Inactive-A I'm infected

Status
Not open for further replies.
P

pancake1

Posts: 12   +0
Hello,
Some time ago my AVG antivirus free detected a virus, it said it has been moved to virus vault or smth and everything is ok. But it kept reappearing, and again I did an AVG scan and thought everything was fixed. I know how dumb it was, but I didn't do anything else. Now I can't log in to my computer account when starting in a normal mode, I can do that only in a safe mode. After doing AVG scan in Safe Mode, in the result file there where many lines like this:
C:\ProgramData\Desktop\ Locked file. Not scanned. is OK.
C:\ProgramData\Documents\ Locked file. Not scanned. is OK.
and
C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat Locked file. Not scanned. is OK.
which I don't think should be locked.
And it found 162 infections!!!!
In comments I will post FRST.txt and Addition.txt
 
FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
Ran by userr (administrator) on USER (31-01-2016 00:38:12)
Running from C:\Users\userr\Downloads
Loaded Profiles: userr (Available Profiles: userr & MSSQLServerOLAPService & ReportServer & MSSQLFDLauncher & MsDtsServer120 & MSSQLSERVER)
Platform: Windows 8.1 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161728 2015-08-09] (IvoSoft)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [24952456 2015-12-08] (Dropbox, Inc.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [179624 2016-01-12] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3874216 2016-01-08] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-952108444-1884632922-1627213431-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22790776 2015-11-04] (Google)
HKU\S-1-5-21-952108444-1884632922-1627213431-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-952108444-1884632922-1627213431-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8551848 2015-10-19] (Piriform Ltd)
HKU\S-1-5-21-952108444-1884632922-1627213431-1001\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[C1].txt [999 2016-01-29] ()
HKU\S-1-5-21-952108444-1884632922-1627213431-1001\...\MountPoints2: {1e4983b1-5d1d-11e5-8255-240a6426f2fe} - "E:\vs_enterprise.exe"
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{1F576828-3532-4ACA-A28C-5DA5448BBB42}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{590217DF-6AAC-4211-A480-C24FD9DAF98B}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

Internet Explorer:
==================
HKU\S-1-5-21-952108444-1884632922-1627213431-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={C399D675-8C30-40AE-8358-6F7CCA44EA59}&mid=7df9e1ada56947cd9d247d6b4dead1d1-9656e9d677122fa80db35feb4f6b57029d96490a&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-11-25 09:15:43&v=4.1.0.411&pid=wtu&sg=&sap=hp
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-09-19] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-19] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-16] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Microsoft Web Test Recorder 14.0 Helper -> {b924f0b4-0b3c-49c0-bab2-213fb9ebd1d3} -> C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2015-07-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-16] (Oracle Corporation)

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-19] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1220162.dll [2015-08-31] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-16] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)

