Jump to content


Photo

Popups and adware


  • This topic is locked This topic is locked
14 replies to this topic

#1 bobxxx

bobxxx

    Member

  • Full Member
  • Pip
  • 31 posts

Posted 06 March 2017 - 03:35 PM

I recently downloaded something off the internet and realized it was a virus. Now I keep getting popupsarrow-10x10.png and some weird ads. I also keep getting this "302 Found" sometimes on sites which was not happening before Here is an example of the main popup and ad I get, one is a microsoft warning and the other is some "ad by ad" and sometimes some words are in capitals with a link to the ad from "ads by ads":

 

zmb692.jpg

 

 

I ran a MalwareBytes scan, FRST scan, JRT scan, and adwcleaner scan which took out most of the viruses/malware/adware etc but obviously some still remain. Please help

 

 

Here is the MalwareBytes log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/6/2017
Scan Time: 2:52 PM
Logfile: mb scan.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2017.03.06.09
Rootkit Database: v2017.02.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Windows

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 326025
Time Elapsed: 21 min, 19 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.InterStat, HKU\S-1-5-21-1404707617-3924275544-1000020962-1000_Classes\APPLICATIONS\interstat.exe, Quarantined, [339ec60006a2e5517c0fb228a2617f81],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 145
Adware.Agent.Generic, C:\Users\Windows\AppData\Local\Temp\5E7EC481-4D0D-48D7-BAB6-28AD2F3AB515, Quarantined, [6968b6101e8a0f271933eada5fa1fb05],
Adware.ConvertAd.Generic, C:\Users\Windows\AppData\Local\Temp\80A29FBF-FEB1-4DE6-83E8-1C52E7384727, Quarantined, [448d0cba099f94a29bb56f91d22f9f61],
PUP.Optional.InternetMonitor, C:\Users\Windows\AppData\Local\CrashRpt\UnsentCrashReports\BandwidthStat_387, Quarantined, [ece51fa72a7ea49263736084e61c8d73],
PUP.Optional.InternetMonitor, C:\Users\Windows\AppData\Local\CrashRpt\UnsentCrashReports\BandwidthStat_387\Logs, Quarantined, [ece51fa72a7ea49263736084e61c8d73],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\images, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\examples, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\lib, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\aws-sign2, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\bl, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\bl\node_modules, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\bl\node_modules\readable-stream, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\bl\node_modules\readable-stream\lib, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\bl\node_modules\readable-stream\node_modules, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\bl\node_modules\readable-stream\node_modules\core-util-is, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\bl\node_modules\readable-stream\node_modules\core-util-is\lib, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\bl\node_modules\readable-stream\node_modules\inherits, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\bl\node_modules\readable-stream\node_modules\isarray, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\bl\node_modules\readable-stream\node_modules\isarray\build, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\bl\node_modules\readable-stream\node_modules\string_decoder, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\bl\test, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\caseless, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\combined-stream, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\combined-stream\lib, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\combined-stream\node_modules, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\combined-stream\node_modules\delayed-stream, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\combined-stream\node_modules\delayed-stream\lib, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\combined-stream\node_modules\delayed-stream\test, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\combined-stream\node_modules\delayed-stream\test\integration, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\forever-agent, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\form-data, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\form-data\lib, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\form-data\node_modules, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\form-data\node_modules\async, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\form-data\node_modules\async\lib, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\form-data\node_modules\async\support, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\form-data\node_modules\mime-types, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\form-data\node_modules\mime-types\node_modules, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\form-data\node_modules\mime-types\node_modules\mime-db, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\hawk, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\hawk\example, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\hawk\images, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\hawk\lib, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\hawk\node_modules, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\hawk\node_modules\boom, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\hawk\node_modules\boom\images, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\hawk\node_modules\boom\lib, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\hawk\node_modules\boom\test, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\hawk\node_modules\cryptiles, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\hawk\node_modules\cryptiles\lib, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\hawk\node_modules\cryptiles\test, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\hawk\node_modules\hoek, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\hawk\node_modules\hoek\images, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\hawk\node_modules\hoek\lib, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\hawk\node_modules\hoek\test, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\hawk\node_modules\hoek\test\modules, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\hawk\node_modules\sntp, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\hawk\node_modules\sntp\examples, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\hawk\node_modules\sntp\lib, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\hawk\node_modules\sntp\test, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\hawk\test, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\http-signature, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\http-signature\lib, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\http-signature\node_modules, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\http-signature\node_modules\asn1, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\http-signature\node_modules\asn1\lib, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\http-signature\node_modules\asn1\lib\ber, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\http-signature\node_modules\asn1\tst, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\http-signature\node_modules\asn1\tst\ber, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\http-signature\node_modules\assert-plus, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\http-signature\node_modules\ctype, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\http-signature\node_modules\ctype\man, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\http-signature\node_modules\ctype\man\man3ctype, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\http-signature\node_modules\ctype\tools, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\json-stringify-safe, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\json-stringify-safe\test, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\mime-types, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\mime-types\lib, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\node-uuid, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\node-uuid\benchmark, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\node-uuid\test, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\oauth-sign, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\qs, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\qs\lib, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\qs\test, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\stringstream, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\tough-cookie, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\tough-cookie\lib, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\tough-cookie\node_modules, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\tough-cookie\node_modules\punycode, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\tunnel-agent, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\tar, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\tar\examples, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\tar\lib, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\tar\node_modules, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\tar\node_modules\block-stream, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\tar\node_modules\fstream, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\tar\node_modules\fstream\examples, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\tar\node_modules\fstream\lib, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\tar\node_modules\fstream\node_modules, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\tar\node_modules\fstream\node_modules\graceful-fs, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\tar\node_modules\fstream\node_modules\mkdirp, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\tar\node_modules\fstream\node_modules\mkdirp\bin, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\tar\node_modules\fstream\node_modules\mkdirp\examples, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\tar\node_modules\fstream\node_modules\mkdirp\node_modules, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\tar\node_modules\fstream\node_modules\mkdirp\node_modules\minimist, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\tar\node_modules\fstream\node_modules\mkdirp\node_modules\minimist\example, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\tar\node_modules\fstream\node_modules\mkdirp\node_modules\minimist\test, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\tar\node_modules\fstream\node_modules\mkdirp\test, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\tar\node_modules\fstream\node_modules\rimraf, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules\glob, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules\glob\node_modules, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules\glob\node_modules\fs.realpath, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules\glob\node_modules\inflight, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules\glob\node_modules\inflight\node_modules, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules\glob\node_modules\inflight\node_modules\wrappy, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules\glob\node_modules\minimatch, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules\glob\node_modules\minimatch\node_modules, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules\glob\node_modules\minimatch\node_modules\brace-expansion, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules\glob\node_modules\minimatch\node_modules\brace-expansion\node_modules, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules\glob\node_modules\minimatch\node_modules\brace-expansion\node_modules\balanced-match, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules\glob\node_modules\minimatch\node_modules\brace-expansion\node_modules\concat-map, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules\glob\node_modules\minimatch\node_modules\brace-expansion\node_modules\concat-map\example, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules\glob\node_modules\minimatch\node_modules\brace-expansion\node_modules\concat-map\test, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules\glob\node_modules\once, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules\glob\node_modules\once\node_modules, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules\glob\node_modules\once\node_modules\wrappy, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules\glob\node_modules\path-is-absolute, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\tar\node_modules\inherits, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\tar\test, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\universal-analytics, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\universal-analytics\lib, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\universal-analytics\node_modules, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\universal-analytics\node_modules\async, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\universal-analytics\node_modules\async\lib, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\universal-analytics\node_modules\node-uuid, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\universal-analytics\node_modules\node-uuid\benchmark, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\universal-analytics\node_modules\node-uuid\test, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\universal-analytics\node_modules\underscore, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\universal-analytics\test, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\storage, Quarantined, [943de4e297111e188877e1fe2fd1b050],

