 - 00000000 ____D C:\Users\user\Desktop\virus form
    2016-12-23 16:21 - 2016-12-23 16:34 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2016-12-23 16:00 - 2016-12-23 16:00 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
    2016-12-23 15:59 - 2016-12-23 16:34 - 00000000 ____D C:\Users\user\Desktop\mbar
    2016-12-23 15:57 - 2016-12-23 15:58 - 16563352 _____ (Malwarebytes Corp.) C:\Users\user\Downloads\mbar-1.09.3.1001.exe
    2016-12-23 15:36 - 2016-12-23 15:36 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
    2016-12-23 15:36 - 2016-12-23 15:36 - 00000858 _____ C:\Users\Public\Desktop\RogueKiller.lnk
    2016-12-23 15:36 - 2016-12-23 15:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
    2016-12-23 15:35 - 2016-12-23 16:20 - 00000000 ____D C:\ProgramData\RogueKiller
    2016-12-23 15:35 - 2016-12-23 15:36 - 00000000 ____D C:\Program Files\RogueKiller
    2016-12-23 15:29 - 2016-12-23 15:34 - 34221208 _____ (Adlice Software ) C:\Users\user\Downloads\setup.exe
    2016-12-23 14:21 - 2016-12-23 14:21 - 00899584 _____ (Farbar) C:\Users\user\Downloads\FSS.exe
    2016-12-23 14:21 - 2016-12-23 14:21 - 00002465 _____ C:\Users\user\Downloads\FSS.txt
    2016-12-23 14:08 - 2016-12-23 21:42 - 00001160 _____ C:\Users\user\Desktop\Plumbytes Anti-Malware.lnk
    2016-12-23 14:08 - 2016-12-23 14:18 - 00000000 ____D C:\Users\user\AppData\Local\{12A8CCFE-3C33-4995-BAD8-074E4C5B22FD}
    2016-12-23 14:08 - 2016-12-23 14:08 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Plumbytes Anti-Malware
    2016-12-23 14:04 - 2016-12-23 14:04 - 00881936 _____ (Plumbytes Software) C:\Users\user\Downloads\antimalwaresetup.exe
    2016-12-23 13:20 - 2016-12-23 16:21 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2016-12-23 13:20 - 2016-12-23 15:25 - 00102856 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
    2016-12-23 13:20 - 2016-12-23 15:25 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
    2016-12-23 13:20 - 2016-12-23 13:20 - 00001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2016-12-23 13:20 - 2016-12-14 12:55 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
    2016-12-23 13:10 - 2016-12-23 13:10 - 03977168 _____ C:\Users\user\Downloads\AdwCleaner.exe
    2016-12-23 11:22 - 2016-12-23 11:22 - 00040111 _____ C:\Users\user\Downloads\Addition.txt
    2016-12-23 11:21 - 2016-12-23 11:22 - 00020285 _____ C:\Users\user\Downloads\FRST.txt
    2016-12-23 10:00 - 2016-12-23 10:00 - 00002270 _____ C:\Users\user\Downloads\Fixlog.txt
    2016-12-23 09:58 - 2016-12-26 09:02 - 00000000 ____D C:\FRST
    2016-12-23 09:58 - 2016-12-23 09:54 - 00001786 _____ C:\Users\user\Downloads\fixlist.txt
    2016-12-23 09:54 - 2016-12-23 09:54 - 00001786 _____ C:\Users\user\Desktop\fixlist.txt
    2016-12-23 08:48 - 2016-12-23 08:50 - 00000000 ____D C:\Users\user\AppData\LocalLow\Mozilla
    2016-12-23 08:47 - 2016-12-23 08:47 - 00000000 ____D C:\Users\user\AppData\Local\Mozilla
    2016-12-23 06:57 - 2016-12-23 16:56 - 00000000 ____D C:\AdwCleaner
    2016-12-23 06:01 - 2016-12-23 12:51 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
    2016-12-23 06:01 - 2016-12-23 06:01 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
    2016-12-23 06:01 - 2016-12-23 06:01 - 00000000 ____D C:\Users\user\AppData\Local\Zemana
    2016-12-23 06:01 - 2016-12-23 06:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
    2016-12-23 05:50 - 2016-12-23 05:55 - 00000000 ____D C:\ProgramData\HitmanPro
    2016-12-23 05:12 - 2016-12-23 16:21 - 00000000 ____D C:\ProgramData\Malwarebytes
    2016-12-23 05:12 - 2016-12-23 13:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2016-12-23 05:12 - 2016-12-23 05:12 - 00000000 ____D C:\Program Files\Malwarebytes
    2016-12-23 05:08 - 2016-12-23 05:10 - 54199488 _____ (Malwarebytes ) C:\Users\user\Downloads\mb3-setup-consumer-3.0.5.1299.exe
    2016-12-21 01:50 - 2016-12-21 01:50 - 00000000 ____D C:\Program Files\Common Files\AV
    2016-12-21 01:50 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
    2016-12-21 01:41 - 2016-12-23 12:51 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
    2016-12-21 01:41 - 2016-12-23 12:50 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
    2016-12-21 01:41 - 2016-12-23 12:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    2016-12-21 01:41 - 2016-12-23 04:53 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
    2016-12-21 01:41 - 2016-12-21 01:41 - 00001395 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    2016-12-21 01:41 - 2016-12-21 01:41 - 00001383 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    2016-12-21 01:41 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
    2016-12-21 01:36 - 2016-12-21 01:38 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\user\Downloads\spybot-2.4.exe
    2016-12-20 20:29 - 2016-12-21 01:30 - 135632432 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2016-12-20 20:22 - 2016-12-20 20:29 - 47675104 _____ (Microsoft Corporation) C:\Users\user\Downloads\Windows-KB890830-x64-V5.43.exe
    2016-12-20 19:57 - 2016-12-20 19:57 - 00000000 _____ C:\autoexec.bat
    2016-12-20 19:48 - 2016-12-20 19:48 - 03516080 _____ (Enigma Software Group USA, LLC.) C:\Users\user\Downloads\SpyHunter-Installer.exe
    2016-12-20 18:57 - 2016-12-23 14:08 - 00000000 ____D C:\Program Files\Plumbytes Software
    2016-12-20 11:41 - 2016-12-20 11:41 - 00000000 ____D C:\Users\user\AppData\Local\Chromium
    2016-12-17 13:33 - 2016-12-17 13:48 - 00000000 ____D C:\Users\user\Desktop\order
    2016-12-12 18:00 - 2016-12-13 14:36 - 00009435 _____ C:\Users\user\Desktop\wedding list.xlsx
    2016-12-07 06:30 - 2016-12-07 06:30 - 00978643 _____ C:\Users\user\Downloads\video-1481034697.mp4
    2016-12-05 15:07 - 2016-12-05 15:07 - 00146788 _____ C:\Users\user\Downloads\Tadhana (Fingerstyle Guitar Tab by ralphjay14).pdf