Chrome:
=======
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\userr\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\userr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-17]
CHR Extension: (Google Docs) - C:\Users\userr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-17]
CHR Extension: (Google Drive) - C:\Users\userr\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\userr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Users\userr\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Sheets) - C:\Users\userr\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-17]
CHR Extension: (Google Docs Offline) - C:\Users\userr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-19]
CHR Extension: (AdBlock) - C:\Users\userr\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-01-29]
CHR Extension: (NetBeans Connector) - C:\Users\userr\AppData\Local\Google\Chrome\User Data\Default\Extensions\hafdlehgocfcodbgjnpecfajgkeejnaa [2015-11-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\userr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-17]
CHR Extension: (Gmail) - C:\Users\userr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-17]
CHR HKU\S-1-5-21-952108444-1884632922-1627213431-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [627544 2016-01-08] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3906568 2016-01-08] (AVG Technologies CZ, s.r.o.)
S2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1048488 2016-01-12] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [583936 2016-01-08] (AVG Technologies CZ, s.r.o.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-19] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-19] (Dropbox, Inc.)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S2 MsDtsServer120; C:\Program Files\Microsoft SQL Server\120\DTS\Binn\MsDtsSrvr.exe [216768 2015-06-10] (Microsoft Corporation)
S3 MSSQLFDLauncher; C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [50880 2014-02-21] (Microsoft Corporation)
S2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [370368 2015-06-10] (Microsoft Corporation)
S2 MSSQLServerOLAPService; C:\Program Files\Microsoft SQL Server\MSAS12.MSSQLSERVER\OLAP\bin\msmdsrv.exe [51090624 2014-02-21] (Microsoft Corporation)
S2 ReportServer; C:\Program Files\Microsoft SQL Server\MSRS12.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2450112 2014-02-21] (Microsoft Corporation)
S3 SQL Server Distributed Replay Client; C:\Program Files (x86)\Microsoft SQL Server\120\Tools\DReplayClient\DReplayClient.exe [139968 2014-02-21] (Microsoft Corporation)
S3 SQL Server Distributed Replay Controller; C:\Program Files (x86)\Microsoft SQL Server\120\Tools\DReplayController\DReplayController.exe [345280 2014-02-21] (Microsoft Corporation)
S3 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [613056 2015-06-10] (Microsoft Corporation)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [56040 2015-11-19] (Microsoft Corporation)
S3 wampapache64; c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [24576 2014-05-01] (Apache Software Foundation) [File not signed]
S3 wampmysqld64; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [12942848 2014-05-01] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S2 KMSEmulator; temp.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [23152 2015-09-09] (AVG Technologies CZ, s.r.o.)
S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [184240 2015-11-06] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2015-12-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [298416 2015-08-20] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [258480 2015-12-04] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-12-04] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [315840 2015-12-16] (AVG Technologies CZ, s.r.o.)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-09-19] (Disc Soft Ltd)
R0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S4 IObitUnlocker; C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [36568 2013-09-30] (IObit)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [184608 2015-07-07] (Intel Corporation)
S4 RsFx0300; C:\Windows\System32\DRIVERS\RsFx0300.sys [247488 2014-02-21] (Microsoft Corporation)
S3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-01-29] ()
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
R1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [117768 2015-09-08] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [146072 2015-09-08] (Oracle Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-31 00:38 - 2016-01-31 00:38 - 00019602 _____ C:\Users\userr\Downloads\FRST.txt
2016-01-31 00:38 - 2016-01-31 00:38 - 00000000 ____D C:\FRST
2016-01-31 00:37 - 2016-01-31 00:37 - 02370560 _____ (Farbar) C:\Users\userr\Downloads\FRST64.exe
2016-01-31 00:26 - 2016-01-31 00:26 - 02451912 _____ (IObit ) C:\Users\userr\Downloads\unlocker-setup (1).exe
2016-01-31 00:26 - 2016-01-31 00:26 - 00001196 _____ C:\Users\Public\Desktop\IObit Unlocker.lnk
2016-01-31 00:26 - 2016-01-31 00:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Unlocker
2016-01-31 00:26 - 2016-01-31 00:26 - 00000000 ____D C:\ProgramData\IObit
2016-01-31 00:26 - 2016-01-31 00:26 - 00000000 ____D C:\Program Files (x86)\IObit
2016-01-29 20:06 - 2016-01-29 20:06 - 01721856 _____ (Farbar) C:\Users\userr\Downloads\FRST.exe
2016-01-29 20:03 - 2016-01-29 20:03 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-01-29 20:03 - 2016-01-29 20:03 - 00000000 ____D C:\ProgramData\RogueKiller
2016-01-29 20:01 - 2016-01-29 20:01 - 20940872 _____ C:\Users\userr\Downloads\RogueKiller.exe
2016-01-29 19:55 - 2016-01-29 19:55 - 00380416 _____ C:\Users\userr\Downloads\c1c9dz1f.exe
2016-01-29 19:27 - 2016-01-29 19:27 - 02451912 _____ (IObit ) C:\Users\userr\Downloads\unlocker-setup.exe
2016-01-29 19:24 - 2016-01-29 19:45 - 00000000 ____D C:\AdwCleaner
2016-01-29 19:24 - 2016-01-29 19:24 - 01507840 _____ C:\Users\userr\Downloads\AdwCleaner.exe
2016-01-29 19:22 - 2016-01-31 00:26 - 00368104 _____ C:\Windows\ntbtlog.txt
2016-01-29 19:22 - 2016-01-29 19:22 - 00000000 _____ C:\Users\userr\Downloads\JRT (3).exe
2016-01-29 19:21 - 2016-01-29 19:21 - 00000000 _____ C:\Users\userr\Downloads\JRT (2).exe
2016-01-29 19:19 - 2016-01-29 19:19 - 00000000 ____D C:\Users\userr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
2016-01-29 19:19 - 2016-01-29 19:19 - 00000000 ____D C:\Program Files\Unlocker
2016-01-29 19:18 - 2016-01-29 19:18 - 01078591 _____ C:\Users\userr\Downloads\Unlocker1.9.2.exe
2016-01-29 19:18 - 2016-01-29 19:18 - 00000000 _____ C:\Users\userr\Downloads\JRT (1).exe
2016-01-29 19:17 - 2016-01-29 19:17 - 00000000 _____ C:\Users\userr\Downloads\JRT.exe
2016-01-29 17:04 - 2016-01-29 17:05 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-29 16:16 - 2016-01-29 16:16 - 00001114 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-29 16:16 - 2016-01-29 16:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-29 16:16 - 2016-01-29 16:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-29 16:16 - 2016-01-29 16:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-29 16:16 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-01-29 16:16 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-01-29 16:16 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-01-29 16:15 - 2016-01-29 16:15 - 22908888 _____ (Malwarebytes ) C:\Users\userr\Downloads\mbam-setup-2.2.0.1024.exe
2016-01-29 15:53 - 2016-01-29 17:01 - 00015070 _____ C:\Users\userr\Desktop\avgrep.txt
2016-01-29 15:45 - 2016-01-29 15:45 - 00000000 ____D C:\Users\userr\AppData\Local\ElevatedDiagnostics
2016-01-29 15:16 - 2016-01-29 15:16 - 00307200 _____ (Secure By Design Inc.) C:\Users\userr\Desktop\Ninite Chrome Installer.exe
2016-01-29 12:03 - 2016-01-29 11:57 - 00927824 _____ (Google Inc.) C:\Users\userr\Desktop\ChromeSetup.exe
2016-01-25 03:02 - 2016-01-25 03:02 - 01175040 _____ C:\Users\userr\Downloads\14_Web_turpinajums (5).ppt
2016-01-25 02:59 - 2016-01-25 02:59 - 01236480 _____ C:\Users\userr\Downloads\13_Web (2).ppt
2016-01-25 02:57 - 2016-01-25 02:57 - 01759232 _____ C:\Users\userr\Downloads\12_DataBinding_API_Install (3).ppt
2016-01-25 02:57 - 2016-01-25 02:57 - 01757184 _____ C:\Users\userr\Downloads\12_DataBinding_API_Install (2).ppt
2016-01-25 02:57 - 2016-01-25 02:57 - 01234432 _____ C:\Users\userr\Downloads\13_Web (1).ppt
2016-01-25 02:52 - 2016-01-25 02:52 - 02405888 _____ C:\Users\userr\Downloads\11_Task_API_Install (3).ppt
2016-01-25 02:51 - 2016-01-25 02:51 - 02405888 _____ C:\Users\userr\Downloads\11_Task_API_Install (2).ppt
2016-01-25 02:46 - 2016-01-25 02:46 - 01414656 _____ C:\Users\userr\Downloads\10_BuildingControls (1).ppt
2016-01-25 02:42 - 2016-01-25 02:42 - 01587712 _____ C:\Users\userr\Downloads\09_Reporti (1).ppt
2016-01-25 02:32 - 2016-01-25 02:32 - 04893696 _____ C:\Users\userr\Downloads\08_Datubazes_ADO (2).ppt
2016-01-25 02:25 - 2016-01-25 02:25 - 03410432 _____ C:\Users\userr\Downloads\07_Datubazes_EntityFramework (2).ppt
2016-01-25 02:19 - 2016-01-25 02:19 - 06079488 _____ C:\Users\userr\Downloads\06_LINQ (1).ppt
2016-01-25 02:19 - 2016-01-25 02:19 - 06076928 _____ C:\Users\userr\Downloads\06_LINQ (2).ppt
2016-01-25 02:12 - 2016-01-25 02:12 - 05125632 _____ C:\Users\userr\Downloads\05_kludas_interfeisi (1).ppt
2016-01-25 01:59 - 2016-01-25 02:05 - 20087808 _____ C:\Users\userr\Downloads\04_Kolekcijas_Files_Kludas (1).ppt
2016-01-24 23:13 - 2016-01-24 23:13 - 02152448 _____ C:\Users\userr\Downloads\03_NET_Strukturas_Klases (1).ppt
2016-01-24 19:44 - 2016-01-24 19:44 - 02523136 _____ C:\Users\userr\Downloads\02_NET_Pamati (1).ppt
2016-01-24 14:06 - 2016-01-24 14:06 - 04534784 _____ C:\Users\userr\Downloads\01_Ievadlekcija (1).ppt