Files: 448
PUP.Optional.BandWidthMonitor, C:\Users\Windows\AppData\Local\Temp\Wmc0xvEG-prog.exe, Quarantined, [aa273591d0d86ec8cc242ded857b639d],
PUP.Optional.AppTrailers, C:\Users\Windows\AppData\Local\Temp\61B93753-9BFA-4E46-91DE-2EC229E2C413\AppTrailers.9.1.10amt.exe, Quarantined, [438e5a6cddcb3cfafc542d4aac5403fd],
PUP.Optional.AnonymizerGadget, C:\Users\Windows\AppData\Local\Temp\706ABB91-9A9F-4C84-9334-E3236E3AAD1C\AnonymizerGadgetSetup.1.000.1678.exe, Quarantined, [9140f2d4b5f36bcb1840740ddb250cf4],
Adware.OptimizerEliteMax, C:\Users\Windows\AppData\Local\Temp\B20B8822-3156-4FBC-93AD-D6818A333A79\onesystemcare.exe, Quarantined, [973a06c0ecbc70c68dd22de410f01be5],
PUP.Optional.BandWidthMonitor, C:\Users\Windows\AppData\Local\Temp\D2C80B30-8F53-489E-8722-FF90A546F179\Intst_install.exe, Quarantined, [20b13294adfb7abced03c357f70933cd],
Adware.Agent.Generic, C:\Users\Windows\AppData\Local\Temp\5E7EC481-4D0D-48D7-BAB6-28AD2F3AB515\offerpg3.exe, Quarantined, [6968b6101e8a0f271933eada5fa1fb05],
Adware.ConvertAd.Generic, C:\Users\Windows\AppData\Local\Temp\80A29FBF-FEB1-4DE6-83E8-1C52E7384727\ASIns.exe, Quarantined, [448d0cba099f94a29bb56f91d22f9f61],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\package.json, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\frd17.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\index.html, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\jquery.min.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\main.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\report.bin, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\settings.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\shallow.html, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\images\close.png, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\images\expand.png, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\images\icon16.png, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\images\icon20.png, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\images\icon24.png, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\images\icon256.png, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\images\icon36.png, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\images\icon48.png, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\images\icon64.png, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\images\icontray.png, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\images\loader.gif, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\images\minimize.png, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\images\search.png, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\images\unexpand.png, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\CHANGELOG.md, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\CONTRIBUTING.md, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\disabled.appveyor.yml, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\index.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\package.json, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\README.md, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\release.sh, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\request.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\examples\README.md, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\lib\cookies.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\lib\copy.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\lib\debug.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\lib\helpers.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\aws-sign2\index.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\aws-sign2\package.json, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\aws-sign2\README.md, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\bl\bl.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\bl\LICENSE.md, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\bl\package.json, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\bl\README.md, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\bl\node_modules\readable-stream\duplex.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\bl\node_modules\readable-stream\package.json, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\bl\node_modules\readable-stream\passthrough.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\bl\node_modules\readable-stream\readable.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\bl\node_modules\readable-stream\README.md, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\bl\node_modules\readable-stream\transform.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\bl\node_modules\readable-stream\writable.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\bl\node_modules\readable-stream\lib\_stream_duplex.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\bl\node_modules\readable-stream\lib\_stream_passthrough.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\bl\node_modules\readable-stream\lib\_stream_readable.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\bl\node_modules\readable-stream\lib\_stream_transform.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\bl\node_modules\readable-stream\lib\_stream_writable.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\bl\node_modules\readable-stream\node_modules\core-util-is\float.patch, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\bl\node_modules\readable-stream\node_modules\core-util-is\package.json, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\bl\node_modules\readable-stream\node_modules\core-util-is\README.md, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\bl\node_modules\readable-stream\node_modules\core-util-is\test.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\bl\node_modules\readable-stream\node_modules\core-util-is\lib\util.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\bl\node_modules\readable-stream\node_modules\inherits\inherits.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\bl\node_modules\readable-stream\node_modules\inherits\inherits_browser.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\bl\node_modules\readable-stream\node_modules\inherits\package.json, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\bl\node_modules\readable-stream\node_modules\inherits\README.md, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\bl\node_modules\readable-stream\node_modules\isarray\component.json, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\bl\node_modules\readable-stream\node_modules\isarray\index.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\bl\node_modules\readable-stream\node_modules\isarray\package.json, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\bl\node_modules\readable-stream\node_modules\isarray\README.md, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\bl\node_modules\readable-stream\node_modules\isarray\build\build.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\bl\node_modules\readable-stream\node_modules\string_decoder\index.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\bl\node_modules\readable-stream\node_modules\string_decoder\package.json, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\bl\node_modules\readable-stream\node_modules\string_decoder\README.md, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\bl\test\basic-test.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\bl\test\sauce.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\bl\test\test.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\caseless\index.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\caseless\package.json, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\caseless\README.md, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\caseless\test.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\combined-stream\package.json, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\combined-stream\Readme.md, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\combined-stream\lib\combined_stream.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\combined-stream\node_modules\delayed-stream\package.json, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\combined-stream\node_modules\delayed-stream\Readme.md, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\combined-stream\node_modules\delayed-stream\lib\delayed_stream.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\combined-stream\node_modules\delayed-stream\test\common.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\combined-stream\node_modules\delayed-stream\test\run.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\combined-stream\node_modules\delayed-stream\test\integration\test-delayed-http-upload.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\combined-stream\node_modules\delayed-stream\test\integration\test-delayed-stream-auto-pause.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\combined-stream\node_modules\delayed-stream\test\integration\test-delayed-stream-pause.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\combined-stream\node_modules\delayed-stream\test\integration\test-delayed-stream.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\combined-stream\node_modules\delayed-stream\test\integration\test-handle-source-errors.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\combined-stream\node_modules\delayed-stream\test\integration\test-max-data-size.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\combined-stream\node_modules\delayed-stream\test\integration\test-pipe-resumes.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\combined-stream\node_modules\delayed-stream\test\integration\test-proxy-readable.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\forever-agent\index.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\forever-agent\package.json, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\forever-agent\README.md, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\form-data\package.json, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\form-data\Readme.md, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\form-data\lib\form_data.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\form-data\node_modules\async\bower.json, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\form-data\node_modules\async\component.json, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\form-data\node_modules\async\package.json, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\form-data\node_modules\async\README.md, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\form-data\node_modules\async\lib\async.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\form-data\node_modules\async\support\sync-package-managers.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\form-data\node_modules\mime-types\HISTORY.md, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\form-data\node_modules\mime-types\index.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\form-data\node_modules\mime-types\package.json, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\form-data\node_modules\mime-types\README.md, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\form-data\node_modules\mime-types\node_modules\mime-db\db.json, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\form-data\node_modules\mime-types\node_modules\mime-db\HISTORY.md, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\form-data\node_modules\mime-types\node_modules\mime-db\index.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\form-data\node_modules\mime-types\node_modules\mime-db\package.json, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\form-data\node_modules\mime-types\node_modules\mime-db\README.md, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\hawk\index.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\hawk\package.json, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\hawk\README.md, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\hawk\example\usage.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\hawk\images\hawk.png, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\hawk\images\logo.png, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\hawk\lib\browser.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\hawk\lib\client.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\hawk\lib\crypto.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\hawk\lib\index.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\hawk\lib\server.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\hawk\lib\utils.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\hawk\node_modules\boom\index.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\hawk\node_modules\boom\package.json, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\hawk\node_modules\boom\README.md, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\hawk\node_modules\boom\images\boom.png, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\hawk\node_modules\boom\lib\index.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\hawk\node_modules\boom\test\index.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\hawk\node_modules\cryptiles\index.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\hawk\node_modules\cryptiles\package.json, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\hawk\node_modules\cryptiles\README.md, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\hawk\node_modules\cryptiles\lib\index.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\hawk\node_modules\cryptiles\test\index.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\hawk\node_modules\hoek\index.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\hawk\node_modules\hoek\package.json, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\hawk\node_modules\hoek\README.md, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\hawk\node_modules\hoek\images\hoek.png, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\hawk\node_modules\hoek\lib\escape.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\hawk\node_modules\hoek\lib\index.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\hawk\node_modules\hoek\test\escaper.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\hawk\node_modules\hoek\test\index.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\hawk\node_modules\hoek\test\modules\test1.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\hawk\node_modules\hoek\test\modules\test2.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\hawk\node_modules\hoek\test\modules\test3.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\hawk\node_modules\sntp\index.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\hawk\node_modules\sntp\package.json, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\hawk\node_modules\sntp\README.md, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\hawk\node_modules\sntp\examples\offset.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\hawk\node_modules\sntp\examples\time.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\hawk\node_modules\sntp\lib\index.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\hawk\node_modules\sntp\test\index.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\hawk\test\browser.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\hawk\test\client.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\hawk\test\crypto.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\hawk\test\index.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\hawk\test\message.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\hawk\test\readme.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppTrailers.Generic, C:\Users\Windows\AppData\Local\Temp\nw6468_7285\node_modules\request\node_modules\hawk\test\server.js, Quarantined, [943de4e297111e188877e1fe2fd1b050],
PUP.Optional.AppT

Edited by bobxxx, 06 March 2017 - 04:06 PM.


#2 Android 8888

Android 8888

    SWI Malware Tracker

  • Helper
  • PipPipPipPipPip
  • 976 posts

Posted 06 March 2017 - 05:28 PM

Hello bobxxx.
 
You did not reply to my post on this topic since February, 25th.
 
However, based on the logs you now provided I guess this is the same computer.
 
I suggest printing out each set of instructions or copy them to a Notepad file and reading the entire post before proceeding. It will make following them easier.

Please follow the directions in the order listed.
 

I see that you have a P2P (Peer-to-Peer) file sharing program installed (BitTorrent). I highly recommend that you consider uninstalling it. P2P programs represent a security threat to the information on your system as they allow others to access your system. Please read these short reports on the dangers of peer-2-peer programs and file sharing.

In many cases P2P programs also represent a risk of infection from the program itself, as some have installed adware/spyware, or other programs without consent. Even if the program itself is clean, many P2P networks are riddled with malware, and it's often the newest, most difficult to remove malware. There are many risks associated with P2P programs, none are worth the risks. If you don't uninstall the P2P software, we will continue to clean your system, but realize that it's likely only a matter of time before you are infected again.

You may want to read the following article to see the risks of file-sharing technology:
https://www.us-cert.gov/ncas/tips/ST05-007


MBAM has quarantined all the threats it found. To permanently delete them:

  • Open MBAM.
  • Click History.
  • Click Delete All.
  • Close MBAM.

 

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Press the Windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and click the OK button.
Please copy the entire contents of the code box below. To do this highlight the contents of the box and right click on it and select Copy.
Paste this into the open Notepad.
 


Start

CreateRestorePoint:
CloseProcesses:
EmptyTemp:

HKU\S-1-5-21-1404707617-3924275544-1000020962-1000\...\MountPoints2: E - E:\setup.exe
HKU\S-1-5-21-1404707617-3924275544-1000020962-1000\...\MountPoints2: F - F:\setup.exe
GroupPolicy: Restriction - Chrome <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-bd0779e2
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-bd0779e2
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-bd0779e2&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-bd0779e2&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1404707617-3924275544-1000020962-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-bd0779e2&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1404707617-3924275544-1000020962-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-bd0779e2&q={searchTerms}
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\kburi48q.default-1450480719837 -> Search Provided by Bing
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\kburi48q.default-1450480719837 -> Search Provided by Bing
FF Homepage: Mozilla\Firefox\Profiles\kburi48q.default-1450480719837 -> msn.com
CHR Extension: (No Name) - C:\Users\Windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiodaajmphnkcajieajajinghpejdjai [2017-01-31]
S3 ADSPIDEREX; C:\Windows\system32\drivers\adspiderex.sys [55664 2015-12-27] ((?)?????)
2017-03-06 14:15 - 2015-12-27 23:33 - 00055664 _____ ((?)?????) C:\Windows\system32\Drivers\adspiderex.sys
Shortcut: C:\Users\Windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехplоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File)
Shortcut: C:\Users\Windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Ехplоrеr (Nо Аdd-оns).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File)
Shortcut: C:\Users\Windows\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\Users\Windows\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnеt Ехplоrеr Вrоwsеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File)
Shortcut: C:\Users\Windows\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat (No File)
Shortcut: C:\Users\Windows\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat (No File)
Shortcut: C:\Users\Windows\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5d696d521de238c3\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\Users\Windows\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5bc13f14c0f5eafd\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat (No File)
Shortcut: C:\Users\Public\Desktop\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\Users\Public\Desktop\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat (No File)

End


Save the file as fixlist.txt in to the same folder as FRST64.
Right-click the FRST64 icon and select Run as administrator to run the tool.
Click the Fix button only once and wait.
When finished FRST will generate a log on the Desktop (fixlog.txt). Please post it to your reply.

NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
 
 
Please scan your computer with ESET Online Scanner.

  • Click on this link to open ESET Online Scanner in a new window.
    • Click on the Scan Now button to download the esetonlinescanner_enu.exe file. Save it to your Desktop.
    • Close all your programs and browsers.
    • Please disable your antivirus program to avoid potential conflicts, improve the performance and speed up the scan.
    • Double click on esetonlinescanner_enu.exe to start ESET Online Scanner. It will open a window with the Terms of Use.
  • Check mark Download latest version of ESET Online Scanner and click the Accept button.
  • Click Yes to accept any security warnings that may appear.
  • Under Computer scan settings, check mark Enable detection of potentially unwanted applications.
  • Then click Advanced settings and check mark the following options:
    • Enable detection of potentially unsafe applications
    • Clean threats automatically
  • Click the Scan button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats.
  • Click Export, and save the file to your Desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Note: If nothing is found, it will not produce a log.

Please re-enable your antivirus program.
 
In your next reply please post:
The entire content of fixlog.txt produced by FRST (should be located in your Desktop).
The entire content of the ESET log.

 

Please let me know how is the computer running at this point. Does it still appear the same popups messages and weird advertisements?

 

Android 8888

 

 


Android 8888
 

Website: http://android8888.comlu.com

 

Tavira - Here's where I live!

 

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.


#3 bobxxx

bobxxx

    Member

  • Full Member
  • Pip
  • 31 posts

Posted 06 March 2017 - 09:39 PM

Hey, I just did the FRST fixlist and the ESET scan. But the problem is still persisting a bit. Like I am still getting these weird ads where some words are fuly capitalized and hyperlinked. Also I still get new tabs opening up with a page saying clean Windows PC etc etc.