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-12-26 08:39 - 2015-08-18 18:54 - 00000000 ____D C:\ProgramData\GarenaMessenger
    2016-12-26 00:24 - 2015-08-18 17:59 - 00000380 _____ C:\Users\user\AppData\Roaming\sp_data.sys
    2016-12-25 20:31 - 2015-08-19 21:50 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps
    2016-12-25 20:04 - 2015-08-18 15:32 - 00000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
    2016-12-25 13:47 - 2015-08-18 19:00 - 00000000 ____D C:\Users\user\AppData\Roaming\GarenaPlus
    2016-12-25 13:27 - 2009-07-14 10:34 - 00000215 _____ C:\Windows\system.ini
    2016-12-25 13:12 - 2009-07-14 12:45 - 00021248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2016-12-25 13:12 - 2009-07-14 12:45 - 00021248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2016-12-25 13:05 - 2016-11-13 00:28 - 00003476 _____ C:\Windows\System32\Tasks\Garena+ Plugin Host Service
    2016-12-25 13:05 - 2015-08-18 15:56 - 00000000 ____D C:\Program Files (x86)\SMADAV
    2016-12-25 13:05 - 2015-08-18 15:32 - 00000828 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
    2016-12-25 13:05 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-12-23 19:30 - 2015-08-18 18:54 - 00000000 ____D C:\Program Files (x86)\Garena Plus
    2016-12-23 16:57 - 2015-08-18 15:50 - 00001622 _____ C:\Windows\system32\ServiceFilter.ini
    2016-12-23 16:56 - 2016-06-02 11:09 - 00000000 ____D C:\Windows\SysWOW64\NV
    2016-12-23 16:56 - 2016-06-02 11:09 - 00000000 ____D C:\Windows\system32\NV
    2016-12-23 14:45 - 2015-08-20 10:42 - 00000000 ____D C:\Users\user\AppData\Roaming\Skype
    2016-12-23 14:43 - 2016-03-02 14:24 - 00000000 ____D C:\Program Files (x86)\Steam
    2016-12-23 14:25 - 2015-08-18 15:50 - 00001834 _____ C:\Windows\system32\AutoRunFilter.ini
    2016-12-23 13:15 - 2009-07-14 13:08 - 00032642 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2016-12-23 12:50 - 2016-07-29 12:05 - 00000000 ____D C:\Windows\System32\Tasks\Apple
    2016-12-23 12:50 - 2015-08-18 15:48 - 00000000 ____D C:\ProgramData\Atheros
    2016-12-23 12:50 - 2015-08-18 15:47 - 00000000 ____D C:\ProgramData\P4G
    2016-12-23 12:50 - 2015-08-18 15:42 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BT Program
    2016-12-23 12:50 - 2009-07-14 13:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
    2016-12-23 12:50 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\NDF
    2016-12-23 12:50 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\registration
    2016-12-23 12:50 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\inf
    2016-12-23 12:50 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\AppCompat
    2016-12-23 12:49 - 2015-08-18 18:28 - 00000000 ____D C:\Program Files (x86)\Google
    2016-12-23 08:48 - 2016-09-11 12:47 - 00000000 ____D C:\Users\user\AppData\Roaming\Mozilla
    2016-12-21 01:30 - 2015-09-10 17:00 - 00000000 ____D C:\Users\user\AppData\Roaming\vlc
    2016-12-20 19:29 - 2015-08-18 15:56 - 00000000 ____D C:\[Smad-Cage]
    2016-12-20 11:41 - 2016-03-02 14:32 - 00000000 ____D C:\Users\user\AppData\Local\Steam
    2016-12-17 13:27 - 2009-07-14 13:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-12-17 09:45 - 2015-08-18 18:28 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2016-12-17 09:45 - 2015-08-18 18:28 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2016-12-16 01:37 - 2015-09-02 21:47 - 00002225 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-12-16 01:37 - 2015-09-02 21:47 - 00002213 _____ C:\Users\Public\Desktop\Google Chrome.lnk