2016-01-24 13:53 - 2016-01-24 13:53 - 00314880 _____ C:\Users\userr\Downloads\Sesijas_plans_atjauninats.ppt
2016-01-20 11:23 - 2016-01-20 11:23 - 00176635 _____ C:\Users\userr\Downloads\Tavegyl.pdf
2016-01-20 11:23 - 2016-01-20 11:23 - 00176635 _____ C:\Users\userr\Downloads\Tavegyl (1).pdf
2016-01-19 12:55 - 2016-01-19 12:55 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2016-01-19 10:26 - 2016-01-19 10:26 - 00016701 _____ C:\Users\userr\Downloads\Eksāmena grafiks-Exam schedule.xlsx
2016-01-18 10:45 - 2016-01-18 10:45 - 00258777 _____ C:\Users\userr\Downloads\07_CodeIgniter_MVC.pdf
2016-01-18 00:39 - 2016-01-29 18:39 - 00000000 ____D C:\Windows\Minidump
2016-01-14 15:59 - 2016-01-14 16:09 - 00000348 _____ C:\Users\userr\Desktop\Apraksts.txt
2016-01-14 15:58 - 2016-01-14 15:58 - 00000000 ____D C:\Users\userr\Desktop\2.md
2016-01-13 11:21 - 2015-12-11 06:38 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-01-13 11:21 - 2015-12-11 06:00 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-01-13 11:21 - 2015-12-11 05:55 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-01-13 11:21 - 2015-12-11 05:50 - 20367360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-01-13 11:21 - 2015-12-11 05:45 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-01-13 11:21 - 2015-12-11 05:21 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-01-13 11:21 - 2015-12-11 05:18 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-01-13 11:21 - 2015-12-11 05:09 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-01-13 11:21 - 2015-12-11 05:09 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-01-13 11:21 - 2015-12-11 05:03 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-01-13 11:21 - 2015-12-11 04:59 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-01-13 11:21 - 2015-12-11 04:43 - 04610560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-01-13 11:21 - 2015-12-11 04:43 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-01-13 11:21 - 2015-12-11 04:38 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-01-13 11:21 - 2015-12-11 04:37 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-01-13 11:21 - 2015-12-11 04:35 - 12856320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-01-13 11:21 - 2015-12-11 04:26 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-01-13 11:21 - 2015-12-11 04:14 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-01-13 11:21 - 2015-12-11 04:12 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-01-13 11:21 - 2015-12-11 04:08 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-01-13 11:21 - 2015-12-11 04:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-01-13 11:20 - 2015-12-30 21:32 - 07453016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-01-13 11:20 - 2015-12-30 21:32 - 01735000 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-01-13 11:20 - 2015-12-30 21:32 - 01499912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-01-13 11:20 - 2015-12-07 12:56 - 01380600 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-01-13 11:20 - 2015-12-05 07:58 - 02745184 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-01-13 11:20 - 2015-12-05 07:58 - 02528784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-01-13 11:20 - 2015-12-05 07:58 - 02450240 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-01-13 11:20 - 2015-12-05 07:58 - 02447136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-01-13 11:20 - 2015-12-05 07:58 - 02334104 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2016-01-13 11:20 - 2015-12-05 07:58 - 02324744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2016-01-13 11:20 - 2015-12-05 07:58 - 01877504 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-01-13 11:20 - 2015-12-05 07:58 - 01798480 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll
2016-01-13 11:20 - 2015-12-05 07:58 - 01484888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-01-13 11:20 - 2015-12-05 07:58 - 01288128 _____ (Microsoft Corporation) C:\Windows\system32\mfnetsrc.dll
2016-01-13 11:20 - 2015-12-05 07:58 - 01210200 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-01-13 11:20 - 2015-12-05 07:58 - 01150232 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-01-13 11:20 - 2015-12-05 07:58 - 01115640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetsrc.dll
2016-01-13 11:20 - 2015-12-05 07:58 - 01037680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-01-13 11:20 - 2015-12-05 07:58 - 00914672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-01-13 11:20 - 2015-12-05 07:58 - 00850680 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll
2016-01-13 11:20 - 2015-12-05 07:58 - 00735496 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-01-13 11:20 - 2015-12-05 07:58 - 00700360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll
2016-01-13 11:20 - 2015-12-05 07:58 - 00629600 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-01-13 11:20 - 2015-12-05 07:58 - 00584656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-01-13 11:20 - 2015-12-05 07:58 - 00557856 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-01-13 11:20 - 2015-12-05 07:58 - 00498472 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2016-01-13 11:20 - 2015-12-05 07:58 - 00492736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-01-13 11:20 - 2015-12-05 07:58 - 00463776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-01-13 11:20 - 2015-12-05 07:58 - 00399776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2016-01-13 11:20 - 2015-12-05 07:58 - 00299080 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-01-13 11:20 - 2015-12-05 07:58 - 00275312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-01-13 11:20 - 2015-12-05 07:58 - 00274280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-01-13 11:20 - 2015-12-05 07:58 - 00250520 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-01-13 11:20 - 2015-12-05 07:58 - 00248432 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-01-13 11:20 - 2015-12-05 07:58 - 00246856 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-01-13 11:20 - 2015-12-05 07:58 - 00244296 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-01-13 11:20 - 2015-12-05 07:58 - 00229272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-01-13 11:20 - 2015-12-05 07:58 - 00203016 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-01-13 11:20 - 2015-12-05 07:58 - 00184912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-01-13 11:20 - 2015-12-05 07:58 - 00183856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-01-13 11:20 - 2015-12-05 07:58 - 00116720 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-01-13 11:20 - 2015-12-05 07:58 - 00110544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-01-13 11:20 - 2015-12-05 07:58 - 00099136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-01-13 11:20 - 2015-12-05 07:58 - 00090904 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-01-13 11:20 - 2015-12-05 07:58 - 00090392 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-01-13 11:20 - 2015-12-05 07:58 - 00081032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-01-13 11:20 - 2015-12-05 07:58 - 00076936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-01-13 11:20 - 2015-12-04 17:00 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-01-13 11:20 - 2015-12-03 20:07 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-01-13 11:20 - 2015-12-03 20:07 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-01-13 11:20 - 2015-12-03 20:05 - 00644608 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-01-13 11:20 - 2015-12-03 20:02 - 01664000 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-01-13 11:20 - 2015-12-03 20:00 - 00451072 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-01-13 11:20 - 2015-12-03 19:58 - 00378880 ____C (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2016-01-13 11:20 - 2015-12-03 19:36 - 01697792 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-01-13 11:20 - 2015-12-03 19:30 - 00468480 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-01-13 11:20 - 2015-12-03 19:28 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-01-13 11:20 - 2015-12-03 19:28 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-01-13 11:20 - 2015-12-03 19:27 - 00736256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-01-13 11:20 - 2015-12-03 19:24 - 01411584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-01-13 11:20 - 2015-12-03 19:23 - 00402432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-01-13 11:20 - 2015-12-03 19:06 - 01501184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-01-13 11:20 - 2015-12-03 19:01 - 00743936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-01-13 11:20 - 2015-12-03 18:40 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-01-13 11:20 - 2015-12-03 18:29 - 00887296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-01-13 11:20 - 2015-12-02 17:04 - 00670208 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-01-13 11:20 - 2015-12-02 17:01 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-01-13 11:19 - 2015-12-10 02:40 - 00033456 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-01-13 11:19 - 2015-12-08 21:08 - 00685432 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-01-13 11:19 - 2015-12-08 21:07 - 00507176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-01-13 11:19 - 2015-12-03 21:42 - 00561952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-01-13 11:19 - 2015-12-03 21:42 - 00397224 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-01-13 11:19 - 2015-12-03 21:42 - 00137968 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-01-13 11:19 - 2015-12-03 21:42 - 00106960 