 

Here is an example, take a look at part of your previous post, some of the words are hyperlinked with ads:

 

20rp8b9.jpg

 

Here is the FRST fixlog:

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 05-03-2017
Ran by Windows (06-03-2017 17:32:29) Run:7
Running from C:\Users\Windows\Desktop\FRST
Loaded Profiles: Windows (Available Profiles: Windows)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
CloseProcesses:
EmptyTemp:

HKU\S-1-5-21-1404707617-3924275544-1000020962-1000\...\MountPoints2: E - E:\setup.exe
HKU\S-1-5-21-1404707617-3924275544-1000020962-1000\...\MountPoints2: F - F:\setup.exe
GroupPolicy: Restriction - Chrome <======= ATTENTION
HKLM Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-bd0779e2
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-bd0779e2
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-bd0779e2&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-bd0779e2&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1404707617-3924275544-1000020962-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-bd0779e2&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1404707617-3924275544-1000020962-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-bd0779e2&q={searchTerms}
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\kburi48q.default-1450480719837 -> Search Provided by Bing
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\kburi48q.default-1450480719837 -> Search Provided by Bing
FF Homepage: Mozilla\Firefox\Profiles\kburi48q.default-1450480719837 -> msn.com
CHR Extension: (No Name) - C:\Users\Windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiodaajmphnkcajieajajinghpejdjai [2017-01-31]
S3 ADSPIDEREX; C:\Windows\system32\drivers\adspiderex.sys [55664 2015-12-27] ((?)?????)
2017-03-06 14:15 - 2015-12-27 23:33 - 00055664 _____ ((?)?????) C:\Windows\system32\Drivers\adspiderex.sys
Shortcut: C:\Users\Windows\AppData\Roaming Microsoft\Windows\Start Menu\Programs\Int?rn?t ??pl?r?r.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File)
Shortcut: C:\Users\Windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Int?rn?t ??pl?r?r (N? ?dd-?ns).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File)
Shortcut: C:\Users\Windows\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\G??gl? ?hr?m?.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\Users\Windows\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\L?un?h Int?rn?t ??pl?r?r ?r?ws?r.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File)
Shortcut: C:\Users\Windows\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Fir?f??.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat (No File)
Shortcut: C:\Users\Windows\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\??zill? Fir?f??.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat (No File)
Shortcut: C:\Users\Windows\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5d696d521de238c3\G??gl? ?hr?m?.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\Users\Windows\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5bc13f14c0f5eafd\G??gl? ?hr?m?.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\ProgramData Microsoft\Windows\Start Menu\Programs\G??gl? ?hr?m?.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\??zill? Fir?f??.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat (No File)
Shortcut: C:\Users\Public\Desktop\G??gl? ?hr?m?.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\Users\Public\Desktop\??zill? Fir?f??.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat (No File)

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-1404707617-3924275544-1000020962-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E => key removed successfully
HKU\S-1-5-21-1404707617-3924275544-1000020962-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F => key removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKU\S-1-5-21-1404707617-3924275544-1000020962-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-1404707617-3924275544-1000020962-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
Firefox DefaultSearchEngine removed successfully
Firefox SelectedSearchEngine removed successfully
Firefox "homepage" removed successfully
C:\Users\Windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiodaajmphnkcajieajajinghpejdjai => moved successfully
HKLM\System\CurrentControlSet\Services\ADSPIDEREX => key removed successfully
ADSPIDEREX => service removed successfully
C:\Windows\system32\Drivers\adspiderex.sys => moved successfully
C:\Users\Windows\AppData\Roaming Microsoft\Windows\Start Menu\Programs\Int?rn?t ??pl?r?r.lnk => not found.
"C:\Users\Windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Int?rn?t ??pl?r?r (N? ?dd-?ns).lnk" => Could not move.
"C:\Users\Windows\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\G??gl? ?hr?m?.lnk" => Could not move.
"C:\Users\Windows\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\L?un?h Int?rn?t ??pl?r?r ?r?ws?r.lnk" => Could not move.
"C:\Users\Windows\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Fir?f??.lnk" => Could not move.
"C:\Users\Windows\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\??zill? Fir?f??.lnk" => Could not move.
"C:\Users\Windows\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5d696d521de238c3\G??gl? ?hr?m?.lnk" => Could not move.
"C:\Users\Windows\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5bc13f14c0f5eafd\G??gl? ?hr?m?.lnk" => Could not move.
C:\ProgramData Microsoft\Windows\Start Menu\Programs\G??gl? ?hr?m?.lnk => not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\??zill? Fir?f??.lnk" => Could not move.
"C:\Users\Public\Desktop\G??gl? ?hr?m?.lnk" => Could not move.
"C:\Users\Public\Desktop\??zill? Fir?f??.lnk" => Could not move.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 18858540 B
Java, Flash, Steam htmlcache => 723 B
Windows/system/drivers => 297876 B
Edge => 0 B
Chrome => 825129235 B
Firefox => 172759499 B
Opera => 0 B

 

 

 

I finished the ESET scan after 3 hours of scanning but it never generated a report. It did clear 3 infections. So I'm not sure how to look at the log. It never gave option to export.

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 116336 B
Windows => 402081104 B

RecycleBin => 0 B
EmptyTemp: => 1.3 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 17:33:25 ====



#4 Android 8888

Android 8888

    SWI Malware Tracker

  • Helper
  • PipPipPipPipPip
  • 976 posts

Posted 07 March 2017 - 05:04 AM

Hi bobxxx.

Have you deleted the threats quarantined by Malwarebytes? If not, please do it now.

Did ESET created a log? If so, please post its entire content in your next reply.

 

Next,

Please download RogueKiller 32/64 Bits Installer (setup.exe) by Tigzy and save it to your Desktop.

  • Right click on the file setup.exe and select Run as administrator to install the tool.
  • Click Yes to accept any security warnings that may appear.
  • Choose the installation language and click OK.
  • Checkmark "Install 32 and 64 bits versions" and click Next. Follow the steps to install the tool.
  • Now close all programs and browsers.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • Right-click on the RogueKiller icon and select Run as administrator.
  • Click Yes to accept any security warnings that may appear.
  • Click the Scan tab and then click the Start Scan button.
  • Wait until the scan has finished. This scan may take some time to complete.
  • Once finished click on Open Report. It will open a new window.
  • Click Export TXT to export the report as a text file, give a name to the file such as RKlog.txt and save it to your Desktop.
  • Close RogueKiller.

 

Please copy and paste the contents of RKlog.txt to your next reply and wait for further instructions.


Android 8888
 

Website: http://android8888.comlu.com

 

Tavira - Here's where I live!

 

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.


#5 bobxxx

bobxxx

    Member

  • Full Member
  • Pip
  • 31 posts

Posted 07 March 2017 - 01:03 PM

Hey, I didn't delete the quarantined items, but I just deleted them when you asked. Also ESET did not produce a log, it had 3 threats which I deleted but the log was never produced, I don't know why. I can run the scan again if you need the log. I finished the roguekiller scan, still seem to be getting those weird ads with hyperlinks and new tabs opening with ads.

 

 

Here is the log for Rklog.txt:

 

RogueKiller V12.9.9.0 (x64) [Feb 27 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...ad/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Windows [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 03/07/2017 13:28:22 (Duration : 00:22:03)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 10 ¤¤¤
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1404707617-3924275544-1000020962-1000\Software\IM -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1404707617-3924275544-1000020962-1000\Software\IM -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5572B337-EFE1-4A89-97FB-823178D82BB6} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe|Name=Battle.net Update Agent| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {54A66E31-8AC9-47A3-A8D7-92DE8E05841A} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe|Name=Battle.net Update Agent| [x] -> Found
[PUP.DllFiles] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {467B65B0-803B-4DC0-9A2E-403405C85F99} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|LPort=4000|App=C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Found
[PUP.DllFiles] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {144719A1-8546-4FCA-87FF-EACE7C3CA353} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|LPort=4000|App=C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5572B337-EFE1-4A89-97FB-823178D82BB6} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe|Name=Battle.net Update Agent| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {54A66E31-8AC9-47A3-A8D7-92DE8E05841A} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe|Name=Battle.net Update Agent| [x] -> Found
[PUP.DllFiles] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {467B65B0-803B-4DC0-9A2E-403405C85F99} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|LPort=4000|App=C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Found
[PUP.DllFiles] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {144719A1-8546-4FCA-87FF-EACE7C3CA353} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|LPort=4000|App=C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 1 ¤¤¤
[PUP.Gen1][Folder] C:\Users\Windows\AppData\Local\PackageAware -> Found

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10EZEX-08M2NA0 ATA Device +++++
--- User ---
[MBR] 75b668acfaf65289f15c5852c1cee5aa
[BSP] f2b974fe981e8c00d270db86082c3887 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


Edited by bobxxx, 07 March 2017 - 01:59 PM.


#6 Android 8888

Android 8888

    SWI Malware Tracker

  • Helper
  • PipPipPipPipPip
  • 976 posts

Posted 07 March 2017 - 02:52 PM

Hi bobxxx.

Okay I just wanted to make sure that you executed the instructions requested.
 

Also ESET did not produce a log, it had 3 threats which I deleted but the log was never produced, I don't know why. I can run the scan again if you need the log.

You don't need to run another scan. Just leave it for now.

Please follow the instructions below to select and remove the following entries found by RogueKiller:

  • Close all programs and browsers.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • Right-click on the RogueKiller icon and select Run as administrator to re-run the tool.
  • Click the Scan tab and then click the Start Scan button.
  • Wait until the scan has finished. This may take some time to complete.
  • Once finished select the following entries:

[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1404707617-3924275544-1000020962-1000\Software\IM -> Found

[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1404707617-3924275544-1000020962-1000\Software\IM -> Found

[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5572B337-EFE1-4A89-97FB-823178D82BB6} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe|Name=Battle.net Update Agent| [x] -> Found

[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {54A66E31-8AC9-47A3-A8D7-92DE8E05841A} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe|Name=Battle.net Update Agent| [x] -> Found

[PUP.DllFiles] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {467B65B0-803B-4DC0-9A2E-403405C85F99} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|LPort=4000|App=C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Found

[PUP.DllFiles] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {144719A1-8546-4FCA-87FF-EACE7C3CA353} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|LPort=4000|App=C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Found

[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5572B337-EFE1-4A89-97FB-823178D82BB6} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe|Name=Battle.net Update Agent| [x] -> Found

[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {54A66E31-8AC9-47A3-A8D7-92DE8E05841A} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe|Name=Battle.net Update Agent| [x] -> Found

[PUP.DllFiles] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {467B65B0-803B-4DC0-9A2E-403405C85F99} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|LPort=4000|App=C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Found

[PUP.DllFiles] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {144719A1-8546-4FCA-87FF-EACE7C3CA353} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|LPort=4000|App=C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Found

[PUP.Gen1][Folder] C:\Users\Windows\AppData\Local\PackageAware -> Found

  • Click on Remove Selected button.
  • Click Export TXT to export the report as a text file, give a name to the file such as RKlog.txt and save it to your Desktop.
  • Close RogueKiller.

Please copy and paste the contents of RKlog.txt to your next reply.


Next,

I need to review a new set of logs from FRST64.

  • Right-click on the FRST64 icon to re-run the tool.
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds;
  • Make sure the Addition.txt box is checked;
  • Click on the Scan button;
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files;
  • Copy and paste the content of both FRST.txt and Addition.txt in your next reply;

 

Please post in your next reply:
The entire content of RKlog.txt.
The entire content of the two logs (FRST.txt and Addition.txt) produced by FRST.

How is the computer running now? Are you still getting the advertisements with hyperlinks in your browser?


Android 8888
 

Website: http://android8888.comlu.com

 

Tavira - Here's where I live!

 

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.


#7 bobxxx

bobxxx

    Member

  • Full Member
  • Pip
  • 31 posts

Posted 07 March 2017 - 03:23 PM

Ok I deleted the entries and ran all the scans, still getting the weird hyperlink ads and new tabs with ads.

 

here is the log for RKlog.txt:

 

 

RogueKiller V12.9.9.0 (x64) [Feb 27 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...ad/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Windows [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 03/07/2017 13:28:22 (Duration : 00:22:03)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 10 ¤¤¤
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1404707617-3924275544-1000020962-1000\Software\IM -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1404707617-3924275544-1000020962-1000\Software\IM -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5572B337-EFE1-4A89-97FB-823178D82BB6} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe|Name=Battle.net Update Agent| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {54A66E31-8AC9-47A3-A8D7-92DE8E05841A} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe|Name=Battle.net Update Agent| [x] -> Deleted
[PUP.DllFiles] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {467B65B0-803B-4DC0-9A2E-403405C85F99} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|LPort=4000|App=C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Deleted
[PUP.DllFiles] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {144719A1-8546-4FCA-87FF-EACE7C3CA353} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|LPort=4000|App=C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5572B337-EFE1-4A89-97FB-823178D82BB6} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe|Name=Battle.net Update Agent| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {54A66E31-8AC9-47A3-A8D7-92DE8E05841A} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe|Name=Battle.net Update Agent| [x] -> Deleted
[PUP.DllFiles] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {467B65B0-803B-4DC0-9A2E-403405C85F99} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|LPort=4000|App=C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Deleted
[PUP.DllFiles] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {144719A1-8546-4FCA-87FF-EACE7C3CA353} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|LPort=4000|App=C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe|Name=DLL-Files.com FIXER|Desc=Allow outbound network traffic from DLL-Files Fixer|EmbedCtxt=DLL-Files.com FIXER| [x] -> Deleted

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 1 ¤¤¤
[PUP.Gen1][Folder] C:\Users\Windows\AppData\Local\PackageAware -> Deleted

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10EZEX-08M2NA0 ATA Device +++++
--- User ---
[MBR] 75b668acfaf65289f15c5852c1cee5aa
[BSP] f2b974fe981e8c00d270db86082c3887 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

 

Here is the fresh FRST.txt log:

