Solved Windows 7 PC spontaneously crashing

D

Daniel Burkus

Posts: 161   +7
For the past several weeks my PC has been crashing spontaneously, apparently with no provocation. For example, a short while ago I was reading a news article with several other tabs open (I use Mozilla Firefox as my browser of choice). The machine remained in the same state for probably an hour, with my closing tabs as I finished reading the article. And then suddenly, the PC crashed. Other than Firefox, nothing else was running, and I had neither opened nor closed any tabs immediately before the event.

It also crashes when I am attempting to run certain malware scans (such as "Dr. Web," and "Sophos Virus Removal Tool," among others), while running others ("Super Antispyware," and usually "Malwarebytes") seems to produce no ill effects. In terms of the crashes apparently precipitated by running malware scans, it seems that when the scan reaches a certain point in the series -- when it begins to scan a certain block of data -- the PC crashes.

Several days ago I tried to install the latest updates from Microsoft, and that really messed up everything, with the machine unable to start/load Windows at all until I did a system restore to the point immediately prior to the updating.

For now, this is all I can think to write. If there are any specific questions, I will try to answer them.

Thank you for your help.


-- Daniel M. Burkus
 
Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Hello, Broni! Hope you are well! And thank you for your efforts!

I only found three steps on <https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/>. My "regular" antivirus is Avast! (I am poor). I did a boot-time scan two days ago -- which did not find any malware. The program is up to date.

I ran FRST without incident. The scan results are as follows:


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-06-2017 01
Ran by Daniel M. Burkus (administrator) on PC (21-06-2017 17:37:24)
Running from C:\Users\Daniel M. Burkus.PC\Desktop
Loaded Profiles: Daniel M. Burkus (Available Profiles: Daniel M. Burkus)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Foxit Software Inc.) C:\Program Files\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files\Unlocker\UnlockerAssistant.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe
(Kakao Corp. ) C:\Program Files\Kakao\KakaoTalk\KakaoTalk.exe
(AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe
(AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-10-19] (NVIDIA Corporation)
HKLM\...\Run: [UnlockerAssistant] => C:\Program Files\Unlocker\UnlockerAssistant.exe [17408 2010-07-05] ()
HKLM\...\Run: [NeroFilterCheck] => C:\Windows\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-05-30] (AVAST Software)
HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6843808 2017-06-21] (SUPERAntiSpyware)
HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [7648984 2017-06-13] (Piriform Ltd)
HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\Run: [KSS] => C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\Run: [Kaspersky Software Updater] => C:\Program Files\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe [1565000 2016-11-26] (AO Kaspersky Lab)
HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\Run: [KakaoTalk] => C:\Program Files\Kakao\KakaoTalk\KakaoTalk.exe [8315200 2017-06-20] (Kakao Corp. )
HKU\S-1-5-18\...\Run: [KSS] => C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2016-01-29] (Microsoft Corporation)
HKLM\...\Providers\tuyazueu: C:\Program Files\Buqaghghnet Builder\local32spl.dll <===== ATTENTION
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-05-30] (AVAST Software)
BootExecute: autocheck autochk * ROBoot \??\C:\Windows\system32\ASOROSet.bin
GroupPolicy: Restriction ? <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 168.126.63.1 168.126.63.2
Tcpip\..\Interfaces\{66B87001-DA33-470B-9512-77BE9AE4D883}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7E8271E6-6142-41FD-83BE-949EBBBBA13D}: [DhcpNameServer] 168.126.63.1 168.126.63.2
Tcpip\..\Interfaces\{9062A7D0-A780-4AB6-A1B1-967D5C1EB26C}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B3CE4C30-3C2F-4806-AE63-1892B7E644A5}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D3E6FB35-F97B-4C66-817B-66630537B25B}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1259038908-1583320175-680065255-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1259038908-1583320175-680065255-1005\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2016-07-05] (Internet Download Manager, Tonec Inc.)
BHO: avast! WebRep -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-05-30] (AVAST Software)
Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-05-30] (AVAST Software)

FireFox:
========
FF ProfilePath: C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008 [2017-06-21]
FF Homepage: Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008 -> hxxps://login.yahoo.com/?.src=ym&.intl=us&.lang=en-US&.done=https%3a//mail.yahoo.com
FF Extension: (Flash Video Downloader - YouTube HD Download [4K]) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008\Extensions\artur.dubovoy@gmail.com [2017-06-15]
FF Extension: (FlashStopper) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008\Extensions\flashstopper@byo.co.il.xpi [2017-03-10]
FF Extension: (Google Search by Image) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008\Extensions\google@hitachi.com.xpi [2017-02-02]
FF Extension: (Markdown Viewer) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008\Extensions\markdownviewer@thiht.fr.xpi [2017-01-07]
FF Extension: (Restart Button) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008\Extensions\restartbutton@strk.jp.xpi [2016-08-16]
FF Extension: (Avast SafePrice) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008\Extensions\sp@avast.com.xpi [2017-06-02]
FF Extension: (Avast Online Security) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008\Extensions\wrc@avast.com.xpi [2017-06-02]
FF Extension: (Bulk Media Downloader) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008\Extensions\{72b2e02b-3a71-4895-886c-fd12ebe36ba3}.xpi [2017-06-15]
FF Extension: (CacheViewer Fx21) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008\Extensions\{81328583-3CA7-4809-B4BA-570A85818FBB} [2017-03-24]
FF Extension: (Video DownloadHelper) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-05-09]
FF Extension: (Adblock Plus) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-08]
FF HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2016-06-08]
FF HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\IDM\idmmzcc5 [2017-06-21] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-18] ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-04-06] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-04-06] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-04-06] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-04-06] (Foxit Corporation)
FF Plugin: @Nero.com/KM -> C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2016-02-29] (Nero AG)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-10-18] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-10-18] (NVIDIA Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.5.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: ChromeDefaultData
CHR Profile: C:\Users\Daniel M. Burkus.PC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-06-20] <==== ATTENTION
CHR Extension: (Chrome Web Store Payments) - C:\Users\Daniel M. Burkus.PC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-12]
CHR Extension: (Gmail) - C:\Users\Daniel M. Burkus.PC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-24]
CHR Extension: (Chrome Media Router) - C:\Users\Daniel M. Burkus.PC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-23]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2016-06-10]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [143776 2017-02-09] (SUPERAntiSpyware.com)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5732136 2017-05-30] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-05-30] (AVAST Software)
R2 FoxitReaderService; C:\Program Files\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659592 2017-04-13] (Foxit Software Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [930240 2016-10-19] (NVIDIA Corporation)
R2 kss; C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
R3 ksu; C:\Program Files\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe [1565000 2016-11-26] (AO Kaspersky Lab)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [792944 2016-01-28] (Nero AG)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-10-19] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2904000 2016-10-19] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2016704 2016-10-19] (NVIDIA Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 Bapeward; C:\Program Files\Tersatlaty\DrbCommunity.dll [X]
S2 WSWNDA3100v2; C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 5AF767F5; C:\Windows\System32\drivers\5AF767F5.sys [153784 2016-04-01] (Kaspersky Lab ZAO)
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdriverx.sys [258288 2017-05-30] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidshx.sys [148696 2017-05-30] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswblogx.sys [268016 2017-05-30] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbunivx.sys [41664 2017-05-30] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34136 2017-05-30] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [31064 2017-05-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107928 2017-05-30] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [90336 2017-05-30] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [62152 2017-05-30] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [764576 2017-05-30] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [482608 2017-05-30] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [115152 2017-05-30] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [279800 2017-05-30] (AVAST Software)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [392352 2017-05-24] (Symantec Corporation)
R1 epp; C:\EEK\bin32\epp.sys [105248 2016-11-23] (Emsisoft Ltd)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26048 2016-10-19] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [50744 2016-08-04] (NVIDIA Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SIVDriver; C:\Windows\system32\Drivers\SIVX32.sys [134928 2016-02-14] (Ray Hinchliffe)
S3 tatertot.scr; C:\Windows\system32\drivers\tatertot.scr.sys [34816 2017-06-01] () [File not signed]
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
S3 BCMH43XX; system32\DRIVERS\bcmwlhigh6.sys [X]
S3 catchme; \??\C:\Users\DANIEL~1.PC\AppData\Local\Temp\catchme.sys [X]
S1 ESProtectionDriver; \??\C:\Windows\system32\drivers\mbae.sys [X]
S2 MBAMChameleon; \SystemRoot\system32\drivers\MBAMChameleon.sys [X]
S3 MBAMFarflt; \??\C:\Windows\system32\drivers\farflt.sys [X]
S3 MBAMProtection; \??\C:\Windows\system32\drivers\mbam.sys [X]
S3 MBAMWebProtection; \??\C:\Windows\system32\drivers\mwac.sys [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam32.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard32.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-21 17:37 - 2017-06-21 17:38 - 00020035 _____ C:\Users\Daniel M. Burkus.PC\Desktop\FRST.txt
2017-06-21 17:34 - 2017-06-21 17:35 - 01778176 _____ (Farbar) C:\Users\Daniel M. Burkus.PC\Desktop\FRST.exe
2017-06-21 15:56 - 2017-06-21 15:56 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-06-19 16:46 - 2017-06-19 17:04 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\Desktop\HTML code
2017-06-19 09:22 - 2017-06-19 09:22 - 00000272 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Book 4, Part 11 (Notes).txt
2017-06-19 09:21 - 2017-06-19 09:21 - 00000272 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Book 4, Part 9 (Notes).txt
2017-06-19 09:21 - 2017-06-19 09:21 - 00000272 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Book 4, Part 8 (Notes).txt
2017-06-19 09:21 - 2017-06-19 09:21 - 00000272 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Book 4, Part 10 (Notes).txt
2017-06-19 09:20 - 2017-06-19 09:20 - 00000412 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Book 4, Part 11 (Text).txt
2017-06-19 09:20 - 2017-06-19 09:20 - 00000390 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Book 4, Part 10 (Text).txt
2017-06-19 09:19 - 2017-06-19 09:19 - 00000388 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Book 4, Part 9 (Text).txt
2017-06-19 09:18 - 2017-06-19 09:18 - 00000384 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Book 4, Part 8 (Text).txt
2017-06-18 16:35 - 2017-06-18 16:35 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2017-06-18 16:35 - 2017-06-18 16:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2017-06-18 15:48 - 2017-06-18 15:49 - 18609717 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Baby Elephant's Birthday Present.mp4
2017-06-17 20:22 - 2017-06-18 13:40 - 00000000 ____D C:\afd6bb1c0cd15e66d1cca9dae705a300
2017-06-17 17:48 - 2017-06-18 14:35 - 00000000 ____D C:\ProgramData\SMR501
2017-06-17 17:38 - 2017-06-17 17:38 - 00032416 _____ C:\ComboFix.txt
2017-06-17 16:40 - 2017-06-17 17:47 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\uTorrent
2017-06-17 01:47 - 2017-06-17 01:47 - 00000000 ___RD C:\Users\Daniel M. Burkus.PC\Virtual Machines
2017-06-17 00:51 - 2017-06-20 19:38 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-06-16 23:16 - 2017-06-16 23:16 - 00019960 _____ (Wiper Software) C:\Windows\system32\wiperrm.exe
2017-06-16 23:16 - 2017-06-16 23:16 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Local\CrashRpt
2017-06-16 22:06 - 2017-06-16 22:09 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\Desktop\Event Logs (June 16)
2017-06-15 13:50 - 2017-06-15 13:50 - 00000384 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Book 4, Part 7 (Text).txt
2017-06-15 13:50 - 2017-06-15 13:50 - 00000272 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Book 4, Part 7 (Notes).txt
2017-06-15 13:50 - 2017-06-15 13:50 - 00000272 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Book 4, Part 6 (Notes).txt
2017-06-15 13:49 - 2017-06-20 01:27 - 00000384 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Book 4, Part 6 (Text).txt
2017-06-14 06:23 - 2017-06-14 06:23 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\Desktop\THE LETTERS OF WILLIAM ADAMS
2017-06-13 07:46 - 2017-06-13 07:46 - 00000029 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Google Translate.txt
2017-06-12 13:50 - 2017-06-12 13:50 - 00010282 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Book 4.4, Taji (material removed from footnote).txt
2017-06-12 07:44 - 2017-06-12 07:44 - 00000000 ____D C:\$AV_ASW
2017-06-11 19:28 - 2017-06-11 19:28 - 00000007 _____ C:\Users\Daniel M. Burkus.PC\Desktop\covfefe.txt
2017-06-11 10:06 - 2017-06-07 21:49 - 00103665 _____ C:\Windows\system32\Drivers\etc\hosts.20170611-100617.backup
2017-06-08 08:54 - 2017-06-08 08:54 - 00001457 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Little White Duck.txt
2017-06-07 21:50 - 2017-06-07 21:50 - 00000000 ___HD C:\$windows.~bt
2017-06-07 09:56 - 2017-06-07 09:58 - 00000309 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Check Windows Installation for Errors.txt
2017-06-07 09:53 - 2017-06-07 09:53 - 00000101 _____ C:\Users\Daniel M. Burkus.PC\Desktop\shutdown error details.txt
2017-06-04 17:58 - 2017-06-04 17:58 - 00114051 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Remove Necurs (Rootkits).htm
2017-06-04 17:58 - 2017-06-04 17:58 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\Desktop\Remove Necurs (Rootkits)_files
2017-06-04 13:45 - 2017-06-17 17:39 - 00000000 ____D C:\Qoobox
2017-06-04 13:45 - 2011-06-26 15:45 - 00256000 _____ C:\Windows\PEV.exe
2017-06-04 13:45 - 2010-11-08 02:20 - 00208896 _____ C:\Windows\MBR.exe
2017-06-04 13:45 - 2009-04-20 13:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-06-04 13:45 - 2000-08-31 09:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-06-04 13:45 - 2000-08-31 09:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-06-04 13:45 - 2000-08-31 09:00 - 00098816 _____ C:\Windows\sed.exe
2017-06-04 13:45 - 2000-08-31 09:00 - 00080412 _____ C:\Windows\grep.exe
2017-06-04 13:45 - 2000-08-31 09:00 - 00068096 _____ C:\Windows\zip.exe
2017-06-04 13:37 - 2017-06-16 14:20 - 00000000 ____D C:\AdwCleaner
2017-06-04 13:36 - 2017-06-04 13:36 - 01010146 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Complete List of Latin Phrases.htm
2017-06-04 13:36 - 2017-06-04 13:36 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\Desktop\Complete List of Latin Phrases_files
2017-06-04 11:17 - 2017-06-21 17:37 - 00000000 ____D C:\FRST
2017-06-04 06:46 - 2017-05-31 23:11 - 00096713 _____ C:\Windows\system32\Drivers\etc\hosts.20170604-064642.backup
2017-06-03 17:32 - 2017-06-03 17:32 - 00001712 _____ C:\Windows\system32\ASOROSet.bin
2017-06-03 17:30 - 2017-06-03 17:32 - 00000000 ____D C:\Windows\system32\config\RCCBakup
2017-06-02 14:04 - 2017-06-02 14:04 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\dll-files.com
2017-06-02 12:57 - 2017-06-02 12:57 - 00056151 _____ C:\Users\Daniel M. Burkus.PC\Desktop\how to turn on hardware virtualization in my bios - Windows 7 Help Forums.htm
2017-06-02 12:57 - 2017-06-02 12:57 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\Desktop\how to turn on hardware virtualization in my bios - Windows 7 Help Forums_files
2017-06-01 10:07 - 2017-06-01 10:08 - 475850190 _____ C:\Users\Daniel M. Burkus.PC\Desktop\[HigherJourneys] Who is ''the New Human''.mp4
2017-06-01 09:31 - 2017-06-01 09:31 - 00034816 _____ C:\Windows\system32\Drivers\tatertot.scr.sys
2017-05-31 23:38 - 2017-05-31 23:38 - 00000336 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Boot from a Flash Drive.txt
2017-05-31 22:48 - 2011-05-02 15:05 - 00001611 _____ C:\Windows\system32\Drivers\etc\mvps.bat
2017-05-31 08:04 - 2017-05-31 08:04 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Local\Kakao
2017-05-31 08:02 - 2017-05-31 08:02 - 00000000 ____D C:\Program Files\Kakao
2017-05-30 17:19 - 2017-05-30 17:19 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\AVAST Software
2017-05-30 17:14 - 2017-05-30 17:29 - 00115152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2017-05-30 17:14 - 2017-05-30 17:14 - 00034136 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-05-30 17:14 - 2017-05-30 17:13 - 00330768 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-05-30 17:14 - 2017-05-30 17:13 - 00268016 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswblogx.sys
2017-05-30 17:14 - 2017-05-30 17:13 - 00258288 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdriverx.sys
2017-05-30 17:14 - 2017-05-30 17:13 - 00148696 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidshx.sys
2017-05-30 17:14 - 2017-05-30 17:13 - 00041664 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbunivx.sys
2017-05-30 17:14 - 2017-05-30 17:13 - 00031064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-05-30 17:11 - 2017-05-30 17:14 - 00279800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-05-30 17:11 - 2017-05-30 17:14 - 00062152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-05-30 17:05 - 2017-05-30 17:14 - 00482608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-05-30 17:05 - 2017-05-30 17:14 - 00107928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-05-30 17:05 - 2017-05-30 17:14 - 00090336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-05-30 17:05 - 2017-05-30 17:13 - 00764576 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-05-30 17:00 - 2017-05-30 17:13 - 00000000 ____D C:\Program Files\AVAST Software
2017-05-30 16:54 - 2017-05-30 16:54 - 00024963 _____ C:\Windows\system32\servers.def.lkg
2017-05-30 16:54 - 2017-05-30 16:54 - 00024963 _____ C:\Windows\system32\servers.def
2017-05-30 16:54 - 2017-05-30 16:54 - 00002847 _____ C:\Windows\system32\servers.def.vpx
2017-05-30 16:54 - 2017-05-30 16:54 - 00001624 _____ C:\Windows\system32\uat.vpx
2017-05-30 16:54 - 2017-05-30 16:54 - 00000452 _____ C:\Windows\system32\prod-vps.vpx
2017-05-30 16:54 - 2017-05-30 16:54 - 00000446 _____ C:\Windows\system32\prod-pgm.vpx
2017-05-30 16:54 - 2017-05-30 16:54 - 00000039 _____ C:\Windows\system32\Stats.ini
2017-05-30 07:54 - 2017-06-18 14:35 - 00000000 ____D C:\ProgramData\RogueKiller
2017-05-30 07:54 - 2017-06-16 12:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-05-29 19:22 - 2017-05-31 07:44 - 00001364 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Locked Registry Keys.txt
2017-05-28 14:57 - 2017-06-16 18:46 - 00008204 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Feria de San Isidro 2017.txt
2017-05-28 13:24 - 2017-05-27 17:51 - 00096713 _____ C:\Windows\system32\Drivers\etc\hosts.20170528-132455.backup
2017-05-27 10:38 - 2017-05-27 10:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-05-24 18:00 - 2017-05-24 18:00 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2017-05-24 17:56 - 2017-05-24 17:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
2017-05-24 17:56 - 2017-05-24 17:56 - 00000000 ____D C:\Windows\system32\Drivers\NSS
2017-05-24 17:56 - 2017-05-24 17:56 - 00000000 ____D C:\ProgramData\NortonInstaller
2017-05-24 17:56 - 2017-05-24 17:56 - 00000000 ____D C:\Program Files\NortonInstaller
2017-05-24 17:56 - 2017-05-24 17:56 - 00000000 ____D C:\Program Files\Norton Security Scan
2017-05-24 11:49 - 2017-06-17 17:51 - 00000000 ____D C:\NPE
2017-05-24 11:42 - 2017-06-18 14:35 - 00000000 ____D C:\ProgramData\Norton
2017-05-24 11:42 - 2017-06-17 18:02 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Local\NPE
2017-05-23 22:05 - 2017-05-23 22:05 - 00001117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-05-23 22:05 - 2017-05-23 22:05 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-05-23 08:36 - 2017-05-23 08:36 - 00001700 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Uninstalling Flash Player.txt
2017-05-23 07:20 - 2017-06-17 00:25 - 00000000 ____D C:\EEK