    ==================== Files in the root of some directories =======

    2015-08-18 17:59 - 2016-12-26 00:24 - 0000380 _____ () C:\Users\user\AppData\Roaming\sp_data.sys

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2016-12-24 13:19

    ==================== End of FRST.txt ============================
     
  18. syzygy1234

    syzygy1234 Techie7 New Member

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-12-2016
    Ran by user (26-12-2016 09:02:49)
    Running from C:\Users\user\Desktop
    Windows 7 Ultimate Service Pack 1 (X64) (2015-08-18 07:16:28)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1079155416-1279843625-3375403390-500 - Administrator - Disabled)
    Guest (S-1-5-21-1079155416-1279843625-3375403390-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-1079155416-1279843625-3375403390-1003 - Limited - Enabled)
    user (S-1-5-21-1079155416-1279843625-3375403390-1000 - Administrator - Enabled) => C:\Users\user

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
    AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
    AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKU\S-1-5-21-1079155416-1279843625-3375403390-1000\...\uTorrent) (Version: 3.4.7.42330 - BitTorrent Inc.)
    Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ASUS FaceLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0013 - ASUS)
    ASUS K5 Series ScreenSaver (HKLM-x32\...\ASUS K5 Series ScreenSaver) (Version: 1.0.0002 - ASUS)
    ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.2.0 - ASUS)
    ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0040 - ASUS)
    ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.0.8 - ASUS)
    ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.25 - ASUS)
    ASUS Virtual Touch (HKLM-x32\...\{938CFBD4-0652-49E5-BB8B-153948865941}) (Version: 1.0.9 - ASUS)
    Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.115 - Atheros)
    ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0020 - ASUS)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Crysis 2 Maximum Edition (HKLM\...\Steam App 108800) (Version: - Crytek Studios)
    DARK.SOULS.III.Deluxe.Edition.[v1.05].Repacked-ALI213 version 1.05.0.0 (HKLM-x32\...\{3B5C2526-3FF3-45AE-BD06-6D60698070AA}}_is1) (Version: 1.05.0.0 - Ali213.net)
    Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
    ETDWare PS/2-X64 10.5.9.0 (HKLM\...\Elantech) (Version: 10.5.9.0 - ELAN Microelectronic Corp.)
    Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.10 - ASUS)
    Garena - Heroes of Newerth (HKLM-x32\...\HoN) (Version: - Garena Online Pte Ltd.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
    Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35132 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
    Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2653 - Intel Corporation)
    Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
    Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)
    iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: 12.2.2.25 - Apple Inc.)
    Malwarebytes version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
    Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
    Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Mobile Assistant (HKLM-x32\...\{48D6D221-9262-4159-9DBF-E40DA8478648}) (Version: 1.4.1.10090 - Lenovo)
    NVIDIA GeForce Experience 2.11.3.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.3.5 - NVIDIA Corporation)
    NVIDIA Graphics Driver 368.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 368.22 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
    Plumbytes Anti-Malware 2017 (HKLM\...\Plumbytes Anti-Malware 2017) (Version: - Plumbytes Software)
    Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{7D916FA5-DAE9-4A25-B089-655C70EAF607}) (Version: 9.2 - Qualcomm Atheros)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6570 - Realtek Semiconductor Corp.)
    Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.27015 - Realtek Semiconductor Corp.)
    RogueKiller version 12.8.6.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.8.6.0 - Adlice Software)
    SceneSwitch (HKLM-x32\...\{5172E572-C175-4F80-A6D5-5CB45826AD61}) (Version: 1.0.11 - ASUS)
    SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
    SHIELD Wireless Controller Driver (Version: 2.11.3.5 - NVIDIA Corporation) Hidden
    Skype™ 7.28 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.28.101 - Skype Technologies S.A.)
    SMADAV version 10.0.1 (HKLM-x32\...\{8B9FA5FF-3E61-4658-B0DA-E6DDB46D6BAD}_is1) (Version: 10.0.1 - SmadSoft)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
    StarCraft II (HKLM-x32\...\StarCraft II_R.G. Mechanics_is1) (Version: - R.G. Mechanics, ProZorg_tm)
    Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
    The Witcher 3 Wild Hunt v.1.12 (HKLM-x32\...\The Witcher 3 Wild Hunt_is1) (Version: - )
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
    Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
    WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.0 - ASUS)
    WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
    Wireless Console 3 (HKLM-x32\...\{19EA33FB-B34E-40EA-8B8A-61743AEB795A}) (Version: 3.0.27 - ASUS)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0B3FCA04-23E9-445F-8016-4B88E873D508} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-01-30] (ASUSTek Computer Inc.)
    Task: {0BEE71C2-5BAA-4C7D-850A-9FDCD252F18F} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe [2011-10-03] (ASUS)
    Task: {1F0028EB-A434-4941-BEC6-61E06C12C5F9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
    Task: {25DDA4B3-B0ED-4A4D-BE63-F0342E9C1FA9} - System32\Tasks\ASUS Quick Gesture => C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe [2011-12-21] (ASUSTeK Computer Inc.)
    Task: {3FC35088-C4FA-49EE-85D0-37671D0B06F6} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
    Task: {770C24A2-B29F-47D4-BBE3-7F2EAECE39BB} - System32\Tasks\lenovo mobile auto run => C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe [2014-09-29] (Lenovo)
    Task: {7E18D9E4-AC0D-46EC-9B82-F0323AF021AF} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-01-04] (ASUS)
    Task: {841B824B-67D3-4C6F-BA51-E63FE958B8B7} - System32\Tasks\smadav => C:\Program Files (x86)\Smadav\SMΔRTP.exe [2015-08-18] (Smadsoft)
    Task: {86B04DD6-7B89-4437-A6E1-191B9C3B615D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-18] (Google Inc.)
    Task: {9587EDC7-A4AF-485E-92E0-C1235C8DBE5C} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
    Task: {A0E0EB92-57C2-4C55-9952-396942893AE5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
    Task: {A6099C30-8642-4F21-A3E7-657D9A261FC5} - System32\Tasks\{A27A7952-4966-4733-A435-EDA18ADA4426} => Chrome.exe hxxp://ui.skype.com/ui/0/7.8.0.102/en/abandoninstall?source=lightinstaller&amp;page=tsInstall
    Task: {B467776F-E08B-4B10-96B6-D4C4259C0D97} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
    Task: {BC7C3567-2F6C-412C-A95F-3342523597E0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
    Task: {C4073575-E96B-4A12-B0D3-3000BADC4E51} - System32\Tasks\Garena+ Plugin Host Service => C:\Program Files (x86)\Garena Plus\ggdllhost.exe [2016-02-22] ()
    Task: {E48F5E71-9DDD-4A24-B457-357C5CA8B021} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-18] (Google Inc.)
    Task: {F1D9D54F-892D-4CBD-B854-F78B9EF70CBE} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2012-06-25] (ASUSTek Computer Inc.)
    Task: {F7C68A6A-A4A9-4ADF-89E1-920F724EBDDE} - System32\Tasks\ASUS Quick Gesture (x64) => C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x64\QuickGesture64.exe [2011-12-21] (ASUSTeK Computer Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
    Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
    ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
    ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic