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-03-2017
Ran by Windows (administrator) on WINDOWS-29526KP (07-03-2017 15:19:50)
Running from C:\Users\Windows\Desktop\FRST
Loaded Profiles: Windows (Available Profiles: Windows)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(PowerISO Computing, Inc.) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2017-01-13] (Apple Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] => "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [180224 2009-11-08] (PowerISO Computing, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-1404707617-3924275544-1000020962-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-1404707617-3924275544-1000020962-1000\...\Run: [Logitech Vid] => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe [6123032 2011-06-01] (Logitech Inc.)
HKU\S-1-5-18\...A8F59079A8D5}\localserver32:  <==== ATTENTION
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 24.226.10.193 24.226.10.194 24.226.1.94
Tcpip\..\Interfaces\{CD0DAECD-A660-433E-B587-CED10E916BE3}: [DhcpNameServer] 24.226.10.193 24.226.10.194 24.226.1.94

Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-01-18] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-18] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-18] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-18] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Windows\AppData\Roaming\Mozilla\Firefox\Profiles\kburi48q.default-1450480719837 [2017-03-07]
FF Homepage: Mozilla\Firefox\Profiles\kburi48q.default-1450480719837 -> hxxp://www.msn.com/
FF Extension: (Tables) - C:\Users\Windows\AppData\Roaming\Mozilla\Firefox\Profiles\kburi48q.default-1450480719837\Extensions\brcorp@brcorporation.com.xpi [2017-03-03]
FF Extension: (Popup Blocker Ultimate) - C:\Users\Windows\AppData\Roaming\Mozilla\Firefox\Profiles\kburi48q.default-1450480719837\Extensions\{60B7679C-BED9-11E5-998D-8526BB8E7F8B}.xpi [2017-02-26]
FF Extension: (Video DownloadHelper) - C:\Users\Windows\AppData\Roaming\Mozilla\Firefox\Profiles\kburi48q.default-1450480719837\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-12-30]
FF Extension: (Adblock Plus) - C:\Users\Windows\AppData\Roaming\Mozilla\Firefox\Profiles\kburi48q.default-1450480719837\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-25]
FF Extension: (Greasemonkey) - C:\Users\Windows\AppData\Roaming\Mozilla\Firefox\Profiles\kburi48q.default-1450480719837\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2017-02-23]
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\Windows\AppData\Roaming\Mozilla\Firefox\Profiles\kburi48q.default-1450480719837\features\{ee7c5ae6-8874-4aa0-8aea-f1a2f1276282}\disableSHA1rollout@mozilla.org.xpi [2017-03-03]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-21] ()
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-18] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-21] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-02-09] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-02-09] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1404707617-3924275544-1000020962-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Windows\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-09-19] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-19] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Windows\AppData\Local\Google\Chrome\User Data\Default [2017-03-06]
CHR Extension: (No Name) - C:\Users\Windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-15]
CHR Extension: (Popup Blocker (strict)) - C:\Users\Windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\aefkmifgmaafnojlojpnekbpbmjiiogg [2017-01-31]
CHR Extension: (No Name) - C:\Users\Windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-13]
CHR Extension: (No Name) - C:\Users\Windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-13]
CHR Extension: (No Name) - C:\Users\Windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-13]
CHR Extension: (No Name) - C:\Users\Windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-05-13]
CHR Extension: (No Name) - C:\Users\Windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-15]
CHR Extension: (Tables) - C:\Users\Windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2017-03-06]
CHR Extension: (No Name) - C:\Users\Windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-20]
CHR Extension: (No Name) - C:\Users\Windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-13]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-02-09] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-01-20] (NVIDIA Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-11-29] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 b06diag; C:\Windows\system32\drivers\bxdiaga.sys [88104 2012-03-08] (Broadcom Corporation)
S3 BFN7x64; C:\Windows\system32\drivers\Xeno7x64.sys [157288 2012-02-22] (Bigfoot Networks, Inc.)
S3 bxfcoe; C:\Windows\system32\drivers\bxfcoe.sys [178216 2012-02-22] (Broadcom Corporation)
S3 bxois; C:\Windows\system32\drivers\bxois.sys [539176 2012-02-22] (Broadcom Corporation)
S3 EtronSTOR; C:\Windows\System32\Drivers\EtronSTOR.sys [32512 2012-07-24] (Etron Technology Inc)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-01-20] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47672 2017-01-05] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57792 2017-01-20] (NVIDIA Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [File not signed]
R3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2015-05-25] (SplitmediaLabs Limited)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-07 13:54 - 2017-03-07 13:54 - 00008928 _____ C:\Users\Windows\Desktop\roguelog2.txt
2017-03-07 13:53 - 2017-03-07 13:53 - 00008880 _____ C:\Users\Windows\Desktop\roguelog.txt
2017-03-07 11:08 - 2017-03-07 14:53 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-03-07 11:08 - 2017-03-07 11:08 - 00000860 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-03-07 11:08 - 2017-03-07 11:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-03-07 11:07 - 2017-03-07 13:54 - 00000000 ____D C:\ProgramData\RogueKiller
2017-03-07 11:07 - 2017-03-07 11:08 - 00000000 ____D C:\Program Files\RogueKiller
2017-03-07 11:06 - 2017-03-07 11:06 - 34885984 _____ (Adlice Software ) C:\Users\Windows\Downloads\setup.exe
2017-03-06 17:09 - 2017-03-06 17:09 - 00001057 _____ C:\Users\Public\Desktop\Axure RP 8.lnk
2017-03-06 17:09 - 2017-03-06 17:09 - 00000000 __HDC C:\ProgramData\{358C58B0-8ACD-4AFC-A78E-F60204B67F56}
2017-03-06 17:09 - 2017-03-06 17:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Axure
2017-03-06 17:09 - 2017-03-06 17:09 - 00000000 ____D C:\Program Files (x86)\Axure
2017-03-06 15:57 - 2017-03-07 13:23 - 00001044 _____ C:\Users\Windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-03-06 15:22 - 2017-03-06 17:09 - 00000032 ____H C:\Users\Windows\AppData\Local\t80.dat
2017-03-06 15:22 - 2017-03-06 17:09 - 00000000 ____D C:\Users\Windows\AppData\Local\Axure
2017-03-06 15:22 - 2017-03-06 15:22 - 00000000 ____D C:\Users\Windows\Documents\Axure
2017-03-06 15:22 - 2017-03-06 15:22 - 00000000 ____D C:\Users\Windows\AppData\Local\IsolatedStorage
2017-03-06 15:15 - 2017-03-06 15:15 - 00120155 _____ C:\Users\Windows\Desktop\mb scan.txt
2017-03-06 14:44 - 2017-03-06 14:44 - 00002012 _____ C:\Users\Windows\Desktop\JRT.txt
2017-03-06 14:34 - 2017-03-06 14:34 - 04031440 _____ C:\Users\Windows\Downloads\adwcleaner_6.044.exe
2017-03-06 14:12 - 2017-03-06 14:12 - 00000000 ____D C:\Users\Windows\AppData\Local\CrashRpt
2017-03-02 12:38 - 2017-03-06 20:06 - 00000000 ____D C:\Users\Windows\Documents\Phone App
2017-02-26 11:42 - 2017-02-26 11:42 - 04121760 _____ (Husdawg, LLC) C:\Users\Windows\Downloads\Detection(2).exe
2017-02-23 07:21 - 2017-02-23 07:21 - 00000000 ____D C:\Users\Windows\ansel
2017-02-21 02:22 - 2017-02-21 02:22 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-21 02:22 - 2017-02-09 17:39 - 00134592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-02-21 02:22 - 2017-01-25 19:13 - 00103936 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2017-02-21 02:22 - 2017-01-25 19:12 - 00326656 _____ C:\Windows\SysWOW64\vulkan-1.dll
2017-02-21 02:22 - 2017-01-25 19:09 - 00322560 _____ C:\Windows\system32\vulkan-1.dll
2017-02-21 02:22 - 2017-01-25 19:09 - 00118272 _____ C:\Windows\system32\vulkaninfo.exe
2017-02-21 02:20 - 2017-02-09 19:52 - 40192056 _____ C:\Windows\system32\nvcompiler.dll
2017-02-21 02:20 - 2017-02-09 19:52 - 35272760 _____ C:\Windows\SysWOW64\nvcompiler.dll
2017-02-21 02:20 - 2017-02-09 19:52 - 34937280 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2017-02-21 02:20 - 2017-02-09 19:52 - 28212280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-02-21 02:20 - 2017-02-09 19:52 - 19006832 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2017-02-21 02:20 - 2017-02-09 19:52 - 16398896 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2017-02-21 02:20 - 2017-02-09 19:52 - 14674896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-02-21 02:20 - 2017-02-09 19:52 - 14373824 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2017-02-21 02:20 - 2017-02-09 19:52 - 11122912 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2017-02-21 02:20 - 2017-02-09 19:52 - 11019704 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2017-02-21 02:20 - 2017-02-09 19:52 - 09305984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-02-21 02:20 - 2017-02-09 19:52 - 08990072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2017-02-21 02:20 - 2017-02-09 19:52 - 03627064 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2017-02-21 02:20 - 2017-02-09 19:52 - 03187256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-02-21 02:20 - 2017-02-09 19:52 - 01983424 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437866.dll
2017-02-21 02:20 - 2017-02-09 19:52 - 01589696 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437866.dll
2017-02-21 02:20 - 2017-02-09 19:52 - 01051584 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2017-02-21 02:20 - 2017-02-09 19:52 - 00989120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-02-21 02:20 - 2017-02-09 19:52 - 00961080 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2017-02-21 02:20 - 2017-02-09 19:52 - 00912440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-02-21 02:20 - 2017-02-09 19:52 - 00687224 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2017-02-21 02:20 - 2017-02-09 19:52 - 00611384 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2017-02-21 02:20 - 2017-02-09 19:52 - 00576192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2017-02-21 02:20 - 2017-02-09 19:52 - 00504104 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2017-02-21 02:20 - 2017-02-09 19:52 - 00500792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2017-02-21 02:20 - 2017-02-09 19:52 - 00425288 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2017-02-21 02:20 - 2017-02-09 19:52 - 00408272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2017-02-21 02:20 - 2017-02-09 19:52 - 00170360 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2017-02-21 02:20 - 2017-02-09 19:52 - 00153184 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2017-02-21 02:20 - 2017-02-09 19:52 - 00148016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2017-02-21 02:20 - 2017-02-09 19:52 - 00131720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2017-02-21 02:02 - 2017-02-21 02:02 - 00004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-21 02:02 - 2017-01-20 13:39 - 00057792 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys
2017-02-12 17:32 - 2017-02-12 22:31 - 00060323 ____N C:\Users\Windows\Desktop\Electronic ticket receipt, February 13 for MISS KULSOOM KHAN.pdf
2017-02-12 17:32 - 2017-02-12 22:31 - 00060320 ____N C:\Users\Windows\Desktop\Electronic ticket receipt, February 13 for MR MUSTAFA KHAN.pdf
2017-02-12 17:32 - 2017-02-12 22:31 - 00036947 ____N C:\Users\Windows\Desktop\Travel Reservation February 13 for MISS KULSOOM KHAN.pdf
2017-02-06 03:22 - 2017-03-06 21:22 - 00000000 ____D C:\Users\Windows\AppData\Local\ESET
2017-02-06 03:22 - 2017-03-06 17:37 - 06751360 _____ (ESET spol. s r.o.) C:\Users\Windows\Desktop\esetonlinescanner_enu.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-07 15:19 - 2015-04-16 11:03 - 00000000 ____D C:\FRST
2017-03-07 14:59 - 2014-11-08 08:27 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-03-07 14:33 - 2014-12-16 19:57 - 00000000 ____D C:\Program Files (x86)\StarCraft II
2017-03-07 14:33 - 2014-12-16 19:56 - 00000000 ____D C:\Users\Windows\AppData\Local\Battle.net
2017-03-07 14:33 - 2014-12-16 19:56 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-03-07 14:10 - 2009-07-13 23:45 - 00028528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-07 14:10 - 2009-07-13 23:45 - 00028528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-07 14:04 - 2016-11-18 16:13 - 00000000 ____D C:\Users\Windows\AppData\LocalLow\Mozilla
2017-03-07 14:03 - 2014-11-08 08:47 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-07 14:01 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-07 13:57 - 2014-11-08 08:22 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-03-07 11:02 - 2016-01-29 18:47 - 00000000 ____D C:\Users\Windows\AppData\Local\CrashDumps
2017-03-06 18:02 - 2014-11-24 21:27 - 00000000 ____D C:\Users\Windows\AppData\Roaming\vlc
2017-03-06 17:34 - 2016-05-11 20:53 - 00000008 __RSH C:\Users\Windows\ntuser.pol
2017-03-06 17:34 - 2016-05-11 20:45 - 00000008 __RSH C:\ProgramData\ntuser.pol
2017-03-06 17:34 - 2014-11-07 15:05 - 00000000 ____D C:\Users\Windows
2017-03-06 17:34 - 2009-07-13 23:45 - 00492648 _____ C:\Windows\system32\FNTCACHE.DAT
2017-03-06 17:33 - 2017-01-30 19:51 - 00000000 ____D C:\Users\Windows\Desktop\FRST
2017-03-06 17:32 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\GroupPolicy
2017-03-06 17:01 - 2014-11-08 08:20 - 00124344 _____ C:\Users\Windows\AppData\Local\GDIPFONTCACHEV1.DAT
2017-03-06 16:02 - 2014-11-08 14:28 - 00000000 ____D C:\Users\Windows\AppData\Roaming\Skype
2017-03-06 16:00 - 2014-11-15 10:48 - 00000000 ____D C:\Users\Windows\Documents\University
2017-03-06 15:16 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Globalization
2017-03-06 14:36 - 2017-01-31 19:16 - 00000000 ____D C:\AdwCleaner
2017-03-06 14:36 - 2016-11-17 19:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-06 14:16 - 2015-04-12 18:49 - 00000000 ____D C:\Users\Windows\AppData\Roaming\BitTorrent
2017-03-06 14:10 - 2016-12-21 17:23 - 00001793 ____R C:\Users\Windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Stаrt Тоr Вrоwsеr.lnk
2017-03-06 14:10 - 2016-12-21 17:23 - 00001745 ____R C:\Users\Windows\Desktop\Stаrt Тоr Вrоwsеr.lnk
2017-03-06 14:10 - 2016-12-21 17:23 - 00000000 ____D C:\Users\Windows\Desktop\Tor Browser
2017-03-04 21:48 - 2014-11-24 21:26 - 00000000 ____D C:\Users\Windows\dwhelper
2017-03-04 20:01 - 2016-08-05 21:51 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2017-03-03 21:24 - 2016-05-02 19:35 - 00000000 ____D C:\Program Files (x86)\Overwatch
2017-02-27 20:26 - 2015-12-14 19:52 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-02-27 20:26 - 2014-11-08 13:37 - 00000000 ____D C:\ProgramData\Skype
2017-02-27 08:25 - 2014-12-06 17:52 - 00000000 ____D C:\Users\Windows\Documents\Resumes & Workout
2017-02-24 04:33 - 2015-11-14 18:42 - 00002441 ____N C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-23 03:03 - 2014-11-07 15:20 - 00000000 ____D C:\Windows\system32\MRT
2017-02-23 03:01 - 2014-11-07 15:20 - 138020592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-02-21 08:34 - 2014-11-08 08:25 - 00000000 ____D C:\Users\Windows\AppData\Local\Adobe
2017-02-21 08:33 - 2014-11-08 08:27 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-02-21 08:33 - 2014-11-08 08:27 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-21 08:33 - 2014-11-08 08:27 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-02-21 08:33 - 2014-11-08 08:27 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-02-21 08:33 - 2014-11-08 08:27 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-21 02:23 - 2017-01-14 12:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-02-21 02:23 - 2014-11-08 08:46 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-21 02:23 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2017-02-21 02:06 - 2009-07-14 00:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-21 02:03 - 2017-01-24 18:07 - 00001418 ____N C:\Users\Public\Desktop\GeForce Experience.lnk
2017-02-21 02:03 - 2017-01-14 12:08 - 00003742 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-21 02:02 - 2017-01-14 12:08 - 00003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-21 02:02 - 2017-01-14 12:08 - 00003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-21 02:02 - 2017-01-14 12:08 - 00003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-21 02:02 - 2017-01-14 12:08 - 00003554 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-21 02:02 - 2017-01-14 12:08 - 00003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-21 02:02 - 2014-11-08 08:46 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-21 02:02 - 2014-11-08 08:46 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-09 19:52 - 2017-01-14 12:06 - 19110088 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2017-02-09 19:52 - 2017-01-14 12:06 - 16510160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2017-02-09 19:52 - 2017-01-14 12:06 - 13377072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2017-02-09 19:52 - 2017-01-14 12:06 - 04064088 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2017-02-09 19:52 - 2017-01-14 12:06 - 03583560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2017-02-09 19:52 - 2017-01-14 12:06 - 00492744 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2017-02-09 19:52 - 2017-01-14 12:06 - 00042606 _____ C:\Windows\system32\nvinfo.pb
2017-02-09 18:13 - 2017-01-14 12:07 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
2017-02-09 17:57 - 2017-01-14 12:07 - 07791217 _____ C:\Windows\system32\nvcoproc.bin
2017-02-09 17:57 - 2017-01-14 12:07 - 06403640 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2017-02-09 17:57 - 2017-01-14 12:07 - 02477504 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2017-02-09 17:57 - 2017-01-14 12:07 - 01764408 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2017-02-09 17:57 - 2017-01-14 12:07 - 00548288 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2017-02-09 17:57 - 2017-01-14 12:07 - 00393784 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2017-02-09 17:57 - 2017-01-14 12:07 - 00083512 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2017-02-09 17:57 - 2017-01-14 12:07 - 00071224 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll

==================== Files in the root of some directories =======

2014-12-06 17:39 - 2016-03-28 16:53 - 0005120 _____ () C:\Users\Windows\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-03-06 15:22 - 2017-03-06 17:09 - 0000032 ____H () C:\Users\Windows\AppData\Local\t80.dat
2015-06-22 06:48 - 2015-06-22 06:48 - 0000000 _____ () C:\Users\Windows\AppData\Local\Temp.dat

Some files in TEMP:
====================
2017-03-07 11:08 - 2016-10-11 10:34 - 1732864 _____ (Microsoft Corporation) C:\Users\Windows\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-04 09:33

==================== End of FRST.txt ============================

 

 

Here is the additions log:

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-03-2017
Ran by Windows (07-03-2017 15:20:23)
Running from C:\Users\Windows\Desktop\FRST
Windows 7 Home Premium Service Pack 1 (X64) (2014-11-07 20:05:51)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1404707617-3924275544-1000020962-500 - Administrator - Disabled)
Guest (S-1-5-21-1404707617-3924275544-1000020962-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1404707617-3924275544-1000020962-1002 - Limited - Enabled)
Windows (S-1-5-21-1404707617-3924275544-1000020962-1000 - Administrator - Enabled) => C:\Users\Windows

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Disabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Ansel (Version: 378.66 - NVIDIA Corporation) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology)
Axure RP 8 (HKLM-x32\...\Axure RP 8) (Version: 8.0.0.3297 - Axure Software Solutions, Inc.)
Axure RP 8 (x32 Version: 8.0.0.3297 - Axure Software Solutions, Inc.) Hidden
Baldur's Gate II: Enhanced Edition MULTI 3 (HKLM-x32\...\QmFsZHVyc0dhdGVJSUVuaGFuY2VkRWRpdGlvbg==_is1) (Version: 1 - )
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BitTorrent (HKU\S-1-5-21-1404707617-3924275544-1000020962-1000\...\BitTorrent) (Version: 7.9.9.42974 - BitTorrent Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother MFL-Pro Suite MFC-7460DN (HKLM-x32\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.1.3.0 - Brother Industries, Ltd.)
CameraHelperMsi (x32 Version: 13.50.854.0 - Logitech) Hidden
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.3.4643 - CDBurnerXP)
ConvertHelper 3.1.1 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version:  - DownloadHelper)
CPUID CPU-Z 1.78 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Dragon Age Origins - Ultimate Edition version 1.05 (HKLM-x32\...\Dragon Age Origins - Ultimate Edition_is1) (Version: 1.05 - Bioware)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.42 - Irfan Skiljan)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java SE Development Kit 7 Update 79 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170790}) (Version: 1.7.0.790 - Oracle)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
League client alpha (HKU\S-1-5-21-1404707617-3924275544-1000020962-1000\...\League client alpha 1.0) (Version: 1.0 - Riot Games, Inc)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
LibreOffice 4.2 Help Pack (English (United States)) (HKLM-x32\...\{906386E6-9B44-4A87-8585-B2B0FC94699C}) (Version: 4.2.3.3 - The Document Foundation)
LibreOffice 4.2.3.3 (HKLM-x32\...\{4117DF3C-6677-4A22-90B7-FF06923417E9}) (Version: 4.2.3.3 - The Document Foundation)
Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7259) - Logitech Inc..)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Mortal Kombat X version 1.0 u20 (HKLM-x32\...\{1CF7CFCB-40E3-45C6-8D47-F5F4BD8FAF9C}_is1) (Version: 1.0 u20 - Warner Bros)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nuance PaperPort 12 (HKLM-x32\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 378.66 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.3.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.3.0.95 - NVIDIA Corporation)
NVIDIA Graphics Driver 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.66 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.21 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.3.5.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 1.00.0001 - Nuance Communications, Inc.)
PowerISO (HKLM-x32\...\PowerISO) (Version: 4.6 - PowerISO Computing, Inc.)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RogueKiller version 12.9.9.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.9.9.0 - Adlice Software)
Scansoft PDF Professional (x32 Version:  - ) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.104 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
The Elder Scrolls V Skyrim Legendary Edition version 1.9.32.0.8 (HKLM-x32\...\{7D9B54C8-506A-43BC-A40C-FCEA8B8EFCE6}_is1) (Version: 1.9.32.0.8 - Bethesda Softworks)
The Orange Box version 1.0 u2011 (HKLM-x32\...\{16ED7F51-369B-40E1-B067-102BF02F9B87}_is1) (Version: 1.0 u2011 - Valve)
The Witcher 3 Wild Hunt version 1.11 (HKLM-x32\...\{BF679CAD-FE6D-4CBE-9E99-D7193809207A}_is1) (Version: 1.11 - CD PROJEKT RED)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3141468) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{CB85A0CF-0448-43D8-8006-173A8C84A018}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3141468) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{CB85A0CF-0448-43D8-8006-173A8C84A018}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3141468) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{CB85A0CF-0448-43D8-8006-173A8C84A018}) (Version:  - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
XSplit Broadcaster (HKLM-x32\...\{594AFF44-AE13-4CCE-B0CA-A48E56289502}) (Version: 2.8.1605.3142 - SplitmediaLabs)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {23C50717-4C13-4164-8543-D61946D9B174} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {27973526-795D-4EBD-BA0A-9FC57C611D6D} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-20] (NVIDIA Corporation)
Task: {2A9234B4-071F-4B62-A0EF-54FC06A2A13B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-21] (Adobe Systems Incorporated)
Task: {36FEAE21-04A6-45E7-862C-9D954005CA92} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-20] (NVIDIA Corporation)
Task: {3783C5A0-1F96-4659-8030-FE01D9F61255} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {4F9D17A7-CD2C-40A0-B7EA-39C9C3059DC8} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-20] (NVIDIA Corporation)
Task: {58159F2E-25AD-4A3D-A64E-2F2715222496} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-15] (Google Inc.)
Task: {76034FD1-8214-4FA5-B5AA-C86DF44409D7} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-01-20] (NVIDIA Corporation)
Task: {7C4D4A0C-C5D1-4FD1-955B-FA93F67D40BF} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {8E0FD945-6410-46E4-850B-D5A03FC4C39A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {924C253A-F5CB-4684-B226-53886FD3A140} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-01-20] (NVIDIA Corporation)
Task: {945DEAA0-5160-4D61-A6BC-DEC4A63A10B1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {9D770122-1ABA-4E27-8140-61C6111DD7BA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-15] (Google Inc.)
Task: {AA07004C-D8D4-4B50-A0F1-04F6CB60E2D5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {AC3AE94C-BD0A-4BB5-9375-451FF202B6B6} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {C98B772E-4C26-4047-B437-E07FFB28F9BD} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {CE0FDEF8-DD78-42E0-82E9-CCD11CD131EF} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-01-20] (NVIDIA Corporation)
Task: {DF7F3C05-139A-43F4-8D70-4B507E0245ED} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {F634D896-96AC-473D-BEDD-EF516CC579D5} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-20] (NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Windows\Desktop\Stаrt Тоr Вrоwsеr.lnk -> C:\Users\Windows\Desktop\Tor Browser\Browser\firefox.bat (No File)
Shortcut: C:\Users\Windows\Desktop\Tor Browser\Stаrt Тоr Вrоwsеr.lnk -> C:\Users\Windows\Desktop\Tor Browser\Browser\firefox.bat (No File)
Shortcut: C:\Users\Windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехplоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File)
Shortcut: C:\Users\Windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Stаrt Тоr Вrоwsеr.lnk -> C:\Users\Windows\Desktop\Tor Browser\Browser\firefox.bat (No File)
Shortcut: C:\Users\Windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Ехplоrеr (Nо Аdd-оns).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File)
Shortcut: C:\Users\Windows\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\Users\Windows\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnеt Ехplоrеr Вrоwsеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File)
Shortcut: C:\Users\Windows\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat (No File)
Shortcut: C:\Users\Windows\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat (No File)
Shortcut: C:\Users\Windows\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5d696d521de238c3\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\Users\Windows\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5bc13f14c0f5eafd\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat (No File)
Shortcut: C:\Users\Public\Desktop\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\Users\Public\Desktop\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat (No File)