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-21 15:53 - 2016-11-16 20:55 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\LocalLow\Mozilla
2017-06-21 15:40 - 2009-07-14 13:34 - 00024208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-06-21 15:40 - 2009-07-14 13:34 - 00024208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-06-21 15:35 - 2016-01-29 01:50 - 00000000 ____D C:\ProgramData\NVIDIA
2017-06-21 15:35 - 2009-07-14 13:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-21 09:53 - 2016-08-06 20:33 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\DMCache
2017-06-21 09:13 - 2009-07-14 11:37 - 00000000 ____D C:\Windows\inf
2017-06-21 09:01 - 2016-03-25 18:43 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-06-20 19:31 - 2016-09-25 20:36 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\IDM
2017-06-19 09:22 - 2016-12-06 09:07 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\Desktop\Rikyu Chanoyu Sho
2017-06-18 18:03 - 2016-08-18 23:06 - 00000003 _____ C:\Users\Daniel M. Burkus.PC\Desktop\movie time.txt
2017-06-18 16:38 - 2016-03-26 17:13 - 00000000 ____D C:\My Documents
2017-06-18 16:35 - 2016-09-25 20:35 - 00000000 ____D C:\Program Files\Internet Download Manager
2017-06-18 14:36 - 2009-07-14 11:37 - 00000000 ____D C:\Windows\system32\migwiz
2017-06-18 14:36 - 2009-07-14 11:37 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-06-18 14:35 - 2009-07-14 11:37 - 00000000 ____D C:\Windows\servicing
2017-06-18 14:35 - 2009-07-14 11:37 - 00000000 ____D C:\Windows\registration
2017-06-18 09:03 - 2016-01-29 05:02 - 00803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-06-18 09:03 - 2016-01-29 05:02 - 00144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-06-18 09:03 - 2016-01-29 05:02 - 00000000 ____D C:\Windows\system32\Macromed
2017-06-17 21:37 - 2016-03-24 07:59 - 00000000 ____D C:\Users\Daniel M. Burkus.PC
2017-06-17 18:29 - 2016-02-15 14:58 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-06-17 17:36 - 2009-07-14 11:04 - 00000215 _____ C:\Windows\system.ini
2017-06-17 00:27 - 2016-05-13 13:31 - 129479984 ____C (Microsoft Corporation) C:\Windows\system32\mrt.exe
2017-06-17 00:25 - 2016-03-26 19:27 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Local\CrashDumps
2017-06-16 22:54 - 2016-01-29 16:20 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-06-16 22:23 - 2016-04-25 09:08 - 00000000 ____D C:\ProgramData\TEMP
2017-06-16 21:34 - 2016-08-03 15:36 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\Desktop\SCAN TOOLS
2017-06-16 21:15 - 2016-04-13 21:34 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\vlc
2017-06-16 12:24 - 2016-02-15 14:57 - 00000000 ____D C:\Program Files\RogueKiller
2017-06-15 12:35 - 2017-01-02 11:08 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\Desktop\Blog Photos
2017-06-15 08:21 - 2016-07-17 08:34 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-06-14 18:45 - 2016-09-17 09:02 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\Desktop\Convert to PDF
2017-06-13 19:36 - 2016-03-24 19:10 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Local\Adobe
2017-06-13 12:27 - 2016-12-06 13:45 - 00000343 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Interesting Quotes.txt
2017-06-12 15:48 - 2016-03-24 20:56 - 00001012 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Blog Templates.txt
2017-06-07 01:02 - 2016-06-12 15:27 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\Desktop\Articles
2017-05-31 18:42 - 2009-07-14 13:53 - 00032564 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-05-31 08:04 - 2016-05-07 19:16 - 00001089 _____ C:\ProgramData\Microsoft\Windows\Start Menu\KakaoTalk.lnk
2017-05-31 07:58 - 2016-06-04 16:56 - 00002335 _____ C:\DelFix.txt
2017-05-30 17:14 - 2016-01-29 16:28 - 00000000 ____D C:\ProgramData\AVAST Software
2017-05-30 17:11 - 2009-07-14 11:04 - 00002577 _____ C:\Windows\system32\config.nt
2017-05-30 17:05 - 2009-07-14 13:52 - 00000000 ____D C:\Program Files\Windows Sidebar
2017-05-30 16:55 - 2016-01-29 04:56 - 00000000 ____D C:\Program Files\Common Files\AV
2017-05-29 23:30 - 2009-07-14 09:18 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\spoolss.dll
2017-05-29 23:29 - 2016-09-12 19:17 - 00290304 _____ (Microsoft Corporation) C:\Windows\system32\subinacl.exe
2017-05-28 15:12 - 2016-06-04 08:12 - 00007635 _____ C:\Users\Daniel M. Burkus.PC\AppData\Local\Resmon.ResmonCfg
2017-05-24 08:38 - 2016-09-21 20:13 - 00001420 _____ C:\Users\Daniel M. Burkus.PC\Desktop\SCAN TOOLS (Download URLs).txt
2017-05-23 22:33 - 2016-06-15 19:12 - 00000000 ____D C:\Program Files\Google
2017-05-23 22:05 - 2016-11-16 16:35 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-05-23 15:57 - 2016-03-24 13:15 - 00000000 ____D C:\Program Files\Recuva
2017-05-22 06:19 - 2017-05-11 08:44 - 00000128 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Mori-san's Address.txt