    ==================== Loaded Modules (Whitelisted) ==============

    2015-08-18 15:25 - 2016-05-20 10:11 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2015-05-15 16:26 - 2015-05-15 16:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2015-08-11 17:11 - 2016-02-22 19:24 - 00174632 _____ () C:\Program Files (x86)\Garena Plus\ggdllhost.exe
    2010-07-14 16:11 - 2010-07-14 16:11 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
    2015-08-18 15:31 - 2011-12-16 11:02 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    2016-06-01 18:48 - 2016-05-02 13:54 - 00369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
    2016-06-01 18:48 - 2016-05-02 13:54 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
    2016-06-01 18:48 - 2016-05-02 13:55 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
    2016-01-30 22:55 - 2016-05-02 13:55 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
    2016-06-01 18:48 - 2016-05-02 13:55 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
    2016-06-01 18:48 - 2016-05-02 13:55 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
    2016-06-01 18:48 - 2016-05-02 13:55 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
    2016-01-30 22:55 - 2016-05-02 13:55 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
    2015-08-18 19:32 - 2016-05-02 14:00 - 00167480 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\gamecaster64.dll
    2015-08-18 19:32 - 2016-05-02 14:01 - 00862776 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\twitchsdk64.dll
    2015-08-11 17:11 - 2016-12-22 01:47 - 09136168 _____ () C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
    2015-07-07 19:40 - 2016-12-22 00:09 - 07341008 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\BBtalk.exe
    2011-12-14 16:18 - 2011-12-14 16:18 - 00119808 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
    2016-06-01 18:48 - 2016-05-02 13:54 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
    2016-06-01 18:48 - 2016-05-02 13:54 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
    2015-08-01 17:07 - 2016-09-29 12:26 - 03437008 _____ () C:\Program Files (x86)\Garena Plus\ggspawn.dll
    2012-02-06 19:32 - 2012-02-06 19:32 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
    2015-08-18 19:32 - 2016-05-02 14:02 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
    2015-08-18 15:31 - 2011-12-16 10:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
    2014-09-29 15:05 - 2014-09-29 15:05 - 00109736 _____ () C:\Program Files (x86)\MagicPlus\crashreport.dll
    2014-09-29 15:05 - 2014-09-29 15:05 - 00351400 _____ () C:\Program Files (x86)\MagicPlus\UsbHelper.dll
    2015-08-11 17:11 - 2015-08-11 17:11 - 00111552 _____ () C:\Program Files (x86)\Garena Plus\CommonLib.dll
    2015-08-11 17:11 - 2015-08-11 17:11 - 00040384 _____ () C:\Program Files (x86)\Garena Plus\DibModule.dll
    2015-08-11 17:12 - 2016-12-22 01:47 - 00047096 _____ () C:\Program Files (x86)\Garena Plus\VersionModule.dll
    2015-08-11 17:11 - 2015-08-11 17:11 - 00058304 _____ () C:\Program Files (x86)\Garena Plus\FileLoader.dll
    2015-08-11 17:12 - 2015-08-11 17:12 - 00094144 _____ () C:\Program Files (x86)\Garena Plus\PluginKernel.dll
    2015-08-11 17:11 - 2015-08-11 17:11 - 00494016 _____ () C:\Program Files (x86)\Garena Plus\CxImage.dll
    2015-08-11 17:12 - 2015-08-11 17:12 - 00032192 _____ () C:\Program Files (x86)\Garena Plus\PluginModule.dll
    2015-08-11 17:12 - 2015-08-11 17:12 - 00177600 _____ () C:\Program Files (x86)\Garena Plus\lib\fs\YYFileSystem.dll
    2015-08-11 17:12 - 2016-06-24 20:05 - 00379744 _____ () C:\Program Files (x86)\Garena Plus\lib\Http.dll
    2015-08-11 17:12 - 2015-08-11 17:12 - 00191424 _____ () C:\Program Files (x86)\Garena Plus\lib\MP3Module.dll
    2012-02-22 16:52 - 2012-02-22 16:52 - 00162304 _____ () C:\Program Files (x86)\Garena Plus\lame_enc.DLL
    2015-08-11 17:12 - 2015-08-11 17:12 - 00226752 _____ () C:\Program Files (x86)\Garena Plus\lib\TaskManagerLib.dll
    2015-08-11 17:12 - 2015-11-24 21:26 - 00159168 _____ () C:\Program Files (x86)\Garena Plus\lib\UILayout.dll
    2015-08-11 17:12 - 2015-08-11 17:12 - 00965056 _____ () C:\Program Files (x86)\Garena Plus\lib\XLL.dll
    2015-08-11 17:12 - 2015-08-11 17:12 - 00061888 _____ () C:\Program Files (x86)\Garena Plus\lib\XmlUIModule.dll
    2012-02-22 16:52 - 2012-02-22 16:52 - 00573100 _____ () C:\Program Files (x86)\Garena Plus\sqlite3.dll
    2015-08-11 17:12 - 2016-02-22 19:25 - 00237608 _____ () C:\Program Files (x86)\Garena Plus\Plugins\StatsPlugin.dll
    2015-08-11 17:12 - 2016-11-25 18:53 - 02217424 _____ () C:\Program Files (x86)\Garena Plus\Plugins\ggplugin.dll
    2015-08-11 17:12 - 2015-08-11 17:12 - 00199616 _____ () C:\Program Files (x86)\Garena Plus\ImageModule.dll
    2015-08-11 17:12 - 2015-08-11 17:12 - 00162240 _____ () C:\Program Files (x86)\Garena Plus\libmpg123.dll
    2015-08-11 17:11 - 2016-08-29 15:48 - 04892664 _____ () C:\Program Files (x86)\Garena Plus\ggdownloader.dll
    2015-08-11 17:12 - 2015-08-11 17:12 - 00072640 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\AudioMixerLib.dll