==================== Loaded Modules (Whitelisted) ==============

2017-01-14 12:07 - 2017-02-09 17:57 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
20

Edited by bobxxx, 07 March 2017 - 03:25 PM.


#8 Android 8888

Android 8888

    SWI Malware Tracker

  • Helper
  • PipPipPipPipPip
  • 976 posts

Posted 07 March 2017 - 06:39 PM

Please run the following script in FRST.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your Operating System.

Press the Windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and click the OK button.
Please copy the entire contents of the code box below. To do this highlight the contents of the box and right click on it and select Copy.
Paste this into the open Notepad.
 

Start

CreateRestorePoint:
CloseProcesses:
EmptyTemp:

HKU\S-1-5-18\...A8F59079A8D5}\localserver32: <==== ATTENTION
2015-06-22 06:48 - 2015-06-22 06:48 - 0000000 _____ () C:\Users\Windows\AppData\Local\Temp.dat
2017-03-07 11:08 - 2016-10-11 10:34 - 1732864 _____ (Microsoft Corporation) C:\Users\Windows\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Windows\Desktop\Stаrt Тоr Вrоwsеr.lnk
C:\Users\Windows\Desktop\Tor Browser\Stаrt Тоr Вrоwsеr.lnk
C:\Users\Windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехplоrеr.lnk
C:\Users\Windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Stаrt Тоr Вrоwsеr.lnk
C:\Users\Windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Ехplоrеr (Nо Аdd-оns).lnk
C:\Users\Windows\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооglе Сhrоmе.lnk
C:\Users\Windows\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnеt Ехplоrеr Вrоwsеr.lnk
C:\Users\Windows\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Firеfох.lnk
C:\Users\Windows\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Моzillа Firеfох.lnk
C:\Users\Windows\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5d696d521de238c3\Gооglе Сhrоmе.lnk
C:\Users\Windows\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5bc13f14c0f5eafd\Gооglе Сhrоmе.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk
C:\Users\Public\Desktop\Gооglе Сhrоmе.lnk
C:\Users\Public\Desktop\Моzillа Firеfох.lnk
FirewallRules: [{9164685F-1FF1-4AA2-9271-75E7A85A77C8}] => (Allow) C:\Program Files\KMSnano\qemu-system-i386.exe
FirewallRules: [{BB3C6D38-961F-4376-8A70-21E5053B7B6F}] => (Allow) C:\Program Files\KMSnano\qemu-system-i386.exe
C:\Program Files\KMSnano\qemu-system-i386.exe
C:\Program Files\KMSnano

End


Save the file as fixlist.txt in to the same folder as FRST64
Right-click the FRST64 icon and select Run as administrator to run the tool.
Click the Fix button only once and wait.
When finished FRST will generate a log on the Desktop (fixlog.txt). Please post it to your reply.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.


Next, reset your Internet browsers:

Internet Explorer
How to reset Internet Explorer settings

Mozilla Firefox
Click on Help / Troubleshooting Information.
Then click on the Reset Firefox button.

Google Chrome
In the top-right corner of the browser window, click the Chrome Menu icon (Three horizontal lines)
Select Settings.
At the bottom, click Show advanced settings…
Scroll down until you see Reset settings, Then click on the button Reset Settings.
In the dialog that appears, click Reset.


Please post the content of fixlog.txt and check your browsers to see if the advertisements issues still remain.


Android 8888
 

Website: http://android8888.comlu.com

 

Tavira - Here's where I live!

 

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.


#9 bobxxx

bobxxx

    Member

  • Full Member
  • Pip
  • 31 posts

Posted 07 March 2017 - 07:15 PM

Ok I ran the FRST fixlist and reset all my browsers. It seems all the popups and ads have stopped appearing thus far. Thank you sooo much :)

 

Here is the fixlist log:

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 05-03-2017
Ran by Windows (07-03-2017 19:00:55) Run:8
Running from C:\Users\Windows\Desktop\FRST
Loaded Profiles: Windows (Available Profiles: Windows)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
CloseProcesses:
EmptyTemp:

HKU\S-1-5-18\...A8F59079A8D5}\localserver32: <==== ATTENTION
2015-06-22 06:48 - 2015-06-22 06:48 - 0000000 _____ () C:\Users\Windows\AppData\Local\Temp.dat
2017-03-07 11:08 - 2016-10-11 10:34 - 1732864 _____ (Microsoft Corporation) C:\Users\Windows\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Windows\Desktop\Stаrt Тоr Вrоwsеr.lnk
C:\Users\Windows\Desktop\Tor Browser\Stаrt Тоr Вrоwsеr.lnk
C:\Users\Windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехplоrеr.lnk
C:\Users\Windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Stаrt Тоr Вrоwsеr.lnk
C:\Users\Windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Ехplоrеr (Nо Аdd-оns).lnk
C:\Users\Windows\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооglе Сhrоmе.lnk
C:\Users\Windows\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnеt Ехplоrеr Вrоwsеr.lnk
C:\Users\Windows\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Firеfох.lnk
C:\Users\Windows\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Моzillа Firеfох.lnk
C:\Users\Windows\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5d696d521de238c3\Gооglе Сhrоmе.lnk
C:\Users\Windows\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5bc13f14c0f5eafd\Gооglе Сhrоmе.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk
C:\Users\Public\Desktop\Gооglе Сhrоmе.lnk
C:\Users\Public\Desktop\Моzillа Firеfох.lnk
FirewallRules: [{9164685F-1FF1-4AA2-9271-75E7A85A77C8}] => (Allow) C:\Program Files\KMSnano\qemu-system-i386.exe
FirewallRules: [{BB3C6D38-961F-4376-8A70-21E5053B7B6F}] => (Allow) C:\Program Files\KMSnano\qemu-system-i386.exe
C:\Program Files\KMSnano\qemu-system-i386.exe
C:\Program Files\KMSnano

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-18\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 => key not found.
HKU\S-1-5-18\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} => key removed successfully
C:\Users\Windows\AppData\Local\Temp.dat => moved successfully
C:\Users\Windows\AppData\Local\Temp\dllnt_dump.dll => moved successfully
C:\Users\Windows\Desktop\Stаrt Тоr Вrоwsеr.lnk => moved successfully
C:\Users\Windows\Desktop\Tor Browser\Stаrt Тоr Вrоwsеr.lnk => moved successfully
C:\Users\Windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехplоrеr.lnk => moved successfully
C:\Users\Windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Stаrt Тоr Вrоwsеr.lnk => moved successfully
C:\Users\Windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Ехplоrеr (Nо Аdd-оns).lnk => moved successfully
C:\Users\Windows\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооglе Сhrоmе.lnk => moved successfully
C:\Users\Windows\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnеt Ехplоrеr Вrоwsеr.lnk => moved successfully
C:\Users\Windows\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Firеfох.lnk => moved successfully
C:\Users\Windows\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Моzillа Firеfох.lnk => moved successfully
C:\Users\Windows\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5d696d521de238c3\Gооglе Сhrоmе.lnk => moved successfully
C:\Users\Windows\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5bc13f14c0f5eafd\Gооglе Сhrоmе.lnk => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk => moved successfully
C:\Users\Public\Desktop\Gооglе Сhrоmе.lnk => moved successfully
C:\Users\Public\Desktop\Моzillа Firеfох.lnk => moved successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9164685F-1FF1-4AA2-9271-75E7A85A77C8} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BB3C6D38-961F-4376-8A70-21E5053B7B6F} => value removed successfully
"C:\Program Files\KMSnano\qemu-system-i386.exe" => not found.
"C:\Program Files\KMSnano" => not found.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10414137 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 18536 B
Edge => 0 B
Chrome => 0 B
Firefox => 125366198 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 11600 B
Windows => 100104134 B

RecycleBin => 50707824 B
EmptyTemp: => 281.3 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 19:02:03 ====


Edited by bobxxx, 07 March 2017 - 07:16 PM.


#10 Android 8888

Android 8888

    SWI Malware Tracker

  • Helper
  • PipPipPipPipPip
  • 976 posts

Posted 08 March 2017 - 09:12 AM

Hello bobxxx.

I need you to run a final scan on your system to check for leftovers.
 

Please download Sophos Virus Removal Tool and save it to your computer's Desktop.

  • Double click the icon and select Run.
  • Click Next.
  • Select 'I accept the terms in this license agreement', then click Next twice.
  • Click Install.
  • Click Finish. The tool created an icon on your computer's Desktop.
  • Double-click the shortcut icon to run the tool.
  • After it updates and a "Start Scanning" button appears in the lower right, proceed as follow:
    • Disconnect from the Internet or physically unplug you Internet cable connection.
    • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
    • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • Click the "Start Scanning" button in the lower right to start the scan.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, if it detected anything there will be a "Start Clean-up" button, click it and allow it to finish.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.
  • If any threats are found click Details, then View Log file (bottom left-hand corner).
  • Copy and paste the results in your next reply and note any errors encountered.
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup.
  • Click Exit to close the program.
  • If no threats were found, please confirm that result.

 

Next,

 

Please download Security Analysis by Rocket Grannie.

  • Save it to your Desktop.
  • Close your security software or temporarily disable any Real-Time protection to avoid potential conflicts.
  • Right click RGSA.exe and select Run as administrator to run the tool.
  • Click OK on the copyright-disclaimer.
  • In a few seconds it will produce a log named SALog.txt on the Desktop or in the same folder from where the tool is run if installed elsewhere.
  • Please copy and paste the contents of that log in your next reply.

Note: If you get a Warning from Windows about running the program, click on More info and then click Run Anyway to run it even though Windows says it might put your PC at risk.
 

Do not forget to re-enable your security programs after the scans.

 

 

Please post the contents of the two logs for my review and let me know how is the popups and ads issue.

Did they ever show up again?


Android 8888
 

Website: http://android8888.comlu.com

 

Tavira - Here's where I live!

 

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.


#11 bobxxx

bobxxx

    Member

  • Full Member
  • Pip
  • 31 posts

Posted 08 March 2017 - 02:06 PM

Ok I ran the sophos virus scan and there was no threats found my computer was clean. Then I ran the RGSA but it gave me an error.
 
Here is the scan for the Sophos:
 
2017-03-08 16:40:37.501    Sophos Virus Removal Tool version 2.5.6
2017-03-08 16:40:37.501    Copyright © 2009-2016 Sophos Limited. All rights reserved.