==================== Files in the root of some directories =======

2016-03-24 19:18 - 2016-07-09 08:20 - 0000438 _____ () C:\Users\Daniel M. Burkus.PC\AppData\Local\ReclaiMe.config
2016-06-04 08:12 - 2017-05-28 15:12 - 0007635 _____ () C:\Users\Daniel M. Burkus.PC\AppData\Local\Resmon.ResmonCfg
2016-03-24 19:18 - 2016-07-09 08:20 - 0001346 _____ () C:\ProgramData\ReclaiMe.config

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-06-12 07:06

==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 18-06-2017 01
Ran by Daniel M. Burkus (21-06-2017 17:38:37)
Running from C:\Users\Daniel M. Burkus.PC\Desktop
Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2016-01-28 16:14:06)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1259038908-1583320175-680065255-500 - Administrator - Disabled)
Daniel M. Burkus (S-1-5-21-1259038908-1583320175-680065255-1005 - Administrator - Enabled) => C:\Users\Daniel M. Burkus.PC
Guest (S-1-5-21-1259038908-1583320175-680065255-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1259038908-1583320175-680065255-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Spybot - Search and Destroy (Disabled - Out of date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AbleWord v3.0 (HKLM\...\AbleWord_is1) (Version: - )
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Flash Player 26 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
ADS Scanner 2 (HKLM\...\ADS Scanner 2) (Version: 2 - Pointstone Software, LLC)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 17.4.2294 - AVAST Software)
Boilsoft Video Cutter 1.23 (HKLM\...\{C72AB84A-4F9E-4D80-8243-C9547773BE73}_is1) (Version: - Boilsoft, Inc.)
Boilsoft Video Joiner 6.57 (HKLM\...\{FD39EF4B-0B5C-4B33-8D57-2EE865A80EB1}_is1) (Version: - Boilsoft, Inc.)
Boilsoft Video Splitter 6.34 (HKLM\...\{24549038-9956-4EE5-976D-4419AAEA7DD5}_is1) (Version: - Boilsoft, Inc.)
calibre (HKLM\...\{1E376DEC-875A-4F53-9149-168582A0E274}) (Version: 2.71.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.31 - Piriform)
CPUID CPU-Z 1.75 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
CutePDF Writer 3.1 (HKLM\...\CutePDF Writer Installation) (Version: 3.1 - Acro Software Inc.)
Direct MIDI to MP3 Converter version 7.0.0.0 (HKLM\...\Direct MIDI to MP3 Converter_is1) (Version: 7.0.0.0 - Piston Software)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
FFmpeg (Windows) for Audacity version 2.2.2 (HKLM\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - )
FormatFactory 3.9.0.1 (HKLM\...\FormatFactory) (Version: 3.9.0.1 - Free Time)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 8.3.0.14878 - Foxit Software Inc.)
FreeOCR v5.4 (HKLM\...\freeocr_is1) (Version: - )
Hangul 2002 SE (HKLM\...\{CECBC29F-6D3A-4ED6-A686-7220EF9B69CC}) (Version: 5.7.5.3007 - Haansoft)
Internet Download Manager (HKLM\...\Internet Download Manager) (Version: - Tonec Inc.)
IrfanView 4.44 (32-bit) (HKLM\...\IrfanView) (Version: 4.44 - Irfan Skiljan)
KakaoTalk (HKLM\...\KakaoTalk) (Version: 2.5.6.1545 - Kakao Corp.)
Kaspersky Security Scan (HKLM\...\InstallWIX_{D1282694-0693-41A8-ABC1-6D1FFC1F65C5}) (Version: 16.0.0.1344 - Kaspersky Lab)
Kaspersky Security Scan (Version: 16.0.0.1344 - Kaspersky Lab) Hidden
Kaspersky Software Updater (HKLM\...\InstallWIX_{DEEDA858-A9B4-4212-8873-2F2CE2706E68}) (Version: 2.0.0.623 - Kaspersky Lab)
Kaspersky Software Updater (Version: 2.0.0.623 - Kaspersky Lab) Hidden
K-Lite Mega Codec Pack 10.4.5 (HKLM\...\KLiteCodecPack_is1) (Version: 10.4.5 - )
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version: - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
MKVToolNix 8.3.0 (32bit) (HKLM\...\MKVToolNix) (Version: 8.3.0 - Moritz Bunkus)
Mozilla Firefox 53.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 53.0.3 (x86 en-US)) (Version: 53.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0.3 - Mozilla)
MP3 Toolkit 1.0.5 (HKLM\...\MP3 Toolkit_is1) (Version: - MP3Toolkit.com)
MPC-BE 1.4.5.787 (HKLM\...\{903D098F-DD50-4342-AD23-DA868FCA3126}_is1) (Version: 1.4.5.787 - MPC-BE Team)
Nero 2016 (HKLM\...\{9C637A56-4287-487F-95BF-1422FC1AA879}) (Version: 17.0.04500 - Nero AG)
Nero Info (HKLM\...\{F030BFE8-8476-4C08-A553-233DE80A2BE1}) (Version: 16.0.2003 - Nero AG)
Nero WaveEditor (HKLM\...\{D0656D0B-9712-45BD-9243-21FEBF5B05E5}) (Version: 14.0.00600 - Nero AG)
Norton Security Scan (HKLM\...\NSS) (Version: 4.6.1.84 - Symantec Corporation)
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 342.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 342.00 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.125 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.125 - NVIDIA Corporation)
NVIDIA Graphics Driver 342.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 342.00 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
paint.net (HKLM\...\{6AC1101E-7561-43C9-BEEA-4AB1D220D8FE}) (Version: 4.0.13 - dotPDN LLC)
Prerequisite installer (Version: 12.0.0010 - Nero AG) Hidden
Prerequisite installer (Version: 17.0.0002 - Nero AG) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
RogueKiller version 12.11.1.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.1.0 - Adlice Software)
R-Undelete 5.0 (HKLM\...\R-Undelete 5.0NSIS) (Version: 5.0.164588 - R-Tools Technology Inc.)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.125 - NVIDIA Corporation) Hidden
Sophos Virus Removal Tool (HKLM\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.0 - Sophos Limited)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Stashimi Stub Installer (Version: 18.001.1 - Nero AG) Hidden
SUPER © v2015.build.66+Recorder (2015/10/30) version v2015.buil (HKLM\...\{8E2A29F2-96BF-8259-4CA7-4C16C91728A3}_is1) (Version: v2015.build.66+Recorder - eRightSoft)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1212 - SUPERAntiSpyware.com)
Tipard PDF Converter Platinum 3.2.10 (HKLM\...\{7ABFBBCF-9DA2-4a62-B54D-3AFCA72FBBA4}_is1) (Version: 3.2.10 - Tipard Studio)
Tray Tools 2000 (HKLM\...\Tray Tools 2000) (Version: Tray Tools 2000 - Version 2.7 - Gregory Braun -- Software Design)
TreeSize Free V3.4.5 (HKLM\...\TreeSize Free_is1) (Version: 3.4.5 - JAM Software)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Winamp (HKLM\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
WinRAR 5.40 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1EDEBF28-27ED-428F-8EA6-BAA48B1C1482} - System32\Tasks\Norton Security Scan for Daniel M. Burkus => C:\Program Files\Norton Security Scan\Engine\4.6.1.84\Nss.exe [2017-05-19] (Symantec Corporation)
Task: {521571B3-88C9-4F3A-9296-984100592DA5} - System32\Tasks\{192A14D5-1617-470C-AB03-F92AFA889304} => pcalua.exe -a "C:\Users\Daniel M. Burkus.PC\Desktop\A78GA-M2T_080115_B.exe" -d "C:\Users\Daniel M. Burkus.PC\Desktop"
Task: {56FDB460-B837-44D0-BF48-B27FB59F8914} - System32\Tasks\{8BDA641D-7880-4690-8B38-75DCC0CDA57D} => pcalua.exe -a "C:\Users\Daniel Burkus\Virtual Machines\Install Files\EASY Video Editor (v 2.0)\EASY.exe plus Keygen\Easy Video Editor v2.0.exe" -d "C:\Users\Daniel Burkus\Virtual Machines\Install Files\EASY Video Editor (v 2.0)\EASY.exe plus Keygen"
Task: {7609A09A-65AD-4EA1-9094-339D2D39D483} - System32\Tasks\{8703A1E3-955E-4714-B632-178F571D3F03} => pcalua.exe -a "C:\Users\Daniel Burkus\Virtual Machines\Install Files\NeroBurning .exe file (with Keygen)\Nero-6[1].6.0.18.exe" -d "C:\Users\Daniel Burkus\Virtual Machines\Install Files\NeroBurning .exe file (with Keygen)"
Task: {768FB52F-7083-4520-9B72-F41F7DAA8E78} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-05-30] (AVAST Software)
Task: {98C055B9-AF23-45CB-9D0F-392B2DADFF72} - System32\Tasks\Nero\Nero Info => C:\Program Files\Common Files\Nero\Nero Info\NeroInfo.exe [2016-03-01] (Nero AG)
Task: {A681D7BD-64F6-4FC7-A998-31209ED59D98} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {C7399ABE-1E4A-49C8-BA3C-2BD498749EEF} - System32\Tasks\SafeZone scheduled Autoupdate 1458735473 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
Task: {D6C559EA-22F9-4CEF-8675-46685F8EFAE6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-06-18] (Adobe Systems Incorporated)
Task: {E0BEB5F0-C2D8-4F26-B4B3-0112A5BD01E0} - System32\Tasks\{98A6AAFD-D93D-499D-9F0E-2F5A130C370E} => pcalua.exe -a "C:\My Documents\A - Software Shortcuts\Set-up Files\converter.exe" -d "C:\My Documents\A - Software Shortcuts\Set-up Files"
Task: {FF55AC69-9AD3-4DC5-8418-69E159A58B32} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-06-13] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2016-01-29 01:50 - 2016-10-18 22:48 - 00121792 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2017-05-30 17:13 - 2017-05-30 17:13 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-05-30 17:13 - 2017-05-30 17:13 - 00176992 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-05-30 17:13 - 2017-05-30 17:13 - 00223224 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-06-21 07:23 - 2017-06-21 07:23 - 05779232 _____ () C:\Program Files\AVAST Software\Avast\defs\17062002\algo.dll
2017-05-30 17:13 - 2017-05-30 17:13 - 00684656 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-05-30 17:13 - 2017-05-30 17:13 - 00230632 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2016-01-29 19:14 - 2016-01-22 16:56 - 00089008 _____ () C:\Windows\System32\cpwmon2k.dll
2015-12-15 13:38 - 2015-12-15 13:38 - 00326112 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\dblite.dll
2015-10-27 16:44 - 2015-10-27 16:44 - 00404952 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\ipm_service.dll
2016-10-28 18:18 - 2016-10-19 03:42 - 00310720 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-10-28 18:18 - 2016-10-19 03:42 - 00900032 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-10-28 18:18 - 2016-10-19 03:42 - 03037120 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-10-28 18:18 - 2016-10-19 03:42 - 00220608 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-01-29 16:48 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-10-18 09:27 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2016-01-29 16:48 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-10-18 09:27 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2016-10-18 09:27 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2016-10-28 18:19 - 2016-10-19 03:42 - 01608128 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-10-28 18:19 - 2016-10-19 03:42 - 02122688 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-10-28 18:19 - 2016-10-19 03:42 - 01502656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-10-28 18:18 - 2016-10-19 03:42 - 00167872 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2017-05-30 17:13 - 2017-05-30 17:13 - 00134920 _____ () c:\Program Files\AVAST Software\Avast\vaarclient.dll
2016-10-28 18:18 - 2016-10-19 03:42 - 00031680 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-10-28 18:18 - 2016-10-19 03:42 - 00749504 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2016-10-28 18:18 - 2016-10-19 03:42 - 00015808 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\icudt53.dll
2016-01-30 07:47 - 2010-07-05 06:32 - 00004608 _____ () C:\Program Files\Unlocker\UnlockerHook.dll
2010-07-05 06:32 - 2010-07-05 06:32 - 00010752 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2016-10-28 18:18 - 2016-10-19 03:42 - 00018880 _____ () C:\Program Files\NVIDIA Corporation\Update Core\detoured.dll
2016-01-30 07:47 - 2010-07-05 04:51 - 00017408 _____ () C:\Program Files\Unlocker\UnlockerAssistant.exe
2017-05-30 17:13 - 2017-05-30 17:13 - 00997896 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-05-30 17:13 - 2017-05-30 17:13 - 67717632 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-05-30 17:13 - 2017-05-30 17:13 - 00291824 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2016-06-02 18:06 - 2016-06-02 18:06 - 45077376 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\libcef.dll
2016-11-26 23:42 - 2016-11-26 23:42 - 00332104 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Software Updater\dblite.dll
2016-12-21 20:21 - 2016-12-21 20:21 - 45077376 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Software Updater\libcef.dll
2016-11-26 23:37 - 2016-11-26 23:37 - 00418512 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Software Updater\ipm_service.dll
2016-06-02 18:06 - 2016-06-02 18:06 - 01650560 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\libglesv2.dll
2016-06-02 18:06 - 2016-06-02 18:06 - 00082304 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\libegl.dll
2016-12-21 20:21 - 2016-12-21 20:21 - 01650560 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Software Updater\libglesv2.dll
2016-12-21 20:21 - 2016-12-21 20:21 - 00082304 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Software Updater\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:65D36A19 [129]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\5AF767F5.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\5AF767F5.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR501 => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7937 more sites.

IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\123simsen.com -> www.123simsen.com

There are 7935 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-05-31 22:49 - 2017-06-16 22:26 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1259038908-1583320175-680065255-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 168.126.63.1 - 168.126.63.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{AB035A13-5F60-4C15-AD6D-F3740287AB2A}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [{46A04708-A71C-47A9-B967-D1C29970E410}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{B36792AD-C22F-4AD5-A86A-58D4966FB2AF}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{48C47700-5F30-457F-B126-0B5E37C48496}] => (Allow) C:\Program Files\Nero\Nero 2016\Nero Burning ROM\StartNBR.exe
FirewallRules: [{85F7091D-F663-43CF-8309-8DB3E9020295}] => (Allow) C:\Program Files\Nero\KM\NMDllHost.exe
FirewallRules: [{B91AC728-BBF8-48A5-8717-069BCA465C6C}] => (Allow) C:\Program Files\Nero\KM\MediaHome.exe
FirewallRules: [{BDEDE059-95C2-4437-A88D-F9DD786FB4A0}] => (Allow) C:\Program Files\Nero\Nero 2016\Nero Burning ROM\nero.exe
FirewallRules: [{44024E3E-8628-47F5-826F-6D1B8C53570D}] => (Allow) C:\Program Files\FormatFactory\FormatFactory.exe
FirewallRules: [{BE219DF0-6551-4830-9C73-63730DE92272}] => (Allow) C:\Program Files\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{A07B9198-22F5-48B0-88F7-9A088AD2B0CB}] => (Allow) C:\Program Files\FormatFactory\FormatFactory.exe
FirewallRules: [{F85D6425-9E30-4683-BE9E-A98A865D2AFD}] => (Allow) C:\Program Files\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{C8C8449C-551A-4E75-AE3E-E09703125179}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{9F2D483B-605C-424A-A310-6870042B4E33}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{ED93D084-BA17-416E-90D5-E23710D28A0B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{3F3044D4-83EA-4F36-819C-0540DB3C62B0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{4245A8E4-FCDE-4230-8AC5-3557B279D5C6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{6B02DDB3-3765-4A3C-BA3D-102013750252}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{0EFE17E5-7BC2-42F9-BC63-9CBD3B95CEFE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{01DBBB7E-5C1F-431D-8166-39BBC37EE8D6}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
FirewallRules: [UDP Query User{16E5C799-7688-4A3F-994C-F6D8EB1D84D9}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
FirewallRules: [{519D31D1-370E-4C65-AF47-9D8768E95A66}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{E13B8375-E38E-4CF0-BBD1-05049B0D05A6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
StandardProfile\AuthorizedApplications: [C:\Program Files\Orbitdownloader\orbitdm.exe] => Enabled:Orbit
StandardProfile\AuthorizedApplications: [C:\Program Files\Orbitdownloader\orbitnet.exe] => Enabled:Orbit

==================== Restore Points =========================

19-06-2017 18:34:18 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: Malwarebytes Anti-Exploit
Description: Malwarebytes Anti-Exploit
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ESProtectionDriver
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: ZAM Helper Driver
Description: ZAM Helper Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ZAM
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: ZAM Guard Driver
Description: ZAM Guard Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ZAM_Guard
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/20/2017 07:30:54 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-1259038908-1583320175-680065255-1005}/">.

Error: (06/17/2017 05:21:26 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x8007043c).

Error: (06/17/2017 05:21:26 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007043c, This service cannot be started in Safe Mode
.


Operation:
Instantiating VSS server

Error: (06/17/2017 05:21:26 PM) (Source: VSS) (EventID: 18) (User: )
Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started during Safe Mode.
The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode
]


Operation:
Instantiating VSS server

Error: (06/17/2017 07:29:18 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 3244. Message ID: [0x2509].

Error: (06/17/2017 07:27:45 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 2580. Message ID: [0x2509].

Error: (06/17/2017 03:24:15 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 560. Message ID: [0x2509].

Error: (06/17/2017 03:05:35 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 5736. Message ID: [0x2509].

Error: (06/17/2017 02:42:09 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 5664. Message ID: [0x2509].

Error: (06/17/2017 02:32:24 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 2112. Message ID: [0x2509].


System errors:
=============
Error: (06/21/2017 03:36:47 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (06/21/2017 03:36:47 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (06/21/2017 03:36:47 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (06/21/2017 03:36:47 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (06/21/2017 03:36:47 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.

Error: (06/21/2017 03:36:47 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.

Error: (06/21/2017 03:36:38 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (06/21/2017 03:36:38 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (06/21/2017 03:36:38 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.

Error: (06/21/2017 03:35:46 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ESProtectionDriver


CodeIntegrity:
===================================
Date: 2016-08-30 08:13:32.112
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Daniel M. Burkus.PC\AppData\Local\temp\46718817-3A6B268A-D70FA871-D9A8C342\1478bef5d3.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-30 06:31:48.985
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\idmwfp.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-30 06:31:34.352
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\vpcvmm.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-30 06:31:18.393
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-30 06:31:18.097
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\EEK\Run\epp32.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-30 06:31:17.925
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-29 20:22:49.178
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\idmwfp.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-29 20:22:34.452
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\vpcvmm.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-29 20:22:21.707
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-29 20:22:21.707
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\EEK\Run\epp32.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3600+
Percentage of memory in use: 64%
Total physical RAM: 3071.3 MB
Available physical RAM: 1075.34 MB
Total Virtual: 6140.93 MB
Available Virtual: 4125.14 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:41 GB) NTFS
Drive e: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (Data Storage) (Fixed) (Total:232.88 GB) (Free:20.65 GB) NTFS
Drive g: (Data Storage) (Fixed) (Total:232.79 GB) (Free:43.6 GB) NTFS
Drive j: (WDO_MEDIA32) (Removable) (Total:3.74 GB) (Free:3.48 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 697FBEB8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: BCE48856)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: B31CAE79)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 3.8 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================
 
redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
redtarget.gif
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
redtarget.gif
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.


redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
Broni, before we go any further, is there a way to control the Junkware Removal tool, to prevent its removing my messenger and the backup of my chat history -- to whitelist or exclude a specific program? Or, alternatively, is it possible to use something else that is not so invasive? I do not have a phone, and the only way I can communicate with people is through my messenger. The last time I ran this tool, even though I backed up my chat history, the Junkware Removal tool destroyed everything, and I lost all of my contacts. I can not afford to have that happen again. (Sorry, I can not find where the backup file is stored -- though I looked for it before I ran the Junkware Removal tool the last time -- so I can just move the file or rename it, or just back it up on some sort of removable media; and the Junkware Removal tool completely removes the messenger program and everything associated with it.) If there is no way to modify its impact, and if I cannot not run this tool, maybe we should just stop now. It will have too much of a negative impact on my ability to continue living -- it is that serious. In large part my worsening situation is the direct result of this tool's destruction of my records.

I hope you can understand the situation, and, if there is a work around, please let us try that first. Sorry. (I understand that the PC shutting down is probably the result of overheating, and I have removed the case and placed a high-speed fan next to the machine, and this seems to have stopped it shutting down as much as it was before. I would of course prefer to eliminate the cause of the shutting down, but I can not afford -- literally -- to loose my contacts again.) I will run the other scans, but not the Junkware Removal tool, at least until I hear from you again.

Thank you for your help.

-- Daniel M. Burkus
 
Last edited:
I was able to run RogueKiller. The file is as follows:

RogueKiller V12.11.3.0 [Jun 19 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Daniel M. Burkus [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Scan -- Date : 06/22/2017 16:23:01 (Duration : 00:48:08)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 4 ¤¤¤
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 168.126.63.1 168.126.63.2 ([-][KR]) -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 168.126.63.1 168.126.63.2 ([-][KR]) -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7E8271E6-6142-41FD-83BE-949EBBBBA13D} | DhcpNameServer : 168.126.63.1 168.126.63.2 ([-][KR]) -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{7E8271E6-6142-41FD-83BE-949EBBBBA13D} | DhcpNameServer : 168.126.63.1 168.126.63.2 ([-][KR]) -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][Firefox:Config] 9ywgrdrs.default-1471039942008 : user_pref("browser.startup.homepage", "https://login.yahoo.com/?.src=ym&.intl=us&.lang=en-US&.done=https://mail.yahoo.com"); -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST3250318AS ATA Device +++++
--- User ---
[MBR] b1a2fd097a23ca69b6b12abaa342e59f
[BSP] ce62516d74e7e2fae782be4f7008cdb8 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 238373 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: SAMSUNG SP2504C ATA Device +++++
--- User ---
[MBR] 049945051fe77a2a7945126d5255a9c2
[BSP] 320f4a557e8738f56ad4a861745f1b0e : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 238372 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: SAMSUNG SP2504C ATA Device +++++
--- User ---
[MBR] d151fc54efa59ff995497b97b7e64c5e
[BSP] bac9892ba4763ddb0e6fe1b910530a9c : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 238472 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive3: General USB Flash Disk USB Device +++++
--- User ---
[MBR] 9f830e5a69c67fdea85ddf4f7a587257
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] FAT32 (0xb) [VISIBLE] Offset (sectors): 63 | Size: 3839 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
 
However, the MalwareBytes program crashed the PC when I was running it. (I am sorry, I was out of my room at the time, so I do not know how far along in the scan process the crash occurred.)

That said, when the program just started up and was running "pre-scan operations" the PC froze for maybe 10 minutes or more -- I could not reboot or anything -- before finally moving on to the next step in the scan process. Several weeks ago I had attempted to install and run this fully functional version (I usually use the free version, and can run a scan with that without difficulty), and the same thing happened -- the PC crashed perhaps 2/3 of the way through the scan.

I removed the full version of MalwareBytes, and am attempting to install the free version (for some reason it removed the free version from my PC, though that did not happen before). If I am able to do so, I will try to run a scan with it and see what happens. (As I was attempting the reinstall, it mentioned that there was an update available, and it is downloading that now; but whether it is the same version that crashed the PC or not I do not know.)

Oh, one other thing: since MalwareBytes crashed my PC, I just noticed that the small display (on the front of the PC console) that indicates when the fans are working has stopped lighting up (which in the past meant that the cooling fans were not working). A year ago this same thing happened, but I was never able to pin-point the cause (after running numerous scans -- in that case, a scan that was not part of your series -- the functionality of this device returned, though without any scan precisely identifying what was wrong).

I will get back to you as soon as I have something to report. Thank you, again, for your time, and your help.

-- Daniel M. Burkus
 
The version of MalwareBytes that I installed is: Malwarebytes Anti-Malware Home (Trial) 2.2.1.1043; Database Version v2017.06.22.05. I think this is a different version than what you asked me to install via the link. If you want me to redownload the other version, with different running instructions (such as running it in SafeMode), please let me know. The version that I installed just now was able to run the scan successfully. The results were negative:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/22/2017
Scan Time: 7:07 PM
Logfile: MalwareBytes Scan Results.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2017.06.22.05
Rootkit Database: v2017.05.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Daniel M. Burkus

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 471766
Time Elapsed: 55 min, 47 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
 
The AdwareCleaner scan finished just now. The results were negative (no malicious entities found). This is probably to be expected, since I run CCleaner several times a week (along with Super AntiSpyware and MalwareBytes). The text of the AdwareCleaner scan results is:

# AdwCleaner v6.047 - Logfile created 22/06/2017 at 20:17:27
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-06-21.3 [Server]
# Operating System : Windows 7 Ultimate Service Pack 1 (X86)
# Username : Daniel M. Burkus - PC
# Running from : C:\Users\Daniel M. Burkus.PC\Desktop\AdwCleaner.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

No malicious folders found.


***** [ Files ] *****

No malicious files found.


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

No malicious registry entries found.