    2015-08-11 17:12 - 2015-08-11 17:12 - 00023488 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\ClientTcp.dll
    2015-08-11 17:12 - 2015-08-11 17:12 - 01552320 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\FileSender.dll
    2013-02-01 13:42 - 2013-02-01 13:42 - 00153088 _____ () C:\Program Files (x86)\Garena Plus\libzmq.dll
    2015-08-11 17:12 - 2015-08-11 17:12 - 00963008 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\GaFileTransfer.dll
    2015-08-11 17:12 - 2015-08-11 17:12 - 00251840 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\MediaEngine.dll
    2015-08-11 17:12 - 2015-08-11 17:12 - 00033216 _____ () C:\Program Files (x86)\Garena Plus\ServerMemAlloc.dll
    2015-08-11 17:12 - 2015-08-11 17:12 - 00523712 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\RSALib.dll
    2015-08-11 17:12 - 2015-08-11 17:12 - 00075200 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\UdtLib.dll
    2015-08-11 17:12 - 2016-03-17 21:18 - 00113192 _____ () C:\Program Files (x86)\Garena Plus\Plugins\PlatformPlugin.dll
    2015-08-11 17:12 - 2016-11-30 21:35 - 00242680 _____ () C:\Program Files (x86)\Garena Plus\Plugins\PluginNews.dll
    2015-08-11 17:12 - 2016-03-17 21:18 - 00410152 _____ () C:\Program Files (x86)\Garena Plus\Plugins\GarenaTalkPlugin.dll
    2015-08-11 17:12 - 2016-11-10 14:00 - 00237560 _____ () C:\Program Files (x86)\Garena Plus\Plugins\GameSalePlugin.dll
    2015-01-16 12:27 - 2015-01-16 12:27 - 00110680 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\CommonLib.dll
    2015-01-16 12:27 - 2015-01-16 12:27 - 00069720 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\PluginKernel.dll
    2015-01-16 12:27 - 2016-09-23 19:05 - 00046032 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\DibModule.dll
    2015-01-16 12:27 - 2016-10-25 21:05 - 00394744 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\ImageModule.dll
    2015-01-16 12:27 - 2016-09-23 19:05 - 00829944 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\gagmhook.dll
    2015-01-16 12:27 - 2016-09-23 19:05 - 00053752 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lollauncher.dll
    2015-07-07 19:41 - 2016-12-22 00:10 - 00035320 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\VersionModule.dll
    2015-01-16 12:27 - 2015-01-16 12:27 - 00454600 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\sqlite3.dll
    2015-02-11 15:55 - 2016-12-22 00:10 - 02499024 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\Overlay.dll
    2015-01-16 12:27 - 2015-01-16 12:27 - 00115288 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\AudioMixerLib.dll
    2015-01-16 12:27 - 2015-01-16 12:27 - 00036440 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\ChannelUrlDll.dll
    2015-01-16 12:27 - 2015-01-16 12:27 - 00431192 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\exchndl.dll
    2015-01-16 12:27 - 2016-09-23 19:06 - 00089592 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\FileManager.dll
    2015-01-16 12:27 - 2016-10-25 21:05 - 00065064 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\FileSystem.dll
    2015-01-16 12:27 - 2016-10-13 16:41 - 00387024 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\Http.dll
    2015-01-16 12:27 - 2016-10-13 16:41 - 00059856 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\InputHookLib.dll
    2015-01-16 12:27 - 2016-10-25 21:05 - 00079824 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\InputHook.dll
    2015-01-16 12:27 - 2016-09-23 19:06 - 00054736 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\IPCLib.dll
    2015-01-16 12:27 - 2016-09-23 19:06 - 00067624 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\LangLib.dll
    2015-01-16 12:27 - 2016-09-23 19:05 - 00102864 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\audiohost.dll
    2015-01-16 12:27 - 2015-01-16 12:27 - 00141400 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\MessagePumpLib.dll
    2015-01-16 12:27 - 2015-01-16 12:27 - 00036952 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\MP3Saver.dll
    2015-01-16 12:27 - 2015-01-16 12:27 - 00244824 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\libmp3lame.DLL
    2015-01-16 12:27 - 2016-09-23 19:06 - 01060344 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\RealTimeVideoEngine.dll
    2015-01-16 12:27 - 2016-09-23 19:06 - 00068648 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\ResLib.dll
    2015-01-16 12:27 - 2015-01-16 12:27 - 00105560 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\PngModule.dll
    2015-01-16 12:27 - 2016-01-05 19:31 - 00134592 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\TcpClient.dll
    2015-01-16 12:27 - 2015-01-16 12:27 - 00143960 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\UdpClient.dll
    2015-01-16 12:27 - 2015-01-16 12:27 - 00117336 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\UILayout.dll
    2015-01-16 12:27 - 2016-10-25 21:06 - 00879056 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\UILib.dll
    2015-01-16 12:27 - 2016-09-23 19:06 - 00068560 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\XmlUIModule.dll