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2016-01-13 11:19 - 2015-12-03 21:41 - 00177488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-01-13 11:19 - 2015-12-03 20:52 - 00340872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-01-13 11:19 - 2015-12-03 20:52 - 00120376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-01-13 11:19 - 2015-12-03 20:52 - 00091416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2016-01-13 11:19 - 2015-12-03 20:28 - 00401920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-01-13 11:19 - 2015-12-03 20:28 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-01-13 11:19 - 2015-12-03 19:51 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-01-13 11:19 - 2015-12-03 19:16 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-01-13 11:19 - 2015-12-03 19:13 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-01-13 11:19 - 2015-12-03 19:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-01-13 11:19 - 2015-12-03 18:45 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-01-13 11:19 - 2015-11-17 23:07 - 01380864 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-01-13 11:19 - 2015-11-17 23:07 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-01-13 11:19 - 2015-11-17 23:07 - 00792064 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-01-13 11:19 - 2015-11-17 23:07 - 00705024 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-01-13 11:19 - 2015-11-17 23:07 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-01-13 11:19 - 2015-11-17 23:07 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-01-13 11:19 - 2015-11-17 23:07 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-01-07 19:48 - 2016-01-07 19:48 - 00000000 ____D C:\Users\userr\AppData\Roaming\Glimpse
2016-01-07 12:01 - 2016-01-07 12:01 - 00126305 _____ C:\Users\userr\Downloads\trenina_mk3_grafa_reprezentacija (1).pdf
2016-01-07 00:48 - 2016-01-07 00:48 - 00002905 _____ C:\Users\userr\Desktop\Sorting.cpp
2016-01-06 02:42 - 2016-01-05 23:14 - 17690235 _____ C:\Users\userr\Desktop\Eksāmens.pdf
2016-01-06 00:35 - 2016-01-06 20:30 - 00959319 _____ C:\Users\userr\Desktop\Sorting.exe
2016-01-06 00:35 - 2016-01-06 20:30 - 00004062 _____ C:\Users\userr\Desktop\Sorting.o
2016-01-05 23:12 - 2016-01-05 23:14 - 17690235 _____ C:\Users\userr\Downloads\Eksāmens.pdf
2016-01-05 22:51 - 2016-01-05 22:51 - 01759232 _____ C:\Users\userr\Downloads\12_DataBinding_API_Install (1).ppt
2016-01-05 22:47 - 2016-01-05 22:47 - 02405888 _____ C:\Users\userr\Downloads\11_Task_API_Install (1).ppt
2016-01-05 22:44 - 2016-01-05 22:44 - 01414656 _____ C:\Users\userr\Downloads\10_BuildingControls.ppt
2016-01-05 22:40 - 2016-01-05 22:40 - 01587712 _____ C:\Users\userr\Downloads\09_Reporti.ppt
2016-01-05 22:34 - 2016-01-05 22:34 - 04893696 _____ C:\Users\userr\Downloads\08_Datubazes_ADO (1).ppt
2016-01-05 22:23 - 2016-01-05 22:23 - 06079488 _____ C:\Users\userr\Downloads\06_LINQ.ppt
2016-01-05 22:23 - 2016-01-05 22:23 - 03410432 _____ C:\Users\userr\Downloads\07_Datubazes_EntityFramework (1).ppt
2016-01-05 22:16 - 2016-01-05 22:16 - 05125632 _____ C:\Users\userr\Downloads\05_kludas_interfeisi.ppt
2016-01-05 22:00 - 2016-01-05 22:00 - 04521937 _____ C:\Users\userr\Downloads\04_Kolekcijas_Files_Kludas.pdf
2016-01-05 21:10 - 2016-01-05 21:10 - 20087808 _____ C:\Users\userr\Downloads\04_Kolekcijas_Files_Kludas.ppt
2016-01-05 21:08 - 2016-01-05 21:08 - 02152448 _____ C:\Users\userr\Downloads\03_NET_Strukturas_Klases.ppt
2016-01-05 20:59 - 2016-01-05 21:08 - 02446848 _____ C:\Users\userr\Downloads\02_NET_Pamati.ppt
2016-01-05 20:54 - 2016-01-05 20:54 - 04534784 _____ C:\Users\userr\Downloads\01_Ievadlekcija.ppt
2016-01-05 16:44 - 2016-01-05 16:44 - 00122268 _____ C:\Users\userr\Downloads\trenina_mk7_binaras_meklesanas_koks (1).pdf
2016-01-05 01:20 - 2016-01-05 01:20 - 00357727 _____ C:\Users\userr\Downloads\13_tt_app_droshiiba (4).pdf
2016-01-05 01:20 - 2016-01-05 01:20 - 00357727 _____ C:\Users\userr\Downloads\13_tt_app_droshiiba (3).pdf
2016-01-04 22:09 - 2016-01-04 22:10 - 01718408 _____ C:\Users\userr\Downloads\secnet.exe
2016-01-04 21:06 - 2016-01-04 21:06 - 00357727 _____ C:\Users\userr\Downloads\13_tt_app_droshiiba (2).pdf
2016-01-04 21:06 - 2016-01-04 21:06 - 00357727 _____ C:\Users\userr\Downloads\13_tt_app_droshiiba (1).pdf
2016-01-04 16:46 - 2016-01-04 16:46 - 00357727 _____ C:\Users\userr\Downloads\13_tt_app_droshiiba.pdf
2016-01-04 10:14 - 2016-01-04 10:14 - 00000144 _____ C:\Users\userr\.gitconfig
2016-01-03 23:45 - 2016-01-03 23:45 - 00000000 ____D C:\Program Files (x86)\ESET
2016-01-03 23:44 - 2016-01-03 23:44 - 02870984 _____ (ESET) C:\Users\userr\Downloads\esetsmartinstaller_enu.exe
2016-01-03 23:24 - 2016-01-03 23:24 - 00000000 ____D C:\Windows\pss
2016-01-03 13:55 - 2016-01-03 13:55 - 01175040 _____ C:\Users\userr\Downloads\14_Web_turpinajums (4).ppt
2016-01-03 13:54 - 2016-01-03 13:54 - 00317440 _____ C:\Users\userr\Downloads\Sesijas_plans (2).ppt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-31 00:37 - 2015-09-16 15:56 - 00000000 ____D C:\Users\userr\AppData\Local\ClassicShell
2016-01-31 00:04 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-31 00:03 - 2015-09-19 11:20 - 00000912 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-01-31 00:03 - 2015-09-16 15:55 - 00000210 _____ C:\Windows\Tasks\AutoKMS.job
2016-01-31 00:03 - 2015-09-16 14:35 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-30 00:12 - 2015-09-19 20:32 - 00000000 ____D C:\Users\ReportServer
2016-01-30 00:12 - 2015-09-19 20:32 - 00000000 ____D C:\Users\MSSQLServerOLAPService
2016-01-30 00:12 - 2015-09-19 20:32 - 00000000 ____D C:\Users\MsDtsServer120
2016-01-30 00:12 - 2015-09-19 20:31 - 00000000 ____D C:\Users\MSSQLSERVER
2016-01-30 00:12 - 2015-09-16 23:49 - 00000000 ____D C:\Users\userr
2016-01-30 00:12 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\Inf
2016-01-29 17:48 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-01-29 17:36 - 2015-09-16 13:55 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-952108444-1884632922-1627213431-1001
2016-01-29 17:33 - 2015-09-17 18:51 - 00000000 __RDO C:\Users\userr\OneDrive
2016-01-29 17:03 - 2015-09-19 11:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2016-01-29 16:07 - 2015-09-29 19:58 - 00000000 ____D C:\Users\userr\.VirtualBox
2016-01-29 16:06 - 2015-10-03 12:16 - 00000000 ____D C:\Program Files\NetBeans 8.0.2
2016-01-29 15:28 - 2015-09-16 14:35 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-29 15:26 - 2015-09-19 11:20 - 00000916 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-01-29 14:51 - 2015-09-19 11:45 - 00000000 ____D C:\ProgramData\MFAData
2016-01-29 14:16 - 2015-09-19 11:23 - 00000000 ___RD C:\Users\userr\Dropbox
2016-01-29 13:19 - 2015-09-19 11:26 - 00000000 ___RD C:\Users\userr\Google Drive
2016-01-29 12:40 - 2015-09-19 11:20 - 00000000 ____D C:\Users\userr\AppData\Local\Dropbox
2016-01-29 12:05 - 2015-09-16 14:35 - 00000000 ____D C:\Users\userr\AppData\Local\Google
2016-01-29 09:33 - 2015-12-06 23:35 - 00000600 _____ C:\Users\userr\AppData\Roaming\winscp.rnd
2016-01-29 09:33 - 2015-12-06 19:07 - 00000600 _____ C:\Users\userr\AppData\Local\PUTTY.RND
2016-01-29 03:01 - 2015-09-16 14:35 - 00002232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-01-29 03:01 - 2015-09-16 14:35 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-28 22:57 - 2015-10-03 13:15 - 00000000 ____D C:\Users\userr\Documents\NetBeansProjects
2016-01-27 16:54 - 2015-09-19 11:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-01-27 16:42 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2016-01-26 18:01 - 2015-09-16 23:49 - 00000000 ____D C:\ProgramData\KMSAutoS
2016-01-25 13:17 - 2015-09-19 20:31 - 00000000 ____D C:\Users\userr\Documents\SQL Server Management Studio
2016-01-25 03:52 - 2015-09-19 21:36 - 00000000 ____D C:\Users\userr\Documents\Visual Studio 2015
2016-01-25 03:23 - 2015-09-19 11:38 - 00000000 ____D C:\Users\userr\AppData\Roaming\CodeBlocks
2016-01-18 00:40 - 2015-09-19 20:31 - 00000000 ____D C:\Users\MSSQLFDLauncher
2016-01-16 22:55 - 2015-09-16 14:57 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-01-16 22:55 - 2015-09-16 14:57 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-14 22:13 - 2015-09-16 14:55 - 00000000 ____D C:\Windows\system32\MRT
2016-01-14 22:06 - 2015-09-16 14:55 - 143671360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-01-14 18:00 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2016-01-13 13:14 - 2014-03-18 12:17 - 01129840 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-13 13:06 - 2015-09-16 15:46 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-01-13 13:06 - 2015-09-16 15:46 - 00000000 ____D C:\Windows\system32\appraiser
2016-01-13 12:18 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2016-01-13 11:56 - 2013-08-22 15:25 - 00000167 _____ C:\Windows\win.ini
2016-01-08 00:53 - 2015-12-21 23:50 - 00000000 ____D C:\Users\userr\Downloads\IngaPire-NMD3
2016-01-07 20:43 - 2015-12-19 21:18 - 00000000 ____D C:\Users\userr\Desktop\packages
2016-01-07 20:43 - 2015-12-19 21:13 - 00000000 ____D C:\Users\userr\Desktop\WebApplication6
2016-01-06 11:18 - 2015-09-19 11:45 - 00000882 _____ C:\Users\Public\Desktop\AVG.lnk
2016-01-05 22:04 - 2015-09-17 10:46 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-05 22:04 - 2015-09-17 10:45 - 00826872 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-04 10:23 - 2015-11-25 16:26 - 00000000 ____D C:\Users\userr\AppData\Roaming\GitHub
2016-01-04 10:23 - 2015-11-25 16:26 - 00000000 ____D C:\Users\userr\AppData\Local\GitHub
2016-01-04 10:16 - 2015-11-25 16:26 - 00000000 ____D C:\Users\userr\Documents\GitHub
2016-01-04 10:15 - 2015-11-25 16:22 - 00000000 ____D C:\Users\userr\AppData\Local\Deployment