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [1196 Bytes] - [04/06/2017 13:43:09]
C:\AdwCleaner\AdwCleaner[S1].txt - [1269 Bytes] - [06/06/2017 15:51:39]
C:\AdwCleaner\AdwCleaner[S2].txt - [1342 Bytes] - [16/06/2017 14:20:54]
C:\AdwCleaner\AdwCleaner[S3].txt - [1239 Bytes] - [22/06/2017 20:17:27]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1312 Bytes] ##########
 
Broni, as I said before, I would prefer not to run the Junkware Removal tool unless there is some way to keep it from removing my messenger, and destroying the backups of the chat histories. (The messenger is the thing named "KakaoTalk (HKLM\...\KakaoTalk) (Version: 2.5.6.1545 - Kakao Corp.)" in several of the scans.)

I will wait until I hear from you before doing anything else. Thank you once again, Broni. Please have a good day.

-- Daniel M. Burkus
 
We can easily skip JRT, no problem.

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 
Broni, first two things: apparently running the second version of MalwareBytes or the Adware Removal tool corrected the issue with the display (which turned on as normal this morning -- remember I am in Korea so everything is off by half-a-day). Secondly, when I started FRST it said that an update was available, but it failed to update. So I stopped the program and redownloaded it, and this version was up-to-date (though a different version from the one I ran yesterday). The scan ran without issues. The results:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-06-2017 01
Ran by Daniel M. Burkus (administrator) on PC (23-06-2017 10:45:12)
Running from C:\My Documents\A - Software Shortcuts\Malware Scanning Tools
Loaded Profiles: Daniel M. Burkus (Available Profiles: Daniel M. Burkus)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Foxit Software Inc.) C:\Program Files\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files\Unlocker\UnlockerAssistant.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe
(Kakao Corp. ) C:\Program Files\Kakao\KakaoTalk\KakaoTalk.exe
(AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe
(AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe
(AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-10-19] (NVIDIA Corporation)
HKLM\...\Run: [UnlockerAssistant] => C:\Program Files\Unlocker\UnlockerAssistant.exe [17408 2010-07-05] ()
HKLM\...\Run: [NeroFilterCheck] => C:\Windows\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-05-30] (AVAST Software)
HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6843808 2017-06-21] (SUPERAntiSpyware)
HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [7648984 2017-06-13] (Piriform Ltd)
HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\Run: [KSS] => C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\Run: [Kaspersky Software Updater] => C:\Program Files\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe [1565000 2016-11-26] (AO Kaspersky Lab)
HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\Run: [KakaoTalk] => C:\Program Files\Kakao\KakaoTalk\KakaoTalk.exe [8315200 2017-06-20] (Kakao Corp. )
HKU\S-1-5-18\...\Run: [KSS] => C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2016-01-29] (Microsoft Corporation)
HKLM\...\Providers\tuyazueu: C:\Program Files\Buqaghghnet Builder\local32spl.dll <===== ATTENTION
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-05-30] (AVAST Software)
BootExecute: autocheck autochk * ROBoot \??\C:\Windows\system32\ASOROSet.bin
GroupPolicy: Restriction ? <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 168.126.63.1 168.126.63.2
Tcpip\..\Interfaces\{66B87001-DA33-470B-9512-77BE9AE4D883}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7E8271E6-6142-41FD-83BE-949EBBBBA13D}: [DhcpNameServer] 168.126.63.1 168.126.63.2
Tcpip\..\Interfaces\{9062A7D0-A780-4AB6-A1B1-967D5C1EB26C}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B3CE4C30-3C2F-4806-AE63-1892B7E644A5}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D3E6FB35-F97B-4C66-817B-66630537B25B}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1259038908-1583320175-680065255-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1259038908-1583320175-680065255-1005\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2016-07-05] (Internet Download Manager, Tonec Inc.)
BHO: avast! WebRep -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-05-30] (AVAST Software)
Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-05-30] (AVAST Software)

FireFox:
========
FF ProfilePath: C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008 [2017-06-23]
FF Homepage: Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008 -> hxxps://login.yahoo.com/?.src=ym&.intl=us&.lang=en-US&.done=https%3a//mail.yahoo.com
FF Extension: (Flash Video Downloader - YouTube HD Download [4K]) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008\Extensions\artur.dubovoy@gmail.com [2017-06-15]
FF Extension: (FlashStopper) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008\Extensions\flashstopper@byo.co.il.xpi [2017-03-10]
FF Extension: (Google Search by Image) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008\Extensions\google@hitachi.com.xpi [2017-02-02]
FF Extension: (Markdown Viewer) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008\Extensions\markdownviewer@thiht.fr.xpi [2017-01-07]
FF Extension: (Restart Button) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008\Extensions\restartbutton@strk.jp.xpi [2016-08-16]
FF Extension: (Avast SafePrice) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008\Extensions\sp@avast.com.xpi [2017-06-02]
FF Extension: (Avast Online Security) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008\Extensions\wrc@avast.com.xpi [2017-06-02]
FF Extension: (Bulk Media Downloader) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008\Extensions\{72b2e02b-3a71-4895-886c-fd12ebe36ba3}.xpi [2017-06-15]
FF Extension: (CacheViewer Fx21) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008\Extensions\{81328583-3CA7-4809-B4BA-570A85818FBB} [2017-03-24]
FF Extension: (Video DownloadHelper) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-05-09]
FF Extension: (Adblock Plus) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\9ywgrdrs.default-1471039942008\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-08]
FF HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2016-06-08]
FF HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\IDM\idmmzcc5 [2017-06-23] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-18] ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-04-06] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-04-06] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-04-06] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-04-06] (Foxit Corporation)
FF Plugin: @Nero.com/KM -> C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2016-02-29] (Nero AG)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-10-18] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-10-18] (NVIDIA Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.5.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: ChromeDefaultData
CHR Profile: C:\Users\Daniel M. Burkus.PC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-06-22] <==== ATTENTION
CHR Extension: (Chrome Web Store Payments) - C:\Users\Daniel M. Burkus.PC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-12]
CHR Extension: (Gmail) - C:\Users\Daniel M. Burkus.PC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-24]
CHR Extension: (Chrome Media Router) - C:\Users\Daniel M. Burkus.PC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-23]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2016-06-10]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [143776 2017-02-09] (SUPERAntiSpyware.com)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5732136 2017-05-30] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-05-30] (AVAST Software)
R2 FoxitReaderService; C:\Program Files\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659592 2017-04-13] (Foxit Software Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [930240 2016-10-19] (NVIDIA Corporation)
R2 kss; C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
R3 ksu; C:\Program Files\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe [1565000 2016-11-26] (AO Kaspersky Lab)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [792944 2016-01-28] (Nero AG)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-10-19] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2904000 2016-10-19] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2016704 2016-10-19] (NVIDIA Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 Bapeward; C:\Program Files\Tersatlaty\DrbCommunity.dll [X]
S2 WSWNDA3100v2; C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 5AF767F5; C:\Windows\System32\drivers\5AF767F5.sys [153784 2016-04-01] (Kaspersky Lab ZAO)
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdriverx.sys [258288 2017-05-30] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidshx.sys [148696 2017-05-30] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswblogx.sys [268016 2017-05-30] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbunivx.sys [41664 2017-05-30] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34136 2017-05-30] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [31064 2017-05-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107928 2017-05-30] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [90336 2017-05-30] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [62152 2017-05-30] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [764576 2017-05-30] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [482608 2017-05-30] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [115152 2017-05-30] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [279800 2017-05-30] (AVAST Software)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [392352 2017-05-24] (Symantec Corporation)
R1 epp; C:\EEK\bin32\epp.sys [105248 2016-11-23] (Emsisoft Ltd)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26048 2016-10-19] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [50744 2016-08-04] (NVIDIA Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SIVDriver; C:\Windows\system32\Drivers\SIVX32.sys [134928 2016-02-14] (Ray Hinchliffe)
S3 tatertot.scr; C:\Windows\system32\drivers\tatertot.scr.sys [34816 2017-06-01] () [File not signed]
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
S3 BCMH43XX; system32\DRIVERS\bcmwlhigh6.sys [X]
S3 catchme; \??\C:\Users\DANIEL~1.PC\AppData\Local\Temp\catchme.sys [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam32.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard32.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-22 20:03 - 2017-06-22 20:03 - 00001083 _____ C:\MalwareBytes Scan Results.txt
2017-06-22 18:57 - 2017-06-22 19:07 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-06-22 18:56 - 2017-06-22 19:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-06-22 18:56 - 2017-06-22 19:06 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2017-06-22 18:56 - 2016-03-10 14:09 - 00053120 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2017-06-22 18:56 - 2016-03-10 14:08 - 00126336 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-06-22 18:56 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-06-21 18:43 - 2017-06-22 20:30 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\Desktop\Scan Results (Started 6-21-2017)
2017-06-21 15:56 - 2017-06-21 15:56 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-06-19 16:46 - 2017-06-19 17:04 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\Desktop\HTML code
2017-06-19 09:22 - 2017-06-19 09:22 - 00000272 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Book 4, Part 11 (Notes).txt
2017-06-19 09:21 - 2017-06-19 09:21 - 00000272 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Book 4, Part 9 (Notes).txt
2017-06-19 09:21 - 2017-06-19 09:21 - 00000272 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Book 4, Part 8 (Notes).txt
2017-06-19 09:21 - 2017-06-19 09:21 - 00000272 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Book 4, Part 10 (Notes).txt
2017-06-19 09:20 - 2017-06-19 09:20 - 00000412 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Book 4, Part 11 (Text).txt
2017-06-19 09:20 - 2017-06-19 09:20 - 00000390 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Book 4, Part 10 (Text).txt
2017-06-19 09:19 - 2017-06-19 09:19 - 00000388 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Book 4, Part 9 (Text).txt
2017-06-19 09:18 - 2017-06-19 09:18 - 00000384 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Book 4, Part 8 (Text).txt
2017-06-18 16:35 - 2017-06-18 16:35 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2017-06-18 16:35 - 2017-06-18 16:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2017-06-18 15:48 - 2017-06-18 15:49 - 18609717 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Baby Elephant's Birthday Present.mp4
2017-06-17 20:22 - 2017-06-18 13:40 - 00000000 ____D C:\afd6bb1c0cd15e66d1cca9dae705a300
2017-06-17 17:48 - 2017-06-18 14:35 - 00000000 ____D C:\ProgramData\SMR501
2017-06-17 17:38 - 2017-06-17 17:38 - 00032416 _____ C:\ComboFix.txt
2017-06-17 16:40 - 2017-06-17 17:47 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\uTorrent
2017-06-16 23:16 - 2017-06-16 23:16 - 00019960 _____ (Wiper Software) C:\Windows\system32\wiperrm.exe
2017-06-16 23:16 - 2017-06-16 23:16 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Local\CrashRpt
2017-06-16 22:06 - 2017-06-16 22:09 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\Desktop\Event Logs (June 16)
2017-06-15 13:50 - 2017-06-15 13:50 - 00000384 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Book 4, Part 7 (Text).txt
2017-06-15 13:50 - 2017-06-15 13:50 - 00000272 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Book 4, Part 7 (Notes).txt
2017-06-15 13:50 - 2017-06-15 13:50 - 00000272 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Book 4, Part 6 (Notes).txt
2017-06-15 13:49 - 2017-06-20 01:27 - 00000384 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Book 4, Part 6 (Text).txt
2017-06-14 06:23 - 2017-06-14 06:23 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\Desktop\THE LETTERS OF WILLIAM ADAMS
2017-06-13 07:46 - 2017-06-13 07:46 - 00000029 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Google Translate.txt
2017-06-12 13:50 - 2017-06-12 13:50 - 00010282 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Book 4.4, Taji (material removed from footnote).txt
2017-06-12 07:44 - 2017-06-12 07:44 - 00000000 ____D C:\$AV_ASW
2017-06-11 19:28 - 2017-06-11 19:28 - 00000007 _____ C:\Users\Daniel M. Burkus.PC\Desktop\covfefe.txt
2017-06-11 10:06 - 2017-06-07 21:49 - 00103665 _____ C:\Windows\system32\Drivers\etc\hosts.20170611-100617.backup
2017-06-08 08:54 - 2017-06-08 08:54 - 00001457 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Little White Duck.txt
2017-06-07 21:50 - 2017-06-07 21:50 - 00000000 ___HD C:\$windows.~bt
2017-06-07 09:56 - 2017-06-07 09:58 - 00000309 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Check Windows Installation for Errors.txt
2017-06-07 09:53 - 2017-06-07 09:53 - 00000101 _____ C:\Users\Daniel M. Burkus.PC\Desktop\shutdown error details.txt
2017-06-04 17:58 - 2017-06-04 17:58 - 00114051 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Remove Necurs (Rootkits).htm
2017-06-04 17:58 - 2017-06-04 17:58 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\Desktop\Remove Necurs (Rootkits)_files
2017-06-04 13:45 - 2017-06-17 17:39 - 00000000 ____D C:\Qoobox
2017-06-04 13:45 - 2011-06-26 15:45 - 00256000 _____ C:\Windows\PEV.exe
2017-06-04 13:45 - 2010-11-08 02:20 - 00208896 _____ C:\Windows\MBR.exe
2017-06-04 13:45 - 2009-04-20 13:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-06-04 13:45 - 2000-08-31 09:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-06-04 13:45 - 2000-08-31 09:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-06-04 13:45 - 2000-08-31 09:00 - 00098816 _____ C:\Windows\sed.exe
2017-06-04 13:45 - 2000-08-31 09:00 - 00080412 _____ C:\Windows\grep.exe
2017-06-04 13:45 - 2000-08-31 09:00 - 00068096 _____ C:\Windows\zip.exe
2017-06-04 13:37 - 2017-06-22 20:17 - 00000000 ____D C:\AdwCleaner
2017-06-04 13:36 - 2017-06-04 13:36 - 01010146 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Complete List of Latin Phrases.htm
2017-06-04 13:36 - 2017-06-04 13:36 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\Desktop\Complete List of Latin Phrases_files
2017-06-04 11:17 - 2017-06-23 10:41 - 00000000 ____D C:\FRST
2017-06-04 06:46 - 2017-05-31 23:11 - 00096713 _____ C:\Windows\system32\Drivers\etc\hosts.20170604-064642.backup
2017-06-03 17:32 - 2017-06-03 17:32 - 00001712 _____ C:\Windows\system32\ASOROSet.bin
2017-06-03 17:30 - 2017-06-03 17:32 - 00000000 ____D C:\Windows\system32\config\RCCBakup
2017-06-02 14:04 - 2017-06-02 14:04 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\dll-files.com
2017-06-02 12:57 - 2017-06-02 12:57 - 00056151 _____ C:\Users\Daniel M. Burkus.PC\Desktop\how to turn on hardware virtualization in my bios - Windows 7 Help Forums.htm
2017-06-02 12:57 - 2017-06-02 12:57 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\Desktop\how to turn on hardware virtualization in my bios - Windows 7 Help Forums_files
2017-06-01 10:07 - 2017-06-01 10:08 - 475850190 _____ C:\Users\Daniel M. Burkus.PC\Desktop\[HigherJourneys] Who is ''the New Human''.mp4
2017-06-01 09:31 - 2017-06-01 09:31 - 00034816 _____ C:\Windows\system32\Drivers\tatertot.scr.sys
2017-05-31 23:38 - 2017-05-31 23:38 - 00000336 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Boot from a Flash Drive.txt
2017-05-31 22:48 - 2011-05-02 15:05 - 00001611 _____ C:\Windows\system32\Drivers\etc\mvps.bat
2017-05-31 08:04 - 2017-05-31 08:04 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Local\Kakao
2017-05-31 08:02 - 2017-05-31 08:02 - 00000000 ____D C:\Program Files\Kakao
2017-05-30 17:19 - 2017-05-30 17:19 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\AVAST Software
2017-05-30 17:14 - 2017-05-30 17:29 - 00115152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2017-05-30 17:14 - 2017-05-30 17:14 - 00034136 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-05-30 17:14 - 2017-05-30 17:13 - 00330768 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-05-30 17:14 - 2017-05-30 17:13 - 00268016 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswblogx.sys
2017-05-30 17:14 - 2017-05-30 17:13 - 00258288 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdriverx.sys
2017-05-30 17:14 - 2017-05-30 17:13 - 00148696 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidshx.sys
2017-05-30 17:14 - 2017-05-30 17:13 - 00041664 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbunivx.sys
2017-05-30 17:14 - 2017-05-30 17:13 - 00031064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-05-30 17:11 - 2017-05-30 17:14 - 00279800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-05-30 17:11 - 2017-05-30 17:14 - 00062152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-05-30 17:05 - 2017-05-30 17:14 - 00482608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-05-30 17:05 - 2017-05-30 17:14 - 00107928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-05-30 17:05 - 2017-05-30 17:14 - 00090336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-05-30 17:05 - 2017-05-30 17:13 - 00764576 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-05-30 17:00 - 2017-05-30 17:13 - 00000000 ____D C:\Program Files\AVAST Software
2017-05-30 16:54 - 2017-05-30 16:54 - 00024963 _____ C:\Windows\system32\servers.def.lkg
2017-05-30 16:54 - 2017-05-30 16:54 - 00024963 _____ C:\Windows\system32\servers.def
2017-05-30 16:54 - 2017-05-30 16:54 - 00002847 _____ C:\Windows\system32\servers.def.vpx
2017-05-30 16:54 - 2017-05-30 16:54 - 00001624 _____ C:\Windows\system32\uat.vpx
2017-05-30 16:54 - 2017-05-30 16:54 - 00000452 _____ C:\Windows\system32\prod-vps.vpx
2017-05-30 16:54 - 2017-05-30 16:54 - 00000446 _____ C:\Windows\system32\prod-pgm.vpx
2017-05-30 16:54 - 2017-05-30 16:54 - 00000039 _____ C:\Windows\system32\Stats.ini
2017-05-30 07:54 - 2017-06-22 16:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-05-30 07:54 - 2017-06-18 14:35 - 00000000 ____D C:\ProgramData\RogueKiller
2017-05-29 19:22 - 2017-05-31 07:44 - 00001364 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Locked Registry Keys.txt
2017-05-28 14:57 - 2017-06-16 18:46 - 00008204 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Feria de San Isidro 2017.txt
2017-05-28 13:24 - 2017-05-27 17:51 - 00096713 _____ C:\Windows\system32\Drivers\etc\hosts.20170528-132455.backup
2017-05-27 10:38 - 2017-05-27 10:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-05-24 18:00 - 2017-05-24 18:00 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2017-05-24 17:56 - 2017-05-24 17:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
2017-05-24 17:56 - 2017-05-24 17:56 - 00000000 ____D C:\Windows\system32\Drivers\NSS
2017-05-24 17:56 - 2017-05-24 17:56 - 00000000 ____D C:\ProgramData\NortonInstaller
2017-05-24 17:56 - 2017-05-24 17:56 - 00000000 ____D C:\Program Files\NortonInstaller
2017-05-24 17:56 - 2017-05-24 17:56 - 00000000 ____D C:\Program Files\Norton Security Scan
2017-05-24 11:49 - 2017-06-17 17:51 - 00000000 ____D C:\NPE
2017-05-24 11:42 - 2017-06-18 14:35 - 00000000 ____D C:\ProgramData\Norton
2017-05-24 11:42 - 2017-06-17 18:02 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Local\NPE