    2011-08-15 20:12 - 2011-08-15 20:12 - 02603520 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtCore4.dll
    2011-08-15 20:15 - 2011-08-15 20:15 - 00382464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtXml4.dll
    2011-08-17 16:41 - 2011-08-17 16:41 - 00400384 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\sqlite3.dll
    2011-08-17 16:48 - 2011-08-17 16:48 - 00322048 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\log4cplus.dll
    2011-11-25 13:29 - 2011-11-25 13:29 - 00015872 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\featureController.dll
    2011-08-15 20:12 - 2011-08-15 20:12 - 01006592 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtNetwork4.dll
    2011-08-17 16:48 - 2011-08-17 16:48 - 00195584 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\libgsoap.dll
    2011-08-15 19:23 - 2011-08-15 19:23 - 00062464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\zlib1.dll
    2011-11-25 13:28 - 2011-11-25 13:28 - 00484352 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\DeviceProfile.dll
    2011-11-25 13:42 - 2011-11-25 13:42 - 00499976 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\plugin\PServerPlugin.dll
    2011-11-25 13:26 - 2011-11-25 13:26 - 00013824 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\eventsSender.dll
    2011-07-19 16:05 - 2011-07-19 16:05 - 14978048 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtWebKit4.dll
    2011-07-19 16:04 - 2011-07-19 16:04 - 00317952 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\phonon4.dll
    2011-08-15 20:17 - 2011-08-15 20:17 - 09224704 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtGui4.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 10:34 - 2009-06-11 05:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1079155416-1279843625-3375403390-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 114.108.193.201 - 114.108.195.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    MSCONFIG\startupreg: ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
    MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
    MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
    MSCONFIG\startupreg: ATKMEDIA => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    MSCONFIG\startupreg: ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\Bluestacks\HD-Agent.exe
    MSCONFIG\startupreg: ETDCtrl => %ProgramFiles%\Elantech\ETDCtrl.exe
    MSCONFIG\startupreg: GarenaPlus => "C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe" -autolaunch
    MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    MSCONFIG\startupreg: HControlUser => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
    MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: MagicPlusHelper => "C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe"
    MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
    MSCONFIG\startupreg: Plumbytes Anti-Malware => "C:\Program Files\Plumbytes Software\Plumbytes Anti-Malware\Plumbytes.exe" /tray
    MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
    MSCONFIG\startupreg: ShadowPlay => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
    MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
    MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
    MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
    MSCONFIG\startupreg: Wireless Console 3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{550C21D8-E80D-4728-8B56-280C7C69525D}] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    FirewallRules: [{7B916B46-A6A6-4FC2-9470-4602B22005AE}] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    FirewallRules: [{83FE7423-095D-4A09-A4C1-4DFB0142EC33}] => C:\Windows\SysWOW64\rundll32.exe
    FirewallRules: [{C314BC58-3BEB-4F56-BF22-C9423F8998B5}] => C:\GarenaDownload\Games\hon\HoNInstaller.exe
    FirewallRules: [{51630695-0617-4285-BE92-24D9CF183490}] => C:\GarenaDownload\Games\hon\HoNInstaller.exe
    FirewallRules: [{8E6E2FFD-9F4E-43DB-8810-35E70B959C96}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{F4D06CF1-CF62-4051-99AB-D4FCDDD574CA}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{D0E16087-EC0F-4A61-B8B3-21A1DEB9587A}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    FirewallRules: [{E81CF42D-6D6C-49FF-B244-D0CEA13E2EF8}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    FirewallRules: [{C8359B99-304A-418A-B35A-C4A1D6CD4A54}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
    FirewallRules: [{3FC988F2-4C7D-4AC3-A7E3-A8D39D14DB2E}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{4B58FB04-8965-4BDD-B844-48E930A7F237}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{EA443C02-1FF7-49FD-9940-6161DCAE00F9}] => C:\Program Files (x86)\Garena Plus\ggdllhost.exe