==================== Files in the root of some directories =======

2015-12-06 23:35 - 2016-01-29 09:33 - 0000600 _____ () C:\Users\userr\AppData\Roaming\winscp.rnd
2015-12-06 19:07 - 2016-01-29 09:33 - 0000600 _____ () C:\Users\userr\AppData\Local\PUTTY.RND

Some files in TEMP:
====================
C:\Users\userr\AppData\Local\Temp\1jewzpyq.dll
C:\Users\userr\AppData\Local\Temp\DeltaTB.exe
C:\Users\userr\AppData\Local\Temp\dllnt_dump.dll
C:\Users\userr\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwwhypi.dll
C:\Users\userr\AppData\Local\Temp\jpene2np.dll
C:\Users\userr\AppData\Local\Temp\unsetcpk.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-28 11:12

==================== End of FRST.txt ============================
 
Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
Ran by userr (2016-01-31 00:41:40)
Running from C:\Users\userr\Downloads
Windows 8.1 Pro (X64) (2015-09-16 21:49:47)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-952108444-1884632922-1627213431-500 - Administrator - Disabled)
Guest (S-1-5-21-952108444-1884632922-1627213431-501 - Limited - Disabled)
userr (S-1-5-21-952108444-1884632922-1627213431-1001 - Administrator - Enabled) => C:\Users\userr