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-23 09:02 - 2016-11-16 20:55 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\LocalLow\Mozilla
2017-06-23 08:54 - 2009-07-14 13:34 - 00024208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-06-23 08:54 - 2009-07-14 13:34 - 00024208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-06-23 08:48 - 2016-01-29 01:50 - 00000000 ____D C:\ProgramData\NVIDIA
2017-06-23 08:48 - 2009-07-14 13:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-22 21:25 - 2016-03-24 07:59 - 00000000 ____D C:\Users\Daniel M. Burkus.PC
2017-06-22 21:14 - 2009-07-14 11:37 - 00000000 ____D C:\Windows\inf
2017-06-22 18:25 - 2016-01-29 16:20 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-06-22 18:19 - 2017-05-23 22:05 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-06-22 18:19 - 2016-11-16 16:35 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-06-22 17:12 - 2016-02-15 14:57 - 00000000 ____D C:\Program Files\RogueKiller
2017-06-22 16:23 - 2016-02-15 14:58 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-06-22 16:21 - 2016-09-25 20:36 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\IDM
2017-06-22 16:20 - 2016-03-26 19:27 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Local\CrashDumps
2017-06-21 19:34 - 2016-08-06 20:33 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\DMCache
2017-06-21 09:01 - 2016-03-25 18:43 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-06-19 09:22 - 2016-12-06 09:07 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\Desktop\Rikyu Chanoyu Sho
2017-06-18 18:03 - 2016-08-18 23:06 - 00000003 _____ C:\Users\Daniel M. Burkus.PC\Desktop\movie time.txt
2017-06-18 16:38 - 2016-03-26 17:13 - 00000000 ____D C:\My Documents
2017-06-18 16:35 - 2016-09-25 20:35 - 00000000 ____D C:\Program Files\Internet Download Manager
2017-06-18 14:36 - 2009-07-14 11:37 - 00000000 ____D C:\Windows\system32\migwiz
2017-06-18 14:36 - 2009-07-14 11:37 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-06-18 14:35 - 2009-07-14 11:37 - 00000000 ____D C:\Windows\servicing
2017-06-18 14:35 - 2009-07-14 11:37 - 00000000 ____D C:\Windows\registration
2017-06-18 09:03 - 2016-01-29 05:02 - 00803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-06-18 09:03 - 2016-01-29 05:02 - 00144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-06-18 09:03 - 2016-01-29 05:02 - 00000000 ____D C:\Windows\system32\Macromed
2017-06-17 17:36 - 2009-07-14 11:04 - 00000215 _____ C:\Windows\system.ini
2017-06-17 00:27 - 2016-05-13 13:31 - 129479984 ____C (Microsoft Corporation) C:\Windows\system32\mrt.exe
2017-06-17 00:25 - 2017-05-23 07:20 - 00000000 ____D C:\EEK
2017-06-16 22:23 - 2016-04-25 09:08 - 00000000 ____D C:\ProgramData\TEMP
2017-06-16 21:34 - 2016-08-03 15:36 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\Desktop\SCAN TOOLS
2017-06-16 21:15 - 2016-04-13 21:34 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\vlc
2017-06-15 12:35 - 2017-01-02 11:08 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\Desktop\Blog Photos
2017-06-15 08:21 - 2016-07-17 08:34 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-06-14 18:45 - 2016-09-17 09:02 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\Desktop\Convert to PDF
2017-06-13 19:36 - 2016-03-24 19:10 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Local\Adobe
2017-06-13 12:27 - 2016-12-06 13:45 - 00000343 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Interesting Quotes.txt
2017-06-12 15:48 - 2016-03-24 20:56 - 00001012 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Blog Templates.txt
2017-06-07 01:02 - 2016-06-12 15:27 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\Desktop\Articles
2017-05-31 18:42 - 2009-07-14 13:53 - 00032564 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-05-31 08:04 - 2016-05-07 19:16 - 00001089 _____ C:\ProgramData\Microsoft\Windows\Start Menu\KakaoTalk.lnk
2017-05-31 07:58 - 2016-06-04 16:56 - 00002335 _____ C:\DelFix.txt
2017-05-30 17:14 - 2016-01-29 16:28 - 00000000 ____D C:\ProgramData\AVAST Software
2017-05-30 17:11 - 2009-07-14 11:04 - 00002577 _____ C:\Windows\system32\config.nt
2017-05-30 17:05 - 2009-07-14 13:52 - 00000000 ____D C:\Program Files\Windows Sidebar
2017-05-30 16:55 - 2016-01-29 04:56 - 00000000 ____D C:\Program Files\Common Files\AV
2017-05-29 23:30 - 2009-07-14 09:18 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\spoolss.dll
2017-05-29 23:29 - 2016-09-12 19:17 - 00290304 _____ (Microsoft Corporation) C:\Windows\system32\subinacl.exe
2017-05-28 15:12 - 2016-06-04 08:12 - 00007635 _____ C:\Users\Daniel M. Burkus.PC\AppData\Local\Resmon.ResmonCfg
2017-05-24 08:38 - 2016-09-21 20:13 - 00001420 _____ C:\Users\Daniel M. Burkus.PC\Desktop\SCAN TOOLS (Download URLs).txt

==================== Files in the root of some directories =======

2016-03-24 19:18 - 2016-07-09 08:20 - 0000438 _____ () C:\Users\Daniel M. Burkus.PC\AppData\Local\ReclaiMe.config
2016-06-04 08:12 - 2017-05-28 15:12 - 0007635 _____ () C:\Users\Daniel M. Burkus.PC\AppData\Local\Resmon.ResmonCfg
2016-03-24 19:18 - 2016-07-09 08:20 - 0001346 _____ () C:\ProgramData\ReclaiMe.config

Some files in TEMP:
====================
2017-06-22 16:22 - 2017-02-10 01:16 - 1310528 _____ (Microsoft Corporation) C:\Users\Daniel M. Burkus.PC\AppData\Local\temp\dllnt_dump.dll
2017-06-21 17:59 - 2016-03-18 07:26 - 0872448 _____ (Microsoft Corporation) C:\Users\Daniel M. Burkus.PC\AppData\Local\temp\kernel32.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-06-22 08:38