    FirewallRules: [{7B9EA2F5-793A-436B-A11F-2EE769EAC0A9}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{1552E701-EDA8-4559-8389-5B7865433705}] => C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{1A1B8167-ABC3-452B-AEB3-A5A4B3ABD3ED}] => C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{7642B33E-35A1-48F0-8CAB-9782326B72E9}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{4E450695-44BD-4AB6-9DAF-1C3B00D7CB7E}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{BEB43EAA-5A29-4D1E-8D56-4A6143B21C7B}] => C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [TCP Query User{CB0B88F0-5A46-457E-A4D4-5B5E5CA9BB8B}C:\program files (x86)\garena plus\garenamessenger.exe] => C:\program files (x86)\garena plus\garenamessenger.exe
    FirewallRules: [UDP Query User{836B3269-F021-49D3-A3D2-97D34C82BAFF}C:\program files (x86)\garena plus\garenamessenger.exe] => C:\program files (x86)\garena plus\garenamessenger.exe
    FirewallRules: [{F5DB3F44-FDEF-4FA2-8007-B2480BDF7BE1}] => C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{445649C1-F323-4582-A045-336B94296E0A}] => C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{8B27A357-078C-474D-B24A-151794997270}] => C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{C28672A8-27D0-42ED-9427-715F6457F7E8}] => C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{B3EA7D71-A924-43A7-A2FA-FA6AB40E04C9}] => C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{D554FA01-2A00-4E01-A4FE-FC8C152285DF}] => C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{C916FA09-41DC-47AB-AB3C-65F7478BEEAC}] => C:\Program Files (x86)\Garena Plus\Room\garena_room.exe
    FirewallRules: [TCP Query User{D219E048-E690-461D-A2F2-0E3510D32079}C:\program files (x86)\garenahon\gamedata\apps\hon\hon.exe] => C:\program files (x86)\garenahon\gamedata\apps\hon\hon.exe
    FirewallRules: [UDP Query User{ACDE7836-01A3-4FA1-841B-606F76F73475}C:\program files (x86)\garenahon\gamedata\apps\hon\hon.exe] => C:\program files (x86)\garenahon\gamedata\apps\hon\hon.exe
    FirewallRules: [{DF3E12AB-B984-4A3C-9250-D2B51A15D8F8}] => C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{3CCDA8C5-0A43-4F17-BB8F-218C9099D6E6}] => C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{6150EF5A-EF26-4C6F-B573-3CEC993A7FA6}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{A800A5E3-B0D6-4539-B1A4-6DE1675E6B24}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{251CAB77-3097-4516-B83E-1288D7F8D974}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{CF5F32CF-7ED0-403E-8F75-0D37CD5DCC31}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [TCP Query User{FD17A9C1-B718-4CD9-A5F5-81B974CEB7C4}C:\program files (x86)\magicplus\magicplus.exe] => C:\program files (x86)\magicplus\magicplus.exe
    FirewallRules: [UDP Query User{E1F4625A-DA96-4B3A-9F53-301EF3E80CEB}C:\program files (x86)\magicplus\magicplus.exe] => C:\program files (x86)\magicplus\magicplus.exe
    FirewallRules: [{8B1B1164-573A-4856-B6C0-AF20E8214379}] => D:\StarCraft II\Versions\Base38996\SC2_x64.exe
    FirewallRules: [{6E680E75-A11B-4BF6-A69E-7E626DE19E4A}] => D:\StarCraft II\Versions\Base38996\SC2_x64.exe
    FirewallRules: [{23E2B87C-8E8D-40A6-9F0C-809F03A981F0}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
    FirewallRules: [{46540291-B70A-47C2-88F6-1D151DA2FC1D}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
    FirewallRules: [{5057CDC4-B445-4DA6-AF40-8BAFB9FA78D7}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{F2CD42C6-0063-4FC9-9759-99CA5CD2E6B1}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{2FFB9CE3-9C7E-4A72-90EA-104459A6B214}] => C:\Program Files (x86)\Steam\steamapps\common\Crysis 2 Game of the Year\bin32\Crysis2Launcher.exe
    FirewallRules: [{A92F9990-18FD-45B0-8312-FF83C525C193}] => C:\Program Files (x86)\Steam\steamapps\common\Crysis 2 Game of the Year\bin32\Crysis2Launcher.exe
    FirewallRules: [{F5C3C8D3-3B7D-4235-94FF-6771F944A027}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{EEBDB2DD-AA31-4D2F-AEEE-FFE5A6E769D4}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{C0CA2348-FB8F-4B92-A730-37AC4D18721C}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{294FF890-3A85-4381-9FDB-7FC1E2CF0348}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{87E9204C-3461-4B1C-A5D4-73CEFDE5A183}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{42BA6DBB-CF94-4240-A2E7-963A18475C33}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{6C4FCC17-7E28-4CCC-8012-A820A274BA60}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{56ED4824-E57B-4532-B830-E4BEE0D02C0C}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{CD3F27EF-F117-4D62-B2B2-86265202E0BE}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{E875222B-6D9E-4163-A5FE-2359C0F05078}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{7C593D99-C567-483F-8294-38EDE1250E04}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{5ED84062-DA7F-431F-BF55-6B789097939C}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
    FirewallRules: [{AB8385B6-CCBC-49E8-A60D-17652FF7411F}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
    FirewallRules: [{1DF75682-0699-45B2-A01D-A292A0D26C98}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{4448A8B5-7774-48F1-83C9-6D7A96FACF55}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{11E2DD3D-4F7E-4B45-AC42-1C5C4A799951}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{A56E1EBB-1BC6-45FC-90EF-64746400EAB4}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