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-952108444-1884632922-1627213431-1001\...\uTorrent) (Version: 3.4.5.41202 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.0.162 - Adobe Systems, Inc.)
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{903D0F33-D3CF-48D6-967D-84004089428A}) (Version: 4.0.51203.1 - Microsoft Corporation)
AVG (HKLM\...\AvgZen) (Version: 1.31.1.48846 - AVG Technologies)
AVG (Version: 16.31.7357 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4522 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.31.7357 - AVG Technologies)
AVG Zen (Version: 1.31.9 - AVG Technologies) Hidden
Azure AD Authentication Connected Service (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
AzureTools.Notifications (x32 Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform)
Classic Shell (HKLM\...\{E289B7DD-6732-4333-A47A-75A145D23EE3}) (Version: 4.2.4 - IvoSoft)
CodeBlocks (HKU\S-1-5-21-952108444-1884632922-1627213431-1001\...\CodeBlocks) (Version: 13.12 - The Code::Blocks Team)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd)
Dotfuscator and Analytics Community Edition 5.19.0 (x32 Version: 5.19.0.2930 - PreEmptive Solutions) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.35 - Dropbox, Inc.) Hidden
Entity Framework 6.1.3 Tools for Visual Studio 2015 Update 1 (HKLM-x32\...\{2A56910C-69C8-495D-8ED8-9080F0A14E58}) (Version: 14.0.41103.0 - Microsoft Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
FMW 1 (Version: 1.52.1 - AVG Technologies) Hidden
GDR 2269 for SQL Server 2014 (KB3045324) (64-bit) (HKLM\...\KB3045324) (Version: 12.0.2269.0 - Microsoft Corporation)
GitHub (HKU\S-1-5-21-952108444-1884632922-1627213431-1001\...\5f7eb300e2ea4ebf) (Version: 3.0.11.0 - GitHub, Inc.)
Google Chrome (HKLM-x32\...\{907AEFD4-647F-3AEB-8A7E-B877E201DF64}) (Version: 66.101.32861 - Google, Inc.)
Google Drive (HKLM-x32\...\{1C3D2F92-D25E-4D98-B810-3F3B0857BF26}) (Version: 1.26.0707.2863 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
IIS 10.0 Express (HKLM\...\{7A28A2B0-458B-4A58-84AC-C90D2D4B79FB}) (Version: 10.0.1735 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version: - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version: - )
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
IObit Unlocker (HKLM-x32\...\IObit Unlocker_is1) (Version: 1.1 - IObit)
Java 8 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Java SE Development Kit 8 Update 60 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180600}) (Version: 8.0.600.27 - Oracle Corporation)
K-Lite Codec Pack 11.4.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.4.0 - )
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Version Manager (x64) 1.0.0-beta5 (HKLM\...\{c5a4aba3-1aba-3ef8-b2d5-c3fa37f59738}) (Version: 1.0.10609.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 (HKLM-x32\...\{037a3c70-cc6a-4ae2-aa0e-70eb68ea81d5}) (Version: 4.0.20714.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages 2 (HKLM-x32\...\{cb29be6c-39c4-493e-9da7-d585d5353714}) (Version: 2.0.20715.0 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.24720 - Microsoft Corporation)
Microsoft ODBC Driver 11 for SQL Server (HKLM\...\{A106FA6F-E94C-44C9-8A0F-C34BD82C9FE6}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Report Viewer 2014 Runtime (HKLM-x32\...\{327E9C0D-1687-414F-923E-F5979E549548}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{6292D514-17A4-403F-98F9-E150F10C043D}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2014) (Version: - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB (HKLM\...\{D9C53793-2E6A-4C6D-BA0B-898A17876A5D}) (Version: 12.0.2269.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Policies (HKLM-x32\...\{1C30FE7E-8A8C-4492-89D6-10CB20C3B0EB}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 RS Add-in for SharePoint (HKLM\...\{C3AF130F-8B2E-4D55-8AD1-F156F7C975E8}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Setup (English) (HKLM\...\{37C44B5C-E839-4A9D-9E20-A93E1B2FD35A}) (Version: 12.0.2269.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL Compiler Service (HKLM\...\{537203CB-708E-43A3-BA16-3D5C14A587BB}) (Version: 12.0.2269.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.50616.0) (HKLM-x32\...\{58246C80-3941-4B69-AE31-264644E2ADB8}) (Version: 14.0.50616.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{68BA34E8-9B9D-4A74-83F0-7D366B532D75}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2015 Tools for Unity (HKLM-x32\...\{F0DB2786-18C8-4B0D-9DC2-BA58856A2821}) (Version: 2.1.0.0 - Microsoft Corporation)
Microsoft Visual Studio Enterprise 2015 (HKLM-x32\...\{a47f6f59-0768-45af-8aa6-10ad157a603e}) (Version: 14.0.23107.156 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications x64 Runtime 3.0 (HKLM\...\{F14401A9-F0A0-33CC-8444-F60823A60DEB}) (Version: 10.0.40220 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications x86 Runtime 3.0 (HKLM-x32\...\{191A6F65-6878-398D-A272-EF011B80F371}) (Version: 10.0.40220 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2014 (HKLM\...\{366CD715-2FF4-40B4-A8B4-A05E5D21A945}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{ED4CC1E5-043E-4157-8452-B5E533FE2BA1}) (Version: 3.1238.1955 - Microsoft Corporation)
Microsoft Web Platform Installer 5.0 (HKLM\...\{4D84C195-86F0-4B34-8FDE-4A17EB41306A}) (Version: 5.0.50430.0 - Microsoft Corporation)
MSBuild/NuGet Integration 14.0 (x86) (x32 Version: 14.0.24720 - Microsoft Corporation) Hidden
Multi-Device Hybrid Apps using C# - Templates - ENU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
NetBeans IDE 8.0.2 (HKLM\...\nbi-nb-base-8.0.2.0.201411181905) (Version: 8.0.2 - NetBeans.org)
Oracle VM VirtualBox 5.0.4 (HKLM\...\{FC191F32-1A67-4231-91D0-0059A57C99A8}) (Version: 5.0.4 - Oracle Corporation)
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Roslyn Language Services - x86 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (x32 Version: 14.0.24723 - Microsoft Corporation) Hidden
RuneScape Launcher 1.2.7 (HKLM-x32\...\{FA52A2D0-298E-4D40-8BB7-39928627EA6A}) (Version: 1.2.7 - Jagex Ltd)
Serif DrawPlus Starter Edition (HKLM-x32\...\{33311EA4-0ECA-4E7F-83E5-8A92CD760152}) (Version: 2.0.2.010 - Serif (Europe) Ltd)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
SQL Server 2014 Analysis Services (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Client Tools (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Common Files (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Data quality client (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Data quality service (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Distributed Replay (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Documentation Components (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Full text search (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Integration Services (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Management Studio (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Master Data Services (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Master Data Services (Version: 12.0.2254.0 - Microsoft Corporation) Hidden
SQL Server 2014 Reporting Services (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 RS_SharePoint_SharedService (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 SQL Data Quality Common (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2014 (HKLM-x32\...\{3204DE95-97D2-4261-A286-98A262E171D4}) (Version: 12.0.2000.8 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Team Explorer for Microsoft Visual Studio 2015 (x32 Version: 14.0.24712 - Microsoft Corporation) Hidden
Test Tools for Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
TypeScript Power Tool (x32 Version: 1.6.3.0 - Microsoft Corporation) Hidden
TypeScript Power Tool (x32 Version: 1.7.4.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (x32 Version: 1.7.4.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 1.6.3.0 (HKLM-x32\...\{da31aa25-410a-4c1b-9ec0-114dd8dff786}) (Version: 1.6.23313.0 - Microsoft Corporation)
TypeScript Tools for Microsoft Visual Studio 2015 1.7.4.0 (HKLM-x32\...\{33e2204a-4ec6-4458-895a-47e2a404d990}) (Version: 1.7.24720.0 - Microsoft Corporation)
Unity (HKLM-x32\...\Unity) (Version: 5.2.0f3 - Unity Technologies ApS)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio 2015 Update 1 (KB3022398) (HKLM-x32\...\{fcaa9dba-9438-48b6-ad91-4e9b4cc7084a}) (Version: 14.0.24720 - Microsoft Corporation)
VS Update core components (x32 Version: 14.0.24720 - Microsoft Corporation) Hidden
WampServer 2.5 (HKLM-x32\...\WampServer 2_is1) (Version: - Hervé Leclerc (HeL))
WCF Data Services 5.6.4 Runtime (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1404FBE0-CE19-4C85-ABB5-17A86536BB9C} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-09-19] (Dropbox, Inc.)
Task: {279A2B62-B651-4664-8408-0B7D43E8BE69} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-09-19] (Dropbox, Inc.)
Task: {2A563B6D-F71A-42D5-BFB9-A158D76F71E6} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-01-14] (Microsoft Corporation)
Task: {4DDB0414-1AE4-4923-8B30-ACEACA94BF69} - System32\Tasks\KMSAutoNet => C:\ProgramData\KMSAutoS\KMSAuto Net.exe [2014-03-16] (MSfree Inc.)
Task: {5FD599CE-86B0-449B-968E-0146202F14F7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-16] (Google Inc.)
Task: {7CDBBFA6-DC81-4FD8-839F-D2F7513A4E1D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-16] (Google Inc.)
Task: {84D3A83D-1F00-4B82-95C3-67DCDB0487D6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-10-19] (Piriform Ltd)
Task: {94981011-6574-46AD-B47B-DF2CD064BC11} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe
Task: {9501FD70-63DE-4D4C-9B1D-EA4B42EC9EF1} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-08-24] ()
Task: {9B23E06D-9140-4C26-AE41-0DCAD8213434} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {B80F7251-FC35-4450-8B3D-02F562E55D30} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {BA48FCCD-F364-42BF-B684-E7B4DCC4D3D1} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {F42F95FF-D6CB-4532-A51F-9B3E41E63524} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2013-09-04 23:17 - 2013-09-04 23:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\userr\Desktop\ChromeSetup.exe:com.dropbox.attributes