2017-03-08 16:40:37.501    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2017-03-08 16:40:37.501    Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
2017-03-08 16:40:37.501    Checking for updates...
2017-03-08 16:40:37.836    Update progress: proxy server not available
2017-03-08 16:40:39.361    Update error: failed to read remote metadata (error 4)
[T46381] ..\SUL\Handle.cpp:98 + SU::Handle::readRemoteMetadata()
[T75884] ..\SUL\Metadata.cpp:144 SU::Metadata::readRemoteMetadata()
[I40394] Downloading customer file from sophos:1:1
[E26245] Error fetching data from http://dci.sophosupd...a46da00871.dat:WinHttpSendRequest 12007
[I20317] No proxy was used.
[I40394] Downloading customer file from sophos:2:1
[E26245] Error fetching data from http://dci.sophosupd...a46da00871.dat:WinHttpSendRequest 12007
[I20317] No proxy was used.
[I40394] Downloading customer file from sophos:3:1
[E75373] Ran out of sophos aliases for this update source
[E35369] Out of update sources
[E99999] Out of sources
2017-03-08 16:40:43.664    Option all = no
2017-03-08 16:40:43.664    Option recurse = yes
2017-03-08 16:40:43.664    Option archive = no
2017-03-08 16:40:43.664    Option service = yes
2017-03-08 16:40:43.664    Option confirm = yes
2017-03-08 16:40:43.664    Option sxl = yes
2017-03-08 16:40:43.665    Option max-data-age = 35
2017-03-08 16:40:43.665    Option vdl-logging = yes
2017-03-08 16:40:43.667    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2017-03-08 16:40:43.667    Machine ID:    d286d13ef9be4702bb560eb9142e19ac
2017-03-08 16:40:43.668    Component SVRTcli.exe version 2.5.6
2017-03-08 16:40:43.668    Component control.dll version 2.5.6
2017-03-08 16:40:43.668    Component SVRTservice.exe version 2.5.6
2017-03-08 16:40:43.668    Component engine\osdp.dll version 1.44.1.2280
2017-03-08 16:40:43.668    Component engine\veex.dll version 3.68.0.2280
2017-03-08 16:40:43.668    Component engine\savi.dll version 9.0.7.2280
2017-03-08 16:40:43.668    Component rkdisk.dll version 1.5.31.1
2017-03-08 16:40:43.668    Version info:    Product version    2.5.6
2017-03-08 16:40:43.669    Version info:    Detection engine    3.68.0
2017-03-08 16:40:43.669    Version info:    Detection data    5.36
2017-03-08 16:40:43.669    Version info:    Build date    2/7/2017
2017-03-08 16:40:43.669    Version info:    Data files added    263
2017-03-08 16:40:43.669    Version info:    Last successful update    (not yet updated)
2017-03-08 16:42:20.592    Error level 1

2017-03-08 16:42:20.594    Scan completed.
2017-03-08 16:42:20.594    

------------------------------------------------------------

2017-03-08 16:42:59.903    Sophos Virus Removal Tool version 2.5.6
2017-03-08 16:42:59.903    Copyright © 2009-2016 Sophos Limited. All rights reserved.

2017-03-08 16:42:59.903    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2017-03-08 16:42:59.903    Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
2017-03-08 16:42:59.903    Checking for updates...
2017-03-08 16:43:00.190    Update progress: proxy server not available
2017-03-08 16:43:05.250    Option all = no
2017-03-08 16:43:05.250    Option recurse = yes
2017-03-08 16:43:05.250    Option archive = no
2017-03-08 16:43:05.250    Option service = yes
2017-03-08 16:43:05.250    Option confirm = yes
2017-03-08 16:43:05.250    Option sxl = yes
2017-03-08 16:43:05.251    Option max-data-age = 35
2017-03-08 16:43:05.251    Option vdl-logging = yes
2017-03-08 16:43:05.253    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2017-03-08 16:43:05.253    Machine ID:    d286d13ef9be4702bb560eb9142e19ac
2017-03-08 16:43:05.253    Component SVRTcli.exe version 2.5.6
2017-03-08 16:43:05.253    Component control.dll version 2.5.6
2017-03-08 16:43:05.253    Component SVRTservice.exe version 2.5.6
2017-03-08 16:43:05.253    Component engine\osdp.dll version 1.44.1.2280
2017-03-08 16:43:05.253    Component engine\veex.dll version 3.68.0.2280
2017-03-08 16:43:05.253    Component engine\savi.dll version 9.0.7.2280
2017-03-08 16:43:05.254    Component rkdisk.dll version 1.5.31.1
2017-03-08 16:43:05.254    Version info:    Product version    2.5.6
2017-03-08 16:43:05.254    Version info:    Detection engine    3.68.0
2017-03-08 16:43:05.254    Version info:    Detection data    5.36
2017-03-08 16:43:05.254    Version info:    Build date    2/7/2017
2017-03-08 16:43:05.254    Version info:    Data files added    263
2017-03-08 16:43:05.254    Version info:    Last successful update    (not yet updated)
2017-03-08 16:43:25.707    Update error: failed to read remote metadata (error 4)
[T46381] ..\SUL\Handle.cpp:98 + SU::Handle::readRemoteMetadata()
[T75884] ..\SUL\Metadata.cpp:144 SU::Metadata::readRemoteMetadata()
[I40394] Downloading customer file from sophos:1:1
[E26245] Error fetching data from http://dci.sophosupd...a46da00871.dat:WinHttpSendRequest 12007
[I20317] No proxy was used.
[I40394] Downloading customer file from sophos:2:1
[E26245] Error fetching data from http://dci.sophosupd...a46da00871.dat:WinHttpSendRequest 12007
[I20317] No proxy was used.
[I40394] Downloading customer file from sophos:3:1
[E75373] Ran out of sophos aliases for this update source
[E35369] Out of update sources
[E99999] Out of sources
2017-03-08 16:43:29.151    Error level 1

2017-03-08 16:43:29.152    Scan completed.
2017-03-08 16:43:29.152    

------------------------------------------------------------

2017-03-08 16:43:31.764    Sophos Virus Removal Tool version 2.5.6
2017-03-08 16:43:31.764    Copyright © 2009-2016 Sophos Limited. All rights reserved.

2017-03-08 16:43:31.764    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2017-03-08 16:43:31.764    Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
2017-03-08 16:43:31.764    Checking for updates...
2017-03-08 16:43:32.047    Update progress: proxy server not available
2017-03-08 16:43:37.083    Option all = no
2017-03-08 16:43:37.083    Option recurse = yes
2017-03-08 16:43:37.083    Option archive = no
2017-03-08 16:43:37.083    Option service = yes
2017-03-08 16:43:37.083    Option confirm = yes
2017-03-08 16:43:37.083    Option sxl = yes
2017-03-08 16:43:37.083    Option max-data-age = 35
2017-03-08 16:43:37.083    Option vdl-logging = yes
2017-03-08 16:43:37.085    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2017-03-08 16:43:37.085    Machine ID:    d286d13ef9be4702bb560eb9142e19ac
2017-03-08 16:43:37.086    Component SVRTcli.exe version 2.5.6
2017-03-08 16:43:37.086    Component control.dll version 2.5.6
2017-03-08 16:43:37.086    Component SVRTservice.exe version 2.5.6
2017-03-08 16:43:37.086    Component engine\osdp.dll version 1.44.1.2280
2017-03-08 16:43:37.086    Component engine\veex.dll version 3.68.0.2280
2017-03-08 16:43:37.086    Component engine\savi.dll version 9.0.7.2280
2017-03-08 16:43:37.086    Component rkdisk.dll version 1.5.31.1
2017-03-08 16:43:37.086    Version info:    Product version    2.5.6
2017-03-08 16:43:37.087    Version info:    Detection engine    3.68.0
2017-03-08 16:43:37.087    Version info:    Detection data    5.36
2017-03-08 16:43:37.087    Version info:    Build date    2/7/2017
2017-03-08 16:43:37.087    Version info:    Data files added    263
2017-03-08 16:43:37.087    Version info:    Last successful update    (not yet updated)
2017-03-08 16:43:45.564    Update error: failed to read remote metadata (error 4)
[T46381] ..\SUL\Handle.cpp:98 + SU::Handle::readRemoteMetadata()
[T75884] ..\SUL\Metadata.cpp:144 SU::Metadata::readRemoteMetadata()
[I40394] Downloading customer file from sophos:1:1
[E26245] Error fetching data from http://dci.sophosupd...a46da00871.dat:WinHttpSendRequest 12007
[I20317] No proxy was used.
[I40394] Downloading customer file from sophos:2:1
[E26245] Error fetching data from http://dci.sophosupd...a46da00871.dat:WinHttpSendRequest 12007
[I20317] No proxy was used.
[I40394] Downloading customer file from sophos:3:1
[E75373] Ran out of sophos aliases for this update source
[E35369] Out of update sources
[E99999] Out of sources
2017-03-08 16:44:05.093    Error level 1

2017-03-08 16:44:05.094    Scan completed.
2017-03-08 16:44:05.094    

------------------------------------------------------------

2017-03-08 16:44:09.456    Sophos Virus Removal Tool version 2.5.6
2017-03-08 16:44:09.456    Copyright © 2009-2016 Sophos Limited. All rights reserved.