    ==================== Restore Points =========================

    23-12-2016 09:57:20 aaa
    23-12-2016 10:00:15 Restore Point Created by FRST
    23-12-2016 12:47:34 Restore Operation
    23-12-2016 17:03:13 JRT Pre-Junkware Removal
    25-12-2016 13:21:58 ComboFix created restore point

    ==================== Faulty Device Manager Devices =============

    Name: Bluetooth module
    Description: Bluetooth module
    Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
    Manufacturer: Atheros Communications
    Service: BTHUSB
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: gkernel
    Description: gkernel
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: gkernel
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (12/25/2016 10:23:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 2012

    Error: (12/25/2016 10:23:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 2012

    Error: (12/25/2016 10:23:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (12/25/2016 10:23:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 1014

    Error: (12/25/2016 10:23:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 1014

    Error: (12/25/2016 10:23:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (12/25/2016 08:31:29 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: DllHost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bca54
    Faulting module name: igdumd64.dll, version: 8.15.10.2653, time stamp: 0x4f3aac44
    Exception code: 0xc0000005
    Fault offset: 0x000000000030eb06
    Faulting process id: 0x14d8
    Faulting application start time: 0x01d25eaab932b6ca
    Faulting application path: C:\Windows\system32\DllHost.exe
    Faulting module path: C:\Windows\system32\igdumd64.dll
    Report Id: 0f06614c-ca9e-11e6-8281-10bf48129e47

    Error: (12/25/2016 03:00:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 1997

    Error: (12/25/2016 03:00:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 1997

    Error: (12/25/2016 03:00:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second


    System errors:
    =============
    Error: (12/26/2016 02:28:45 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: The following fatal alert was received: 40.

    Error: (12/26/2016 02:28:45 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: The following fatal alert was received: 40.

    Error: (12/25/2016 10:12:44 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: The following fatal alert was received: 40.

    Error: (12/25/2016 10:12:44 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: The following fatal alert was received: 40.

    Error: (12/25/2016 02:09:10 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: The following fatal alert was received: 40.

    Error: (12/25/2016 02:09:10 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: The following fatal alert was received: 40.

    Error: (12/25/2016 01:37:10 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: The following fatal alert was received: 40.

    Error: (12/25/2016 01:37:10 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: The following fatal alert was received: 40.

    Error: (12/25/2016 01:27:33 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
    Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

    Error: (12/25/2016 01:25:48 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
    Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.


    CodeIntegrity:
    ===================================
    Date: 2016-12-26 09:02:36.745
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

    Date: 2016-12-26 09:02:36.738
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

    Date: 2016-12-26 09:02:36.713
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

    Date: 2016-12-26 09:02:36.707
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

    Date: 2016-12-25 14:48:34.176
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

    Date: 2016-12-25 14:48:34.169
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

    Date: 2016-12-25 14:48:34.163
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

    Date: 2016-12-25 14:48:34.156
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

    Date: 2016-12-25 13:23:19.486
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

    Date: 2016-12-25 13:23:19.486
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-3610QM CPU @ 2.30GHz
    Percentage of memory in use: 25%
    Total physical RAM: 8077.9 MB
    Available physical RAM: 6005.52 MB
    Total Virtual: 16154 MB
    Available Virtual: 13935.56 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:148.34 GB) (Free:63.46 GB) NTFS
    Drive d: () (Fixed) (Total:317.32 GB) (Free:90.09 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B63ED2B4)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=148.3 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=317.3 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================
     
  19. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  20. syzygy1234

    syzygy1234 Techie7 New Member

    Fix result of Farbar Recovery Scan Tool (x64) Version: 21-12-2016
    Ran by user (26-12-2016 10:21:13) Run:2
    Running from C:\Users\user\Desktop
    Loaded Profiles: user (Available Profiles: user)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-1079155416-1279843625-3375403390-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]
    S3 gkernel; \??\C:\Users\user\AppData\Local\Temp\gkernel.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    2015-08-18 17:59 - 2016-12-26 00:24 - 0000380 _____ () C:\Users\user\AppData\Roaming\sp_data.sys

    *****************

    "HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => key removed successfully
    "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
    "HKU\S-1-5-21-1079155416-1279843625-3375403390-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
    GGSAFERDriver => service removed successfully
    gkernel => service removed successfully
    VGPU => service removed successfully
    C:\Users\user\AppData\Roaming\sp_data.sys => moved successfully

    ==== End of Fixlog 10:21:13 ====