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2016-01-28 22:55 - 00000969 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost
172.16.172.2 shop.dev
172.16.172.2 webshop.dev

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-952108444-1884632922-1627213431-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\userr\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\background.jpg
DNS Servers: 192.168.1.254 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "AvgUi"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKU\S-1-5-21-952108444-1884632922-1627213431-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-952108444-1884632922-1627213431-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-952108444-1884632922-1627213431-1001\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-952108444-1884632922-1627213431-1001\...\StartupApproved\Run: => "CCleaner Monitoring"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [TCP Query User{55901E97-6CD3-4226-A7F2-87AC36ABEEE9}E:\samlab_2015\sdi_x64_r315.exe] => (Allow) E:\samlab_2015\sdi_x64_r315.exe
FirewallRules: [UDP Query User{9074F836-7394-4F38-B14F-74889CDBD9E1}E:\samlab_2015\sdi_x64_r315.exe] => (Allow) E:\samlab_2015\sdi_x64_r315.exe
FirewallRules: [TCP Query User{9557B037-0559-4AEC-815B-2D2912ADBC83}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [UDP Query User{7224410A-1A18-4A42-9EF6-57EB47824B6F}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [{D00D5B79-E34D-4D5C-96DC-CF6204B897DC}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{32C28A66-AA9F-4FE2-B739-179F14466EA8}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{E123764D-8451-49E2-9B22-77CC5697C904}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{A14F019B-C51D-4388-BB66-FAAB2FD2A9EA}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{77433B15-DB90-4F8B-BA85-6E827631462A}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{34E5E4D3-C8F1-435B-8253-AEB1F2235292}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{D3620147-2F52-4AA3-B71C-6FB83467DCE1}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{E7A5DA1A-B49A-4D42-82FD-3B738A398F9F}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{0F8BFF38-C961-418A-A36F-267DA0ED5A52}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{E904B6F4-457B-48EF-91B0-6BB01749D1AC}] => (Allow) LPort=1688
FirewallRules: [TCP Query User{D4DD8ED9-3CB0-4BF2-8021-37D366EDDC15}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{3745BAF2-94C1-4FD7-A2B2-B573D6905E33}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{78A3052B-45AC-433F-8C40-6A0B0424DAEB}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{EA2913B1-7353-4824-938F-C150A21D5542}] => (Allow) C:\Users\userr\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E4AAB7B1-A948-4A04-BE70-11742DC5AC98}] => (Allow) C:\Users\userr\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{89EF181D-BB38-4AAB-B939-7692088A7297}] => (Allow) C:\Users\userr\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{01EDC679-E6DE-4CF8-AC78-E81B8C24156B}] => (Allow) C:\Users\userr\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{74FC41AD-A2AE-4BAA-82F8-28C7BF3EBA49}] => (Allow) C:\Users\userr\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{76915835-4DDB-4781-B75E-7CA3BF6D536B}] => (Allow) C:\Users\userr\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{19D2D416-0BD1-4617-9464-9CF93BB66F21}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio Tools for Unity\2015\UnityVS.OpenFile.exe
FirewallRules: [{329EC876-6BDB-421B-8C1C-F22EEF94AF13}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{83038A81-DC18-4201-9F1B-81B46B182CB7}] => (Allow) C:\PROGRA~1\Unity\Editor\Unity.exe
FirewallRules: [TCP Query User{5D47D8B5-1CC7-4445-A7DA-E22B668CAAA0}C:\program files\netbeans 8.0.2\bin\netbeans64.exe] => (Allow) C:\program files\netbeans 8.0.2\bin\netbeans64.exe
FirewallRules: [UDP Query User{9EF5B8BA-8365-4849-9778-F085C5608F07}C:\program files\netbeans 8.0.2\bin\netbeans64.exe] => (Allow) C:\program files\netbeans 8.0.2\bin\netbeans64.exe
FirewallRules: [{908709F2-EDB2-4F42-ACBE-BA32DB37E86D}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{BE325E0B-3DAC-410C-AEC0-A8AC6A9AF645}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{F784BFF1-79F5-4641-B99A-1BCEC2777EB0}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{46CA1A68-78F5-47A1-835D-AEC66B8FECA6}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{E9A2D1CC-DA87-4E38-B477-CA3825D88AA7}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{DC5E2AE9-2D97-4E33-8D99-DC1E47A95B9D}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{256A658E-3B62-4459-9D49-8AB6B30BB604}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [TCP Query User{388D6F9A-4865-425C-BE0B-14F816CFAC4D}C:\windows\system32\settingsynchost.exe] => (Block) C:\windows\system32\settingsynchost.exe
FirewallRules: [UDP Query User{7AFF5361-DD69-4DC1-A844-9324981D9475}C:\windows\system32\settingsynchost.exe] => (Block) C:\windows\system32\settingsynchost.exe
FirewallRules: [{6ACDEC6F-B995-4D09-965F-28F6FFF8533F}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{5EA4D5AE-2F09-4143-A9D6-18AB3BA4DE0E}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{300CCE85-5085-4BEC-87DF-48404AE7CAB2}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{31330054-E3DC-42FA-B60C-54CA0078264F}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{8EB1C5F3-06D0-49D8-8AC7-BC2413B66708}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{70929019-BE9D-4722-9767-B4199A0F62D1}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{83FE5E81-901E-4C5C-ACA1-C1D5F938E4DD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

12-01-2016 10:08:26 Scheduled Checkpoint
19-01-2016 17:00:14 Scheduled Checkpoint
27-01-2016 13:38:07 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/31/2016 12:21:17 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

Error: (01/31/2016 12:03:26 AM) (Source: MSSQLSERVER) (EventID: 9954) (User: )
Description: SQL Server failed to communicate with filter daemon launch service (Windows error: The service did not respond to the start or control request in a timely fashion.
). Full-Text filter daemon process failed to start. Full-text search functionality will not be available.