==================== End of FRST.txt ============================
 
And, the addition:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-06-2017 01
Ran by Daniel M. Burkus (23-06-2017 10:45:56)
Running from C:\My Documents\A - Software Shortcuts\Malware Scanning Tools
Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2016-01-28 16:14:06)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1259038908-1583320175-680065255-500 - Administrator - Disabled)
Daniel M. Burkus (S-1-5-21-1259038908-1583320175-680065255-1005 - Administrator - Enabled) => C:\Users\Daniel M. Burkus.PC
Guest (S-1-5-21-1259038908-1583320175-680065255-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1259038908-1583320175-680065255-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Spybot - Search and Destroy (Enabled - Out of date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AbleWord v3.0 (HKLM\...\AbleWord_is1) (Version: - )
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Flash Player 26 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
ADS Scanner 2 (HKLM\...\ADS Scanner 2) (Version: 2 - Pointstone Software, LLC)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 17.4.2294 - AVAST Software)
Boilsoft Video Cutter 1.23 (HKLM\...\{C72AB84A-4F9E-4D80-8243-C9547773BE73}_is1) (Version: - Boilsoft, Inc.)
Boilsoft Video Joiner 6.57 (HKLM\...\{FD39EF4B-0B5C-4B33-8D57-2EE865A80EB1}_is1) (Version: - Boilsoft, Inc.)
Boilsoft Video Splitter 6.34 (HKLM\...\{24549038-9956-4EE5-976D-4419AAEA7DD5}_is1) (Version: - Boilsoft, Inc.)
calibre (HKLM\...\{1E376DEC-875A-4F53-9149-168582A0E274}) (Version: 2.71.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.31 - Piriform)
CPUID CPU-Z 1.75 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
CutePDF Writer 3.1 (HKLM\...\CutePDF Writer Installation) (Version: 3.1 - Acro Software Inc.)
Direct MIDI to MP3 Converter version 7.0.0.0 (HKLM\...\Direct MIDI to MP3 Converter_is1) (Version: 7.0.0.0 - Piston Software)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
FFmpeg (Windows) for Audacity version 2.2.2 (HKLM\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - )
FormatFactory 3.9.0.1 (HKLM\...\FormatFactory) (Version: 3.9.0.1 - Free Time)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 8.3.0.14878 - Foxit Software Inc.)
FreeOCR v5.4 (HKLM\...\freeocr_is1) (Version: - )
Hangul 2002 SE (HKLM\...\{CECBC29F-6D3A-4ED6-A686-7220EF9B69CC}) (Version: 5.7.5.3007 - Haansoft)
Internet Download Manager (HKLM\...\Internet Download Manager) (Version: - Tonec Inc.)
IrfanView 4.44 (32-bit) (HKLM\...\IrfanView) (Version: 4.44 - Irfan Skiljan)
KakaoTalk (HKLM\...\KakaoTalk) (Version: 2.5.6.1545 - Kakao Corp.)
Kaspersky Security Scan (HKLM\...\InstallWIX_{D1282694-0693-41A8-ABC1-6D1FFC1F65C5}) (Version: 16.0.0.1344 - Kaspersky Lab)
Kaspersky Security Scan (Version: 16.0.0.1344 - Kaspersky Lab) Hidden
Kaspersky Software Updater (HKLM\...\InstallWIX_{DEEDA858-A9B4-4212-8873-2F2CE2706E68}) (Version: 2.0.0.623 - Kaspersky Lab)
Kaspersky Software Updater (Version: 2.0.0.623 - Kaspersky Lab) Hidden
K-Lite Mega Codec Pack 10.4.5 (HKLM\...\KLiteCodecPack_is1) (Version: 10.4.5 - )
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version: - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
MKVToolNix 8.3.0 (32bit) (HKLM\...\MKVToolNix) (Version: 8.3.0 - Moritz Bunkus)
Mozilla Firefox 54.0 (x86 en-US) (HKLM\...\Mozilla Firefox 54.0 (x86 en-US)) (Version: 54.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0.0.6368 - Mozilla)
MP3 Toolkit 1.0.5 (HKLM\...\MP3 Toolkit_is1) (Version: - MP3Toolkit.com)
MPC-BE 1.4.5.787 (HKLM\...\{903D098F-DD50-4342-AD23-DA868FCA3126}_is1) (Version: 1.4.5.787 - MPC-BE Team)
Nero 2016 (HKLM\...\{9C637A56-4287-487F-95BF-1422FC1AA879}) (Version: 17.0.04500 - Nero AG)
Nero Info (HKLM\...\{F030BFE8-8476-4C08-A553-233DE80A2BE1}) (Version: 16.0.2003 - Nero AG)
Nero WaveEditor (HKLM\...\{D0656D0B-9712-45BD-9243-21FEBF5B05E5}) (Version: 14.0.00600 - Nero AG)
Norton Security Scan (HKLM\...\NSS) (Version: 4.6.1.84 - Symantec Corporation)
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 342.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 342.00 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.125 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.125 - NVIDIA Corporation)
NVIDIA Graphics Driver 342.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 342.00 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
paint.net (HKLM\...\{6AC1101E-7561-43C9-BEEA-4AB1D220D8FE}) (Version: 4.0.13 - dotPDN LLC)
Prerequisite installer (Version: 12.0.0010 - Nero AG) Hidden
Prerequisite installer (Version: 17.0.0002 - Nero AG) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
RogueKiller version 12.11.3.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.3.0 - Adlice Software)
R-Undelete 5.0 (HKLM\...\R-Undelete 5.0NSIS) (Version: 5.0.164588 - R-Tools Technology Inc.)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.125 - NVIDIA Corporation) Hidden
Sophos Virus Removal Tool (HKLM\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.0 - Sophos Limited)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Stashimi Stub Installer (Version: 18.001.1 - Nero AG) Hidden
SUPER © v2015.build.66+Recorder (2015/10/30) version v2015.buil (HKLM\...\{8E2A29F2-96BF-8259-4CA7-4C16C91728A3}_is1) (Version: v2015.build.66+Recorder - eRightSoft)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1212 - SUPERAntiSpyware.com)
Tipard PDF Converter Platinum 3.2.10 (HKLM\...\{7ABFBBCF-9DA2-4a62-B54D-3AFCA72FBBA4}_is1) (Version: 3.2.10 - Tipard Studio)
Tray Tools 2000 (HKLM\...\Tray Tools 2000) (Version: Tray Tools 2000 - Version 2.7 - Gregory Braun -- Software Design)
TreeSize Free V3.4.5 (HKLM\...\TreeSize Free_is1) (Version: 3.4.5 - JAM Software)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Winamp (HKLM\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
WinRAR 5.40 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1EDEBF28-27ED-428F-8EA6-BAA48B1C1482} - System32\Tasks\Norton Security Scan for Daniel M. Burkus => C:\Program Files\Norton Security Scan\Engine\4.6.1.84\Nss.exe [2017-05-19] (Symantec Corporation)
Task: {521571B3-88C9-4F3A-9296-984100592DA5} - System32\Tasks\{192A14D5-1617-470C-AB03-F92AFA889304} => pcalua.exe -a "C:\Users\Daniel M. Burkus.PC\Desktop\A78GA-M2T_080115_B.exe" -d "C:\Users\Daniel M. Burkus.PC\Desktop"
Task: {56FDB460-B837-44D0-BF48-B27FB59F8914} - System32\Tasks\{8BDA641D-7880-4690-8B38-75DCC0CDA57D} => pcalua.exe -a "C:\Users\Daniel Burkus\Virtual Machines\Install Files\EASY Video Editor (v 2.0)\EASY.exe plus Keygen\Easy Video Editor v2.0.exe" -d "C:\Users\Daniel Burkus\Virtual Machines\Install Files\EASY Video Editor (v 2.0)\EASY.exe plus Keygen"
Task: {7609A09A-65AD-4EA1-9094-339D2D39D483} - System32\Tasks\{8703A1E3-955E-4714-B632-178F571D3F03} => pcalua.exe -a "C:\Users\Daniel Burkus\Virtual Machines\Install Files\NeroBurning .exe file (with Keygen)\Nero-6[1].6.0.18.exe" -d "C:\Users\Daniel Burkus\Virtual Machines\Install Files\NeroBurning .exe file (with Keygen)"
Task: {768FB52F-7083-4520-9B72-F41F7DAA8E78} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-05-30] (AVAST Software)
Task: {98C055B9-AF23-45CB-9D0F-392B2DADFF72} - System32\Tasks\Nero\Nero Info => C:\Program Files\Common Files\Nero\Nero Info\NeroInfo.exe [2016-03-01] (Nero AG)
Task: {A681D7BD-64F6-4FC7-A998-31209ED59D98} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {C7399ABE-1E4A-49C8-BA3C-2BD498749EEF} - System32\Tasks\SafeZone scheduled Autoupdate 1458735473 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
Task: {D6C559EA-22F9-4CEF-8675-46685F8EFAE6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-06-18] (Adobe Systems Incorporated)
Task: {E0BEB5F0-C2D8-4F26-B4B3-0112A5BD01E0} - System32\Tasks\{98A6AAFD-D93D-499D-9F0E-2F5A130C370E} => pcalua.exe -a "C:\My Documents\A - Software Shortcuts\Set-up Files\converter.exe" -d "C:\My Documents\A - Software Shortcuts\Set-up Files"
Task: {FF55AC69-9AD3-4DC5-8418-69E159A58B32} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-06-13] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2016-01-29 01:50 - 2016-10-18 22:48 - 00121792 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2017-05-30 17:13 - 2017-05-30 17:13 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-05-30 17:13 - 2017-05-30 17:13 - 00176992 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-05-30 17:13 - 2017-05-30 17:13 - 00223224 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-06-22 21:16 - 2017-06-22 21:16 - 05678592 _____ () C:\Program Files\AVAST Software\Avast\defs\17062200\algo.dll
2017-05-30 17:13 - 2017-05-30 17:13 - 00684656 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-05-30 17:13 - 2017-05-30 17:13 - 00230632 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2017-06-23 08:49 - 2017-06-23 08:49 - 05779744 _____ () C:\Program Files\AVAST Software\Avast\defs\17062204\algo.dll
2016-01-29 19:14 - 2016-01-22 16:56 - 00089008 _____ () C:\Windows\System32\cpwmon2k.dll
2015-12-15 13:38 - 2015-12-15 13:38 - 00326112 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\dblite.dll
2015-10-27 16:44 - 2015-10-27 16:44 - 00404952 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\ipm_service.dll
2016-10-28 18:18 - 2016-10-19 03:42 - 00310720 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-10-28 18:18 - 2016-10-19 03:42 - 00900032 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-10-28 18:18 - 2016-10-19 03:42 - 03037120 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-10-28 18:18 - 2016-10-19 03:42 - 00220608 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-01-29 16:48 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-10-18 09:27 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2016-01-29 16:48 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-10-18 09:27 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2016-10-18 09:27 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2016-10-28 18:19 - 2016-10-19 03:42 - 01608128 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-10-28 18:19 - 2016-10-19 03:42 - 02122688 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-10-28 18:19 - 2016-10-19 03:42 - 01502656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-10-28 18:18 - 2016-10-19 03:42 - 00167872 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2017-05-30 17:13 - 2017-05-30 17:13 - 00134920 _____ () c:\Program Files\AVAST Software\Avast\vaarclient.dll
2016-10-28 18:18 - 2016-10-19 03:42 - 00031680 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-10-28 18:18 - 2016-10-19 03:42 - 00749504 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2016-10-28 18:18 - 2016-10-19 03:42 - 00015808 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\icudt53.dll
2016-01-30 07:47 - 2010-07-05 06:32 - 00004608 _____ () C:\Program Files\Unlocker\UnlockerHook.dll
2016-10-28 18:18 - 2016-10-19 03:42 - 00018880 _____ () C:\Program Files\NVIDIA Corporation\Update Core\detoured.dll
2016-01-30 07:47 - 2010-07-05 04:51 - 00017408 _____ () C:\Program Files\Unlocker\UnlockerAssistant.exe
2017-05-30 17:13 - 2017-05-30 17:13 - 00997896 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-05-30 17:13 - 2017-05-30 17:13 - 67717632 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-05-30 17:13 - 2017-05-30 17:13 - 00291824 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2016-11-26 23:42 - 2016-11-26 23:42 - 00332104 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Software Updater\dblite.dll
2016-12-21 20:21 - 2016-12-21 20:21 - 45077376 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Software Updater\libcef.dll
2016-11-26 23:37 - 2016-11-26 23:37 - 00418512 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Software Updater\ipm_service.dll
2016-06-02 18:06 - 2016-06-02 18:06 - 45077376 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\libcef.dll
2016-06-02 18:06 - 2016-06-02 18:06 - 01650560 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\libglesv2.dll
2016-06-02 18:06 - 2016-06-02 18:06 - 00082304 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\libegl.dll
2016-12-21 20:21 - 2016-12-21 20:21 - 01650560 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Software Updater\libglesv2.dll
2016-12-21 20:21 - 2016-12-21 20:21 - 00082304 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Software Updater\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:65D36A19 [129]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\5AF767F5.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\5AF767F5.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR501 => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7937 more sites.

IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\123simsen.com -> www.123simsen.com

There are 7935 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-05-31 22:49 - 2017-06-16 22:26 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1259038908-1583320175-680065255-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 168.126.63.1 - 168.126.63.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{AB035A13-5F60-4C15-AD6D-F3740287AB2A}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [{46A04708-A71C-47A9-B967-D1C29970E410}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{B36792AD-C22F-4AD5-A86A-58D4966FB2AF}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{48C47700-5F30-457F-B126-0B5E37C48496}] => (Allow) C:\Program Files\Nero\Nero 2016\Nero Burning ROM\StartNBR.exe
FirewallRules: [{85F7091D-F663-43CF-8309-8DB3E9020295}] => (Allow) C:\Program Files\Nero\KM\NMDllHost.exe
FirewallRules: [{B91AC728-BBF8-48A5-8717-069BCA465C6C}] => (Allow) C:\Program Files\Nero\KM\MediaHome.exe
FirewallRules: [{BDEDE059-95C2-4437-A88D-F9DD786FB4A0}] => (Allow) C:\Program Files\Nero\Nero 2016\Nero Burning ROM\nero.exe
FirewallRules: [{44024E3E-8628-47F5-826F-6D1B8C53570D}] => (Allow) C:\Program Files\FormatFactory\FormatFactory.exe
FirewallRules: [{BE219DF0-6551-4830-9C73-63730DE92272}] => (Allow) C:\Program Files\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{A07B9198-22F5-48B0-88F7-9A088AD2B0CB}] => (Allow) C:\Program Files\FormatFactory\FormatFactory.exe
FirewallRules: [{F85D6425-9E30-4683-BE9E-A98A865D2AFD}] => (Allow) C:\Program Files\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{C8C8449C-551A-4E75-AE3E-E09703125179}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{9F2D483B-605C-424A-A310-6870042B4E33}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{ED93D084-BA17-416E-90D5-E23710D28A0B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{3F3044D4-83EA-4F36-819C-0540DB3C62B0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{4245A8E4-FCDE-4230-8AC5-3557B279D5C6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{6B02DDB3-3765-4A3C-BA3D-102013750252}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{0EFE17E5-7BC2-42F9-BC63-9CBD3B95CEFE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{01DBBB7E-5C1F-431D-8166-39BBC37EE8D6}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
FirewallRules: [UDP Query User{16E5C799-7688-4A3F-994C-F6D8EB1D84D9}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
FirewallRules: [{519D31D1-370E-4C65-AF47-9D8768E95A66}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{E13B8375-E38E-4CF0-BBD1-05049B0D05A6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
StandardProfile\AuthorizedApplications: [C:\Program Files\Orbitdownloader\orbitdm.exe] => Enabled:Orbit
StandardProfile\AuthorizedApplications: [C:\Program Files\Orbitdownloader\orbitnet.exe] => Enabled:Orbit

==================== Restore Points =========================

19-06-2017 18:34:18 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: ZAM Helper Driver
Description: ZAM Helper Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ZAM
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: ZAM Guard Driver
Description: ZAM Guard Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ZAM_Guard
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/23/2017 10:44:19 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST.exe version 18.6.2017.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1724

Start Time: 01d2ebc1c90ef58a

Termination Time: 10

Application Path: C:\My Documents\A - Software Shortcuts\Malware Scanning Tools\FRST.exe

Report Id:

Error: (06/22/2017 08:22:34 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 1368. Message ID: [0x2509].

Error: (06/22/2017 08:17:19 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 2280. Message ID: [0x2509].

Error: (06/22/2017 08:15:12 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 1832. Message ID: [0x2509].

Error: (06/22/2017 08:14:44 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 5088. Message ID: [0x2509].

Error: (06/22/2017 08:11:11 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 4452. Message ID: [0x2509].

Error: (06/22/2017 08:11:02 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 3624. Message ID: [0x2509].

Error: (06/22/2017 07:48:33 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 3156. Message ID: [0x2509].

Error: (06/22/2017 06:45:07 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 5744. Message ID: [0x2509].

Error: (06/22/2017 06:24:18 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-1259038908-1583320175-680065255-1005}/">.


System errors:
=============
Error: (06/23/2017 08:51:31 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (06/23/2017 08:51:31 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (06/23/2017 08:51:31 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (06/23/2017 08:51:31 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (06/23/2017 08:51:31 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.

Error: (06/23/2017 08:51:31 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.

Error: (06/23/2017 08:51:07 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (06/23/2017 08:51:07 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (06/23/2017 08:51:07 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.

Error: (06/23/2017 08:49:05 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WSWNDA3100v2 service failed to start due to the following error:
The system cannot find the file specified.


CodeIntegrity:
===================================
Date: 2016-08-30 08:13:32.112
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Daniel M. Burkus.PC\AppData\Local\temp\46718817-3A6B268A-D70FA871-D9A8C342\1478bef5d3.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-30 06:31:48.985
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\idmwfp.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-30 06:31:34.352
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\vpcvmm.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-30 06:31:18.393
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-30 06:31:18.097
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\EEK\Run\epp32.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-30 06:31:17.925
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-29 20:22:49.178
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\idmwfp.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-29 20:22:34.452
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\vpcvmm.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-29 20:22:21.707
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-29 20:22:21.707
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\EEK\Run\epp32.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3600+
Percentage of memory in use: 61%
Total physical RAM: 3071.3 MB
Available physical RAM: 1173.46 MB
Total Virtual: 6140.93 MB
Available Virtual: 3808.55 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:40.02 GB) NTFS
Drive e: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (Data Storage) (Fixed) (Total:232.88 GB) (Free:20.65 GB) NTFS
Drive g: (Data Storage) (Fixed) (Total:232.79 GB) (Free:42.91 GB) NTFS
Drive j: (WDO_MEDIA32) (Removable) (Total:3.74 GB) (Free:3.48 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 697FBEB8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: BCE48856)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: B31CAE79)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 3.8 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

Thank you, Broni!

-- Daniel M. Burkus
 
Good news :)

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    1.6 KB · Views: 2
Done and just back from the reboot. Here is the FRST Fixlog:


Fix result of Farbar Recovery Scan Tool (x86) Version: 21-06-2017 01
Ran by Daniel M. Burkus (23-06-2017 11:06:13) Run:1
Running from C:\My Documents\A - Software Shortcuts\Malware Scanning Tools
Loaded Profiles: Daniel M. Burkus (Available Profiles: Daniel M. Burkus)
Boot Mode: Normal

==============================================

fixlist content:
*****************
HKLM\...\Providers\tuyazueu: C:\Program Files\Buqaghghnet Builder\local32spl.dll <===== ATTENTION
C:\Program Files\Buqaghghnet Builder
GroupPolicy: Restriction ? <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1259038908-1583320175-680065255-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
CHR Profile: C:\Users\Daniel M. Burkus.PC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-06-22] <==== ATTENTION
S2 Bapeward; C:\Program Files\Tersatlaty\DrbCommunity.dll [X]
S2 WSWNDA3100v2; C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe [X]
S3 BCMH43XX; system32\DRIVERS\bcmwlhigh6.sys [X]
S3 catchme; \??\C:\Users\DANIEL~1.PC\AppData\Local\Temp\catchme.sys [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam32.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard32.sys [X]
2016-03-24 19:18 - 2016-07-09 08:20 - 0000438 _____ () C:\Users\Daniel M. Burkus.PC\AppData\Local\ReclaiMe.config
2016-06-04 08:12 - 2017-05-28 15:12 - 0007635 _____ () C:\Users\Daniel M. Burkus.PC\AppData\Local\Resmon.ResmonCfg
2016-03-24 19:18 - 2016-07-09 08:20 - 0001346 _____ () C:\ProgramData\ReclaiMe.config
2017-06-22 16:22 - 2017-02-10 01:16 - 1310528 _____ (Microsoft Corporation) C:\Users\Daniel M. Burkus.PC\AppData\Local\temp\dllnt_dump.dll
2017-06-21 17:59 - 2016-03-18 07:26 - 0872448 _____ (Microsoft Corporation) C:\Users\Daniel M. Burkus.PC\AppData\Local\temp\kernel32.dll
AlternateDataStreams: C:\ProgramData\TEMP:65D36A19 [129]

*****************

HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\tuyazueu => key removed successfully.
HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\\order tuyazueu => removed successfully.
"C:\Program Files\Buqaghghnet Builder" => not found.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
"C:\Windows\system32\GroupPolicy\Machine" => not found.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully.
HKU\S-1-5-21-1259038908-1583320175-680065255-1005\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully.
C:\Users\Daniel M. Burkus.PC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData => moved successfully
HKLM\System\CurrentControlSet\Services\Bapeward => key removed successfully.
Bapeward => service removed successfully.
HKLM\System\CurrentControlSet\Services\WSWNDA3100v2 => key removed successfully.
WSWNDA3100v2 => service removed successfully.
HKLM\System\CurrentControlSet\Services\BCMH43XX => key removed successfully.
BCMH43XX => service removed successfully.
HKLM\System\CurrentControlSet\Services\catchme => key removed successfully.
catchme => service removed successfully.
HKLM\System\CurrentControlSet\Services\ZAM => key removed successfully.
ZAM => service removed successfully.
HKLM\System\CurrentControlSet\Services\ZAM_Guard => key removed successfully.
ZAM_Guard => service removed successfully.
C:\Users\Daniel M. Burkus.PC\AppData\Local\ReclaiMe.config => moved successfully
C:\Users\Daniel M. Burkus.PC\AppData\Local\Resmon.ResmonCfg => moved successfully
C:\ProgramData\ReclaiMe.config => moved successfully
C:\Users\Daniel M. Burkus.PC\AppData\Local\temp\dllnt_dump.dll => moved successfully
C:\Users\Daniel M. Burkus.PC\AppData\Local\temp\kernel32.dll => moved successfully
C:\ProgramData\TEMP => ":65D36A19" ADS removed successfully..


The system needed a reboot.

==== End of Fixlog 11:06:15 ====
 
Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 
Broni, here are the first two scan results (SecurityCheck and FFS). The Sophos scan will take some time (and I am going out to get a haircut -- I am starting to look like Cousin Itt's evil twin).

Results of screen317's Security Check version 1.014 --- 12/23/15
Windows 7 Service Pack 1 x86 (UAC is enabled)
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Avast Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
SUPERAntiSpyware
CCleaner
Adobe Flash Player 26.0.0.131
Mozilla Firefox (54.0)
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
A - Software Shortcuts Malware Scanning Tools SecurityCheck.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
AVAST Software Avast aswidsagent.exe
Kaspersky Lab Kaspersky Security Scan kss.exe
Kaspersky Lab Kaspersky Software Updater kl_platf.exe
Kaspersky Lab Kaspersky Security Scan kss.exe
Kaspersky Lab Kaspersky Software Updater kl_platf.exe
Kaspersky Lab Kaspersky Security Scan kss.exe
Kaspersky Lab Kaspersky Software Updater kl_platf.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````


--------------------------------------------------------------------------------------------------------------------------------------------------------------


Farbar Service Scanner Version: 27-01-2016
Ran by Daniel M. Burkus (administrator) on 23-06-2017 at 12:31:19
Running from "C:\My Documents\A - Software Shortcuts\Malware Scanning Tools"
Microsoft Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcore.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\ipnathlp.dll => File is digitally signed
C:\Windows\system32\iphlpsvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed


**** End of log ****
 
If your computer still crashes I suggest new topic in Windows forum.

Here....

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download
51a5ce45263de-delfix.png
DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

6. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

7. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

8. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

9. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

10. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642
 
You must log in or register to reply here.

Similar threads

midian182
Recent high-end Intel CPUs are crashing Unreal Engine games
2
Replies
25
Views
768
GrumpyOldGamer
G
Daniel Sims
Game patch notes recommend downclocking high-end Intel CPUs for the sake of stability
Replies
6
Views
259
Nobina
Nobina
midian182
Intel is finally investigating reports of high-end 13th/14th-gen CPUs causing game crashes
2
Replies
34
Views
748
Squid Surprise
Squid Surprise

Latest posts

Back