2017-03-08 16:44:09.456    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2017-03-08 16:44:09.456    Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
2017-03-08 16:44:09.456    Checking for updates...
2017-03-08 16:44:09.771    Update progress: proxy server not available
2017-03-08 16:44:15.133    Option all = no
2017-03-08 16:44:15.133    Option recurse = yes
2017-03-08 16:44:15.133    Option archive = no
2017-03-08 16:44:15.133    Option service = yes
2017-03-08 16:44:15.133    Option confirm = yes
2017-03-08 16:44:15.133    Option sxl = yes
2017-03-08 16:44:15.134    Option max-data-age = 35
2017-03-08 16:44:15.134    Option vdl-logging = yes
2017-03-08 16:44:15.136    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2017-03-08 16:44:15.136    Machine ID:    d286d13ef9be4702bb560eb9142e19ac
2017-03-08 16:44:15.136    Component SVRTcli.exe version 2.5.6
2017-03-08 16:44:15.136    Component control.dll version 2.5.6
2017-03-08 16:44:15.136    Component SVRTservice.exe version 2.5.6
2017-03-08 16:44:15.137    Component engine\osdp.dll version 1.44.1.2280
2017-03-08 16:44:15.137    Component engine\veex.dll version 3.68.0.2280
2017-03-08 16:44:15.137    Component engine\savi.dll version 9.0.7.2280
2017-03-08 16:44:15.137    Component rkdisk.dll version 1.5.31.1
2017-03-08 16:44:15.137    Version info:    Product version    2.5.6
2017-03-08 16:44:15.137    Version info:    Detection engine    3.68.0
2017-03-08 16:44:15.137    Version info:    Detection data    5.36
2017-03-08 16:44:15.137    Version info:    Build date    2/7/2017
2017-03-08 16:44:15.137    Version info:    Data files added    263
2017-03-08 16:44:15.137    Version info:    Last successful update    (not yet updated)
2017-03-08 16:44:49.150    Downloading updates...
2017-03-08 16:44:49.150    Update progress: [I96736] sdds.svrt_10: adding primary package C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED baseVersion=1
2017-03-08 16:44:49.150    Update progress: [I95020] sdds.svrt_10: looking for packages included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-03-08 16:44:49.150    Update progress: [I22529] sdds.svrt_10: looking for supplements included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-03-08 16:44:49.150    Update progress: [I49502] sdds.savi0910.xml: found supplement SAVIW32 LATEST path= baseVersion= [included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=]
2017-03-08 16:44:49.150    Update progress: [I95020] sdds.savi0910.xml: looking for packages included from product SAVIW32 LATEST path=
2017-03-08 16:44:49.150    Update progress: [I22529] sdds.savi0910.xml: looking for supplements included from product SAVIW32 LATEST path=
2017-03-08 16:44:49.151    Update progress: [I49502] sdds.data0910.xml: found supplement IDE537 LATEST path= baseVersion= [included from product SAVIW32 LATEST path=]
2017-03-08 16:44:49.151    Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE537 LATEST path=
2017-03-08 16:44:49.151    Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE537 LATEST path=
2017-03-08 16:44:49.151    Update progress: [I49502] sdds.data0910.xml: found supplement IDE538 LATEST path= baseVersion= [included from product IDE537 LATEST path=]
2017-03-08 16:44:49.151    Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE538 LATEST path=
2017-03-08 16:44:49.151    Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE538 LATEST path=
2017-03-08 16:44:49.151    Update progress: [I49502] sdds.data0910.xml: found supplement IDE539 LATEST path= baseVersion= [included from product IDE538 LATEST path=]
2017-03-08 16:44:49.151    Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE539 LATEST path=
2017-03-08 16:44:49.151    Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE539 LATEST path=
2017-03-08 16:44:49.151    Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-03-08 16:44:49.504    Update progress: [I19463] Syncing product SAVIW32 LATEST path=
2017-03-08 16:44:49.504    Update progress: [I19463] Product download size 158884372 bytes
2017-03-08 16:44:50.690    Update progress: [I19463] Syncing product IDE537 LATEST path=
2017-03-08 16:44:50.690    Update progress: [I19463] Product download size 2537599 bytes
2017-03-08 16:44:50.800    Update progress: [I19463] Syncing product IDE538 LATEST path=
2017-03-08 16:44:50.800    Update progress: [I19463] Product download size 2280148 bytes
2017-03-08 16:44:50.890    Update progress: [I19463] Syncing product IDE539 LATEST path=
2017-03-08 16:44:50.890    Update progress: [I19463] Product download size 86978 bytes
2017-03-08 16:44:50.919    Installing updates...
2017-03-08 16:44:51.520    Error level 1
2017-03-08 16:44:56.150    Update successful
2017-03-08 16:45:03.643    Option all = no
2017-03-08 16:45:03.643    Option recurse = yes
2017-03-08 16:45:03.643    Option archive = no
2017-03-08 16:45:03.643    Option service = yes
2017-03-08 16:45:03.643    Option confirm = yes
2017-03-08 16:45:03.643    Option sxl = yes
2017-03-08 16:45:03.644    Option max-data-age = 35
2017-03-08 16:45:03.644    Option vdl-logging = yes
2017-03-08 16:45:03.646    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2017-03-08 16:45:03.646    Machine ID:    d286d13ef9be4702bb560eb9142e19ac
2017-03-08 16:45:03.646    Component SVRTcli.exe version 2.5.6
2017-03-08 16:45:03.646    Component control.dll version 2.5.6
2017-03-08 16:45:03.646    Component SVRTservice.exe version 2.5.6
2017-03-08 16:45:03.646    Component engine\osdp.dll version 1.44.1.2280
2017-03-08 16:45:03.646    Component engine\veex.dll version 3.68.0.2280
2017-03-08 16:45:03.646    Component engine\savi.dll version 9.0.7.2280
2017-03-08 16:45:03.647    Component rkdisk.dll version 1.5.31.1
2017-03-08 16:45:03.647    Version info:    Product version    2.5.6
2017-03-08 16:45:03.647    Version info:    Detection engine    3.68.0
2017-03-08 16:45:03.647    Version info:    Detection data    5.36
2017-03-08 16:45:03.647    Version info:    Build date    2/7/2017
2017-03-08 16:45:03.647    Version info:    Data files added    263
2017-03-08 16:45:03.647    Version info:    Last successful update    3/8/2017 11:44:56 AM

2017-03-08 16:46:04.022    Couldn't apply option 'SXLLiveProtection' to the detection engine.
2017-03-08 16:58:52.484    Could not open C:\Boot\BCD
2017-03-08 17:00:38.451    Could not open C:\hiberfil.sys
2017-03-08 17:01:48.057    Could not open C:\pagefile.sys
2017-03-08 17:39:41.155    Sophos Virus Removal Tool version 2.5.6
2017-03-08 17:39:41.155    Copyright © 2009-2016 Sophos Limited. All rights reserved.

2017-03-08 17:39:41.155    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2017-03-08 17:39:41.156    Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
2017-03-08 17:39:41.156    Checking for updates...
2017-03-08 17:39:41.424    Update progress: proxy server not available
2017-03-08 17:39:44.056    Update error: failed to read remote metadata (error 4)
[T46381] ..\SUL\Handle.cpp:98 + SU::Handle::readRemoteMetadata()
[T75884] ..\SUL\Metadata.cpp:144 SU::Metadata::readRemoteMetadata()
[I40394] Downloading customer file from sophos:1:1
[E26245] Error fetching data from http://dci.sophosupd...a46da00871.dat:WinHttpSendRequest 12007
[I20317] No proxy was used.
[I40394] Downloading customer file from sophos:2:1
[E26245] Error fetching data from http://dci.sophosupd...a46da00871.dat:WinHttpSendRequest 12007
[I20317] No proxy was used.
[I40394] Downloading customer file from sophos:3:1
[E75373] Ran out of sophos aliases for this update source
[E35369] Out of update sources
[E99999] Out of sources
2017-03-08 17:40:06.829    Option all = no
2017-03-08 17:40:06.829    Option recurse = yes
2017-03-08 17:40:06.829    Option archive = no
2017-03-08 17:40:06.829    Option service = yes
2017-03-08 17:40:06.829    Option confirm = yes
2017-03-08 17:40:06.829    Option sxl = yes
2017-03-08 17:40:06.830    Option max-data-age = 35
2017-03-08 17:40:06.830    Option vdl-logging = yes
2017-03-08 17:40:06.832    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2017-03-08 17:40:06.832    Machine ID:    d286d13ef9be4702bb560eb9142e19ac
2017-03-08 17:40:06.844    Component SVRTcli.exe version 2.5.6
2017-03-08 17:40:06.845    Component control.dll version 2.5.6
2017-03-08 17:40:06.845    Component SVRTservice.exe version 2.5.6
2017-03-08 17:40:06.845    Component engine\osdp.dll version 1.44.1.2280
2017-03-08 17:40:06.845    Component engine\veex.dll version 3.68.0.2280
2017-03-08 17:40:06.845    Component engine\savi.dll version 9.0.7.2280
2017-03-08 17:40:06.845    Component rkdisk.dll version 1.5.31.1
2017-03-08 17:40:06.845    Version info:    Product version    2.5.6
2017-03-08 17:40:06.845    Version info:    Detection engine    3.68.0
2017-03-08 17:40:06.845    Version info:    Detection data    5.36
2017-03-08 17:40:06.845    Version info:    Build date    2/7/2017
2017-03-08 17:40:06.845    Version info:    Data files added    263
2017-03-08 17:40:06.845    Version info:    Last successful update    3/8/2017 11:44:56 AM

2017-03-08 17:41:05.737    Couldn't apply option 'SXLLiveProtection' to the detection engine.
2017-03-08 17:53:44.436    Could not open C:\Boot\BCD
2017-03-08 17:55:04.806    Could not open C:\hiberfil.sys
2017-03-08 17:56:08.007    Could not open C:\pagefile.sys
2017-03-08 18:10:39.614    Could not open C:\System Volume Information\{2f274a97-01b2-11e7-8142-c86000bd492d}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-03-08 18:10:39.614    Could not open C:\System Volume Information\{2f274c80-01b2-11e7-8142-c86000bd492d}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-03-08 18:10:39.615    Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-03-08 18:10:39.615    Could not open C:\System Volume Information\{4e060974-02a4-11e7-8cd6-c86000bd492d}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-03-08 18:10:39.616    Could not open C:\System Volume Information\{7fe0a401-0368-11e7-bde8-c86000bd492d}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-03-08 18:10:39.616    Could not open C:\System Volume Information\{c9b6853a-02a9-11e7-acee-c86000bd492d}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-03-08 18:10:39.617    Could not open C:\System Volume Information\{ce4c7c16-0416-11e7-8170-c86000bd492d}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-03-08 18:10:39.617    Could not open C:\System Volume Information\{d003c6dd-fe91-11e6-ac89-c86000bd492d}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-03-08 18:30:54.073    Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2017-03-08 18:30:54.073    Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2017-03-08 18:31:01.032    Could not open C:\Windows\System32\config\RegBack\DEFAULT
2017-03-08 18:31:01.068    Could not open C:\Windows\System32\config\RegBack\SAM
2017-03-08 18:31:01.102    Could not open C:\Windows\System32\config\RegBack\SECURITY
2017-03-08 18:31:01.139    Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2017-03-08 18:31:01.216    Could not open C:\Windows\System32\config\RegBack\SYSTEM
2017-03-08 18:48:56.217    Could not open LOGICAL:0003:00000000
2017-03-08 18:48:56.223    Could not open D:\
2017-03-08 18:48:56.223    Could not open LOGICAL:0004:00000000
2017-03-08 18:48:56.223    Could not open E:\
2017-03-08 18:48:56.223    Could not open LOGICAL:0005:00000000
2017-03-08 18:48:56.223    Could not open F:\
2017-03-08 18:48:56.765    Error level 0

2017-03-08 18:57:35.052    Scan completed.
2017-03-08 18:57:35.052    

------------------------------------------------------------

 

 

Here is the error from RGSA:

 

 

125l0g8.jpg



#12 Android 8888

Android 8888

    SWI Malware Tracker

  • Helper
  • PipPipPipPipPip
  • 976 posts

Posted 08 March 2017 - 03:50 PM

Hi bobxxx.

 

Ok I ran the sophos virus scan and there was no threats found my computer was clean.

I'm glad to hear that. Good work! At this point your computer appears to be free of malware. :)

Concerning the Security Analysis program... Does this error message appears when you tried to run RGSA.exe or after it finished? Either way that's weird. RGSA.exe works well on my Windows 10. Did you disabled the Real-Time protection of your security programs?

If not, please read the instructions on how to do it in the following links:
http://www.pcworld.com/article/2025707/how-to-temporarily-disable-microsoft-security-essentials.html
https://www.safer-networking.org/faq/how-do-i-disable-live-protection/

Then right-click on the RGSA.exe icon and select Run as administrator.
Click OK on the copyright-disclaimer.
In a few seconds it will produce and open a log named SALog.txt located on the Desktop or in the same folder from where the tool is run if installed elsewhere.

Now you can re-enable the Real-Time protection of your security programs.

Please copy and paste the content of the SALog.txt log in your next reply.


Android 8888
 

Website: http://android8888.comlu.com

 

Tavira - Here's where I live!

 

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.


#13 bobxxx

bobxxx

    Member

  • Full Member
  • Pip
  • 31 posts

Posted 10 March 2017 - 01:52 PM

It appears when I try to run RGSA.exe and I have disabled all the Real-Time protection programs when I run it. It still giving me that error. But I think my computer should be okay. Everything seems fine all the scans say everything is good and malware free.


Edited by bobxxx, 10 March 2017 - 01:53 PM.


#14 Android 8888

Android 8888

    SWI Malware Tracker

  • Helper
  • PipPipPipPipPip
  • 976 posts

Posted 10 March 2017 - 04:45 PM

Hi bobxxx.

The Security Analysis check your computer for oudated security programs which represent security vulnerabilities and are one of the main causes for malware infections.

Please try the following:
Keep the Real-Time protection of your security programs disabled.
Delete the old RGSA.exe file from you computer.
Download a new version of RGSA from here.
Right-click on the RGSA.exe icon and select Run as administrator.
Click OK on the copyright-disclaimer.
In a few seconds it will produce and open a log named SALog.txt located on the Desktop or in the same folder from where the tool is run if installed elsewhere.

Please post that log for my review.


Android 8888
 

Website: http://android8888.comlu.com

 

Tavira - Here's where I live!

 

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.


#15 Android 8888

Android 8888

    SWI Malware Tracker

  • Helper
  • PipPipPipPipPip
  • 976 posts

Posted 08 April 2017 - 08:49 PM

Since the issue appear to be resolved, this topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.


Android 8888
 

Website: http://android8888.comlu.com

 

Tavira - Here's where I live!

 

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of

Support SpywareInfo Forum - click the button
PayPal - The safer, easier way to pay online!