Error: (01/31/2016 12:03:24 AM) (Source: Report Server Windows Service (MSSQLSERVER)) (EventID: 107) (User: )
Description: Report Server Windows Service (MSSQLSERVER) cannot connect to the report server database.

Error: (01/31/2016 12:03:22 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll8

Error: (01/31/2016 12:03:21 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description:

Error: (01/31/2016 12:03:21 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (01/30/2016 12:12:14 AM) (Source: MSSQLSERVER) (EventID: 9954) (User: )
Description: SQL Server failed to communicate with filter daemon launch service (Windows error: The service did not respond to the start or control request in a timely fashion.
). Full-Text filter daemon process failed to start. Full-text search functionality will not be available.

Error: (01/30/2016 12:12:10 AM) (Source: Report Server Windows Service (MSSQLSERVER)) (EventID: 107) (User: )
Description: Report Server Windows Service (MSSQLSERVER) cannot connect to the report server database.

Error: (01/30/2016 12:12:07 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll8

Error: (01/30/2016 12:12:07 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description:


System errors:
=============
Error: (01/31/2016 12:43:36 AM) (Source: DCOM) (EventID: 10005) (User: USER)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (01/31/2016 12:41:54 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/31/2016 12:41:54 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/31/2016 12:41:54 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/31/2016 12:41:41 AM) (Source: DCOM) (EventID: 10005) (User: USER)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (01/31/2016 12:41:41 AM) (Source: DCOM) (EventID: 10005) (User: USER)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (01/31/2016 12:41:41 AM) (Source: DCOM) (EventID: 10005) (User: USER)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (01/31/2016 12:41:41 AM) (Source: DCOM) (EventID: 10005) (User: USER)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (01/31/2016 12:41:41 AM) (Source: DCOM) (EventID: 10005) (User: USER)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (01/31/2016 12:41:41 AM) (Source: DCOM) (EventID: 10005) (User: USER)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}


CodeIntegrity:
===================================
Date: 2016-01-31 00:03:44.509
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-31 00:03:22.695
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-30 00:08:05.468
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-29 19:37:32.309
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-29 19:37:17.636
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-29 19:34:47.407
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-29 17:42:15.717
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-29 17:42:08.232
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-29 17:32:50.666
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-29 17:27:47.442
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3537U CPU @ 2.00GHz
Percentage of memory in use: 46%
Total physical RAM: 3981.69 MB
Available physical RAM: 2130.8 MB
Total Virtual: 8333.69 MB
Available Virtual: 6299.13 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.25 GB) (Free:375.27 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 337AEAFE)

Partition: GPT.

==================== End of Addition.txt ============================
 
So, what I noticed in FRST.txt file in section Services (Whitelisted) is line:
S2 KMSEmulator; temp.exe [X]
and in file Addition.txt in section Scheduled Tasks (Whitelisted) is line:
Task: {94981011-6574-46AD-B47B-DF2CD064BC11} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe
 
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=========================================

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
redtarget.gif
Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.
  • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
If you already have MBAM 2.0 installed:
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
How to get logs:
(Export log to save as txt)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.
(Copy to clipboard for pasting into forum replies or tickets)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.
redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
Report from RogueKiller:

RogueKiller V11.0.9.0 [Jan 24 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9600) 64 bits version
Started in : Safe mode with network support
User : userr [Administrator]
Started from : C:\Users\userr\Desktop\RogueKiller (1).exe
Mode : Delete -- Date : 01/31/2016 11:07:04

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 4 ¤¤¤
[VT.Unknown] (X64) HKEY_USERS\S-1-5-21-952108444-1884632922-1627213431-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce | Report : C:\AdwCleaner\AdwCleaner[C1].txt [-] -> Not selected
[VT.Unknown] (X86) HKEY_USERS\S-1-5-21-952108444-1884632922-1627213431-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce | Report : C:\AdwCleaner\AdwCleaner[C1].txt [-] -> Not selected
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-952108444-1884632922-1627213431-1001\Software\Microsoft\Internet Explorer\Main | Start Page : https://mysearch.avg.com/?cid={C399...s=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-11-25 09:15:43&v=4.1.0.411&pid=wtu&sg=&sap=hp -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-952108444-1884632922-1627213431-1001\Software\Microsoft\Internet Explorer\Main | Start Page : https://mysearch.avg.com/?cid={C399...s=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-11-25 09:15:43&v=4.1.0.411&pid=wtu&sg=&sap=hp -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000035f]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: HGST HTS725050A7E630 +++++
--- User ---
[MBR] 2fcceb8386be3a1c6a351bad777dd455
[BSP] 07ff70eed4a6a23ed0acddb9550ff3ef : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 300 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 616448 | Size: 100 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 821248 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1083392 | Size: 476411 MB
User = LL1 ... OK
User = LL2 ... OK


All the other reports comming soon.
 
Report from Malwarebytes Anti-Malware

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/31/2016
Scan Time: 11:11
Logfile:
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.01.31.01
Rootkit Database: v2016.01.20.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: userr

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 599085
Time Elapsed: 17 min, 46 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
 
With JRT there were problems.
When I tried to Run as Administrator, it opened and showed this:

*** JRT runs best with administrator privileges ***
If you wish to run with administrator privileges, please close this window and run as an administrator.
If you wish to run without administrator privileges, please hit any key to continue.
Press any key to continue . . .

I tried few more times, but I still couldn't run it as Administrator, so I just continued, and then got this:

Creating restore point... FAILED 0x8007043C
The Tool failed to create a restore point!
Tool paused. If you would like to continue anyway.
Press the key to continue...

Should I continue?
 
So in the end I continued with JRT and got this:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 8.1 Pro x64
Ran by userr (Limited) on Sun 01/31/2016 at 16:47:22.21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 1

Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b924f0b4-0b3c-49c0-bab2-213fb9ebd1d3} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 01/31/2016 at 16:50:15.03
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
I think that my problem started with AVG update, after that none of my browsers worked. Then I restarted my computer a few times and after that I only got "black screen after logging in with a mouse pointer". I am starting to think that this might not be infection, but some problem with my windows. But I don't get why I cant't, for example refresh my computer or check drive for file system errors or defragment drive.
 
I can't, when I log in, I get black screen with mouse pointer, but I can in Safe Mode. Also I still can't create system restore points, refresh my computer or anything else. I tried to uninstall some programms and everything was fine, but I couldn't uninstall AVG, it gave me some error every time I tried. Also this problem started after AVG update. Could this be AVG fault? But it seems strange, that so many computer options (as I mentioned, creating restore points and so on) are locked and I think it couldn't be AVG.
 
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 
This topic is marked as abandoned and closed due to inactivity.

This member will NOT be eligible to receive any more help in malware removal forum.
 
Status
Not open for further replies.

Similar threads

A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
E
I have been taken over by a software called Astanda using XML to Log everything and roaming to an SQL server.
Replies
0
Views
478
eriksnyman1
E
S
  • Locked
Inactive Am I infected?
Replies
8
Views
3K
Broni
Broni

Latest posts

Back